We operate in rapidly changing economic and technological environments that present numerous risks, many of which are driven by factors that we cannot control or predict. The following discussion, as well as our "Critical Accounting Policies and Estimates" discussion in Item 7 Management's Discussion and Analysis of Financial Condition and Results of Operations, highlights some of these risks. The risks described below are not exhaustive and you should carefully consider these risks and uncertainties before investing in our securities.

Business and Operational Risks

The COVID-19 pandemic has affected how we and our customers are operating our respective businesses, and the duration and extent to which this will impact our future results of operations remains uncertain. The COVID-19 pandemic and efforts to control its spread have materially affected how we, our customers, partners and suppliers are operating our businesses. Our operations have been negatively affected by a range of external factors related to the COVID-19 pandemic that are not within our control. For example, the COVID-19 pandemic has led governments to implement preventative measures to contain or control further spread of the virus, such as travel restrictions, prohibitions of non-essential activities, quarantines, work-from-home directives and shelter-in-place orders. These preventative measures led to sharp reductions in demand in certain industries in which our customers operate. It is not clear what long-term effects the COVID-19 pandemic will have on our business, including the effects on our customers and prospects. If we are not able to respond to and manage the impact of the COVID-19 pandemic effectively, our business will be harmed.

During fiscal 2021, we cancelled some customer events and transformed others, including Oracle OpenWorld, to virtual events. Our shift to creating virtual customer events may not be successful and we may not be able to showcase our products as well as we have historically done through in-person events, or generate the same customer interest, opportunities and leads through these virtual events. If we attempt to reintroduce large in-person events, we may not be able to do so successfully and our customers may not be able or willing to attend them.

The conditions caused by the COVID-19 pandemic initially adversely affected our customers' willingness to purchase our products, delayed prospective customers' purchasing decisions and in certain cases, resulted in delayed payments by existing customers. There have also been, and likely will continue to be, delays in our supply chain. The negative impacts of the global COVID-19 pandemic on the broader global economy and related impacts on our customers' business operations and their demand for our products may continue into future fiscal periods. The COVID-19 pandemic may also heighten other risks described in this Risk Factors section.

Our success depends upon our ability to develop new products and services, integrate acquired products and services and enhance our existing products and services. Rapid technological advances, intense competition, changing delivery models and evolving standards in computer hardware and software development and communications infrastructure, changing and increasingly sophisticated customer needs and frequent new product introductions and enhancements characterize the industries in which we compete. If we are unable to develop new or sufficiently differentiated products and services, enhance and improve our product offerings and support services in a timely manner or position and price our products and services to meet demand, customers may not purchase or subscribe to our license, hardware or cloud offerings or renew license support, hardware support or cloud subscriptions contracts. Renewals of these contracts are important to the growth of our business. In addition, we cannot provide any assurance that the standards on which we choose to develop new products will allow us to compete effectively for business opportunities in emerging areas.

We have continued to refresh and release new offerings of our cloud products and services. Machine learning and artificial intelligence are increasingly driving innovations in technology but if they fail to operate as anticipated or our other products do not perform as promised, our business and reputation may be harmed.

In addition, our business may be adversely affected if:

•

we do not continue to develop and release new or enhanced products and services within the anticipated time frames;

Index to Financial Statements

•

infrastructure costs to deliver new or enhanced products and services take longer or result in greater costs than anticipated;

•

we are unable to increase our existing data center capacity or establish data centers in new geographic locations in a timely manner to meet current or expected customer demand;

•

there is a delay in market acceptance of and difficulty in transitioning new and existing customers to new, enhanced or acquired product lines or services;

•

there are changes in information technology (IT) trends that we do not adequately anticipate or address with our product development efforts;

•

we do not optimize complementary product lines and services in a timely manner; or

•

we fail to adequately integrate, support or enhance acquired product lines or services.

