Oracle Corp
Risk Factors analysis.

In addition, our business may be adversely affected if: •we do not continue to develop and release new or enhanced products and services within the anticipated time frames; •infrastructure costs to deliver new or enhanced products and services take longer or result in greater costs than anticipated; •supply chain costs, energy costs or other costs to develop, produce or distribute our products and services result in greater costs than anticipated; •we are unable to accurately anticipate, plan for and manage future data center capacity needs in a timely manner to meet current or expected customer demand; •we fail to meet our contractual service level commitments; •there is a delay in market acceptance of and difficulty in transitioning new and existing customers to new, enhanced or acquired product lines or services; •sanctions, tariffs, export controls, geopolitical instability and related market disruptions or other regulatory, legislative or other trade and non-tariff barriers, including retaliatory measures, impede or prevent us from serving certain customers or restrict our customers from operating in specific jurisdictions; •inflation, trade policy, geopolitical conditions and other macroeconomic factors reduce customer demand for our products and services or cause us to be unable to meet current or expected customer demand; •there are changes in IT trends that we do not adequately anticipate or timely address with our product development efforts;

•we do not optimize complementary product lines and services in a timely manner; or •we fail to adequately integrate, support or enhance acquired product lines or services. In addition, our profitability and revenues could be adversely impacted if we lose one or more of our key customers for any reason, including as a result of any of the factors discussed above. Any such loss could also limit or reduce our growth in future periods. Our AI products may not operate as anticipated, which could adversely affect our reputation, revenues and profitability. Machine learning and AI, including generative AI, agentic AI and LLMs, are increasingly driving innovations in technology, and AI technology and services are highly competitive and rapidly evolving. We have invested, and expect to continue to invest, significant resources to build and support our AI products. In addition, we rely on partners and suppliers to produce some of our AI products. If we are unable to introduce new AI products or if our AI products fail to operate as anticipated or as well as competing products or otherwise do not meet customer needs, or if our competitors' AI products achieve higher market acceptance than ours, we may fail to recoup our investments in AI and our business and reputation may be harmed. Further, if we do not continue to invest significant resources to develop and support our AI products, we may fall behind technological developments and evolving industry standards, which would likewise harm our ability to compete. In addition, AI technologies are rapidly changing and present evolving legal, regulatory and ethical issues, including claims of bias, discrimination, a perceived lack of transparency, as well as sometimes unpredictable behaviors or improper use of copyrighted or other protected material, such as personal and patient health information, any of which could expose us or our customers to reputational or legal risk and inhibit adoption of our AI products. Regulatory uncertainty, including the lack of comprehensive federal legislation and a patchwork of existing and proposed frameworks and regulatory initiatives in numerous jurisdictions, may expose us to compliance challenges and uncertainties. Our failure to adapt to these changes, or any failure by our employees, contractors, partners, suppliers or agents to comply with laws and regulations applicable to our AI products or our related policies and procedures, could result in legal, financial and reputational consequences including, but not limited to, being required to adjust or limit our product offerings or our use of AI in certain jurisdictions to comply with new and evolving AI laws and regulations. If we do not successfully execute our Oracle Cloud strategy, including our offerings of Oracle Cloud Services, our revenues and profitability may decline. We provide our cloud and other offerings to customers worldwide via a variety of deployment models, including via our cloud-based OCA and OCI offerings. As these business models continue to evolve, we may not be able to compete effectively, generate significant revenues or maintain the profitability of our cloud offerings. Additionally, the increasing prevalence of various cloud offering models by us and our competitors may unfavorably impact the pricing of our cloud and license offerings. If we do not successfully execute our cloud computing strategy or anticipate the cloud computing needs of our customers, our reputation as a cloud services provider could be harmed and our revenues and profitability could decline. As customer demand for our cloud offerings increases, we experience volatility in our reported revenues and operating results due to the differences in timing of revenue recognition between our cloud license and on-premise license and hardware product arrangements relative to our cloud offering arrangements. Customers predominantly purchase our cloud offerings on a subscription basis, and revenues from these offerings are generally recognized ratably or as services are consumed over the terms of the subscriptions. Consequently, any deterioration in sales activity associated with our cloud offerings may not be immediately observable in our consolidated statements of operations. This is in contrast to revenues associated with our license and hardware product arrangements, which are generally recognized in full at the time of delivery of the related licenses and hardware products. In addition, we may not be able to accurately anticipate customer transitions from or be able to sufficiently backfill reduced customer demand for our license, hardware and support offerings relative to the expected increase in customer adoption of and demand for our Oracle Cloud Services, which could adversely affect our revenues and profitability.

Legal and Regulatory Risks Adverse litigation results could affect our business. We are subject to various legal proceedings. Litigation can be lengthy, expensive and disruptive to our operations, and can divert our management's attention away from running our core business. The results of our litigation also cannot be predicted with certainty. Even a favorable judgment 26 may be subject to appeals leading to protracted litigation, additional costs and the prospect that our desired outcome will be overturned. An adverse decision could result in monetary damages or injunctive relief that could affect our business, operating results or financial condition. Additional information regarding certain of the lawsuits we are involved in is discussed under Note 16 of Notes to Consolidated Financial Statements included elsewhere in this Annual Report. We may be subjected to increased taxes due to changes in U.S. or international tax laws or from adverse resolutions of tax audits and controversies. As a multinational corporation, we incur income taxes as well as non-income based taxes (such as payroll, sales, use, property and value-added taxes) in both the U.S. and various foreign jurisdictions. Significant uncertainties exist with respect to the application of the various taxes to the businesses in which we engage, often requiring that we make judgments in determining our tax liabilities and worldwide provision for income taxes. We are regularly under audit by tax authorities in the U.S. and internationally, which has led to disagreements regarding our treatment of various items, including our intercompany transfer prices and calculations and the applicability of withholding taxes to our cross-border transactions. Any unfavorable resolution of these tax audits and controversies could cause our tax liabilities to increase and may have a material and adverse impact on our provision for income taxes and effective tax rate. Although we believe that our income and non-income based tax estimates are reasonable, there is no assurance that the final determination of tax audits or disputes will not be different from what is reflected in our historical income tax provisions and tax accruals. Countries around the world continually consider and make changes to relevant tax, accounting and other laws, treaties, regulations, guidance and interpretations. In the U.S., various legislative proposals, if enacted, may substantially raise U.S. income taxes on our domestic and international profits. Such unfavorable tax proposals, the prospects for which depend to a significant degree on the U.S. political landscape, create the potential for added volatility in our quarterly provision for income taxes and could have a material adverse impact on our future income tax provisions and effective tax rate. Other countries also continue to consider changes to their tax laws that could negatively affect us by increasing taxes imposed on our international revenue streams, operations and cross-border transactions, including the imposition of taxes targeted at digital technology businesses and changes in withholding tax rules. The Organisation for Economic Co-operation and Development (OECD) and the Group of Twenty (G20), together with over 140 participating countries, have developed a two-pillar framework calling for a 15% global minimum tax on multinational corporate groups, which has been adopted in many jurisdictions, and that would provide greater taxing rights to market jurisdictions where customers or users are located. These changes may materially increase the level of income tax on our international profits. Our future income tax provisions and effective tax rate could materially increase under the tax changes discussed above or if other changes are made to applicable tax laws and rules in the U.S. or in other countries in which we do business. Our provision for income taxes also could be adversely affected by changes in the mix of income earned or losses incurred in jurisdictions with differing statutory tax rates, fluctuations in our stock price and level of stock-based compensation expense, changes in the valuation of our deferred tax assets or liabilities and by other factors. Our international sales and operations and global customer base subject us to additional risks that can adversely affect our operating results. We derive a substantial portion of our revenues from, and have significant operations, outside of the U.S., and in both our U.S. and non-U.S. operations we serve customers based in or with ties to numerous jurisdictions around the world. Compliance with international and U.S. laws and regulations that apply to our international operations increases our cost of doing business. These laws and regulations include data privacy requirements, labor relations laws, tax laws, foreign currency-related regulations, competition/antitrust regulations, anti-bribery laws and other laws prohibiting payments to governmental officials such as the U.S. Foreign Corrupt Practices Act (FCPA), market access regulations, tariffs, and import, export and general trade regulations, including but not limited to economic sanctions and embargos. Violations of these laws and regulations could result in monetary fines, civil and/or criminal penalties, enforcement actions against us, our officers or our employees, and prohibitions on the conduct of our business, including disgorgement, the loss of trade privileges, and other remedial measures. Any such violations could result in prohibitions on our ability to offer our products and services in one or more countries or territories or to certain entities, could delay or prevent potential acquisitions and could also materially damage our reputation, our brand, our international expansion efforts, our ability to attract and retain employees, our business and our operating results. 27

We are also subject to a variety of other risks and challenges in managing an organization operating globally, including those related to: •general economic conditions in each country or region; •political unrest, terrorism and war, including but not limited to the current Russia-Ukraine war, the economic impact thereof and the potential to subject our business to materially adverse consequences should the situation escalate beyond its current scope, including, among other potential impacts, the geographic proximity of the situation relative to the rest of Europe, where a material portion of our business is carried out; •the potential for other hostilities, including but not limited to further destabilization in the Middle East and tensions between China and Taiwan; •public health risks, social risks and supporting infrastructure stability risks, particularly in areas in which we have significant operations; •fluctuations in currency exchange rates and related impacts on customer demand and our operating results; •difficulties in accessing or transferring funds from or converting currencies in certain countries that could lead to a devaluation of our net assets, in particular our cash assets, in that country's currency; •regulatory changes, including government austerity measures in certain countries that we may not be able to sufficiently plan for or avoid that may unexpectedly impair bank deposits or other cash assets that we hold in these countries or that impose additional taxes that we may be required to pay in these countries; •common local business behaviors or regulatory requirements that conflict with our business ethics, practices and conduct policies; •longer payment cycles and difficulties in collecting accounts receivable;

Index to Financial Statements abilities to conduct business operations and to ensure accuracy in financial processes and reporting, and may result in unanticipated costs and interruptions. Enterprise customers rely on our cloud, license and hardware offerings and related services to run their businesses, and errors in our cloud, license and hardware offerings and related services could expose us to product liability, performance and warranty claims as well as significant harm to our brand and reputation, which could impact our future sales. If we are unable to compete effectively, the results of operations and prospects for our business could be harmed. We face intense competition in all aspects of our business. The nature of the IT industry creates a competitive landscape that is constantly evolving as firms emerge, expand or are acquired, as technology evolves and as delivery models change. Our enterprise cloud, license and hardware offerings compete directly with certain offerings from some of the largest and most competitive companies in the world. In addition, due to the low barriers to entry in many of our market segments, new technologies and new and growing competitors frequently emerge to challenge our offerings. We believe many vendors spend amounts in excess of what Oracle spends to develop and market applications and infrastructure technologies including databases, middleware products, application development tools, business applications, collaboration products and business intelligence, compute, storage and networking products, among others, which compete with Oracle applications and infrastructure offerings. In addition, use of our competitors' technologies can influence a customer's purchasing decision or create an environment that makes it less efficient to utilize or migrate to Oracle products and services. For example, we offer our customers multicloud services whereby our customers can combine cloud services from multiple clouds with the goal of optimizing cost, functionality and performance. OCI's multicloud services work with a number of our competitors' products, including Microsoft Azure, Amazon Web Services and Google Cloud Platform. This multicloud strategy could lead our customers to migrate away from our cloud offerings to our competitors' products or limit their purchases of additional Oracle products, either of which could adversely affect our revenues and profitability. Our competitors may also adopt business practices that provide customers access to competing products and services on terms that we may not generally find acceptable, which may convince customers to purchase competitor products and services. We could lose customers if our competitors introduce new competitive products, add new functionality, acquire competitive products, reduce prices, better execute on their sales and marketing strategies, offer more flexible business practices, provide debt or equity financing to customers or form strategic alliances with other companies. Mergers, consolidations or alliances among our competitors, or acquisitions of our competitors by large companies may result in increased competition. If our competitors offer deep discounts on certain products or services or develop products that the marketplace considers more valuable, we may need to lower prices, introduce pricing models and offerings or offer other terms that are less favorable to us to compete successfully. Any such changes may reduce revenues and margins and could adversely affect operating results. Additionally, the increasing prevalence of cloud delivery models offered by us and our competitors may unfavorably impact the pricing of our other cloud and license, hardware and services offerings, and we may also incur increased cloud delivery expenses as we expand our cloud operations and update our infrastructure, all of which could reduce our revenues and profitability. Our license support fees and hardware support fees are generally priced as a percentage of our net license fees and net new hardware products fees, respectively. Our competitors may offer lower pricing on their support offerings, which could put pressure on us to further discount our offerings. If we do not adapt our pricing models to reflect changes in customer use of our products, changes in customer demand or increased competition, our revenues could decrease. Any failure to offer high-quality technical support services may adversely affect our relationships with our customers and our financial results. Our customers depend on our support organization to resolve technical issues relating to our applications and infrastructure offerings. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services or may be inefficient in our resolution of customer support issues. Increased customer demand for these services, without corresponding revenues, could increase costs and adversely affect our operating results. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality technical support, could adversely affect our reputation, our ability to sell and renew our applications and infrastructure offerings to existing and prospective customers, and our business, operating results, and financial position. We may not receive significant revenues from our current research and development efforts for several years, if at all. Developing our various product offerings is expensive and the investment in the development of these 21

•overlapping tax regimes; and •weaker protection for intellectual property rights in some countries. The variety of risks and challenges listed above could also disrupt or otherwise negatively impact our supply chain operations and sales of our products and services in affected countries or regions. As the majority shareholder of Oracle Financial Services Software Limited, a publicly traded company in India, and Oracle Corporation Japan, a publicly traded company in Japan, we face several additional risks, including being subject to local securities regulations and being unable to exert full control that we would otherwise have if these entities were wholly-owned subsidiaries. The healthcare industry is highly regulated, and thus, we are subject to several laws, regulations and industry initiatives, non-compliance with certain of which could adversely affect our healthcare business. As a participant in the healthcare industry, certain of our operations and relationships, and those of our customers, are regulated by several U.S. federal, state, local and foreign governmental entities. These regulations impact us both directly and indirectly, in terms of government program requirements applicable to our customers for the use of health IT. Even though we may not be directly regulated by specific healthcare laws and regulations, our products and services must be capable of being used by our customers in a way that complies with those laws and regulations. There are significant, wide-ranging and rapidly evolving regulations worldwide, covering healthcare fraud, information sharing, e-prescribing, medical claims processing and transmission, healthcare devices, the use of AI in healthcare, the security and privacy of patient data and interoperability standards, that may be directly or indirectly applicable to our operations and relationships or the business practices of our customers. Specific risks include, but are not limited to, the following: •Medical device regulations in the U.S. and other countries may now or in the future apply to certain of our healthcare products and services. If any of our healthcare products and services are deemed to be actively regulated medical devices by regulatory agencies in countries where we do business, we could be subject to extensive requirements governing pre- and post-marketing activities, including pre-market notification clearance or recalls. •Certified electronic health record technology (CEHRT) requirements continue to evolve and remain necessary to participate in federal healthcare programs in order to receive reimbursement for health items and services provided by certain of our customers to Medicare and Medicaid beneficiaries. We expect the regulations establishing the certification and interoperability standards for CEHRT will continue to be updated to emphasize interoperability, consumer engagement, patient safety and health information privacy and security. Complying with these regulations globally is expensive and could subject us to unanticipated and significant delays. If we fail to comply sufficiently with these and other regulations, it could negatively impact our ability to continue to develop, distribute and deliver certain of our healthcare products and services, and we could suffer fines or penalties. Our sales to local, state, federal and foreign government customers expose us to business volatility and risks, including government budgeting cycles and appropriations, government shutdowns, procurement regulations, governmental policy shifts, early termination of contracts, audits, investigations, sanctions and penalties. We derive revenues from contracts with the U.S. government, state and local governments, and foreign governments and are subject to procurement laws relating to the award, administration and performance of those contracts. Governmental entities are variously pursuing policies that affect our ability to sell our products and services. Changes in government procurement policy, priorities, regulations, technology initiatives and/or requirements may negatively impact our potential for growth in the government sector. For example, the U.S. government imposes 27 evolving cybersecurity requirements, including, for example, the FedRAMP authorization process and the Department of Defense (DoD) Cybersecurity Maturity Model Certification. These requirements may impact our lines of business in the U.S. federal government market. Compliance with these cybersecurity requirements is complex and costly, and any failure or alleged failure to meet, or delays in meeting, the required security controls could result in liability, limit our ability to sell products and services, directly or indirectly, to the DoD and other federal and state government entities that implement similar cybersecurity requirements and adversely affect our reputation and sales. We are also subject to early termination of our contracts. Many governmental entities have the right to terminate contracts at any time for a variety of reasons, including without cause. For example, the U.S. federal government may terminate any of our government contracts and subcontracts at its convenience, or for default based on our performance. U.S. federal, state and local government and foreign government contracts are generally subject to government funding authorizations/appropriations. Contracts may also be terminated due to a lack of government funds.

Financial Risks Our operations can be difficult for us to predict because our quarterly results of operations may fluctuate significantly based on a number of factors. Our revenues, particularly certain of our cloud license and on-premise license revenues and hardware revenues, can be difficult to forecast. A substantial portion of our cloud license, on-premise license and hardware contracts is completed in the latter part of a quarter. Because a significant portion of our cost structure is largely fixed in the short term, sales and revenue shortfalls tend to have a disproportionately negative impact on our profitability. We typically have a number of large transactions each quarter, which increases the risk of fluctuations in our quarterly results. If we lose one or more of our key customers for any reason, or we experience a delay in even a small number of these large transactions, our quarterly sales, revenues and profitability could fall significantly short of our predictions. In addition, sudden shifts in regional or global economic or political activity may cause our sales forecasts to be inaccurate. 28 In addition, we hold a portfolio of marketable and non-marketable debt and equity investments, including investments in Ampere Computing Holdings LLC (Ampere), a privately held related party entity in which we had an ownership interest of approximately 29% as of May 31, 2025. Any impairment charges and effect of changes in the fair values of certain of these investments are recorded as unrealized gains or losses as a component of consolidated net income in each period. The timing and amount of impairment charges or changes in fair value, if any, of these investments depends on factors beyond our control, including the perceived and actual performance of the companies or funds in which we invest, and are also subject to the general conditions of public and private equity markets, which are uncertain and have in the past varied, and may in the future vary, materially by period. Changes in the fair values of these investments, including Ampere, have contributed, and may in the future contribute, to volatility in our net income that is not reflective of our core businesses. On March 19, 2025, SoftBank Group Corp. announced that it had entered into an agreement with Ampere and certain of its equity holders to acquire all of the equity interests of Ampere (the Ampere Acquisition). The transaction is subject to customary closing conditions, including regulatory approvals, that are beyond our control. If the Ampere Acquisition closes, we will cease to be an investor in Ampere. During the period prior to closing the Ampere Acquisition, the amount of our investments in Ampere could increase for a variety of reasons and we will continue to recognize our share of loss in Ampere's net earnings until the closure of the acquisition. If the Ampere Acquisition does not close, we will continue to be exposed to the risk associated with our investments in Ampere as discussed above. Changes in currency exchange rates can adversely affect customer demand and our revenue and profitability. We conduct a significant number of transactions and hold cash in currencies other than the U.S. Dollar. Changes in the values of major foreign currencies, particularly the Australian Dollar, British Pound, Brazilian Real, Canadian Dollar, Euro, Indian Rupee, Japanese Yen and Saudi Riyal, relative to the U.S. Dollar can significantly affect our total assets, revenues, operating results and cash flows, which are reported in U.S. Dollars. Fluctuations in foreign currency rates, including the strengthening of the U.S. Dollar against the Euro and most other major international currencies, adversely affects our revenue growth by reducing the U.S. Dollar value of our foreign currency earnings and affecting actual demand for our products and services as they may become relatively more expensive for foreign currency-based enterprises to purchase. Currency variations can also negatively impact profit margins on sales of our products in countries outside of the U.S. Generally, a stronger U.S. Dollar adversely affects, and a weaker U.S. Dollar favorably affects, our reported revenues and operating results. In addition, our reported assets generally are adversely affected when the dollar strengthens relative to other currencies as a portion of our consolidated cash and bank deposits, among other assets, are held in foreign currencies and reported in U.S. Dollars.