Our Oracle Cloud strategy, including our Oracle Cloud Software-as-a-Service and Infrastructure-as-a-Service (SaaS and IaaS, respectively, and collectively, Oracle Cloud Services) offerings, may adversely affect our revenues and profitability. We provide our cloud and other offerings to customers worldwide via deployment models that best suit their needs, including via our cloud-based SaaS and IaaS offerings. As these business models continue to evolve, we may not be able to compete effectively, generate significant revenues or maintain the profitability of our cloud offerings. Additionally, the increasing prevalence of cloud and SaaS delivery models offered by us and our competitors may unfavorably impact the pricing of our cloud and license offerings. If we do not successfully execute our cloud computing strategy or anticipate the cloud computing needs of our customers, our reputation as a cloud services provider could be harmed and our revenues and profitability could decline.

As customer demand for our cloud offerings increases, we experience volatility in our reported revenues and operating results due to the differences in timing of revenue recognition between our cloud license and on-premise license, and hardware product arrangements relative to our cloud offering arrangements. Customers generally purchase our cloud offerings on a subscription basis and revenues from these offerings are generally recognized ratably over the terms of the subscriptions. Consequently, any deterioration in sales activity associated with our cloud offerings may not be immediately observable in our consolidated statement of operations. This is in contrast to revenues associated with our license and hardware product arrangements, which are generally recognized in full at the time of delivery of the related licenses and hardware products. In addition, we may not be able to accurately anticipate customer transition from or be able to sufficiently backfill reduced customer demand for our license, hardware and support offerings relative to the expected increase in customer adoption of and demand for our Oracle Cloud Services, which could adversely affect our revenues and profitability.

We might experience significant coding, manufacturing or configuration errors in our cloud, license and hardware offerings. Despite testing prior to the release and throughout the lifecycle of a product or service, our cloud, license and hardware offerings sometimes contain coding, manufacturing or configuration errors that can impact their function, performance and security, and result in other negative consequences. The detection and correction of any errors in released cloud, license or hardware offerings can be time consuming and costly. Errors in our cloud, license or hardware offerings could affect their ability to properly function, integrate or operate with other cloud, license or hardware offerings, could result in service interruptions, delays or outages of our cloud offerings, could create security vulnerabilities in our products or services, could delay the development or release of new products or services or new versions of products or services, and could adversely affect market acceptance of our products or services. This includes third-party software products or services incorporated into our own. If we experience any of these errors, or if there are delays in releasing our cloud, license or hardware offerings or new versions of these offerings, our sales could be affected and revenues could decline. In addition, we run Oracle's business operations as well as cloud and other services that we offer to our customers on our products and networks. Therefore, any flaws could affect our and our customers' abilities to conduct business operations and to ensure accuracy in financial processes and reporting, and may result in unanticipated costs. Enterprise customers rely on our cloud, license and hardware offerings and related services to run their businesses and errors in our cloud, license and hardware offerings and related services could expose us to product liability, performance and warranty claims as well as significant harm to our brand and reputation, which could impact our future sales.

Index to Financial Statements

If we are unable to compete effectively, the results of operations and prospects for our business could be harmed. We face intense competition in all aspects of our business. The nature of the IT industry creates a competitive landscape that is constantly evolving as firms emerge, expand or are acquired, as technology evolves and as delivery models change. Many vendors spend amounts in excess of what Oracle spends to develop and market applications and infrastructure technologies including databases, middleware products, application development tools, business applications, collaboration products and business intelligence, compute, storage and networking products, among others, which compete with Oracle applications and infrastructure offerings. Use of our competitors' technologies influences a customer's purchasing decision or creates an environment that makes it less efficient to utilize or migrate to Oracle products and services. Our competitors may also adopt business practices that provide customers access to competing products and services at a risk profile that we may not generally find acceptable, which may convince customers to purchase competitor products and services. We could lose customers if our competitors introduce new competitive products, add new functionality, acquire competitive products, reduce prices, better execute on their sales and marketing strategies, offer more flexible business practices or form strategic alliances with other companies. Mergers, consolidations or alliances among our competitors, or acquisitions of our competitors by large companies, may result in increased competition. We may also face increasing competition from open source software initiatives in which competitors may provide software and intellectual property for free. Existing or new competitors could gain sales opportunities or customers at our expense.