In addition, we incur foreign currency transaction gains and losses, primarily related to sublicense fees and other intercompany agreements among us and our subsidiaries that we expect to cash settle in the near term, which are charged to earnings in the period incurred. We have a program which primarily utilizes foreign currency forward contracts designed to offset the risks associated with certain foreign currency exposures. We may suspend the program from time to time. As part of this program, we enter into foreign currency forward contracts so that increases or decreases in our foreign currency exposures are offset at least in part by gains or losses on the foreign currency forward contracts in an effort to mitigate the risks and volatility associated with our foreign currency transaction gains or losses. A large portion of our consolidated operations is international, and we expect that we will continue to realize gains or losses with respect to our foreign currency exposures, net of gains or losses from our foreign currency forward contracts, including the cost to obtain such contracts. For example, we experience foreign currency gains and losses when it is not possible or cost-effective to hedge our foreign currency exposures, our hedging efforts are ineffective or we suspend our foreign currency forward contract program. Our ultimate realized loss or gain with respect to currency fluctuations will generally depend on the size and type of cross-currency exposures that we enter into, the currency exchange rates associated with these exposures and changes in those rates, whether we have entered into foreign currency forward contracts to offset these exposures and any related fees paid to purchase such contracts, and other factors. All of these factors can from time to time materially impact our results of operations, financial position and cash flows. We have incurred foreign currency losses associated with the devaluation of currencies in certain highly inflationary economies relative to the U.S. Dollar. We could incur future losses in other countries where we do business should their currencies become designated as highly inflationary. There are risks associated with our outstanding and future indebtedness. As of May 31, 2025, we had an aggregate of $92.6 billion of outstanding indebtedness that will mature between calendar year 2025 and calendar year 2065. Our ability to pay interest and repay the principal for our indebtedness is dependent upon our ability to manage our 29 business operations, generate sufficient cash flows to service such debt and the other factors discussed in this Risk Factors section. There can be no assurance that we will be able to manage any of these risks successfully. We have been refinancing portions of our outstanding debt as it matures and we may continue to do so in the future. There is a risk that we may not be able to refinance existing debt or that the terms of any refinancing may not be as favorable as the terms of our existing debt. Furthermore, if prevailing interest rates or other factors at the time of refinancing result in higher interest rates upon refinancing, then the interest expense relating to that refinanced indebtedness would increase. Should we incur future increases in interest expense, our ability to utilize certain of our foreign tax credits to reduce our U.S. federal income tax could be limited, which could unfavorably affect our provision for income taxes and effective tax rate. In addition, changes to our outlook or credit rating or a withdrawal by any rating agency could negatively affect the value of both our debt and equity securities and increase the interest amounts we pay on certain outstanding or future debt. These risks could adversely affect our financial condition and results of operations.

Risks Related to Our Common Stock Our stock price could become more volatile and your investment could lose value. All of the factors discussed within this Risk Factors section could affect our stock price. The timing of announcements in the public market by us or by our competitors regarding new cloud services, AI advancements, products, product enhancements, technological advances, data center capacity, acquisitions or major transactions could also affect our stock price. Changes in the amounts and frequency of stock repurchases or dividends could affect our stock price. Our stock price could also be affected by factors, some of which are beyond our control, including, among others: speculation in the press, social media and the analyst community; changes in recommendations or earnings-related estimates by financial analysts; changes in investors' or analysts' valuation measures for our stock; negative analyst surveys or channel check surveys; earnings announcements where our financial results differ from our guidance or investors' expectations; our credit ratings; dissemination of inaccurate information or misinformation about our business and results of operations (including through the malicious use of generative AI tools); the enforcement or non-enforcement of laws and regulations; and market trends unrelated to our performance. The stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. A significant drop in our stock price could also expose us to the risk of securities class action lawsuits, which could result in substantial costs and divert management's attention and resources, which could adversely affect our business. We cannot guarantee that our stock repurchase program will be fully implemented or that it will enhance long-term stockholder value. Our repurchase program does not have an expiration date and we are not obligated to repurchase a specified number or dollar value of shares. Further, our stock repurchase program may be accelerated, suspended, delayed or discontinued at any time. Our stock repurchase program may not enhance long-term stockholder value.

General Risks Economic, political and market conditions can adversely affect our business, results of operations and financial condition, including our revenue growth and profitability, which in turn could adversely affect our stock price. Our business is influenced by a range of factors that are beyond our control and that we have no comparative advantage in forecasting. These include: •general economic and business conditions; •overall demand for enterprise cloud, license and hardware products and services;

•governmental budgetary constraints or shifts in government spending priorities; and •general legal, regulatory and political developments. Macroeconomic developments such as the global or regional economic effects resulting from elevated inflation and interest rates, limited liquidity, adverse developments affecting financial institutions, the current wars, evolving trade policies between the U.S. and international trade partners, including the imposition of tariffs and other trade measures or restrictions, or the occurrence of similar events in other countries that lead to uncertainty or instability in economic, political or market conditions could negatively affect our business, operating results, financial condition and outlook, which, in turn, could adversely affect our stock price. Any general weakening of, and related declining 30 corporate confidence in, the global economy or the curtailment of government or corporate spending could cause current or potential customers to reduce or eliminate their IT budgets and spending, which could cause customers to delay, decrease or cancel purchases of our products and services or cause customers not to pay us or to delay paying us for previously purchased products and services. If any parties with whom we conduct business or invest our cash or cash equivalents are unable to meet their obligations to us, our business could be adversely affected. Bank failures or issues in the broader U.S. or global financial systems may have an impact on the broader capital markets and, in turn, our ability to access those markets. In addition, international, regional or domestic political unrest and the related potential impact on global stability, trade wars, terrorist attacks and the potential for other hostilities in various parts of the world, public health crises and natural disasters continue to contribute to a climate of economic and political uncertainty that could adversely affect our results of operations and financial condition, including our revenue growth and profitability. These factors generally have the strongest effect on our sales of cloud license and on-premise license, hardware and related services and, to a lesser extent, also may affect our renewal rates for license support and our subscription-based cloud offerings. Business disruptions could adversely affect our operating results. A significant portion of our critical business operations are concentrated in a few geographic areas, some of which include emerging market international locations that may be less stable relative to running such business operations solely within the U.S. We are a highly automated business and a disruption or failure of our systems, supply chains and processes could cause delays in completing sales, providing services, including some of our cloud offerings, and enabling a seamless customer experience with respect to our customer facing back-office processes. Although the Oracle Cloud is designed to automatically redirect traffic to an alternate facility, in the event of a severe impact to one facility, a major natural disaster, political, social or other disruption to infrastructure that supports our operations or other catastrophic event or the effects of climate change (such as increased storm severity, drought and pandemics) that results in the destruction or disruption of any of our critical business operations, supply chains or IT systems could severely affect our ability to conduct normal business operations and, as a result, our future operating results could be materially and adversely affected.

Our cloud offerings and hardware offerings are complex, and if we cannot successfully manage this complexity, including the sourcing of technologies and components, the results of these businesses will suffer. We depend on suppliers to develop, manufacture and deliver on a timely basis the necessary technologies and components for our hardware products that we market and sell to our customers and that we use as a part of our cloud infrastructure to deliver our cloud offerings, and there are some technologies and components that can only be purchased from a single vendor due to price, quality, technology, availability or other business constraints. Our supply chain operations are affected by industry consolidation and component constraints or shortages, natural disasters, political unrest (such as the tensions between China and Taiwan), public health crises, changes to trade laws or regulations, tariffs and customs controls, port stoppages, shipping interruptions or other transportation disruptions or slowdowns, and other factors affecting the countries or regions where these single source component vendors are located or where the products are being shipped. If disruption caused by one or more of the risks described above occurs, our cloud and license business and hardware business and related operating results could be materially and adversely affected. Supply chain shortages have in some instances resulted in increases to the costs of production of our hardware products that we may not be able to pass on to our customers. In addition, we have in some instances responded to such shortages by committing to higher purchases and balances of hardware products that we market and sell to our customers and that we use as a part of our cloud infrastructure to deliver our cloud offerings, relative to our historical positions. For example, industry supply capacity for AI accelerators, including graphics processing units, is competitive, and we at times have to accept less favorable terms with suppliers to avoid supply constraints. While this permits us to secure cloud infrastructure capacity, it has increased excess and obsolescence risk of such hardware products and could adversely impact our profitability and cash flows. We expect these factors will continue to impact us in the future. We outsource most of our manufacturing, assembly, delivery and technology of, and certain component designs for, our hardware products to a variety of companies, many of which are located outside the U.S. From time to time, these partners experience production problems or delays or cannot meet our demand for products on a timely or cost-effective basis, including as a result of changes to trade laws or regulations, tariffs, sanctions and export or import controls. Ongoing or future delays or cost increases in manufacturing could cause the loss of additional sales, delayed revenue recognition or an increase in our hardware products expenses, all of which could adversely affect the margins of our cloud and license business and hardware business. These challenges could arise if we alter our manufacturing strategies, suppliers, or locations. Our periodic workforce restructurings and reorganizations can be disruptive. We periodically restructure or make other adjustments to our workforce in response to management changes, product changes, performance issues, changes in strategies, acquisitions and other internal and external considerations. These types of restructurings have resulted, and may in the future result, in increased restructuring costs and temporarily reduced productivity while employees adjust to the restructuring. These types of restructurings may also lead to shortages of sufficiently skilled employees in certain roles, loss of valuable institutional knowledge and damage to employee morale and retention. 20 Hiring freezes or slowdowns can also result in decreased productivity while existing employees take on additional roles and responsibilities, and may also lead to a shortage of sufficiently skilled employees in certain roles. In addition, we may not achieve or sustain the expected growth, resource redeployment or cost savings benefits of these restructurings, or may not do so within our expected timeframe. These effects could recur in connection with future acquisitions and other restructurings, and our revenues and other results of operations could be negatively affected. We may lose key employees or may be unable to hire enough qualified employees. We rely on hiring qualified employees and retaining our senior management, including our Chairman of the Board, Chief Technology Officer and founder; our Chief Executive Officer; other executive team members; and key employees. In the technology industry, especially in the AI field, competition for highly skilled business, product development and technical personnel is intense and ongoing. We may also face rising compensation costs without corresponding gains in productivity or sales. We may not be successful in recruiting new personnel and in retaining and motivating existing personnel. With rare exceptions, we do not have long-term employment agreements with our employees. Members of our senior management team have left Oracle over the years for a variety of reasons, and any future departures may be disruptive to our operations.

To manage expenses, we hire personnel in countries where advanced technical and other expertise are available at lower costs. When we make adjustments to our workforce, we may incur expenses associated with workforce reductions that delay the benefit of a more efficient workforce structure. We are experiencing increased competition for employees in these countries as the trend toward globalization continues, which has affected our employee retention efforts and increased our expenses in an effort to offer a competitive compensation program. In addition, changes to immigration and labor law policies may adversely impact our access to technical and professional talent. Our general compensation program includes restricted stock units (RSUs) and performance-based equity, which are important tools in attracting and retaining employees in our industry. If our stock price stagnates or declines, our ability to retain or attract employees may be harmed. We continually evaluate our compensation practices and consider changes from time to time, which may have an impact on our ability to retain employees and the amount of stock-based compensation expense that we record. Any changes in our compensation practices or those of our competitors could affect our ability to retain and motivate existing personnel and recruit new personnel. There are risks associated with our cloud and license and hardware indirect sales channels which could affect our future operating results. Our cloud and license and hardware indirect channel networks consist primarily of resellers, system integrators/implementers, consultants, education providers, internet service providers, network integrators and ISVs. Our relationships with these channel participants are important elements of our cloud, software and hardware marketing and sales efforts. Our financial results could be adversely affected if: •our contracts with channel participants were terminated or our relationships with channel participants were to deteriorate; •any of our competitors enter into strategic relationships with or acquire a significant channel participant;

Data Privacy, Cybersecurity and Intellectual Property Risks If our security measures for our products and services are compromised and as a result, our data, our customers' data or our IT systems are accessed improperly, made unavailable, or improperly modified, our products and services may be perceived as vulnerable, our brand and reputation could be damaged, the IT services we provide to our customers could be disrupted, and customers may stop using our products and services, any of which could reduce our revenue and earnings, increase our expenses and expose us to legal claims and regulatory actions. Our products and services, including Oracle Cloud Services, store, retrieve, process and manage third-party data, such as our customers' data, as well as our own data. We believe that Oracle has been and is a target for computer hackers, cyberattacks and other perpetrators or threat actors because Oracle stores and processes large amounts of data, including sensitive data such as health sciences (including patient health information), financial services, retail, hospitality, telecommunications and government data. We and our third-party vendors are regularly subject to attempts by third parties (which may include individuals or groups of hackers and sophisticated organizations, such as state-sponsored organizations, nation-states and individuals sponsored by them) to identify and exploit product and service vulnerabilities, penetrate or bypass our security measures, and gain unauthorized access to our or our customers', partners' and suppliers' software, hardware and cloud offerings, networks and systems. Such malicious attacks can lead, and have led, to the compromise of personal information or the confidential information or data of Oracle or our customers. Attempts of this nature typically involve IT-related viruses, worms, and other malicious software programs that attack networks, systems, products and services, exploit potential security vulnerabilities of networks, systems, products and services, create system disruptions and cause shutdowns or denials of service. Third parties may attempt to fraudulently induce customers, partners, employees or suppliers into disclosing sensitive information such as user names, passwords or other credentials to gain access to our data, our customers', suppliers' or partners' data or the IT systems of Oracle, our customers, suppliers or partners. Our products and services, including our Oracle Cloud Services, may also be accessed or modified improperly as a result of customer, partner, employee, contractor or supplier error or malfeasance. When a cyberattack or other security event or incident results in unauthorized access to, or modification or exfiltration of, our customers' or suppliers' data, other external data, our own data or our IT systems, or if the services we provide to our customers are disrupted, or if our products or services are reported to have (or are perceived as having) security vulnerabilities, we have incurred and could incur significant expenses and could suffer substantial damage to our brand and reputation. If our customers lose confidence in the security and reliability of our products and services, including our cloud offerings, they may reduce or terminate their spending with us. In addition, cyberattacks and other security events or incidents have resulted and could result in: significant investigation and remediation costs; loss or destruction of data; operational disruptions; inappropriate use of proprietary and sensitive data; lawsuits; indemnity obligations; regulatory investigations and financial penalties; and increased legal liability, including in some cases contractual costs for customer notification and fraud monitoring. Our remediation efforts may not be successful. Because the techniques used to obtain unauthorized access to, or sabotage IT systems, constantly evolve, grow more complex over time, and often are not detected until launched against a target, we may be unable to anticipate or implement adequate measures to prevent such techniques. Our internal IT systems continue to evolve and we are often early adopters of new technologies. However, our business policies and internal security controls may not keep pace with emerging threats. We may not detect or confirm any security breach and loss of information for a significant period of time after the security breach. Our products operate in conjunction with and are dependent on a wide variety of third-party products, components and services. If a security vulnerability exists in one of these components, a targeted exploit could lead to increased costs, liability claims, customer dissatisfaction, reduced revenue, or harm to our reputation or competitive position. We also have an active acquisition program and have acquired a number of companies, products, services and technologies over the years. While we make significant efforts to address any IT security issues with respect to our acquired companies, we may still inherit such risks when we integrate these companies within Oracle. Our business practices with respect to data could give rise to operational interruption, liabilities or reputational harm as a result of governmental regulation, legal requirements or industry standards relating to privacy and data protection. As regulatory focus on privacy issues continues to increase and worldwide laws and regulations concerning the handling of personal information expand and become more complex and stringent, potential risks related to data collection and use within our business will intensify. In addition, U.S. federal and state as well as foreign governments have enacted or are considering enacting legislation or regulations, or may in the near future interpret existing legislation or regulations, in a manner that could significantly impact our ability, as well as the 23

ability of our customers, partners and data providers, to collect, augment, analyze, use, transfer (including across national borders) and share personal and other information that is integral to certain services we provide. We are also subject to data privacy and other related regulations governing the healthcare industry and patient information, including but not limited to regulations governing electronic health data transmissions, the processing of patient information, healthcare fraud and healthcare information sharing. Following the European Union's (EU) General Data Protection Regulation (GDPR), the rate of global consideration and adoption of privacy laws has increased, giving rise to more global jurisdictions in which regulatory inquiries and audits may be requested of Oracle, and if we are not deemed to be in compliance, could result in enforcement actions and/or fines. This is true in the U.S. where, for example, a number of states have enacted privacy laws, the U.S. Congress has been considering several privacy and security-related bills at the federal level, the federal government is pursuing a range of cybersecurity initiatives pertaining to critical infrastructure companies and government contractors, and a number of other state legislatures have passed or are considering privacy laws. Regulators globally are also imposing greater monetary fines for privacy violations. The GDPR provides for monetary penalties of up to €20 million, or up to 4% of an organization's worldwide revenue of the preceding financial year, whichever is greater. These penalties can be significant. For example, a U.S.-based technology company was fined €1.2 billion for alleged GDPR violations in 2023. The U.S. Federal Trade Commission continues to fine companies for unfair and deceptive data protection practices, and these fines may increase in size. Taken together, the laws or regulations associated with the enhanced protection of personal and other types of data could greatly increase the size of potential fines related to data protection, and our cost of providing our products and services could result in changes to our business practices or even prevent us from offering certain services in jurisdictions in which we operate. Although we have implemented contracts, diligence programs, policies and procedures designed to address compliance with applicable laws and regulations, there can be no assurance that our employees, contractors, partners, suppliers, data providers or agents will not violate such laws and regulations or our contracts, policies and procedures. Additionally, public perception and standards related to the privacy of personal information can shift rapidly, in ways that may affect our reputation or influence regulators to enact regulations and laws that may limit our ability to provide certain products and services. For example, numerous jurisdictions, including the EU, have passed or are considering laws and regulations that would impose additional data privacy and other compliance requirements on the use of AI and could require us to adjust or limit our product offerings in such jurisdictions. We make statements about our use and disclosure of personal information through our privacy policy, information provided on our website and press statements. Any failure, or perceived failure, by us to comply with these public statements or with U.S. federal, state, or foreign laws and regulations, including laws and regulations regulating privacy, data security, or consumer protection, public perception, standards, self-regulatory requirements or legal obligations, could result in lost or restricted business, proceedings, actions or fines brought against us or levied by governmental entities or others, or could adversely affect our business and harm our reputation. Third parties have claimed, and in the future may claim, infringement or misuse of intellectual property rights and/or breach of license agreement provisions. We periodically receive notices from, or have lawsuits filed against us by, third parties claiming infringement or other misuse of their intellectual property rights and/or breach of our agreements with them. These third parties include entities that do not design, manufacture, or distribute products or services or that acquire intellectual property for the sole purpose of monetization through infringement assertions. We expect to continue to receive such claims as: •we continue to expand into new businesses and acquire companies; •the number of products and competitors in our industry segments grows; •the use and support of third-party code (including open source code) becomes more prevalent in the industry; •the use of AI and support of LLMs becomes more prevalent in the industry;

•the volume of issued patents continues to increase; and •non-practicing entities continue to assert intellectual property infringement in our industry segments.

Responding to any such claim, regardless of its validity, could: •be time consuming, costly and result in litigation; •divert management's time and attention from developing our business; •require us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable; 24 •require us to stop selling or to redesign certain of our products; •require us to release source code to third parties, possibly under open source license terms;

Legal and Regulatory Risks Adverse litigation results could affect our business. We are subject to various legal proceedings. Litigation can be lengthy, expensive and disruptive to our operations, and can divert our management's attention away from running our core business. The results of our litigation also cannot be predicted with certainty. Even a favorable judgment 26 may be subject to appeals leading to protracted litigation, additional costs and the prospect that our desired outcome will be overturned. An adverse decision could result in monetary damages or injunctive relief that could affect our business, operating results or financial condition. Additional information regarding certain of the lawsuits we are involved in is discussed under Note 16 of Notes to Consolidated Financial Statements included elsewhere in this Annual Report. We may be subjected to increased taxes due to changes in U.S. or international tax laws or from adverse resolutions of tax audits and controversies. As a multinational corporation, we incur income taxes as well as non-income based taxes (such as payroll, sales, use, property and value-added taxes) in both the U.S. and various foreign jurisdictions. Significant uncertainties exist with respect to the application of the various taxes to the businesses in which we engage, often requiring that we make judgments in determining our tax liabilities and worldwide provision for income taxes. We are regularly under audit by tax authorities in the U.S. and internationally, which has led to disagreements regarding our treatment of various items, including our intercompany transfer prices and calculations and the applicability of withholding taxes to our cross-border transactions. Any unfavorable resolution of these tax audits and controversies could cause our tax liabilities to increase and may have a material and adverse impact on our provision for income taxes and effective tax rate. Although we believe that our income and non-income based tax estimates are reasonable, there is no assurance that the final determination of tax audits or disputes will not be different from what is reflected in our historical income tax provisions and tax accruals. Countries around the world continually consider and make changes to relevant tax, accounting and other laws, treaties, regulations, guidance and interpretations. In the U.S., various legislative proposals, if enacted, may substantially raise U.S. income taxes on our domestic and international profits. Such unfavorable tax proposals, the prospects for which depend to a significant degree on the U.S. political landscape, create the potential for added volatility in our quarterly provision for income taxes and could have a material adverse impact on our future income tax provisions and effective tax rate. Other countries also continue to consider changes to their tax laws that could negatively affect us by increasing taxes imposed on our international revenue streams, operations and cross-border transactions, including the imposition of taxes targeted at digital technology businesses and changes in withholding tax rules. The Organisation for Economic Co-operation and Development (OECD) and the Group of Twenty (G20), together with over 140 participating countries, have developed a two-pillar framework calling for a 15% global minimum tax on multinational corporate groups, which has been adopted in many jurisdictions, and that would provide greater taxing rights to market jurisdictions where customers or users are located. These changes may materially increase the level of income tax on our international profits. Our future income tax provisions and effective tax rate could materially increase under the tax changes discussed above or if other changes are made to applicable tax laws and rules in the U.S. or in other countries in which we do business. Our provision for income taxes also could be adversely affected by changes in the mix of income earned or losses incurred in jurisdictions with differing statutory tax rates, fluctuations in our stock price and level of stock-based compensation expense, changes in the valuation of our deferred tax assets or liabilities and by other factors. Our international sales and operations and global customer base subject us to additional risks that can adversely affect our operating results. We derive a substantial portion of our revenues from, and have significant operations, outside of the U.S., and in both our U.S. and non-U.S. operations we serve customers based in or with ties to numerous jurisdictions around the world. Compliance with international and U.S. laws and regulations that apply to our international operations increases our cost of doing business. These laws and regulations include data privacy requirements, labor relations laws, tax laws, foreign currency-related regulations, competition/antitrust regulations, anti-bribery laws and other laws prohibiting payments to governmental officials such as the U.S. Foreign Corrupt Practices Act (FCPA), market access regulations, tariffs, and import, export and general trade regulations, including but not limited to economic sanctions and embargos. Violations of these laws and regulations could result in monetary fines, civil and/or criminal penalties, enforcement actions against us, our officers or our employees, and prohibitions on the conduct of our business, including disgorgement, the loss of trade privileges, and other remedial measures. Any such violations could result in prohibitions on our ability to offer our products and services in one or more countries or territories or to certain entities, could delay or prevent potential acquisitions and could also materially damage our reputation, our brand, our international expansion efforts, our ability to attract and retain employees, our business and our operating results. 27

•overlapping tax regimes; and •reduced protection for intellectual property rights in some countries. The variety of risks and challenges listed above could also disrupt or otherwise negatively impact our supply chain operations and sales of our products and services in affected countries or regions. As the majority shareholder of Oracle Financial Services Software Limited, a publicly traded company in India, and Oracle Corporation Japan, a publicly traded company in Japan, we face several additional risks, including being subject to local securities regulations and being unable to exert full control that we would otherwise have if these entities were wholly-owned subsidiaries. 28 The healthcare industry is highly regulated, and thus, we are subject to several laws, regulations and industry initiatives, non-compliance with certain of which could adversely affect our healthcare business. As a participant in the healthcare industry, certain of our operations and relationships, and those of our customers, are regulated by several U.S. federal, state, local and foreign governmental entities. The impact of these regulations on us is both direct and also indirect, in terms of government program requirements applicable to our customers for the use of health IT. Even though we may not be directly regulated by specific healthcare laws and regulations, our products and services must be capable of being used by our customers in a way that complies with those laws and regulations. There are significant, wide-ranging and rapidly evolving regulations both within and outside the U.S., such as regulations in the areas of healthcare fraud, information sharing, e-prescribing, claims processing and transmission, healthcare devices, the security and privacy of patient data and interoperability standards, that may be directly or indirectly applicable to our operations and relationships or the business practices of our customers. Specific risks include, but are not limited to, the following: •The U.S. and other countries have regulations in place related to medical devices that now, or may in the future, apply to certain of our healthcare products and services. If any of our healthcare products and services are deemed to be actively regulated medical devices by regulatory agencies in countries where we do business, we could be subject to extensive requirements governing pre- and post-marketing activities, including pre-market notification clearance. •Various U.S. federal, state and non-government agencies continue to generate requirements for the use of certified electronic health record technology (CEHRT), and CEHRT continues to be a requirement of participation in federal healthcare programs in order to receive reimbursement for health items and services provided by certain of our customers to Medicare and Medicaid beneficiaries. We expect the regulations establishing the certification and interoperability standards for CEHRT will continue to be updated to emphasize interoperability, consumer engagement, patient safety and health information privacy and security. Complying with these regulations globally is expensive and could subject us to unanticipated and significant delays. If we fail to comply sufficiently with these and other regulations, it could negatively impact our ability to continue to develop, distribute and deliver certain of our healthcare products and services, and we could suffer fines or penalties. Our sales to local, state, federal and foreign government customers expose us to business volatility and risks, including government budgeting cycles and appropriations, government shutdowns, procurement regulations, governmental policy shifts, early termination of contracts, audits, investigations, sanctions and penalties. We derive revenues from contracts with the U.S. government, state and local governments, and foreign governments and are subject to procurement laws relating to the award, administration and performance of those contracts. Governmental entities are variously pursuing policies that affect our ability to sell our products and services. Changes in government procurement policy, priorities, regulations, technology initiatives and/or requirements may negatively impact our potential for growth in the government sector. For example, the U.S. government imposes evolving cybersecurity requirements, including, for example, the FedRAMP authorization process and the Department of Defense (DoD) Cybersecurity Maturity Model Certification. These requirements may impact our lines of business in the U.S. federal government market. Compliance with these cybersecurity requirements is complex and costly, and failure to meet, or delays in meeting, the required security controls could limit our ability to sell products and services, directly or indirectly, to the DoD and other federal and state government entities that implement similar cybersecurity requirements. We are also subject to early termination of our contracts. Many governmental entities have the right to terminate contracts at any time for a variety of reasons, including without cause. For example, the U.S. federal government may terminate any of our government contracts and subcontracts at its convenience, or for default based on our performance. U.S. federal, state and local government and foreign government contracts are generally subject to government funding authorizations/appropriations. Contracts may also be terminated due to a lack of government funds. There is increased pressure on governments and their agencies, both domestically and internationally, to reduce spending as governments continue to face significant deficit reduction pressures. This may adversely impact spending on government programs. In addition, an extended federal government shutdown in the U.S. could cause delays in approvals and decision making, which could negatively impact our results of operations. 29

Business and Operational Risks We may be unsuccessful in developing and selling new products and services, integrating acquired products and services and enhancing our existing products and services. Rapid technological advances, intense competition, changing delivery models and evolving standards in computer hardware and software development and communications infrastructure, changing and increasingly sophisticated customer needs and frequent new product introductions and enhancements characterize the industries in which we compete. If we are unable to develop new or sufficiently differentiated products and services, enhance and improve our product offerings and support services in a timely manner or position and price our products and services to meet demand, customers may not purchase or subscribe to our license, hardware or cloud offerings or renew license support, hardware support or cloud subscriptions contracts. Renewals of these contracts are important to our future success. In addition, we cannot provide any assurance that the standards on which we choose to develop new products will allow us to compete effectively for business opportunities in emerging areas. We have continued to refresh and release new offerings of our cloud products and services. Machine learning and AI are increasingly driving innovations in technology, but if they fail to operate as anticipated or our other products do not perform as promised, our business and reputation may be harmed.

•require us to satisfy indemnification obligations to our customers; or •otherwise adversely affect our business, results of operations, financial condition or cash flows. We may not be able to protect our intellectual property rights. We rely on copyright, trademark, patent and trade secret laws, confidentiality procedures, controls and contractual commitments to protect our intellectual property. Despite our efforts, these protections may be limited. Unauthorized third parties may try to copy or reverse engineer our products or otherwise use our intellectual property. Our patents may be invalidated or circumvented. Any of our pending or future patent applications may not be issued with the claim scope we seek, if at all. In addition, the laws of some countries do not provide the same level of intellectual property protection as U.S. laws and courts. If we cannot protect our intellectual property against unauthorized copying or use, or other misappropriation, we may not remain competitive. We may not receive significant revenues from our current research and development efforts for several years, if at all. Developing our various product offerings is expensive and the investment in the development of these offerings often involves a long return on investment cycle. An important element of our corporate strategy is to continue to dedicate a significant amount of resources to research and development and related product and service opportunities, both through internal investments and the acquisition of intellectual property from acquired companies. Accelerated product and service introductions and short lifecycles require high levels of expenditures for research and development that could adversely affect our operating results if not offset by revenue increases. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position. However, we do not expect to receive significant revenues from these investments for several years, if at all.

Financial Risks Our operations can be difficult for us to predict because our quarterly results of operations may fluctuate significantly based on a number of factors. Our revenues, particularly certain of our cloud license and on-premise license revenues and hardware revenues, can be difficult to forecast. A substantial portion of our cloud license, on-premise license and hardware contracts is completed in the latter part of a quarter. Because a significant portion of our cost structure is largely fixed in the short term, sales and revenue shortfalls tend to have a disproportionately negative impact on our profitability. The number of large license transactions and, to a lesser extent, hardware products transactions increases the risk of fluctuations in our quarterly results because a delay in even a small number of these transactions could cause our quarterly sales, revenues and profitability to fall significantly short of our predictions. In addition, sudden shifts in regional or global economic or political activity may cause our sales forecasts to be inaccurate. In addition, we hold a portfolio of publicly traded and privately held equity investments. Changes in the fair values of these investments are recorded as unrealized gains or losses as a component of consolidated net income in each period. The timing and amount of changes in fair value, if any, of these investments depends on factors beyond our control, including the perceived and actual performance of the companies or funds in which we invest. Changes in the fair values of these investments are also subject to the general conditions of public and private equity markets, which are uncertain and have in the past varied, and may in the future vary, materially by period. Changes in the fair values of these investments have contributed, and may in the future contribute, to volatility in our net income that is not reflective of our core businesses. Changes in currency exchange rates can adversely affect customer demand and our revenue and profitability. We conduct a significant number of transactions and hold cash in currencies other than the U.S. Dollar. Changes in the values of major foreign currencies, particularly the Australian Dollar, British Pound, Brazilian Real, Canadian Dollar, Euro, Indian Rupee, Japanese Yen and Saudi Riyal, relative to the U.S. Dollar can significantly affect our total assets, revenues, operating results and cash flows, which are reported in U.S. Dollars. Fluctuations in foreign currency rates, including the strengthening of the U.S. Dollar against the Euro and most other major international currencies, adversely affects our revenue growth in terms of the amounts that we report in U.S. Dollars after converting our foreign currency results into U.S. Dollars and in terms of actual demand for our products and services as certain of these products may become relatively more expensive for foreign currency-based enterprises to purchase. In addition, currency variations can adversely affect margins on sales of our products in countries outside of the U.S. Generally, our reported revenues and operating results are adversely affected when the dollar strengthens relative to other currencies and are positively affected when the dollar weakens. In addition, our reported assets generally are adversely affected when the dollar strengthens relative to other currencies as a portion of our consolidated cash and bank deposits, among other assets, are held in foreign currencies and reported in U.S. Dollars. In addition, we incur foreign currency transaction gains and losses, primarily related to sublicense fees and other intercompany agreements among us and our subsidiaries that we expect to cash settle in the near term, which are charged to earnings in the period incurred. We have a program which primarily utilizes foreign currency forward contracts designed to offset the risks associated with certain foreign currency exposures. We may suspend the program from time to time. As part of this program, we enter into foreign currency forward contracts so that increases or decreases in our foreign currency exposures are offset at least in part by gains or losses on the foreign currency forward contracts in an effort to mitigate the risks and volatility associated with our foreign currency transaction gains or losses. A large portion of our consolidated operations are international, and we expect that we will continue to realize gains or losses with respect to our foreign currency exposures, net of gains or losses from our foreign currency forward contracts, including the cost to obtain such contracts. For example, we will experience 29 foreign currency gains and losses in certain instances if it is not possible or cost-effective to hedge our foreign currency exposures, if our hedging efforts are ineffective, or should we suspend our foreign currency forward contract program. Our ultimate realized loss or gain with respect to currency fluctuations will generally depend on the size and type of cross-currency exposures that we enter into, the currency exchange rates associated with these exposures and changes in those rates, whether we have entered into foreign currency forward contracts to offset these exposures and any related fees paid to purchase such contracts, and other factors. All of these factors could materially impact our results of operations, financial position and cash flows. We have incurred foreign currency losses associated with the devaluation of currencies in certain highly inflationary economies relative to the U.S. Dollar. We could incur future losses in emerging market countries and other countries where we do business should their currencies become designated as highly inflationary.

Risks Related to Our Common Stock Our stock price could become more volatile and your investment could lose value. All of the factors discussed within this Risk Factors section could affect our stock price. The timing of announcements in the public market by us or by our competitors regarding new cloud services, products, product enhancements, technological advances, acquisitions or major transactions could also affect our stock price. Changes in the amounts and frequency of stock repurchases or dividends could affect our stock price. Our stock price could also be affected by factors, some of which are beyond our control, including, among others: speculation in the press, social media and the analyst community; changes in recommendations or earnings related estimates by financial analysts; changes in investors' or analysts' valuation measures for our stock; negative analyst surveys or channel check surveys; earnings announcements where our financial results differ from our guidance or investors' expectations; our credit ratings; dissemination of inaccurate information or misinformation about our business and results of operations (including through the malicious use of generative AI tools); and market trends unrelated to our performance. The stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. A significant drop in our stock price could also expose us to the risk of securities class action lawsuits, which could result in substantial costs and divert management's attention and resources, which could adversely affect our business. We cannot guarantee that our stock repurchase program will be fully implemented or that it will enhance long-term stockholder value. Our repurchase program does not have an expiration date and we are not obligated to repurchase a specified number or dollar value of shares. Further, our stock repurchase program may be accelerated, suspended, delayed or discontinued at any time. However, we do not expect to increase the amount of stock repurchases until our gross debt is reduced below certain thresholds. Even if fully implemented, our stock repurchase program may not enhance long-term stockholder value.

•governmental budgetary constraints or shifts in government spending priorities; and 32 •general legal, regulatory and political developments. Macroeconomic developments such as the global or regional economic effects resulting from elevated inflation and interest rates, limited liquidity, adverse developments affecting financial institutions, the current wars, evolving trade policies between the U.S. and international trade partners, or the occurrence of similar events in other countries that lead to uncertainty or instability in economic, political or market conditions could negatively affect our business, operating results, financial condition and outlook, which, in turn, could adversely affect our stock price. Any general weakening of, and related declining corporate confidence in, the global economy or the curtailment of government or corporate spending could cause current or potential customers to reduce or eliminate their IT budgets and spending, which could cause customers to delay, decrease or cancel purchases of our products and services or cause customers not to pay us or to delay paying us for previously purchased products and services. If any parties with whom we conduct business or invest our cash or cash equivalents are unable to meet their obligations to us, our business could be adversely affected. Bank failures or issues in the broader U.S. or global financial systems may have an impact on the broader capital markets and, in turn, our ability to access those markets. In addition, international, regional or domestic political unrest and the related potential impact on global stability, terrorist attacks and the potential for other hostilities in various parts of the world, public health crises and natural disasters continue to contribute to a climate of economic and political uncertainty that could adversely affect our results of operations and financial condition, including our revenue growth and profitability. These factors generally have the strongest effect on our sales of cloud license and on-premise license, hardware and related services and, to a lesser extent, also may affect our renewal rates for license support and our subscription-based cloud offerings. Business disruptions could adversely affect our operating results. A significant portion of our critical business operations are concentrated in a few geographic areas, some of which include emerging market international locations that may be less stable relative to running such business operations solely within the U.S. We are a highly automated business and a disruption or failure of our systems, supply chains and processes could cause delays in completing sales, providing services, including some of our cloud offerings, and enabling a seamless customer experience with respect to our customer facing back-office processes. Although the Oracle Cloud is designed to automatically redirect traffic to an alternate facility, in the event of a severe impact to one facility, a major natural disaster, political, social or other disruption to infrastructure that supports our operations or other catastrophic event or the effects of climate change (such as increased storm severity, drought and pandemics) that results in the destruction or disruption of any of our critical business operations, supply chains or IT systems could severely affect our ability to conduct normal business operations and, as a result, our future operating results could be materially and adversely affected.