We may need to change our pricing models to compete successfully. The intense competition we face in the sales of our products and services and general economic and business conditions could put pressure on us to change our prices. If our competitors offer deep discounts on certain products or services or develop products that the marketplace considers more valuable, we may need to lower prices, introduce pricing models and offerings that are less favorable to us, or offer other favorable terms in order to compete successfully. Any such changes may reduce revenues and margins and could adversely affect operating results. Additionally, the increasing prevalence of cloud delivery models offered by us and our competitors may unfavorably impact the pricing of our other cloud and license, hardware and services offerings, and we may also incur increased cloud delivery expenses as we expand our cloud operations and update our infrastructure, all of which could reduce our revenues and/or profitability. Our license support fees and hardware support fees are generally priced as a percentage of our net license fees and net new hardware products fees, respectively. Our competitors may offer lower pricing on their support offerings, which could put pressure on us to further discount our offerings.

Changes to our prices and pricing policies could cause our revenues to decline or be delayed as our sales force implements and our customers adjust to the new pricing policies. Some of our competitors may bundle products for promotional purposes or as a long-term pricing strategy, commit to large customer deployments at prices that are unprofitable, or provide guarantees of prices and product implementations. These practices could, over time, significantly constrain the prices that we can charge for certain of our products. If we do not adapt our pricing models to reflect changes in customer use of our products or changes in customer demand, our revenues could decrease. The increase in open source software distribution may also cause us to change our pricing models.

Any failure to offer high-quality technical support services may adversely affect our relationships with our customers and our financial results. Our customers depend on our support organization to resolve technical issues relating to our applications and infrastructure offerings. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services or may be inefficient in our resolution of customer support issues. Increased customer demand for these services, without corresponding revenues, could increase costs and adversely affect our operating results. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality technical support, could adversely affect our reputation, our ability to sell and renew our applications and infrastructure offerings to existing and prospective customers, and our business, operating results, and financial position.

Our cloud offerings and hardware offerings are complex, and if we cannot successfully manage this complexity, the results of these businesses will suffer. We depend on suppliers to develop, manufacture and deliver on a timely basis the necessary technologies and components for our hardware products that we market and sell to our customers and that we use as a part of our cloud infrastructure to deliver our cloud offerings, and there are some technologies and components that can only be purchased from a single vendor due to price, quality, technology,

20

availability or other business constraints. As a result, our supply chain operations could be disrupted or negatively impacted by industry consolidation and component constraints or shortages, natural disasters, political unrest, public health crises such as the COVID-19 pandemic, changes to trade policies, port stoppages or other transportation disruptions or slowdowns, or other factors affecting the countries or regions where these single source component vendors are located or where the products are being shipped. We may be unable to purchase these items from the respective single vendors on acceptable terms or may experience significant shortages, delays or quality issues in the delivery of necessary technologies, parts or components from a particular vendor. If one or more of the risks described above occurs, our cloud and license business and hardware business and related operating results could be materially and adversely affected.

We are susceptible to third-party manufacturing and logistics delays, which could result in the loss of sales and customers. We outsource a significant majority of our manufacturing, assembly, delivery and technology of, and certain component designs for, our hardware products to a variety of companies, many of which are located outside the U.S. From time to time, these partners experience production problems or delays or cannot meet our demand for products. To reduce this risk, we continue to explore additional third-party manufacturing partners to drive supply chain continuity, but finding additional manufacturing sources in a timely and cost-effective manner is difficult. Third-party manufacturing and logistics delays attributable to the effects of COVID-19 caused a loss of sales during our fiscal 2021. Ongoing or future delays in manufacturing could cause the loss of additional sales, delayed revenue recognition or an increase in our hardware products expenses, all of which could adversely affect the margins of our cloud and license business and hardware business. These challenges could arise if we alter our manufacturing strategies, suppliers, or locations.

Our hardware revenues and profitability have declined and could continue to decline. Our hardware business may adversely affect our total revenues and overall profitability and related growth rates. We may not achieve our estimated revenue, profit or other financial projections with respect to our hardware business in a timely manner or at all due to a number of factors, including:

•

changes in our hardware offerings, technologies and strategies, including shifting factory locations, which could adversely affect supply and demand for our hardware products;

•

our hardware business has higher expenses as a percentage of revenues, and thus has been less profitable, than our cloud and license business;

•

our focus on certain of our more profitable Oracle Engineered Systems and certain other hardware products we consider strategic and the de-emphasis of certain of our lower profit margin commodity hardware products, which could adversely affect our hardware revenues;

•

changes in strategies and frequency for the development and introduction of new versions or next generations of our hardware products that could adversely affect our hardware revenues;

•

general supply chain material shortages worldwide, which were further exacerbated globally as a result of the COVID-19 pandemic;

•

a greater risk of material charges that could adversely affect our operating results, such as potential write-downs and impairments of our inventories; higher warranty expenses than what we experience in our cloud and license and services businesses; and amortization and potential impairment of intangible assets associated with our hardware business; and

•

decreased customer demand for related hardware support as hardware products approach the end of their useful lives, which could adversely affect our hardware revenues.

Our periodic workforce restructurings and reorganizations can be disruptive. We are currently restructuring our workforce and in the past we have restructured or made other adjustments to our workforce in response to management changes, product changes, performance issues, change in strategies, acquisitions and other internal and external considerations. These types of restructurings have resulted in increased restructuring costs and temporary reduced productivity while the employees adjusted to their new roles and responsibilities. In addition, we may not achieve or sustain the expected growth, resource redeployment or cost savings benefits of these

21

restructurings, or may not do so within the expected timeframe. These effects could recur in connection with future acquisitions and other restructurings and our revenues and other results of operations could be negatively affected.

We may lose key employees or may be unable to hire enough qualified employees. We rely on hiring qualified employees and the continued service of our senior management, including our Chairman of the Board of Directors, Chief Technology Officer and founder; our Chief Executive Officer; other members of our executive team; and other key employees. In the technology industry, there is substantial and continuous competition for highly skilled business, product development, technical and other personnel. In response to the COVID-19 pandemic and to ensure the safety of our employees, we have temporarily closed the majority of our offices. In fiscal 2021, we moved our headquarters to Austin, Texas and announced a modern approach to work that may provide our employees more flexibility to choose where and how to work. Depending on their role, this means that, when our offices reopen after the COVID-19 pandemic, many employees can choose their office location, as well as continue to work from home some or all the time. While we believe this may help us engage with a wider pool of talent and may help to retain employees who want or need more flexibility, it could negatively impact employee productivity and it may present risks for our real estate portfolio and strategy. We intend to reopen our offices when it is safe to do so and local requirements allow, but our employees who opt to return to the office may nevertheless be exposed to health risks, which may expose us to potential liability.

We may also experience increased compensation costs that are not offset by either improved productivity or higher sales. We may not be successful in recruiting new personnel and in retaining and motivating existing personnel. With rare exceptions, we do not have long-term employment or non-competition agreements with our employees. Members of our senior management team have left Oracle over the years for a variety of reasons, and we cannot guarantee that there will not be additional departures, which may be disruptive to our operations.

We continually focus on improving our cost structure by hiring personnel in countries where advanced technical expertise and other expertise are available at lower costs. When we make adjustments to our workforce, we may incur expenses associated with workforce reductions that delay the benefit of a more efficient workforce structure. We may also experience increased competition for employees in these countries as the trend toward globalization continues, which may affect our employee retention efforts and increase our expenses in an effort to offer a competitive compensation program. In addition, changes to immigration and labor law policies may adversely impact our access to technical and professional talent.