Index to Financial Statements uncertainties. Our failure to adapt to these changes could result in legal and reputational consequences including, but not limited to, being required to adjust or limit our product offerings or our use of AI in certain jurisdictions to comply with new and evolving AI laws and regulations. If we do not successfully execute our Oracle Cloud strategy, including our offerings of Oracle Cloud Services, our revenues and profitability may decline. We provide our cloud and other offerings to customers worldwide via a variety of deployment models, including via our cloud-based SaaS and OCI offerings. As these business models continue to evolve, we may not be able to compete effectively, generate significant revenues or maintain the profitability of our cloud offerings. Additionally, the increasing prevalence of various cloud offering models by us and our competitors may unfavorably impact the pricing of our cloud and license offerings. If we do not successfully execute our cloud computing strategy or anticipate the cloud computing needs of our customers, our reputation as a cloud services provider could be harmed and our revenues and profitability could decline. As customer demand for our cloud offerings increases, we experience volatility in our reported revenues and operating results due to the differences in timing of revenue recognition between our cloud license and on-premise license, and hardware product arrangements relative to our cloud offering arrangements. Customers predominantly purchase our cloud offerings on a subscription basis, and revenues from these offerings are generally recognized ratably or as services are consumed over the terms of the subscriptions. Consequently, any deterioration in sales activity associated with our cloud offerings may not be immediately observable in our consolidated statement of operations. This is in contrast to revenues associated with our license and hardware product arrangements, which are generally recognized in full at the time of delivery of the related licenses and hardware products. In addition, we may not be able to accurately anticipate customer transitions from or be able to sufficiently backfill reduced customer demand for our license, hardware and support offerings relative to the expected increase in customer adoption of and demand for our Oracle Cloud Services, which could adversely affect our revenues and profitability. If we are unable to secure data center capacity at affordable rates or do not accurately plan for our infrastructure capacity requirements, our profitability may decline. As a part of our Oracle Cloud strategy, we plan our investment levels based on estimates of future revenues and future anticipated rates of growth. In recent periods, our cloud services and license support expenses have grown to meet current and expected demand for our cloud offerings, including investments to increase our existing data center capacity and to establish data centers in new geographic locations. In connection with these investments, we entered, and expect to continue to enter, into long-term operating lease commitments with third-party data center providers that generally require us to pay significant contract termination fees to early exit such obligations should our strategies change, which could adversely impact our profitability and cash flows. Data centers in geographies that we rely on may also be unavailable on commercially reasonable terms or at all. Moreover, we do not control the operation of these third-party data centers, and they may suffer interruptions in service from events beyond our control, including from acts of government, natural events, power loss, break-ins or misconduct by those third parties. In addition, we rely on third-party suppliers to provide equipment and components required to outfit these data centers on a timely basis. Ongoing or future delays could cause the loss of additional sales, delay our revenue recognition or increase our costs, all of which could adversely affect the margins of our business. We typically depreciate these assets over their estimated useful lives, which could be shortened should our cloud strategies change, which could adversely affect our profitability. Our products and services may not function properly if we experience significant coding, manufacturing or configuration errors in our cloud, license and hardware offerings. Despite testing prior to the release and throughout the lifecycle of a product or service, our cloud, license and hardware offerings sometimes contain coding, manufacturing or configuration errors that can impact their function, performance and security, and result in other negative consequences. The detection and correction of any errors in released cloud, license or hardware offerings can be time consuming and costly. Errors in our cloud, license or hardware offerings, or errors embedded in third-party software products or services incorporated into our own products, could affect their ability to properly function, integrate or operate with other cloud, license or hardware offerings, could result in service interruptions, delays or outages of our cloud offerings, could create security vulnerabilities in our products or services, could delay the development or release of new products or services or new versions of products or services, and could adversely affect market acceptance of our products or services. If we experience any of these errors, or if there are delays in releasing our cloud, license or hardware offerings or new versions of these offerings, our sales could be affected and revenues could decline. In addition, we run Oracle's business operations as well as cloud and other services that we offer to our customers on our products and networks. Therefore, any flaws could affect our and our customers'

offerings often involves a long return on investment cycle. An important element of our corporate strategy is to continue to dedicate a significant amount of resources to research and development and related product and service opportunities, both through internal investments and the acquisition of intellectual property from acquired companies. Accelerated product and service introductions and short lifecycles require high levels of expenditures for research and development that could adversely affect our operating results if not offset by revenue increases. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position. However, we do not expect to receive significant revenues from these investments for several years, if at all. Our cloud offerings and hardware offerings are complex, and if we cannot successfully manage this complexity, including the sourcing of technologies and components, the results of these businesses will suffer. We depend on suppliers to develop, manufacture and deliver on a timely basis the necessary technologies and components for our hardware products that we market and sell to our customers and that we use as a part of our cloud infrastructure to deliver our cloud offerings, and there are some technologies and components that can only be purchased from a single vendor due to price, quality, technology, availability or other business constraints. Our supply chain operations are affected by industry consolidation and component constraints or shortages, natural disasters, political unrest (such as the tensions between China and Taiwan), public health crises, changes to trade laws or regulations, port stoppages, shipping interruptions or other transportation disruptions or slowdowns, and other factors affecting the countries or regions where these single source component vendors are located or where the products are being shipped. If disruption caused by one or more of the risks described above occurs, our cloud and license business and hardware business and related operating results could be materially and adversely affected. Supply chain shortages have in some instances resulted in increases to the costs of production of our hardware products that we may not be able to pass on to our customers. In addition, we have in some instances responded to such shortages by committing to higher purchases and balances of hardware products that we market and sell to our customers and that we use as a part of our cloud infrastructure to deliver our cloud offerings, relative to our historical positions. While this permits us to secure manufacturing capacity, it has increased excess and obsolescence risk of such hardware products and could adversely impact our profitability and cash flows. We expect these factors will continue to impact us in the future. We outsource most of our manufacturing, assembly, delivery and technology of, and certain component designs for, our hardware products to a variety of companies, many of which are located outside the U.S. From time to time, these partners experience production problems, delays or cannot meet our demand for products. Ongoing or future delays in manufacturing could cause the loss of additional sales, delayed revenue recognition or an increase in our hardware products expenses, all of which could adversely affect the margins of our cloud and license business and hardware business. These challenges could arise if we alter our manufacturing strategies, suppliers, or locations. Our periodic workforce restructurings and reorganizations can be disruptive. We periodically restructure or make other adjustments to our workforce in response to management changes, product changes, performance issues, changes in strategies, acquisitions and other internal and external considerations. These types of restructurings have resulted, and may in the future result, in increased restructuring costs and temporary reduced productivity while employees adjust to the restructuring. These types of restructurings may also lead to a shortage of sufficiently skilled employees in certain roles. In addition, we may not achieve or sustain the expected growth, resource redeployment or cost savings benefits of these restructurings, or may not do so within the expected timeframe. These effects could recur in connection with future acquisitions and other restructurings, and our revenues and other results of operations could be negatively affected. We may lose key employees or may be unable to hire enough qualified employees. We rely on hiring qualified employees and the continued service of our senior management, including our Chairman of the Board of Directors, Chief Technology Officer and founder; our Chief Executive Officer; other members of our executive team; and other key employees. In the technology industry, there is substantial and continuous competition for highly skilled business, product development and technical personnel, particularly in the AI field. Hiring freezes or slowdowns may result in decreased productivity while existing employees take on additional roles and responsibilities, and may also lead to a shortage of sufficiently skilled employees in certain roles. We may also experience increased compensation costs that are not offset by either improved productivity or higher sales. We may not be successful in recruiting new personnel and in retaining and motivating existing personnel. With 22 rare exceptions, we do not have long-term employment or non-competition agreements with our employees. Members of our senior management team have left Oracle over the years for a variety of reasons, and any future departures may be disruptive to our operations.

We continually focus on improving our cost structure by hiring personnel in countries where advanced technical and other expertise are available at lower costs. When we make adjustments to our workforce, we may incur expenses associated with workforce reductions that delay the benefit of a more efficient workforce structure. We are experiencing increased competition for employees in these countries as the trend toward globalization continues, which has affected our employee retention efforts and increased our expenses in an effort to offer a competitive compensation program. In addition, changes to immigration and labor law policies may adversely impact our access to technical and professional talent. Our general compensation program includes restricted stock units (RSUs) and performance-based equity, which are important tools in attracting and retaining employees in our industry. If our stock price performs poorly, it may adversely affect our ability to retain or attract employees. We continually evaluate our compensation practices and consider changes from time to time, which may have an impact on our ability to retain employees and the amount of stock-based compensation expense that we record. Any changes in our compensation practices or those of our competitors could affect our ability to retain and motivate existing personnel and recruit new personnel. There are risks associated with our cloud and license and hardware indirect sales channels which could affect our future operating results. Our cloud and license and hardware indirect channel networks are comprised primarily of resellers, system integrators/implementers, consultants, education providers, internet service providers, network integrators and ISVs. Our relationships with these channel participants are important elements of our cloud, software and hardware marketing and sales efforts. Our financial results could be adversely affected if: •our contracts with channel participants were terminated or our relationships with channel participants were to deteriorate; •any of our competitors enter into strategic relationships with or acquire a significant channel participant;

Index to Financial Statements abilities to conduct business operations and to ensure accuracy in financial processes and reporting, and may result in unanticipated costs and interruptions. Enterprise customers rely on our cloud, license and hardware offerings and related services to run their businesses, and errors in our cloud, license and hardware offerings and related services could expose us to product liability, performance and warranty claims as well as significant harm to our brand and reputation, which could impact our future sales. If we are unable to compete effectively, the results of operations and prospects for our business could be harmed. We face intense competition in all aspects of our business. The nature of the IT industry creates a competitive landscape that is constantly evolving as firms emerge, expand or are acquired, as technology evolves and as delivery models change. Our enterprise cloud, license and hardware offerings compete directly with certain offerings from some of the largest and most competitive companies in the world. In addition, due to the low barriers to entry in many of our market segments, new technologies and new and growing competitors frequently emerge to challenge our offerings. We believe many vendors spend amounts in excess of what Oracle spends to develop and market applications and infrastructure technologies including databases, middleware products, application development tools, business applications, collaboration products and business intelligence, compute, storage and networking products, among others, which compete with Oracle applications and infrastructure offerings. In addition, use of our competitors' technologies can influence a customer's purchasing decision or create an environment that makes it less efficient to utilize or migrate to Oracle products and services. For example, we offer our customers multicloud services whereby our customers can combine cloud services from multiple clouds with the goal of optimizing cost, functionality and performance. OCI's multicloud services work with a number of our competitors' products, including Microsoft Azure, Amazon Web Services and Google Cloud Platform. This multicloud strategy could lead our customers to migrate away from our cloud offerings to our competitors' products or limit their purchases of additional Oracle products, either of which could adversely affect our revenues and profitability. Our competitors may also adopt business practices that provide customers access to competing products and services on terms that we may not generally find acceptable, which may convince customers to purchase competitor products and services. We could lose customers if our competitors introduce new competitive products, add new functionality, acquire competitive products, reduce prices, better execute on their sales and marketing strategies, offer more flexible business practices, provide debt or equity financing to customers or form strategic alliances with other companies. Mergers, consolidations or alliances among our competitors, or acquisitions of our competitors by large companies may result in increased competition. If our competitors offer deep discounts on certain products or services or develop products that the marketplace considers more valuable, we may need to lower prices, introduce pricing models and offerings or offer other terms that are less favorable to us to compete successfully. Any such changes may reduce revenues and margins and could adversely affect operating results. Additionally, the increasing prevalence of cloud delivery models offered by us and our competitors may unfavorably impact the pricing of our other cloud and license, hardware and services offerings, and we may also incur increased cloud delivery expenses as we expand our cloud operations and update our infrastructure, all of which could reduce our revenues and profitability. Our license support fees and hardware support fees are generally priced as a percentage of our net license fees and net new hardware products fees, respectively. Our competitors may offer lower pricing on their support offerings, which could put pressure on us to further discount our offerings. If we do not adapt our pricing models to reflect changes in customer use of our products, changes in customer demand or increased competition, our revenues could decrease. Any failure to offer high-quality technical support services may adversely affect our relationships with our customers and our financial results. Our customers depend on our support organization to resolve technical issues relating to our applications and infrastructure offerings. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services or may be inefficient in our resolution of customer support issues. Increased customer demand for these services, without corresponding revenues, could increase costs and adversely affect our operating results. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality technical support, could adversely affect our reputation, our ability to sell and renew our applications and infrastructure offerings to existing and prospective customers, and our business, operating results, and financial position. We may not receive significant revenues from our current research and development efforts for several years, if at all. Developing our various product offerings is expensive and the investment in the development of these 21

•the financial condition or operations of our channel participants were to weaken; or •the level of demand for our channel participants' products and services were to decrease. There can be no assurance that we will be successful in maintaining, expanding or developing our relationships with channel participants. If we are not successful, we may lose sales opportunities, customers and revenues. In addition, we do not control channel participants, some of which operate in jurisdictions with high levels of corruption, and our compliance policies and procedures may fail to prevent or detect violations of anti-corruption or other laws for which we may be held responsible. Acquisitions present many risks and we may not achieve the financial and strategic goals that were contemplated at the time of a transaction. We review and consider strategic acquisitions of companies, products, services and technologies. We have a selective and active acquisition program and we expect to continue to make acquisitions in the future because acquisitions have been an important element of our overall corporate strategy. Risks we may face in connection with our acquisition program include: •our ongoing business may be disrupted and our management's attention may be diverted by acquisition, transition or integration activities; •we may have difficulties (1) managing an acquired company's technologies or lines of business; (2) entering new markets where we have no, or limited, direct prior experience or where competitors may have stronger market positions; or (3) retaining key personnel from the acquired companies; •an acquisition may not further our business strategy as we expected, we may not integrate an acquired company or technology as successfully as we expected, we may impose our business practices or alter go-to-market strategies that adversely impact the acquired business or we may overpay for, or otherwise not realize the expected return on our investments, each or all of which could adversely affect our business or operating results and potentially cause impairment to assets that we recorded as a part of an acquisition, including intangible assets and goodwill; •our operating results or financial condition may be adversely impacted by (1) claims or liabilities that we assume from an acquired company or technology or that are otherwise related to an acquisition; (2) pre-existing contractual relationships that we assume from an acquired company, the termination or 23 modification of which may be costly or disruptive to our business; and (3) unfavorable revenue recognition or other accounting treatment as a result of an acquired company's business practices; •we may fail to identify or assess the magnitude of certain liabilities, shortcomings or other circumstances prior to acquiring a company or technology; •we may not realize any anticipated increase in our revenues from an acquisition for a number of reasons, including (1) if a larger than predicted number of customers decline to renew or terminate their contracts with the acquired company; (2) if we are unable to sell the acquired products or service offerings to our customer base; (3) if acquired customers do not elect to purchase our technologies due to differing business practices; or (4) if contract models utilized by an acquired company do not allow us to recognize revenues in a manner that is consistent with our current accounting practices; •we may have difficulty integrating acquired technologies, products, services and their related supply chain operations with our existing lines of business and related infrastructures; •we may have multiple product lines or services offerings as a result of our acquisitions that are offered, priced, delivered and supported differently, which could cause customer confusion and delays; •we may incur higher than anticipated costs (1) to support, develop and deliver acquired products or services; (2) for general and administrative functions that support new business models; or (3) to comply with regulations applicable to an acquired business that are more complicated than we had anticipated; •we may be unable to obtain timely approvals from, or may otherwise have certain limitations, restrictions, penalties or other sanctions imposed on us by worker councils or similar bodies under applicable employment laws as a result of an acquisition; •we may be unable to obtain required approvals from governmental authorities under foreign direct investment, foreign subsidy, competition and antitrust laws on a timely basis, if at all, and we may need to divest or dispose of assets or businesses or take other actions to obtain such approvals;

Data Privacy, Cybersecurity and Intellectual Property Risks If our security measures for our products and services are compromised and as a result, our data, our customers' data or our IT systems are accessed improperly, made unavailable, or improperly modified, our products and services may be perceived as vulnerable, our brand and reputation could be damaged, the IT services we provide to our customers could be disrupted, and customers may stop using our products and services, any of which could reduce our revenue and earnings, increase our expenses and expose us to legal claims and regulatory actions. Our products and services, including Oracle Cloud Services, store, retrieve, process and manage third-party data, such as our customers' data, as well as our own data. We believe that Oracle is a target for computer hackers, cyber threats and other bad actors because Oracle stores and processes large amounts of data, including sensitive data such as health sciences (including patient health information), financial services, retail, hospitality, telecommunications and government data. We and our third-party vendors are regularly subject to attempts by third parties (which may include individuals or groups of hackers and sophisticated organizations, such as state-sponsored organizations, nation-states and individuals sponsored by them) to identify and exploit product and service vulnerabilities, penetrate or bypass our security measures, and gain unauthorized access to our or our customers', partners' and suppliers' software, hardware and cloud offerings, networks and systems. Successful attempts by one of these malicious actors can lead to the compromise of personal information or the confidential information or data of Oracle or our customers. Attempts of this nature typically involve IT-related viruses, worms, and other malicious software programs that attack networks, systems, products and services, exploit potential security vulnerabilities of networks, systems, products and services, create system disruptions and cause shutdowns or denials of service. Third parties may attempt to fraudulently induce customers, partners, employees or suppliers into disclosing sensitive information such as user names, passwords or other information to gain access to our data, our customers', suppliers' or partners' data or the IT systems of Oracle, our customers, suppliers or partners. Our products and 24 services, including our Oracle Cloud Services, may also be accessed or modified improperly as a result of customer, partner, employee, contractor or supplier error or malfeasance. If a cyber-attack or other security incident results in unauthorized access to, or modification or exfiltration of, our customers' or suppliers' data, other external data, our own data or our IT systems, or if the services we provide to our customers are disrupted, or if our products or services are reported to have (or are perceived as having) security vulnerabilities, we could incur significant expenses and suffer substantial damage to our brand and reputation. If our customers lose confidence in the security and reliability of our products and services, including our cloud offerings, and perceive them to not be secure, they may decide to reduce or terminate their spend with us. In addition, cyber-attacks and other security incidents could lead to considerable investigation and remediation costs, loss or destruction of information, interruption of our operations, inappropriate use of proprietary and sensitive data, lawsuits, indemnity obligations, regulatory investigations and financial penalties, and claims and increased legal liability, including in some cases contractual costs related to customer notification and fraud monitoring. Our remediation efforts may not be successful. Because the techniques used to obtain unauthorized access to, or sabotage IT systems, change frequently, grow more complex over time, and often are not recognized until launched against a target, we may be unable to anticipate or implement adequate measures to prevent such techniques. Our internal IT systems continue to evolve and we are often early adopters of new technologies. However, our business policies and internal security controls may not keep pace with these changes as new threats emerge. We may not discover any security breach and loss of information for a significant period of time after the security breach. Our products operate in conjunction with and are dependent on a wide variety of third-party products, components and services. If there is a security vulnerability in one of these components, and if there is a security exploit targeting it, we could face increased costs, liability claims, customer dissatisfaction, reduced revenue, or harm to our reputation or competitive position. We also have an active acquisition program and have acquired a number of companies, products, services and technologies over the years. While we make significant efforts to address any IT security issues with respect to our acquired companies, we may still inherit such risks when we integrate these companies within Oracle.

Our business practices with respect to data could give rise to operational interruption, liabilities or reputational harm as a result of governmental regulation, legal requirements or industry standards relating to privacy and data protection. As regulatory focus on privacy issues continues to increase and worldwide laws and regulations concerning the handling of personal information expand and become more complex and stringent, potential risks related to data collection and use within our business will intensify. In addition, U.S. federal and state as well as foreign governments have enacted or are considering enacting legislation or regulations, or may in the near future interpret existing legislation or regulations, in a manner that could significantly impact our ability, as well as the ability of our customers, partners and data providers, to collect, augment, analyze, use, transfer (including across national borders) and share personal and other information that is integral to certain services we provide. We are also subject to data privacy and other related regulations governing the healthcare industry and patient information, including but not limited to regulations governing electronic health data transmissions, the processing of patient information, healthcare fraud and healthcare information sharing. Following the European Union's (EU) General Data Protection Regulation (GDPR), the rate of global consideration and adoption of privacy laws has increased, giving rise to more global jurisdictions in which regulatory inquiries and audits may be requested of Oracle, and if we are not deemed to be in compliance, could result in enforcement actions and/or fines. This is true in the U.S. where, for example, a number of states have enacted privacy laws, the U.S. Congress is considering several privacy and security-related bills at the federal level, the federal government is pursuing a range of cybersecurity initiatives pertaining to critical infrastructure companies and government contractors, and a number of other state legislatures are considering privacy laws. Regulators globally are also imposing greater monetary fines for privacy violations. The GDPR provides for monetary penalties of up to €20 million, or up to 4% of an organization's worldwide revenue of the preceding financial year, whichever is greater. These penalties can be significant. For example, a U.S.-based technology company was fined €1.2 billion for alleged GDPR violations in 2023. The U.S. Federal Trade Commission continues to fine companies for unfair and deceptive data protection practices, and these fines may increase in size. Taken together, the laws or regulations associated with the enhanced protection of personal and other types of data could greatly increase the size of potential fines related to data protection, and our cost of providing our products and services could result in changes to our business 25 practices or even prevent us from offering certain services in jurisdictions in which we operate. Although we have implemented contracts, diligence programs, policies and procedures designed to address compliance with applicable laws and regulations, there can be no assurance that our employees, contractors, partners, suppliers, data providers or agents will not violate such laws and regulations or our contracts, policies and procedures. Additionally, public perception and standards related to the privacy of personal information can shift rapidly, in ways that may affect our reputation or influence regulators to enact regulations and laws that may limit our ability to provide certain products and services. For example, numerous jurisdictions, including the EU, are considering laws and regulations that would impose additional data privacy and other compliance requirements on the use of AI and could require us to adjust or limit our product offerings in such jurisdictions. We make statements about our use and disclosure of personal information through our privacy policy, information provided on our website and press statements. Any failure, or perceived failure, by us to comply with these public statements or with U.S. federal, state, or foreign laws and regulations, including laws and regulations regulating privacy, data security, or consumer protection, public perception, standards, self-regulatory requirements or legal obligations, could result in lost or restricted business, proceedings, actions or fines brought against us or levied by governmental entities or others, or could adversely affect our business and harm our reputation. Third parties have claimed, and in the future may claim, infringement or misuse of intellectual property rights and/or breach of license agreement provisions. We periodically receive notices from, or have lawsuits filed against us by, third parties claiming infringement or other misuse of their intellectual property rights and/or breach of our agreements with them. These third parties include entities that do not design, manufacture, or distribute products or services or that acquire intellectual property for the sole purpose of monetization through infringement assertions. We expect to continue to receive such claims as: •we continue to expand into new businesses and acquire companies; •the number of products and competitors in our industry segments grows; •the use and support of third-party code (including open source code) becomes more prevalent in the industry;

Our international sales and operations and global customer base subject us to additional risks that can adversely affect our operating results. We derive a substantial portion of our revenues from, and have significant operations, outside of the U.S., and in both our U.S. and non-U.S. operations we serve customers based in or with ties to numerous jurisdictions around the world. Compliance with international and U.S. laws and regulations that apply to our international operations increases our cost of doing business. These laws and regulations include data privacy requirements, labor relations laws, tax laws, foreign currency-related regulations, competition/antitrust regulations, anti-bribery laws and other laws prohibiting payments to governmental officials such as the U.S. Foreign Corrupt Practices Act (FCPA), market access regulations, tariffs, and import, export and general trade regulations, including but not limited to economic sanctions and embargos. Violations of these laws and regulations could result in monetary fines, civil and/or criminal penalties, enforcement actions against us, our officers or our employees, and prohibitions on the conduct of our business, including disgorgement, the loss of trade privileges, and other remedial measures. Any such violations could result in prohibitions on our ability to offer our products and services in one or more countries or territories or to certain entities, could delay or prevent potential acquisitions and could also materially damage our reputation, our brand, our international expansion efforts, our ability to attract and retain employees, our business and our operating results. Changes to sanctions or export control regulations in the U.S. and the other jurisdictions where we currently operate or have dealings, or in the future may operate or have dealings, can require suspension or termination of business, including financial transactions, in certain countries, territories or with certain customers and any such action in the future could adversely affect our business, financial condition and results of operations. For example, in March 2022, following Russia's invasion of Ukraine and the imposition of economic sanctions and export controls targeting Russia by the U.S., EU and other countries, we withdrew our operations from the Russian Federation and the Republic of Belarus. We continue to monitor relations between the U.S. and the Russian Federation, the Republic of Belarus and the People's Republic of China, among others. It is difficult to anticipate the effect such relations may have on us. Compliance with any further economic sanctions, export controls or other regulatory restrictions (and any retaliatory responses thereto) taken by the U.S. or other countries could prevent us from serving certain customers or restrict our customers from operating in specific jurisdictions, which could have an adverse effect on our operations and results of operations. Compliance with these laws may increase our expenses as we engage specialized or other additional resources to assist us with our compliance efforts. 26 Our success depends, in part, on our ability to anticipate these risks and manage these difficulties. We monitor our operations and investigate allegations of improprieties relating to transactions and the way in which such transactions are recorded. Where circumstances warrant, we provide information and report our findings to government authorities, and in some circumstances such authorities conduct their own investigations and we respond to their requests or demands for information. No assurance can be given that action will not be taken by such authorities or that our compliance program will prove effective.

•we do not optimize complementary product lines and services in a timely manner; or Index to Financial Statements •we fail to adequately integrate, support or enhance acquired product lines or services. In addition, our profitability and revenues could be adversely impacted if we lost one or more of our key customers for any reason, including as a result of any of the factors discussed above. Any such loss could also limit or reduce our growth in future periods. If we do not successfully execute our Oracle Cloud strategy, including our offerings of Oracle Cloud Services, our revenues and profitability may decline. We provide our cloud and other offerings to customers worldwide via a variety of deployment models, including via our cloud-based SaaS and OCI offerings. As these business models continue to evolve, we may not be able to compete effectively, generate significant revenues or maintain the profitability of our cloud offerings. Additionally, the increasing prevalence of cloud and SaaS delivery models offered by us and our competitors may unfavorably impact the pricing of our cloud and license offerings. If we do not successfully execute our cloud computing strategy or anticipate the cloud computing needs of our customers, our reputation as a cloud services provider could be harmed and our revenues and profitability could decline. As customer demand for our cloud offerings increases, we experience volatility in our reported revenues and operating results due to the differences in timing of revenue recognition between our cloud license and on-premise license, and hardware product arrangements relative to our cloud offering arrangements. Customers predominantly purchase our cloud offerings on a subscription basis and revenues from these offerings are generally recognized ratably or as services are consumed over the terms of the subscriptions. Consequently, any deterioration in sales activity associated with our cloud offerings may not be immediately observable in our consolidated statement of operations. This is in contrast to revenues associated with our license and hardware product arrangements, which are generally recognized in full at the time of delivery of the related licenses and hardware products. In addition, we may not be able to accurately anticipate customer transitions from or be able to sufficiently backfill reduced customer demand for our license, hardware and support offerings relative to the expected increase in customer adoption of and demand for our Oracle Cloud Services, which could adversely affect our revenues and profitability. As a part of our Oracle Cloud strategy, we plan our investment levels based on estimates of future revenues and future anticipated rates of growth. In recent periods, our cloud services and license support expenses have grown to meet current and expected demand for our cloud offerings, including investments to increase our existing data center capacity and to establish data centers in new geographic locations. In connection with these investments, we entered, and expect to continue to enter, into long-term operating lease commitments with third party data center providers that generally require us to pay significant contract termination fees to early exit such obligations should our strategies change, which could adversely impact our profitability and cash flows. In addition, we outfit these data centers with equipment and improvements that we typically depreciate over their estimated useful lives, which could be shortened should our cloud strategies change, which could adversely affect our profitability. Our products and services may not function properly if we experience significant coding, manufacturing or configuration errors in our cloud, license and hardware offerings. Despite testing prior to the release and throughout the lifecycle of a product or service, our cloud, license and hardware offerings sometimes contain coding, manufacturing or configuration errors that can impact their function, performance and security, and result in other negative consequences. The detection and correction of any errors in released cloud, license or hardware offerings can be time consuming and costly. Errors in our cloud, license or hardware offerings could affect their ability to properly function, integrate or operate with other cloud, license or hardware offerings, could result in service interruptions, delays or outages of our cloud offerings, could create security vulnerabilities in our products or services, could delay the development or release of new products or services or new versions of products or services, and could adversely affect market acceptance of our products or services. This includes third-party software products or services incorporated into our own. If we experience any of these errors, or if there are delays in releasing our cloud, license or hardware offerings or new versions of these offerings, our sales could be affected and revenues could decline. In addition, we run Oracle's business operations as well as cloud and other services that we offer to our customers on our products and networks. Therefore, any flaws could affect our and our customers' abilities to conduct business operations and to ensure accuracy in financial processes and reporting, and may result in unanticipated costs and interruptions. Enterprise customers rely on our cloud, license and hardware offerings and related services to run their businesses, and errors in our cloud, license and hardware offerings and related services

Business and Operational Risks Our success depends upon our ability to develop and sell new products and services, integrate acquired products and services and enhance our existing products and services. Rapid technological advances, intense competition, changing delivery models and evolving standards in computer hardware and software development and communications infrastructure, changing and increasingly sophisticated customer needs and frequent new product introductions and enhancements characterize the industries in which we compete. If we are unable to develop new or sufficiently differentiated products and services, enhance and improve our product offerings and support services in a timely manner or position and price our products and services to meet demand, customers may not purchase or subscribe to our license, hardware or cloud offerings or renew license support, hardware support or cloud subscriptions contracts. Renewals of these contracts are important to the growth of our business. In addition, we cannot provide any assurance that the standards on which we choose to develop new products will allow us to compete effectively for business opportunities in emerging areas. We have continued to refresh and release new offerings of our cloud products and services. Machine learning and artificial intelligence are increasingly driving innovations in technology, but if they fail to operate as anticipated or our other products do not perform as promised, our business and reputation may be harmed. During fiscal 2022, we held many of our major customer events in a virtual format. Our shift to virtual customer events may not be successful, and we may not be able to showcase our products as well as we have historically done through in-person events or generate the same customer interest, opportunities and leads through these virtual events. We currently plan to reintroduce large in-person events during fiscal 2023 but we may not be able to do so successfully and our customers may not be able or willing to attend them, which could adversely impact our ability to market and sell our products and services.

overlapping tax regimes; and • reduced protection for intellectual property rights in some countries. The variety of risks and challenges listed above could also disrupt or otherwise negatively impact our supply chain operations and sales of our products and services in affected countries or regions. As the majority shareholder of Oracle Financial Services Software Limited, a publicly traded company in India, and Oracle Corporation Japan, a publicly traded company in Japan, we are faced with several additional risks, including being subject to local securities regulations and being unable to exert full control that we would otherwise have if these entities were wholly-owned subsidiaries. Our sales to government clients expose us to business volatility and risks, including government budgeting cycles and appropriations, procurement regulations, governmental policy shifts, early termination of contracts, audits, investigations, sanctions and penalties. We derive revenues from contracts with the U.S. government, state and local governments, and foreign governments and are subject to procurement laws relating to the award, administration and performance of those contracts. Governmental entities are variously pursuing policies that affect our ability to sell our products and services. Changes in government procurement policy, priorities, regulations, technology initiatives and/or requirements may negatively impact our potential for growth in the government sector. For example, the U.S. government imposes evolving cybersecurity requirements, including, for example, the FedRAMP authorization process and the Department of Defense (DoD) Cybersecurity Maturity Model Certification. These requirements may impact our lines of business in the U.S. federal government market. Compliance with these cybersecurity requirements is complex and costly, and failure to meet, or delays in meeting, the required security controls could limit our ability to sell products and services, directly or indirectly, to the DoD and other federal and state government entities that implement similar cybersecurity requirements. We are also subject to early termination of our contracts. Many governmental entities have the right to terminate contracts at any time, without cause. For example, the U.S. federal government may terminate any of our government contracts and subcontracts at its convenience, or for default based on our performance. U.S. federal, state and local government and foreign government contracts are generally subject to government funding authorizations/appropriations. Contracts may be terminated based upon a lack of government funds. There is increased pressure on governments and their agencies, both domestically and internationally, to reduce spending as governments continue to face significant deficit reduction pressures. This may adversely impact spending on government programs. Government contracts laws and regulations impose certain risks, and contracts are generally subject to audits and investigations. If violations of law are found, they could result in civil and criminal penalties and administrative 29 sanctions, including termination of contracts, refund of a portion of fees received, forfeiture of profits, suspension of payments, fines and suspensions or debarment from future government business. Environmental and other related laws and regulations subject us to a number of risks and could result in significant liabilities and costs. Our cloud and hardware operations are subject to state, federal and international laws governing protection of the environment, proper handling and disposal of materials used for these products, human health and safety, the use of certain chemical substances and the labor practices of suppliers, as well as local testing and labeling requirements. Compliance with these ever-changing environmental and other laws in a timely manner could increase our product design, development, procurement, manufacturing, delivery, cloud operations and administration costs, limit our ability to manage excess and obsolete non-compliant inventory, change our sales activities, or otherwise impact future financial results of our cloud and hardware businesses. Any violation of these laws can subject us to significant liability, including fines, penalties and possible prohibition of sales of our products and services into one or more states or countries and result in a material adverse effect on the financial condition or results of operations of our cloud and hardware businesses. Regulatory, market, and competitive pressures regarding the greenhouse gas emissions and energy mix for our data center operations may also grow. A significant portion of our hardware revenues come from international sales. Environmental legislation, such as the EU Directive on Restriction of Hazardous Substances (RoHS), the EU Waste Electrical and Electronic Equipment Directive (WEEE Directive) and China's regulation on Management Methods for Controlling Pollution Caused by Electronic Information Products, among others, may increase our cost of doing business internationally and impact our hardware revenues from the EU, China and other countries with similar environmental legislation as we endeavor to comply with and implement these requirements.

The COVID-19 pandemic has affected how we and our customers are operating our respective businesses, and the duration and extent to which this will impact our future results of operations remains uncertain. The COVID-19 pandemic and efforts to control its spread have affected how we and our customers, partners and suppliers are operating our businesses. Our operations have been and may in the future be negatively affected by a range of external factors related to the COVID-19 pandemic that are not within our control. For example, the COVID-19 pandemic has led governments to implement preventative measures to contain or control further spread of the virus, such as travel restrictions, prohibitions of non-essential activities, quarantines, work-from-home directives and shelter-in-place/social distancing orders. These preventative measures led to sharp reductions in demand in certain industries in which our customers operate. It is not clear what long-term effects the COVID-19 pandemic will have on our business, including the effects on our customers, partners, suppliers and prospects. If we are not able to respond to and manage the impact of the COVID-19 pandemic effectively, our business will be harmed. We are a U.S. federal government contractor and are therefore subject to a federal executive order requiring our U.S.-based employees to be vaccinated unless they qualify for medical or religious exemptions. The executive order has been challenged in court and has been enjoined from enforcement, but its ultimate status, and the impact on our business, is uncertain. However, this requirement or other future vaccine mandates could adversely affect our workforce retention and hiring. In addition, customer vaccination requirements, as well as certain state and local vaccination mandates, may impact our staffing abilities. The negative impacts of the global COVID-19 pandemic on the broader global economy and related impacts on our customers' business operations and their demand for our products will depend on future developments, which are highly uncertain and cannot be predicted. Additional impacts and risks that we are not currently aware of may arise. We are similarly unable to predict the extent of the impact of the pandemic on our customers, partners, suppliers and other partners, but a material effect on these parties could also materially and adversely affect us. In addition, we have curtailed travel expenses since the beginning of the COVID-19 pandemic, and it may become necessary for us to increase such travel expenses prospectively in furtherance of our business initiatives. The COVID-19 pandemic may also heighten other risks described in this Risk Factors section.

Legal and Regulatory Risks Adverse litigation results could affect our business. We are subject to various legal proceedings. Litigation can be lengthy, expensive and disruptive to our operations, and can divert our management's attention away from running our core business. The results of our litigation also cannot be predicted with certainty. Even a favorable judgment may be subject to appeals leading to protracted litigation, additional costs and the prospect that our desired outcome will be overturned. An adverse decision could result in monetary damages or injunctive relief that could affect our business, operating results or financial condition. Additional information regarding certain of the lawsuits we are involved in is discussed under Note 16 of Notes to Consolidated Financial Statements included elsewhere in this Annual Report. We may be subjected to increased taxes due to changes in U.S. or international tax laws or from adverse resolutions of tax audits and controversies. As a multinational corporation, we incur income taxes as well as non-income based taxes (such as payroll, sales, use, property and value-added taxes) in both the U.S. and various foreign jurisdictions. Significant uncertainties exist with respect to the application of the various taxes to the businesses in which we engage, often requiring that we make judgments in determining our tax liabilities and worldwide provision for income taxes. We are regularly under audit by tax authorities in the U.S. and internationally, which has led to disagreements regarding our treatment of various items, including our intercompany transfer prices and calculations and the applicability of withholding taxes to our cross-border transactions. Any unfavorable resolution of these tax audits and controversies could cause our tax liabilities to increase and may have a material and adverse impact on our provision for income taxes and effective tax rate. Although we believe that our income and non-income based 25 tax estimates are reasonable, there is no assurance that the final determination of tax audits or disputes will not be different from what is reflected in our historical income tax provisions and tax accruals. Countries around the world continually consider and make changes to relevant tax, accounting and other laws, treaties, regulations, guidance and interpretations. In the U.S., certain enacted and proposed legislation may substantially raise U.S. income taxes on our domestic and international profits. Such unfavorable tax legislation resulting from the shifting U.S. political landscape and economic environment create the potential for added volatility in our quarterly provision for income taxes and could have a material adverse impact on our future income tax provisions and effective tax rate. Other countries also continue to consider changes to their tax laws that could negatively affect us by increasing taxes imposed on our international revenue streams, operations and cross-border transactions, including the imposition of taxes targeted at digital technology businesses and changes in withholding tax rules. The Organization for Economic Cooperation and Development (OECD) and the G20 have developed a two-pillar framework that would provide greater taxing rights to market jurisdictions where customers or users are located and implement a 15% global minimum tax on multinational corporate groups. On December 12, 2022, the European Union member states agreed to implement the OECD's global corporate minimum tax rate of 15%. Other countries are also actively considering changes to their tax laws to adopt certain parts of the OECD's two-pillar framework. These changes may materially increase the level of income tax on our international profits. Our future income tax provisions and effective tax rate could materially increase under the tax changes discussed above or if other changes are made to applicable tax laws and rules in the U.S. or in other countries in which we do business. Our provision for income taxes also could be adversely affected by changes in the mix of income earned or losses incurred in jurisdictions with differing statutory tax rates, fluctuations in our stock price and level of stock-based compensation expense, changes in the valuation of our deferred tax assets or liabilities and by other factors.