Our general compensation program includes restricted stock units and performance-based equity, which are important tools in attracting and retaining employees in our industry. If our stock price performs poorly, it may adversely affect our ability to retain or attract employees. We continually evaluate our compensation practices and consider changes from time to time, such as reducing the number of employees granted equity awards or the number of equity awards granted per employee and granting alternative forms of stock-based compensation, which may have an impact on our ability to retain employees and the amount of stock-based compensation expense that we record. Any changes in our compensation practices or those of our competitors could affect our ability to retain and motivate existing personnel and recruit new personnel.

Our cloud and license, and hardware indirect sales channels could affect our future operating results. Our cloud and license, and hardware indirect channel network is comprised primarily of resellers, system integrators/implementers, consultants, education providers, internet service providers, network integrators and independent software vendors. Our relationships with these channel participants are important elements of our cloud, software and hardware marketing and sales efforts. Our financial results could be adversely affected if our contracts with channel participants were terminated, if our relationships with channel participants were to deteriorate, if any of our competitors enter into strategic relationships with or acquire a significant channel participant, if the financial condition or operations of our channel participants were to weaken or if the level of demand for our channel participants' products and services were to decrease. There can be no assurance that we will be successful in maintaining, expanding or developing our relationships with channel participants. If we are not successful, we may lose sales opportunities, customers and revenues.

22

Acquisitions present many risks and we may not achieve the financial and strategic goals that were contemplated at the time of a transaction. We continue to review and consider strategic acquisitions of companies, products, services and technologies. We have a selective and active acquisition program and we expect to continue to make acquisitions in the future because acquisitions have been an important element of our overall corporate strategy. Risks we may face in connection with our acquisition program include:

•

our ongoing business may be disrupted and our management's attention may be diverted by acquisition, transition or integration activities;

•

we may have difficulties (1) managing an acquired company's technologies or lines of business; (2) entering new markets where we have no, or limited, direct prior experience or where competitors may have stronger market positions; or (3) retaining key personnel from the acquired companies;

•

an acquisition may not further our business strategy as we expected, we may not integrate an acquired company or technology as successfully as we expected, we may impose our business practices or alter go-to-market strategies that adversely impact the acquired business or we may overpay for, or otherwise not realize the expected return on our investments, each or all of which could adversely affect our business or operating results and potentially cause impairment to assets that we recorded as a part of an acquisition including intangible assets and goodwill;

•

our operating results or financial condition may be adversely impacted by (1) claims or liabilities that we assume from an acquired company or technology or that are otherwise related to an acquisition; (2) pre-existing contractual relationships that we assume from an acquired company, the termination or modification of which may be costly or disruptive to our business; and (3) unfavorable revenue recognition or other accounting treatment as a result of an acquired company's business practices;

•

we may fail to identify or assess the magnitude of certain liabilities, shortcomings or other circumstances prior to acquiring a company or technology;

•

we may not realize any anticipated increase in our revenues from an acquisition for a number of reasons, including (1) if a larger than predicted number of customers decline to renew their contracts with the acquired company; (2) if we are unable to sell the acquired products or service offerings to our customer base; (3) if acquired customers do not elect to purchase our technologies due to differing business practices; or (4) if contract models utilized by an acquired company do not allow us to recognize revenues in a manner that is consistent with our current accounting practices;

•

we may have difficulty integrating acquired technologies, products, services and their related supply chain operations with our existing lines of business and related infrastructures;

•

we may have multiple product lines or services offerings as a result of our acquisitions that are offered, priced, delivered and supported differently, which could cause customer confusion and delays;

•

we may incur higher than anticipated costs (1) to support, develop and deliver acquired products or services; (2) for general and administrative functions that support new business models; or (3) to comply with regulations applicable to an acquired business that are more complicated than we had anticipated;

•

we may be unable to obtain timely approvals from, or may otherwise have certain limitations, restrictions, penalties or other sanctions imposed on us by worker councils or similar bodies under applicable employment laws as a result of an acquisition;

•

we may be unable to obtain required approvals from governmental authorities under competition and antitrust laws on a timely basis, if at all;

•

our use of cash to pay for acquisitions may limit other potential uses of our cash;

•

we may significantly increase our interest expense, leverage and debt service requirements if we incur additional debt to pay for an acquisition and we may have to delay or not proceed with a substantial

23

acquisition if we cannot obtain the necessary funding to complete the acquisition in a timely manner or on favorable terms; and

•

we may experience additional or unexpected changes in how we are required to account for our acquisitions pursuant to U.S. generally accepted accounting principles, including arrangements that we may assume in an acquisition.

The occurrence of any of these risks could have a material adverse effect on our business, results of operations, financial condition or cash flows, particularly in the case of a larger acquisition or several concurrent acquisitions.

Data Privacy, Security and Intellectual Property Risks

If our security measures for our products and services are compromised and as a result, our data, our customers' data or our IT systems are accessed improperly, made unavailable, or improperly modified, our products and services may be perceived as vulnerable, our brand and reputation could be damaged, the IT services we provide to our customers could be disrupted, and customers may stop using our products and services, any of which could reduce our revenue and earnings, increase our expenses and expose us to legal claims and regulatory actions. Our products and services, including Oracle Cloud Services, store, retrieve, manipulate and manage third-party data, such as our customers' information and data, as well as our own data. We have a reputation for secure and reliable product offerings and related services, and we have invested a great deal of time and resources in protecting the integrity and security of our products, services and the internal and external data that we manage. Nonetheless, we believe that Oracle in particular is an attractive target for computer hackers and other bad actors because Oracle stores and processes large amounts of data, including in customer sectors involving particularly sensitive data such as health sciences, financial services, retail, hospitality and the government. We and our third-party vendors are regularly subject to attempts by third parties (which may include individuals or groups of hackers and sophisticated organizations, such as state-sponsored organizations, nation states and individuals sponsored by them) to identify and exploit product and service vulnerabilities, penetrate or bypass our security measures, and gain unauthorized access to our or our customers', partners' and suppliers' software, hardware and cloud offerings, networks and systems. Successful attempts by one of these malicious actors can lead to the compromise of personal information or the confidential information or data of Oracle or our customers. Attempts of this nature typically involve IT-related viruses, worms, and other malicious software programs that attack networks, systems, products and services, exploit potential security vulnerabilities of networks, systems, products and services, create system disruptions and cause shutdowns or denials of service. Third parties may attempt to fraudulently induce customers, partners, employees or suppliers into disclosing sensitive information such as user names, passwords or other information in order to gain access to our data, our customers', suppliers' or partners' data or the IT systems of Oracle, our customers, suppliers or partners. Our products and services, including our Oracle Cloud Services, may also be accessed or modified improperly as a result of customer, partner, employee, contractor or supplier error or malfeasance.

If a cyber-attack or other security incident results in unauthorized access to or modification of our customers' or suppliers' data, other external data, our own data or our IT systems, or if the services we provide to our customers are disrupted, or if our products or services are reported to have or are perceived as having security vulnerabilities, we could incur significant expenses and suffer significant damage to our brand and reputation. If our customers lose confidence in the security and reliability of our products and services, including our cloud offerings, and perceive them to not be secure, they may decide to reduce or terminate their spend with us. In addition, cyber-attacks and other security incidents could lead to significant investigation and remediation costs, loss or destruction of information, interruption of our operations, inappropriate use of proprietary and sensitive data, lawsuits, indemnity obligations, regulatory investigations and financial penalties, and claims and increased legal liability, including in some cases contractual costs related to customer notification and fraud monitoring. Our remediation efforts may not be successful. Because the techniques used to obtain unauthorized access to, or sabotage IT systems, change frequently, grow more complex over time, and often are not recognized until launched against a target, we may be unable to anticipate or implement adequate measures to prevent such techniques. Our internal IT systems continue to evolve and we are often early adopters of new technologies. However, our business policies and internal security controls may not keep pace with these changes as new threats

24

emerge. In addition, we often experience increased activity of this nature during times of instability, including during the current COVID-19 pandemic when most of our employees are working from home, and our operations may be more susceptible to malfeasance due to operational changes instituted to comply with safety, health and regulatory requirements, among others. We may not discover any security breach and loss of information for a significant period of time after the security breach.