We are also subject to a variety of other risks and challenges in managing an organization operating globally, including those related to: •general economic conditions in each country or region; •political unrest, terrorism and war, including but not limited to the current Russia-Ukraine war, the economic impact thereof and the potential to subject our business to materially adverse consequences should the situation escalate beyond its current scope, including, among other potential impacts, the geographic proximity of the situation relative to the rest of Europe, where a material portion of our business is carried out; •the potential for other hostilities, including but not limited to escalating tensions between China and Taiwan; •public health risks, social risks and supporting infrastructure stability risks, particularly in areas in which we have significant operations; •fluctuations in currency exchange rates and related impacts on customer demand and our operating results; •difficulties in accessing or transferring funds from or converting currencies in certain countries that could lead to a devaluation of our net assets, in particular our cash assets, in that country's currency; •regulatory changes, including government austerity measures in certain countries that we may not be able to sufficiently plan for or avoid that may unexpectedly impair bank deposits or other cash assets that we hold in these countries or that impose additional taxes that we may be required to pay in these countries; •common local business behaviors or regulatory requirements that conflict with our business ethics, practices and conduct policies; •longer payment cycles and difficulties in collecting accounts receivable;

Financial Risks Our operations can be difficult for us to predict because our quarterly results of operations may fluctuate significantly based on a number of factors. Our revenues, particularly certain of our cloud license and on-premise license revenues and hardware revenues, can be difficult to forecast. A substantial portion of our cloud license, on-premise license and hardware contracts is completed in the latter part of a quarter. Because a significant portion of our cost structure is largely fixed in the short term, sales and revenue shortfalls tend to have a disproportionately negative impact on our profitability. The number of large license transactions and, to a lesser extent, hardware products transactions increases the risk of fluctuations in our quarterly results because a delay in even a small number of these transactions could cause our quarterly sales, revenues and profitability to fall significantly short of our predictions. In addition, sudden shifts in regional or global economic or political activity may cause our sales forecasts to be inaccurate. In addition, we hold a portfolio of publicly traded and privately held equity investments. Changes in the fair values of these investments are recorded as unrealized gains or losses as a component of consolidated net income in each period. The timing and amount of changes in fair value, if any, of these investments depends on factors beyond our control, including the perceived and actual performance of the companies or funds in which we invest. Changes in the fair values of these investments are also subject to the general conditions of public and private equity markets, which are uncertain and have in the past varied, and may in the future vary, materially by period. Changes in the fair values of these investments have contributed, and may in the future contribute, to volatility in our net income that is not reflective of our core businesses. Changes in currency exchange rates can adversely affect customer demand and our revenue and profitability. We conduct a significant number of transactions and hold cash in currencies other than the U.S. Dollar. Changes in the values of major foreign currencies, particularly the Australian Dollar, British Pound, Brazilian Real, Canadian Dollar, Euro, Indian Rupee, Japanese Yen and Saudi Riyal, relative to the U.S. Dollar can significantly affect our total assets, revenues, operating results and cash flows, which are reported in U.S. Dollars. Fluctuations in foreign currency rates, including the strengthening of the U.S. Dollar against the Euro and most other major international currencies, adversely affects our revenue growth in terms of the amounts that we report in U.S. Dollars after converting our foreign currency results into U.S. Dollars and in terms of actual demand for our products and services as certain of these products may become relatively more expensive for foreign currency-based enterprises to purchase. In addition, currency variations can adversely affect margins on sales of our products in countries outside of the U.S. Generally, our reported revenues and operating results are adversely affected when the dollar strengthens relative to other currencies and are positively affected when the dollar weakens. In addition, our reported assets generally are adversely affected when the dollar strengthens relative to other currencies as a portion of our consolidated cash and bank deposits, among other assets, are held in foreign currencies and reported in U.S. Dollars. In addition, we incur foreign currency transaction gains and losses, primarily related to sublicense fees and other intercompany agreements among us and our subsidiaries that we expect to cash settle in the near term, which are charged to earnings in the period incurred. We have a program which primarily utilizes foreign currency forward contracts designed to offset the risks associated with certain foreign currency exposures. We may suspend the program from time to time. As part of this program, we enter into foreign currency forward contracts so that increases or decreases in our foreign currency exposures are offset at least in part by gains or losses on the foreign currency forward contracts in an effort to mitigate the risks and volatility associated with our foreign currency transaction gains or losses. A large portion of our consolidated operations are international, and we expect that we will continue to realize gains or losses with respect to our foreign currency exposures, net of gains or losses from our foreign currency forward contracts, including the cost to obtain such contracts. For example, we will experience 29 foreign currency gains and losses in certain instances if it is not possible or cost-effective to hedge our foreign currency exposures, if our hedging efforts are ineffective, or should we suspend our foreign currency forward contract program. Our ultimate realized loss or gain with respect to currency fluctuations will generally depend on the size and type of cross-currency exposures that we enter into, the currency exchange rates associated with these exposures and changes in those rates, whether we have entered into foreign currency forward contracts to offset these exposures and any related fees paid to purchase such contracts, and other factors. All of these factors could materially impact our results of operations, financial position and cash flows. We have incurred foreign currency losses associated with the devaluation of currencies in certain highly inflationary economies relative to the U.S. Dollar. We could incur future losses in emerging market countries and other countries where we do business should their currencies become designated as highly inflationary.

There are risks associated with our outstanding and future indebtedness. As of May 31, 2023, we had an aggregate of $90.5 billion of outstanding indebtedness that will mature between calendar year 2023 and calendar year 2061. Our ability to pay interest and repay the principal for our indebtedness is dependent upon our ability to manage our business operations, generate sufficient cash flows to service such debt and the other factors discussed in this Risk Factors section. There can be no assurance that we will be able to manage any of these risks successfully. We may also need to refinance a portion of our outstanding debt as it matures. There is a risk that we may not be able to refinance existing debt or that the terms of any refinancing may not be as favorable as the terms of our existing debt. Furthermore, if prevailing interest rates or other factors at the time of refinancing result in higher interest rates upon refinancing, then the interest expense relating to that refinanced indebtedness would increase. Should we incur future increases in interest expense, our ability to utilize certain of our foreign tax credits to reduce our U.S. federal income tax could be limited, which could unfavorably affect our provision for income taxes and effective tax rate. In addition, changes to our outlook or credit rating or a withdrawal by any rating agency could negatively affect the value of both our debt and equity securities and increase the interest amounts we pay on certain outstanding or future debt. These risks could adversely affect our financial condition and results of operations.

Risks Related to Our Common Stock Our stock price could become more volatile and your investment could lose value. All of the factors discussed within this Risk Factors section could affect our stock price. The timing of announcements in the public market by us or by our competitors regarding new cloud services, products, product enhancements, technological advances, acquisitions or major transactions could also affect our stock price. Changes in the amounts and frequency of stock repurchases or dividends could affect our stock price. Our stock price could also be affected by factors, some of which are beyond our control, including, among others: speculation in the press, social media and the analyst community; changes in recommendations or earnings related estimates by financial analysts; changes in investors' or analysts' valuation measures for our stock; negative analyst surveys or channel check surveys; earnings announcements where our financial results differ from our guidance or investors' expectations; our credit ratings and market trends unrelated to our performance. The stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. A significant drop in our stock price could also expose us to the risk of securities class action lawsuits, which could result in substantial costs and divert management's attention and resources, which could adversely affect our business. We cannot guarantee that our stock repurchase program will be fully implemented or that it will enhance long-term stockholder value. Our repurchase program does not have an expiration date and we are not obligated to repurchase a specified number or dollar value of shares. Further, our stock repurchase program may be accelerated, suspended, delayed or discontinued at any time. However, we do not expect to increase the amount of stock repurchases until our gross debt is reduced below certain thresholds. Even if fully implemented, our stock repurchase program may not enhance long-term stockholder value. In addition, the Inflation Reduction Act, signed into law on August 16, 2022, imposes an excise tax of 1% (potentially increasing to 4% under certain U.S. tax proposals) on certain corporate stock repurchases. 30

General Risks Economic, political and market conditions can adversely affect our business, results of operations and financial condition, including our revenue growth and profitability, which in turn could adversely affect our stock price. Our business is influenced by a range of factors that are beyond our control and that we have no comparative advantage in forecasting. These include: •general economic and business conditions; •overall demand for enterprise cloud, license and hardware products and services;

•governmental budgetary constraints or shifts in government spending priorities; and •general legal, regulatory and political developments. Macroeconomic developments such as the global or regional economic effects resulting from increasing inflation rates, limited liquidity, adverse developments affecting financial institutions, the current Russia-Ukraine war and related economic curtailment initiatives, evolving trade policies between the U.S. and international trade partners, or the occurrence of similar events in other countries that lead to uncertainty or instability in economic, political or market conditions could negatively affect our business, operating results, financial condition and outlook, which, in turn, could adversely affect our stock price. Any general weakening of, and related declining corporate confidence in, the global economy or the curtailment of government or corporate spending could cause current or potential customers to reduce or eliminate their IT budgets and spending, which could cause customers to delay, decrease or cancel purchases of our products and services or cause customers not to pay us or to delay paying us for previously purchased products and services. If any parties with whom we conduct business or invest our cash or cash equivalents are unable to meet their obligations to us, our business could be adversely affected. Bank failures or issues in the broader U.S. or global financial systems may have an impact on the broader capital markets and, in turn, our ability to access those markets. In addition, international, regional or domestic political unrest and the related potential impact on global stability, terrorist attacks and the potential for other hostilities in various parts of the world, public health crises and natural disasters continue to contribute to a climate of economic and political uncertainty that could adversely affect our results of operations and financial condition, including our revenue growth and profitability. These factors generally have the strongest effect on our sales of cloud license and on-premise license, hardware and related services and, to a lesser extent, also may affect our renewal rates for license support and our subscription-based cloud offerings. Business disruptions could adversely affect our operating results. A significant portion of our critical business operations are concentrated in a few geographic areas, some of which include emerging market international locations that may be less stable relative to running such business operations solely within the U.S. We are a highly automated business and a disruption or failure of our systems, supply chains and processes could cause delays in completing sales, providing services, including some of our cloud offerings, and enabling a seamless customer experience with respect to our customer facing back-office processes. A major natural disaster, political, social or other disruption to infrastructure that supports our operations or other catastrophic event or the effects of climate change (such as increased storm severity, drought and pandemics) that results in the destruction or disruption of any of our critical business operations, supply chains or IT systems could severely affect our ability to conduct normal business operations and, as a result, our future operating results could be materially and adversely affected.

Index to Financial Statements could expose us to product liability, performance and warranty claims as well as significant harm to our brand and reputation, which could impact our future sales. If we are unable to compete effectively, the results of operations and prospects for our business could be harmed. We face intense competition in all aspects of our business. The nature of the IT industry creates a competitive landscape that is constantly evolving as firms emerge, expand or are acquired, as technology evolves and as delivery models change. Our enterprise cloud, license and hardware offerings compete directly with certain offerings from some of the largest and most competitive companies in the world. In addition, due to the low barriers to entry in many of our market segments, new technologies and new and growing competitors frequently emerge to challenge our offerings. We believe many vendors spend amounts in excess of what Oracle spends to develop and market applications and infrastructure technologies including databases, middleware products, application development tools, business applications, collaboration products and business intelligence, compute, storage and networking products, among others, which compete with Oracle applications and infrastructure offerings. In addition, use of our competitors' technologies can influence a customer's purchasing decision or create an environment that makes it less efficient to utilize or migrate to Oracle products and services. For example, we offer our customers multicloud services whereby our customers can combine cloud services from multiple clouds with the goal of optimizing cost, functionality and performance. OCI's multicloud services work with a number of our competitors' products, including Microsoft Azure, Amazon Web Services and Google Cloud Platform. This multicloud strategy could lead our customers to migrate away from our cloud offerings to our competitors' products, which could adversely affect our revenues and profitability. Our competitors may also adopt business practices that provide customers access to competing products and services on terms that we may not generally find acceptable, which may convince customers to purchase competitor products and services. We could lose customers if our competitors introduce new competitive products, add new functionality, acquire competitive products, reduce prices, better execute on their sales and marketing strategies, offer more flexible business practices, provide debt or equity financing to customers or form strategic alliances with other companies. Mergers, consolidations or alliances among our competitors, or acquisitions of our competitors by large companies may result in increased competition. If our competitors offer deep discounts on certain products or services or develop products that the marketplace considers more valuable, we may need to lower prices, introduce pricing models and offerings or offer other terms that are less favorable to us, in order to compete successfully. Any such changes may reduce revenues and margins and could adversely affect operating results. Additionally, the increasing prevalence of cloud delivery models offered by us and our competitors may unfavorably impact the pricing of our other cloud and license, hardware and services offerings, and we may also incur increased cloud delivery expenses as we expand our cloud operations and update our infrastructure, all of which could reduce our revenues and profitability. Our license support fees and hardware support fees are generally priced as a percentage of our net license fees and net new hardware products fees, respectively. Our competitors may offer lower pricing on their support offerings, which could put pressure on us to further discount our offerings. Changes to our prices and pricing policies could cause our revenues to decline or be delayed as our sales force implements and our customers adjust to the new pricing policies. Some of our competitors may bundle products for promotional purposes or as a long-term pricing strategy, commit to large customer deployments at prices that are unprofitable, or provide guarantees of prices and product implementations. These practices could, over time, significantly constrain the prices that we can charge for certain of our products. If we do not adapt our pricing models to reflect changes in customer use of our products or changes in customer demand, our revenues could decrease. The increase in open source software distribution may also cause us to change our pricing models. Any failure to offer high-quality technical support services may adversely affect our relationships with our customers and our financial results. Our customers depend on our support organization to resolve technical issues relating to our applications and infrastructure offerings. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services or may be inefficient in our resolution of customer support issues. Increased customer demand for these services, without corresponding revenues, could increase costs and adversely affect our operating results. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality technical support, could adversely affect our reputation, 19 our ability to sell and renew our applications and infrastructure offerings to existing and prospective customers, and our business, operating results, and financial position.

•the financial condition or operations of our channel participants were to weaken; or •the level of demand for our channel participants' products and services were to decrease. There can be no assurance that we will be successful in maintaining, expanding or developing our relationships with channel participants. If we are not successful, we may lose sales opportunities, customers and revenues. Acquisitions present many risks and we may not achieve the financial and strategic goals that were contemplated at the time of a transaction. We review and consider strategic acquisitions of companies, products, services and technologies. We have a selective and active acquisition program and we expect to continue to make acquisitions in the future because acquisitions have been an important element of our overall corporate strategy. Risks we may face in connection with our acquisition program include: •our ongoing business may be disrupted and our management's attention may be diverted by acquisition, transition or integration activities; •we may have difficulties (1) managing an acquired company's technologies or lines of business; (2) entering new markets where we have no, or limited, direct prior experience or where competitors may have stronger market positions; or (3) retaining key personnel from the acquired companies; •an acquisition may not further our business strategy as we expected, we may not integrate an acquired company or technology as successfully as we expected, we may impose our business practices or alter 21 go-to-market strategies that adversely impact the acquired business or we may overpay for, or otherwise not realize the expected return on our investments, each or all of which could adversely affect our business or operating results and potentially cause impairment to assets that we recorded as a part of an acquisition, including intangible assets and goodwill; •our operating results or financial condition may be adversely impacted by (1) claims or liabilities that we assume from an acquired company or technology or that are otherwise related to an acquisition; (2) pre-existing contractual relationships that we assume from an acquired company, the termination or modification of which may be costly or disruptive to our business; and (3) unfavorable revenue recognition or other accounting treatment as a result of an acquired company's business practices; •we may fail to identify or assess the magnitude of certain liabilities, shortcomings or other circumstances prior to acquiring a company or technology; •we may not realize any anticipated increase in our revenues from an acquisition for a number of reasons, including (1) if a larger than predicted number of customers decline to renew or terminate their contracts with the acquired company; (2) if we are unable to sell the acquired products or service offerings to our customer base; (3) if acquired customers do not elect to purchase our technologies due to differing business practices; or (4) if contract models utilized by an acquired company do not allow us to recognize revenues in a manner that is consistent with our current accounting practices; •we may have difficulty integrating acquired technologies, products, services and their related supply chain operations with our existing lines of business and related infrastructures; •we may have multiple product lines or services offerings as a result of our acquisitions that are offered, priced, delivered and supported differently, which could cause customer confusion and delays; •we may incur higher than anticipated costs (1) to support, develop and deliver acquired products or services; (2) for general and administrative functions that support new business models; or (3) to comply with regulations applicable to an acquired business that are more complicated than we had anticipated; •we may be unable to obtain timely approvals from, or may otherwise have certain limitations, restrictions, penalties or other sanctions imposed on us by worker councils or similar bodies under applicable employment laws as a result of an acquisition; •we may be unable to obtain required approvals from governmental authorities under competition and antitrust laws on a timely basis, if at all, and we may need to divest or dispose of assets or businesses or take other actions in order to obtain such approvals; •our use of cash to pay for acquisitions may limit other potential uses of our cash; •we incurred additional debt to finance our acquisition of Cerner in fiscal 2023 and in the future, we may have to incur additional debt to pay for other acquisitions or have to delay or not proceed with an acquisition if we cannot obtain the necessary funding to complete the acquisition in a timely manner or on favorable terms; and •we may experience additional or unexpected changes in how we are required to account for our acquisitions pursuant to U.S. generally accepted accounting principles, including arrangements that we may assume in an acquisition. The occurrence of any of these risks could have a material adverse effect on our business, results of operations, financial condition or cash flows, particularly in the case of a larger acquisition or several concurrent acquisitions.