Our products operate in conjunction with and are dependent on a wide variety of third-party products, components and services. If there is a security vulnerability in one of these components, and if there is a security exploit targeting it, we could face increased costs, liability claims, customer dissatisfaction, reduced revenue, or harm to our reputation or competitive position. We also have an active acquisition program and have acquired a number of companies, products, services and technologies over the years. While we make significant efforts to address any IT security issues with respect to our acquired companies, we may still inherit such risks when we integrate these companies within Oracle.

Our business practices with respect to data could give rise to operational interruption, liabilities or reputational harm as a result of governmental regulation, legal requirements or industry standards relating to privacy and data protection. As regulatory focus on privacy issues continues to increase and worldwide laws and regulations concerning the handling of personal information expand and become more complex, potential risks related to data collection and use within our business will intensify. In addition, U.S. and foreign governments have enacted or are considering enacting legislation or regulations, or may in the near future interpret existing legislation or regulations, in a manner that could significantly impact our ability, as well as the ability of our customers, partners and data providers, to collect, augment, analyze, use, transfer and share personal and other information that is integral to certain services we provide.

In the wake of the European Union (EU) General Data Protection Regulation (GDPR), the rate of global consideration and adoption of privacy laws has increased, giving rise to more global jurisdictions in which regulatory inquiries and audits may be requested of Oracle, and if we are not deemed to be in compliance, could result in enforcement actions and/or fines. This is true in the U.S. where, for example, the California Consumer Privacy Act (CCPA) became effective in January 2020, the U.S. Congress is considering several privacy bills at the federal level, and other state legislatures are considering privacy laws. Regulators globally are also imposing greater monetary fines for privacy violations. The GDPR, which became effective in May 2018, provides for monetary penalties of up to 4% of an organization's worldwide revenue. These penalties can be significant. For example, one European data protection regulator has fined a major U.S. technology company €50 million for its data handling practices. The U.S. Federal Trade Commission continues to fine companies on a regular basis for unfair and deceptive data protection practices, and these fines may increase in size. The CCPA provides for statutory damages or fines on a per violation basis that could be very large in the event of a significant data security breach or other CCPA violation. Taken together, the changes in laws or regulations associated with the enhanced protection of personal and other types of data could greatly increase the size of potential fines related to data protection, and our cost of providing our products and services could result in changes to our business practices or even prevent us from offering certain services in jurisdictions in which we operate. Although we have implemented contracts, diligence programs, policies and procedures designed to ensure compliance with applicable laws and regulations, there can be no assurance that our employees, contractors, partners, suppliers, data providers or agents will not violate such laws and regulations or our contracts, policies and procedures. Additionally, public perception and standards related to the privacy of personal information can shift rapidly, in ways that may affect our reputation or influence regulators to enact regulations and laws that may limit our ability to provide certain products and services.

We make statements about our use and disclosure of personal information through our privacy policy, information provided on our website and press statements. Any failure, or perceived failure, by us to comply with these public statements or with U.S. federal, state, or foreign laws and regulations, including laws and regulations regulating privacy, data security, or consumer protection, public perception, standards, self-regulatory requirements or legal obligations, could result in lost or restricted business, proceedings, actions or fines brought against us or levied by governmental entities or others, or could adversely affect our business and harm our reputation.