Data Privacy, Cybersecurity and Intellectual Property Risks If our security measures for our products and services are compromised and as a result, our data, our customers' data or our IT systems are accessed improperly, made unavailable, or improperly modified, our products and services may be perceived as vulnerable, our brand and reputation could be damaged, the IT services we provide to our customers could be disrupted, and customers may stop using our products and services, any of which could reduce our revenue and earnings, increase our expenses and expose us to legal claims and regulatory actions. Our products and services, including Oracle Cloud Services, store, retrieve, manipulate and manage third-party data, such as our customers' information and data, as well as our own data. We believe that Oracle in particular is a target for computer hackers and other bad actors because Oracle stores and processes large amounts of data, including in customer sectors involving particularly sensitive data such as health sciences (including patient health information), financial services, retail, hospitality and the government. We and our third-party vendors are regularly subject to attempts by third parties (which may include individuals or groups of hackers and sophisticated organizations, such as state-sponsored organizations, nation-states and individuals sponsored by them) to identify and exploit product and service vulnerabilities, penetrate or bypass our security measures, and gain unauthorized access to our or our customers', partners' and suppliers' software, hardware and cloud offerings, networks and systems. Successful attempts by one of these malicious actors can lead to the compromise of personal information or the confidential information or data of Oracle or our customers. Attempts of this nature typically involve IT-related viruses, worms, and other malicious software programs that attack networks, systems, products and services, exploit potential security vulnerabilities of networks, systems, products and services, create system disruptions and cause shutdowns or denials of service. Third parties may attempt to fraudulently induce customers, partners, employees or suppliers into disclosing sensitive information such as user names, passwords or other information in order to gain access to our data, our customers', suppliers' or partners' data or the IT systems of Oracle, our customers, suppliers or partners. Our products and services, including our Oracle Cloud Services, may also be accessed or modified improperly as a result of customer, partner, employee, contractor or supplier error or malfeasance. If a cyber-attack or other security incident results in unauthorized access to or modification of our customers' or suppliers' data, other external data, our own data or our IT systems, or if the services we provide to our customers are disrupted, or if our products or services are reported to have (or are perceived as having) security vulnerabilities, we could incur significant expenses and suffer substantial damage to our brand and reputation. If our customers lose confidence in the security and reliability of our products and services, including our cloud offerings, and perceive them to not be secure, they may decide to reduce or terminate their spend with us. In addition, cyber-attacks and other security incidents could lead to considerable investigation and remediation costs, loss or destruction of information, interruption of our operations, inappropriate use of proprietary and sensitive data, lawsuits, indemnity obligations, regulatory investigations and financial penalties, and claims and increased legal liability, including in some cases contractual costs related to customer notification and fraud monitoring. Our remediation efforts may not be successful. Because the techniques used to obtain unauthorized access to, or sabotage IT systems, change frequently, grow more complex over time, and often are not recognized until launched against a target, we may be unable to anticipate or implement adequate measures to prevent such techniques. Our internal IT systems continue to evolve and we are often early adopters of new technologies. However, our business policies and internal security controls may not keep pace with these changes as new threats emerge. We may not discover any security breach and loss of information for a significant period of time after the security breach. Our products operate in conjunction with and are dependent on a wide variety of third-party products, components and services. If there is a security vulnerability in one of these components, and if there is a security exploit targeting it, we could face increased costs, liability claims, customer dissatisfaction, reduced revenue, or harm to our reputation or competitive position. We also have an active acquisition program and have acquired a number of companies, products, services and technologies over the years. While we make significant efforts to address any IT security issues with respect to our acquired companies, we may still inherit such risks when we integrate these companies within Oracle. 23

Our business practices with respect to data could give rise to operational interruption, liabilities or reputational harm as a result of governmental regulation, legal requirements or industry standards relating to privacy and data protection. As regulatory focus on privacy issues continues to increase and worldwide laws and regulations concerning the handling of personal information expand and become more complex, potential risks related to data collection and use within our business will intensify. In addition, U.S. and foreign governments have enacted or are considering enacting legislation or regulations, or may in the near future interpret existing legislation or regulations, in a manner that could significantly impact our ability, as well as the ability of our customers, partners and data providers, to collect, augment, analyze, use, transfer (including across national borders) and share personal and other information that is integral to certain services we provide. Our acquisition of Cerner during fiscal 2023 also subjects us to additional data privacy and other related regulations governing the healthcare industry and patient information, including but not limited to regulations governing electronic health data transmissions, the processing of patient information, healthcare fraud and healthcare information sharing. Following the European Union's (EU) General Data Protection Regulation (GDPR), the rate of global consideration and adoption of privacy laws has increased, giving rise to more global jurisdictions in which regulatory inquiries and audits may be requested of Oracle, and if we are not deemed to be in compliance, could result in enforcement actions and/or fines. This is true in the U.S. where, for example, California, Colorado, Connecticut, Utah and Virginia have enacted privacy laws, the U.S. Congress is considering several privacy and security-related bills at the federal level, the federal government is pursuing a range of cybersecurity initiatives pertaining to critical infrastructure companies and government contractors, and a number of other state legislatures are considering privacy laws. Regulators globally are also imposing greater monetary fines for privacy violations. The GDPR provides for monetary penalties of up to 4% of an organization's worldwide revenue. These penalties can be significant. For example, multiple U.S.-based technology companies have been fined between €225 million and €1.2 billion for alleged GDPR violations. The U.S. Federal Trade Commission continues to fine companies for unfair and deceptive data protection practices, and these fines may increase in size. Taken together, the laws or regulations associated with the enhanced protection of personal and other types of data could greatly increase the size of potential fines related to data protection, and our cost of providing our products and services could result in changes to our business practices or even prevent us from offering certain services in jurisdictions in which we operate. Although we have implemented contracts, diligence programs, policies and procedures designed to ensure compliance with applicable laws and regulations, there can be no assurance that our employees, contractors, partners, suppliers, data providers or agents will not violate such laws and regulations or our contracts, policies and procedures. Additionally, public perception and standards related to the privacy of personal information can shift rapidly, in ways that may affect our reputation or influence regulators to enact regulations and laws that may limit our ability to provide certain products and services. We make statements about our use and disclosure of personal information through our privacy policy, information provided on our website and press statements. Any failure, or perceived failure, by us to comply with these public statements or with U.S. federal, state, or foreign laws and regulations, including laws and regulations regulating privacy, data security, or consumer protection, public perception, standards, self-regulatory requirements or legal obligations, could result in lost or restricted business, proceedings, actions or fines brought against us or levied by governmental entities or others, or could adversely affect our business and harm our reputation. Third parties have claimed, and in the future may claim, infringement or misuse of intellectual property rights and/or breach of license agreement provisions. We periodically receive notices from, or have lawsuits filed against us by, third parties claiming infringement or other misuse of their intellectual property rights and/or breach of our agreements with them. These third parties include entities that do not design, manufacture, or distribute products or services or that acquire intellectual property for the sole purpose of monetization through infringement assertions. We expect to continue to receive such claims as: •we continue to expand into new businesses and acquire companies; •the number of products and competitors in our industry segments grows; •the use and support of third-party code (including open source code) becomes more prevalent in the industry;

•the volume of issued patents continues to increase; and 24 •non-practicing entities continue to assert intellectual property infringement in our industry segments.

Responding to any such claim, regardless of its validity, could: •be time consuming, costly and result in litigation; •divert management's time and attention from developing our business; •require us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable; •require us to stop selling or to redesign certain of our products; •require us to release source code to third parties, possibly under open source license terms;

•require us to satisfy indemnification obligations to our customers; or •otherwise adversely affect our business, results of operations, financial condition or cash flows. We may not be able to protect our intellectual property rights. We rely on copyright, trademark, patent and trade secret laws, confidentiality procedures, controls and contractual commitments to protect our intellectual property. Despite our efforts, these protections may be limited. Unauthorized third parties may try to copy or reverse engineer our products or otherwise use our intellectual property. Our patents may be invalidated or circumvented. Any of our pending or future patent applications may not be issued with the claim scope we seek, if at all. In addition, the laws of some countries do not provide the same level of intellectual property protection as U.S. laws and courts. If we cannot protect our intellectual property against unauthorized copying or use, or other misappropriation, we may not remain competitive. We may not receive significant revenues from our current research and development efforts for several years, if at all. Developing our various product offerings is expensive and the investment in the development of these offerings often involves a long return on investment cycle. An important element of our corporate strategy is to continue to dedicate a significant amount of resources to research and development and related product and service opportunities, both through internal investments and the acquisition of intellectual property from acquired companies. Accelerated product and service introductions and short lifecycles require high levels of expenditures for research and development that could adversely affect our operating results if not offset by revenue increases. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position. However, we do not expect to receive significant revenues from these investments for several years, if at all.

We are also subject to a variety of other risks and challenges in managing an organization operating globally, including those related to: • general economic conditions in each country or region; • political unrest, terrorism, war and the potential for other hostilities, including but not limited to, the current Russia-Ukraine conflict, the economic impact thereof and the potential to subject our business to materially adverse consequences should the situation escalate beyond its current scope, including, among other potential impacts, the geographic proximity of the situation relative to the rest of Europe, where a material portion of our business is carried out; • public health risks, social risks and supporting infrastructure stability risks, particularly in areas in which we have significant operations; 28 • fluctuations in currency exchange rates and related impacts on customer demand and our operating results; • difficulties in transferring funds from or converting currencies in certain countries that could lead to a devaluation of our net assets, in particular our cash assets, in that country's currency; • regulatory changes, including government austerity measures in certain countries that we may not be able to sufficiently plan for or avoid that may unexpectedly impair bank deposits or other cash assets that we hold in these countries or that impose additional taxes that we may be required to pay in these countries; • common local business behaviors that are in direct conflict with our business ethics, practices and conduct policies; • natural disasters; • the effects of climate change (such as sea level rise, drought, flooding, wildfires and increased storm sensitivity); • longer payment cycles and difficulties in collecting accounts receivable; •

There are risks associated with our outstanding and future indebtedness. As of May 31, 2022, we had an aggregate of $75.9 billion of outstanding indebtedness that will mature between calendar year 2022 and calendar year 2061, we incurred additional indebtedness to finance our acquisition of Cerner in June 2022, and we intend to incur additional indebtedness in the future. Our ability to pay interest and repay the principal for our indebtedness is dependent upon our ability to manage our business operations, generate sufficient cash flows to service such debt and the other factors discussed in this section. There can be no assurance that we will be able to manage any of these risks successfully. We may also need to refinance a portion of our outstanding debt as it matures. There is a risk that we may not be able to refinance existing debt or that the terms of any refinancing may not be as favorable as the terms of our existing debt. Furthermore, if prevailing interest rates or other factors at the time of refinancing result in higher interest rates upon refinancing, then the interest expense relating to that refinanced indebtedness would increase. Should we incur future increases in interest expense, our ability to utilize certain of our foreign tax credits to reduce our U.S. federal income tax could be limited, which could unfavorably affect our provision for income taxes 31 and effective tax rate. In addition, changes to our outlook or credit rating or a withdrawal by any rating agency could negatively affect the value of both our debt and equity securities and increase the interest amounts we pay on certain outstanding or future debt. These risks could adversely affect our financial condition and results of operations.

Legal and Regulatory Risks Adverse litigation results could affect our business. We are subject to various legal proceedings. Litigation can be lengthy, expensive and disruptive to our operations, and can divert our management's attention away from running our core business. The results of our litigation also cannot be predicted with certainty. An adverse decision 26 could result in monetary damages or injunctive relief that could affect our business, operating results or financial condition. Additional information regarding certain of the lawsuits we are involved in is discussed under Note 17 of Notes to Consolidated Financial Statements included elsewhere in this Annual Report. We may be subjected to increased taxes due to changes in U.S. or international tax laws or from adverse resolutions of tax audits and controversies. As a multinational corporation, we incur income taxes as well as non-income based taxes (such as payroll, sales, use, property and value-added taxes) in both the U.S. and various foreign jurisdictions. Significant uncertainties exist with respect to the application of the various taxes to the businesses in which we engage, often requiring that we make judgments in determining our tax liabilities and worldwide provision for income taxes. We are regularly under audit by tax authorities in the U.S. and internationally, which can lead to disagreements such as regarding our intercompany transfer prices and calculations and on the applicability of withholding taxes to our cross-border transactions. Any unfavorable resolution of these tax audits and controversies could cause our tax liabilities to increase and may have a significant adverse impact on our provision for income taxes and tax rate. Although we believe that our income and non-income based tax estimates are reasonable, there is no assurance that the final determination of tax audits or disputes will not be different from what is reflected in our historical income tax provisions and tax accruals. Increasingly, countries around the world are actively considering or have enacted changes in relevant tax, accounting and other laws, regulations and interpretations. In the U.S., various proposals, if enacted, would dramatically raise the U.S. corporate tax rate and increase the tax on non-U.S. income. Such unfavorable tax legislation resulting from the shifting U.S. political landscape and economic environment create the potential for added volatility in our quarterly provision for income taxes and could have a significant adverse impact on our future income tax provision and tax rate. Other countries also continue to consider changes to their tax laws that could negatively affect us by increasing taxes imposed on our international revenue streams, operations and cross-border transactions, including the imposition of taxes targeted at digital technology businesses and changes in withholding tax regimes. More fundamentally, longstanding international tax principles that determine each country's right to tax cross-border transactions are being reconsidered, creating significant uncertainty as to the future level of corporate income tax on our international operations. This re-examination of the global tax system is driven by a perceived need to provide greater taxing rights to market jurisdictions where customers or users are located. Various measures are being discussed, including adjustments to the manner in which taxable profits are allocated among jurisdictions, as well as the limitation of deductions for, or the imposition of additional withholding taxes on, intercompany payments. The foregoing proposals to raise U.S. corporate income taxes in combination with the uncertain international tax environment have upended the predictability and reliability of the global tax system. Our future income tax provision and tax rate could significantly increase if such tax law changes are enacted in the U.S. or in countries in which we do business. Our provision for income taxes also could be adversely affected by shifts of earnings from jurisdictions that have relatively lower statutory tax rates to those in which the rates are relatively higher. In addition, changes in the valuation of our deferred tax assets or liabilities could negatively impact our income tax provision. Our international sales and operations subject us to additional risks that can adversely affect our operating results. We derive a substantial portion of our revenues from, and have significant operations, outside of the U.S. Compliance with international and U.S. laws and regulations that apply to our international operations increases our cost of doing business in foreign jurisdictions. These laws and regulations include data privacy requirements, labor relations laws, tax laws, foreign currency-related regulations, competition regulations, anti-bribery laws and other laws prohibiting payments to governmental officials such as the U.S. Foreign Corrupt Practices Act (FCPA), market access regulations, tariffs, and import, export and general trade regulations, including but not limited to economic sanctions and embargos. Violations of these laws and regulations could result in fines and penalties, criminal sanctions against us, our officers or our employees, and prohibitions on the conduct of our business, including the loss of trade privileges. Any such violations could result in prohibitions on our ability to offer our products and services in one or more countries, could delay or prevent potential acquisitions and could also 27

overlapping tax regimes; and • reduced protection for intellectual property rights in some countries. The variety of risks and challenges listed above could also disrupt or otherwise negatively impact our supply chain operations and sales of our products and services in affected countries or regions. As the majority shareholder of Oracle Financial Services Software Limited, a publicly traded company in India, and Oracle Corporation Japan, a publicly traded company in Japan, we are faced with several additional risks, including being subject to local securities regulations and being unable to exert full control that we would otherwise have if these entities were wholly-owned subsidiaries. Our sales to government clients expose us to business volatility and risks, including government budgeting cycles and appropriations, procurement regulations, governmental policy shifts, early termination of contracts, audits, investigations, sanctions and penalties. We derive revenues from contracts with the U.S. government, state and local governments, and foreign governments and are subject to procurement laws relating to the award, administration and performance of those contracts. Governmental entities are variously pursuing policies that affect our ability to sell our products and services. Changes in government procurement policy, priorities, regulations, technology initiatives and/or requirements may negatively impact our potential for growth in the government sector. For example, the U.S. government imposes evolving cybersecurity requirements, including, for example, the FedRAMP authorization process and the Department of Defense (DoD) Cybersecurity Maturity Model Certification. These requirements may impact our lines of business in the U.S. federal government market. Compliance with these cybersecurity requirements is complex and costly, and failure to meet, or delays in meeting, the required security controls could limit our ability to sell products and services, directly or indirectly, to the DoD and other federal and state government entities that implement similar cybersecurity requirements. We are also subject to early termination of our contracts. Many governmental entities have the right to terminate contracts at any time, without cause. For example, the U.S. federal government may terminate any of our government contracts and subcontracts at its convenience, or for default based on our performance. U.S. federal, state and local government and foreign government contracts are generally subject to government funding authorizations/appropriations. Contracts may be terminated based upon a lack of government funds. There is increased pressure on governments and their agencies, both domestically and internationally, to reduce spending as governments continue to face significant deficit reduction pressures. This may adversely impact spending on government programs. Government contracts laws and regulations impose certain risks, and contracts are generally subject to audits and investigations. If violations of law are found, they could result in civil and criminal penalties and administrative 29 sanctions, including termination of contracts, refund of a portion of fees received, forfeiture of profits, suspension of payments, fines and suspensions or debarment from future government business. Environmental and other related laws and regulations subject us to a number of risks and could result in significant liabilities and costs. Our cloud and hardware operations are subject to state, federal and international laws governing protection of the environment, proper handling and disposal of materials used for these products, human health and safety, the use of certain chemical substances and the labor practices of suppliers, as well as local testing and labeling requirements. Compliance with these ever-changing environmental and other laws in a timely manner could increase our product design, development, procurement, manufacturing, delivery, cloud operations and administration costs, limit our ability to manage excess and obsolete non-compliant inventory, change our sales activities, or otherwise impact future financial results of our cloud and hardware businesses. Any violation of these laws can subject us to significant liability, including fines, penalties and possible prohibition of sales of our products and services into one or more states or countries and result in a material adverse effect on the financial condition or results of operations of our cloud and hardware businesses. Regulatory, market, and competitive pressures regarding the greenhouse gas emissions and energy mix for our data center operations may also grow. A significant portion of our hardware revenues come from international sales. Environmental legislation, such as the EU Directive on Restriction of Hazardous Substances (RoHS), the EU Waste Electrical and Electronic Equipment Directive (WEEE Directive) and China's regulation on Management Methods for Controlling Pollution Caused by Electronic Information Products, among others, may increase our cost of doing business internationally and impact our hardware revenues from the EU, China and other countries with similar environmental legislation as we endeavor to comply with and implement these requirements.

Financial Risks Our quarterly results of operations may fluctuate significantly based on a number of factors that make our results of operations difficult for us to predict. Our revenues, particularly certain of our cloud license and on-premise license revenues and hardware revenues, can be difficult to forecast. A substantial portion of our cloud license, on-premise license and hardware contracts is completed in the latter part of a quarter. Because a significant portion of our cost structure is largely fixed in the short term, sales and revenue shortfalls tend to have a disproportionately negative impact on our profitability. The number of large license transactions and, to a lesser extent, hardware products transactions increases the risk of fluctuations in our quarterly results because a delay in even a small number of these transactions could cause our quarterly sales, revenues and profitability to fall significantly short of our predictions. In addition, sudden shifts in regional or global economic or political activity may cause our sales forecasts to be inaccurate. In addition, we hold a portfolio of publicly traded and privately held equity investments. Changes in the fair values of these investments are recorded as unrealized gains or losses as a component of consolidated net income in each period. The timing and amount of changes in fair value, if any, of these investments depends on factors beyond our control, including the perceived and actual performance of the companies or funds in which we invest, and are subject to the general conditions of public and private equity markets, which are uncertain and have in the past 30 varied, and may in the future vary, materially by period and may create volatility in our net income that is not reflective of our core businesses. Changes in currency exchange rates can adversely affect customer demand and our revenue and profitability. We conduct a significant number of transactions and hold cash in currencies other than the U.S. Dollar. Changes in the values of major foreign currencies, particularly the Euro, Japanese Yen, Saudi Arabian Riyal, Indian Rupee and British Pound, relative to the U.S. Dollar can significantly affect our total assets, revenues, operating results and cash flows, which are reported in U.S. Dollars. Fluctuations in foreign currency rates, including the strengthening of the U.S. Dollar against the Euro and most other major international currencies, adversely affects our revenue growth in terms of the amounts that we report in U.S. Dollars after converting our foreign currency results into U.S. Dollars and in terms of actual demand for our products and services as certain of these products may become relatively more expensive for foreign currency-based enterprises to purchase. In addition, currency variations can adversely affect margins on sales of our products in countries outside of the U.S. Generally, our reported revenues and operating results are adversely affected when the dollar strengthens relative to other currencies and are positively affected when the dollar weakens. In addition, our reported assets generally are adversely affected when the dollar strengthens relative to other currencies as a portion of our consolidated cash and bank deposits, among other assets, are held in foreign currencies and reported in U.S. Dollars. In addition, we incur foreign currency transaction gains and losses, primarily related to sublicense fees and other intercompany agreements among us and our subsidiaries that we expect to cash settle in the near term, which are charged to earnings in the period incurred. We have a program which primarily utilizes foreign currency forward contracts designed to offset the risks associated with certain foreign currency exposures. We may suspend the program from time to time. As part of this program, we enter into foreign currency forward contracts so that increases or decreases in our foreign currency exposures are offset at least in part by gains or losses on the foreign currency forward contracts in an effort to mitigate the risks and volatility associated with our foreign currency transaction gains or losses. A large portion of our consolidated operations are international, and we expect that we will continue to realize gains or losses with respect to our foreign currency exposures, net of gains or losses from our foreign currency forward contracts, including the cost to obtain such contracts. For example, we will experience foreign currency gains and losses in certain instances if it is not possible or cost-effective to hedge our foreign currency exposures, if our hedging efforts are ineffective, or should we suspend our foreign currency forward contract program. Our ultimate realized loss or gain with respect to currency fluctuations will generally depend on the size and type of cross-currency exposures that we enter into, the currency exchange rates associated with these exposures and changes in those rates, whether we have entered into foreign currency forward contracts to offset these exposures and any related fees paid to purchase such contracts, and other factors. All of these factors could materially impact our results of operations, financial position and cash flows. We have incurred foreign currency losses associated with the devaluation of currencies in certain highly inflationary economies relative to the U.S. Dollar. We could incur future losses in emerging market countries and other countries where we do business should their currencies become designated as highly inflationary.

Risks Related to Our Common Stock Our stock price could become more volatile and your investment could lose value. All of the factors discussed within this Risk Factors section could affect our stock price. The timing of announcements in the public market by us or by our competitors regarding new cloud services, products, product enhancements, technological advances, acquisitions or major transactions could also affect our stock price. Changes in the amounts and frequency of share repurchases or dividends could affect our stock price. Our stock price could also be affected by factors, some of which are beyond our control, including, among others: speculation in the press, social media and the analyst community; changes in recommendations or earnings related estimates by financial analysts; changes in investors' or analysts' valuation measures for our stock; negative analyst surveys or channel check surveys; earnings announcements where our financial results differ from our guidance or investors' expectations; our credit ratings and market trends unrelated to our performance. The stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. A significant drop in our stock price could also expose us to the risk of securities class action lawsuits, which could result in substantial costs and divert management's attention and resources, which could adversely affect our business. We cannot guarantee that our stock repurchase program will be fully implemented or that it will enhance long-term stockholder value. In fiscal 2022, our Board of Directors approved expansions of our stock repurchase program totaling $10.0 billion. The repurchase program does not have an expiration date and we are not obligated to repurchase a specified number or dollar value of shares. Our repurchase program may be suspended or terminated at any time and, even if fully implemented, may not enhance long-term stockholder value.

governmental budgetary constraints or shifts in government spending priorities; and • general legal, regulatory and political developments. Macroeconomic developments such as the global or regional economic effects resulting from the current Russia-Ukraine conflict, increasing inflation rates and related economic curtailment initiatives, the COVID-19 pandemic, the United Kingdom leaving the EU (Brexit), evolving trade policies between the U.S. and international trade partners, or the occurrence of similar events in other countries that lead to uncertainty or instability in economic, political or market conditions could negatively affect our business, operating results, financial condition and outlook, which, in turn, could adversely affect our stock price. Any general weakening of, and related declining corporate confidence in, the global economy or the curtailment of government or corporate spending could cause current or potential customers to reduce or eliminate their IT budgets and spending, which could cause customers to delay, decrease or cancel purchases of our products and services or cause customers not to pay us or to delay paying us for previously purchased products and services. In addition, international, regional or domestic political unrest and the related potential impact on global stability, terrorist attacks and the potential for other hostilities in various parts of the world, public health crises such as the COVID-19 pandemic, and natural disasters continue to contribute to a climate of economic and political 32 uncertainty that could adversely affect our results of operations and financial condition, including our revenue growth and profitability. These factors generally have the strongest effect on our sales of cloud license and on-premise license, hardware and related services and, to a lesser extent, also may affect our renewal rates for license support and our subscription-based cloud offerings. Business disruptions could adversely affect our operating results. A significant portion of our critical business operations are concentrated in a few geographic areas, some of which include emerging market international locations that may be less stable relative to running such business operations solely within the U.S. We are a highly automated business and a disruption or failure of our systems, supply chains and processes could cause delays in completing sales, providing services, including some of our cloud offerings, and enabling a seamless customer experience with respect to our customer facing back office processes. A major earthquake or fire, political, social or other disruption to infrastructure that supports our operations or other catastrophic event or the effects of climate change (such as increased storm severity, drought and pandemics) that results in the destruction or disruption of any of our critical business operations, supply chains or IT systems could severely affect our ability to conduct normal business operations and, as a result, our future operating results could be materially and adversely affected.

we do not optimize complementary product lines and services in a timely manner; or • we fail to adequately integrate, support or enhance acquired product lines or services. Our Oracle Cloud strategy, including our Oracle Cloud Software-as-a-Service and Oracle Cloud Infrastructure (SaaS and OCI, respectively, and collectively, Oracle Cloud Services) offerings, may adversely affect our revenues and profitability. We provide our cloud and other offerings to customers worldwide via a variety of deployment models, including via our cloud-based SaaS and OCI offerings. As these business models continue to evolve, we may not be able to compete effectively, generate significant revenues or maintain the profitability of our cloud offerings. Additionally, the increasing prevalence of cloud and SaaS delivery models offered by us and our competitors may unfavorably impact the pricing of our cloud and license offerings. If we do not successfully execute our cloud computing strategy or anticipate the cloud computing needs of our customers, our reputation as a cloud services provider could be harmed and our revenues and profitability could decline. As customer demand for our cloud offerings increases, we experience volatility in our reported revenues and operating results due to the differences in timing of revenue recognition between our cloud license and on-premise license, and hardware product arrangements relative to our cloud offering arrangements. Customers predominantly purchase our cloud offerings on a subscription basis and revenues from these offerings are generally recognized ratably or as services are consumed over the terms of the subscriptions. Consequently, any deterioration in sales activity associated with our cloud offerings may not be immediately observable in our consolidated statement of operations. This is in contrast to revenues associated with our license and hardware product arrangements, which are generally recognized in full at the time of delivery of the related licenses and hardware products. In addition, we may not be able to accurately anticipate customer transitions from or be able to sufficiently backfill reduced customer demand for our license, hardware and support offerings relative to the expected increase in customer adoption of and demand for our Oracle Cloud Services, which could adversely affect our revenues and profitability. As a part of our Oracle Cloud strategy, we plan our investment levels based on estimates of future revenues and future anticipated rates of growth. In recent periods, our cloud services and license support expenses have grown to meet current and expected demand for our cloud offerings, including investments to increase our existing data center capacity and to establish data centers in new geographic locations. In connection with these investments, we entered, and expect to continue to enter, into long-term operating lease commitments with third party data center providers that generally require us to pay fees to early exit such obligations should our strategies change, which could adversely impact our profitability and cash flows. In addition, we outfit these data centers with equipment and improvements that we typically depreciate over their estimated useful lives, which could be shortened should our cloud strategies change, which could adversely affect our profitability. We might experience significant coding, manufacturing or configuration errors in our cloud, license and hardware offerings. Despite testing prior to the release and throughout the lifecycle of a product or service, our cloud, license and hardware offerings sometimes contain coding, manufacturing or configuration errors that can impact their function, performance and security, and result in other negative consequences. The detection and correction of any errors in released cloud, license or hardware offerings can be time consuming and costly. Errors in our cloud, license or hardware offerings could affect their ability to properly function, integrate or operate with other cloud, license or hardware offerings, could result in service interruptions, delays or outages of our cloud offerings, could create security vulnerabilities in our products or services, could delay the development or release of new products or services or new versions of products or services, and could adversely affect market acceptance

Index to Financial Statements of our products or services. This includes third-party software products or services incorporated into our own. If we experience any of these errors, or if there are delays in releasing our cloud, license or hardware offerings or new versions of these offerings, our sales could be affected and revenues could decline. In addition, we run Oracle's business operations as well as cloud and other services that we offer to our customers on our products and networks. Therefore, any flaws could affect our and our customers' abilities to conduct business operations and to ensure accuracy in financial processes and reporting, and may result in unanticipated costs. Enterprise customers rely on our cloud, license and hardware offerings and related services to run their businesses, and errors in our cloud, license and hardware offerings and related services could expose us to product liability, performance and warranty claims as well as significant harm to our brand and reputation, which could impact our future sales. If we are unable to compete effectively, the results of operations and prospects for our business could be harmed. We face intense competition in all aspects of our business. The nature of the IT industry creates a competitive landscape that is constantly evolving as firms emerge, expand or are acquired, as technology evolves and as delivery models change. Many vendors spend amounts in excess of what Oracle spends to develop and market applications and infrastructure technologies including databases, middleware products, application development tools, business applications, collaboration products and business intelligence, compute, storage and networking products, among others, which compete with Oracle applications and infrastructure offerings. Use of our competitors' technologies influences a customer's purchasing decision or creates an environment that makes it less efficient to utilize or migrate to Oracle products and services. Our competitors may also adopt business practices that provide customers access to competing products and services on terms that we may not generally find acceptable, which may convince customers to purchase competitor products and services. We could lose customers if our competitors introduce new competitive products, add new functionality, acquire competitive products, reduce prices, better execute on their sales and marketing strategies, offer more flexible business practices, provide debt or equity financing to customers or form strategic alliances with other companies. Mergers, consolidations or alliances among our competitors, or acquisitions of our competitors by large companies may result in increased competition. We may also face increasing competition from open source software initiatives in which competitors may provide software and intellectual property for free. Existing or new competitors could gain sales opportunities or customers at our expense. We may need to change our pricing models to compete successfully. The intense competition we face in the sales of our products and services and general economic and business conditions could put pressure on us to change our prices. If our competitors offer deep discounts on certain products or services or develop products that the marketplace considers more valuable, we may need to lower prices, introduce pricing models and offerings that are less favorable to us, or offer other favorable terms in order to compete successfully. Any such changes may reduce revenues and margins and could adversely affect operating results. Additionally, the increasing prevalence of cloud delivery models offered by us and our competitors may unfavorably impact the pricing of our other cloud and license, hardware and services offerings, and we may also incur increased cloud delivery expenses as we expand our cloud operations and update our infrastructure, all of which could reduce our revenues and/or profitability. Our license support fees and hardware support fees are generally priced as a percentage of our net license fees and net new hardware products fees, respectively. Our competitors may offer lower pricing on their support offerings, which could put pressure on us to further discount our offerings. Changes to our prices and pricing policies could cause our revenues to decline or be delayed as our sales force implements and our customers adjust to the new pricing policies. Some of our competitors may bundle products for promotional purposes or as a long-term pricing strategy, commit to large customer deployments at prices that are unprofitable, or provide guarantees of prices and product implementations. These practices could, over time, significantly constrain the prices that we can charge for certain of our products. If we do not adapt our pricing models to reflect changes in customer use of our products or changes in customer demand, our revenues could decrease. The increase in open source software distribution may also cause us to change our pricing models. Any failure to offer high-quality technical support services may adversely affect our relationships with our customers and our financial results. Our customers depend on our support organization to resolve technical issues relating to our applications and infrastructure offerings. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services or may be inefficient in our 20

Data Privacy, Cybersecurity and Intellectual Property Risks If our security measures for our products and services are compromised and as a result, our data, our customers' data or our IT systems are accessed improperly, made unavailable, or improperly modified, our products and services may be perceived as vulnerable, our brand and reputation could be damaged, the IT services we provide to our customers could be disrupted, and customers may stop using our products and services, any of which could reduce our revenue and earnings, increase our expenses and expose us to legal claims and regulatory actions. Our products and services, including Oracle Cloud Services, store, retrieve, manipulate and manage third-party data, such as our customers' information and data, as well as our own data. We believe that Oracle in particular is a target for computer hackers and other bad actors because Oracle stores and processes large amounts of data, including in customer sectors involving particularly sensitive data such as health sciences, financial services, retail, hospitality and the government. We and our third-party vendors are regularly subject to attempts by third parties (which may include individuals or groups of hackers and sophisticated organizations, such as state-sponsored organizations, nation-states and individuals sponsored by them) to identify and exploit product and service vulnerabilities, penetrate or bypass our security measures, and gain unauthorized access to our or our customers', partners' and suppliers' software, hardware and cloud offerings, networks and systems. Successful attempts by one of these malicious actors can lead to the compromise of personal information or the confidential information or data of Oracle or our customers. Attempts of this nature typically involve IT-related viruses, worms, and other malicious software programs that attack networks, systems, products and services, exploit potential 24 security vulnerabilities of networks, systems, products and services, create system disruptions and cause shutdowns or denials of service. Third parties may attempt to fraudulently induce customers, partners, employees or suppliers into disclosing sensitive information such as user names, passwords or other information in order to gain access to our data, our customers', suppliers' or partners' data or the IT systems of Oracle, our customers, suppliers or partners. Our products and services, including our Oracle Cloud Services, may also be accessed or modified improperly as a result of customer, partner, employee, contractor or supplier error or malfeasance. If a cyber-attack or other security incident results in unauthorized access to or modification of our customers' or suppliers' data, other external data, our own data or our IT systems, or if the services we provide to our customers are disrupted, or if our products or services are reported to have or are perceived as having security vulnerabilities, we could incur significant expenses and suffer significant damage to our brand and reputation. If our customers lose confidence in the security and reliability of our products and services, including our cloud offerings, and perceive them to not be secure, they may decide to reduce or terminate their spend with us. In addition, cyber-attacks and other security incidents could lead to significant investigation and remediation costs, loss or destruction of information, interruption of our operations, inappropriate use of proprietary and sensitive data, lawsuits, indemnity obligations, regulatory investigations and financial penalties, and claims and increased legal liability, including in some cases contractual costs related to customer notification and fraud monitoring. Our remediation efforts may not be successful. Because the techniques used to obtain unauthorized access to, or sabotage IT systems, change frequently, grow more complex over time, and often are not recognized until launched against a target, we may be unable to anticipate or implement adequate measures to prevent such techniques. Our internal IT systems continue to evolve and we are often early adopters of new technologies. However, our business policies and internal security controls may not keep pace with these changes as new threats emerge. In addition, we often experience increased activity of this nature during times of instability, including during our office closures related to the COVID-19 pandemic when most of our employees were working solely from home, and our operations may be more susceptible to malfeasance due to operational changes instituted to comply with safety, health and regulatory requirements, among others. We may not discover any security breach and loss of information for a significant period of time after the security breach. Our products operate in conjunction with and are dependent on a wide variety of third-party products, components and services. If there is a security vulnerability in one of these components, and if there is a security exploit targeting it, we could face increased costs, liability claims, customer dissatisfaction, reduced revenue, or harm to our reputation or competitive position. We also have an active acquisition program and have acquired a number of companies, products, services and technologies over the years. While we make significant efforts to address any IT security issues with respect to our acquired companies, we may still inherit such risks when we integrate these companies within Oracle.

Our business practices with respect to data could give rise to operational interruption, liabilities or reputational harm as a result of governmental regulation, legal requirements or industry standards relating to privacy and data protection. As regulatory focus on privacy issues continues to increase and worldwide laws and regulations concerning the handling of personal information expand and become more complex, potential risks related to data collection and use within our business will intensify. In addition, U.S. and foreign governments have enacted or are considering enacting legislation or regulations, or may in the near future interpret existing legislation or regulations, in a manner that could significantly impact our ability, as well as the ability of our customers, partners and data providers, to collect, augment, analyze, use, transfer and share personal and other information that is integral to certain services we provide. Our recent acquisition of Cerner also subjects us to additional data privacy and other related regulations governing the healthcare industry and patient information, including but not limited to regulations governing electronic health data transmissions, the treatment of patient information, healthcare fraud and healthcare information sharing. In the wake of the European Union (EU) General Data Protection Regulation (GDPR), the rate of global consideration and adoption of privacy laws has increased, giving rise to more global jurisdictions in which regulatory inquiries and audits may be requested of Oracle, and if we are not deemed to be in compliance, could result in enforcement actions and/or fines. This is true in the U.S. where, for example, California, Colorado, Connecticut, Utah and Virginia have enacted privacy laws, the U.S. Congress is considering several privacy bills at 25 the federal level, and a number of other state legislatures are considering privacy laws. Regulators globally are also imposing greater monetary fines for privacy violations. The GDPR, which became effective in May 2018, provides for monetary penalties of up to 4% of an organization's worldwide revenue. These penalties can be significant. For example, one European data protection regulator has fined a major U.S. technology company €225 million for its data handling practices. The U.S. Federal Trade Commission continues to fine companies for unfair and deceptive data protection practices, and these fines may increase in size. Taken together, the changes in laws or regulations associated with the enhanced protection of personal and other types of data could greatly increase the size of potential fines related to data protection, and our cost of providing our products and services could result in changes to our business practices or even prevent us from offering certain services in jurisdictions in which we operate. Although we have implemented contracts, diligence programs, policies and procedures designed to ensure compliance with applicable laws and regulations, there can be no assurance that our employees, contractors, partners, suppliers, data providers or agents will not violate such laws and regulations or our contracts, policies and procedures. Additionally, public perception and standards related to the privacy of personal information can shift rapidly, in ways that may affect our reputation or influence regulators to enact regulations and laws that may limit our ability to provide certain products and services. We make statements about our use and disclosure of personal information through our privacy policy, information provided on our website and press statements. Any failure, or perceived failure, by us to comply with these public statements or with U.S. federal, state, or foreign laws and regulations, including laws and regulations regulating privacy, data security, or consumer protection, public perception, standards, self-regulatory requirements or legal obligations, could result in lost or restricted business, proceedings, actions or fines brought against us or levied by governmental entities or others, or could adversely affect our business and harm our reputation. Third parties have claimed, and in the future may claim, infringement or misuse of intellectual property rights and/or breach of license agreement provisions. We periodically receive notices from, or have lawsuits filed against us by, others claiming infringement or other misuse of their intellectual property rights and/or breach of our agreements with them. These third parties include entities that do not design, manufacture, or distribute products or services or that acquire intellectual property for the sole purpose of monetization through infringement assertions. We expect to continue to receive such claims as: • we continue to expand into new businesses and acquire companies; • the number of products and competitors in our industry segments grows; • the use and support of third-party code (including open source code) becomes more prevalent in the industry; •