25

Third parties have claimed, and in the future may claim, infringement or misuse of intellectual property rights and/or breach of license agreement provisions. We periodically receive notices from, or have lawsuits filed against us by, others claiming infringement or other misuse of their intellectual property rights and/or breach of our agreements with them. These third parties include entities that do not design, manufacture, or distribute products or services or that acquire intellectual property for the sole purpose of monetization through infringement assertions. We expect to continue to receive such claims as:

•

we continue to expand into new businesses and acquire companies;

•

the number of products and competitors in our industry segments grows;

•

the use and support of third-party code (including open source code) becomes more prevalent in the industry;

•

the volume of issued patents continues to increase; and

•

non-practicing entities continue to assert intellectual property infringement in our industry segments.

Responding to any such claim, regardless of its validity, could:

•

be time consuming, costly and result in litigation;

•

divert management's time and attention from developing our business;

•

require us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable;

•

require us to stop selling or to redesign certain of our products;

•

require us to release source code to third parties, possibly under open source license terms;

•

require us to satisfy indemnification obligations to our customers; or

•

otherwise adversely affect our business, results of operations, financial condition or cash flows.

We may not be able to protect our intellectual property rights. We rely on copyright, trademark, patent and trade secret laws, confidentiality procedures, controls and contractual commitments to protect our intellectual property. Despite our efforts, these protections may be limited. Unauthorized third parties may try to copy or reverse engineer our products or otherwise use our intellectual property. Our patents may be invalidated or circumvented. Any of our pending or future patent applications may not be issued with the claim scope we seek, if at all. In addition, the laws of some countries do not provide the same level of intellectual property protection as U.S. laws and courts. If we cannot protect our intellectual property against unauthorized copying or use, or other misappropriation, we may not remain competitive.

We may not receive significant revenues from our current research and development efforts for several years, if at all. Developing our various product offerings is expensive and the investment in the development of these offerings often involves a long return on investment cycle. An important element of our corporate strategy is to continue to dedicate a significant amount of resources to research and development and related product and service opportunities both through internal investments and the acquisition of intellectual property from acquired companies. Accelerated product and service introductions and short lifecycles require high levels of expenditures for research and development that could adversely affect our operating results if not offset by revenue increases. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position. However, we do not expect to receive significant revenues from these investments for several years, if at all.

Legal and Regulatory Risks

Adverse litigation results could affect our business. We are subject to various legal proceedings. Litigation can be lengthy, expensive and disruptive to our operations, and can divert our management's attention away from running our core business. The results of our litigation also cannot be predicted with certainty. An adverse decision

26

could result in monetary damages or injunctive relief that could affect our business, operating results or financial condition. Additional information regarding certain of the lawsuits we are involved in is discussed under Note 17 of Notes to Consolidated Financial Statements included elsewhere in this Annual Report.

We may be subjected to increased taxes due to changes in U.S. or international tax laws or from adverse resolutions of tax audits and controversies. As a multinational corporation, we incur income taxes as well as non-income based taxes (such as payroll, sales, use, property and value-added taxes) in both the U.S. and various foreign jurisdictions. Significant uncertainties exist with respect to the application of the various taxes to the businesses in which we engage, often requiring that we make judgments in determining our tax liabilities and worldwide provision for income taxes. We are regularly under audit by tax authorities in the U.S. and internationally, which can lead to disagreements such as regarding our intercompany transfer prices and calculations and on the applicability of withholding taxes to our cross-border transactions. Any unfavorable resolution of these tax audits and controversies could cause our tax liabilities to increase and may have a significant adverse impact on our provision for income taxes and tax rate. Although we believe that our income and non-income based tax estimates are reasonable, there is no assurance that the final determination of tax audits or disputes will not be different from what is reflected in our historical income tax provisions and tax accruals.

Increasingly, countries around the world are actively considering or have enacted changes in relevant tax, accounting and other laws, regulations and interpretations. In the U.S., various proposals, if enacted, would dramatically raise the U.S. corporate tax rate and increase the tax on non-U.S. income. Such unfavorable tax legislation resulting from the shifting U.S. political landscape and economic environment create the potential for added volatility in our quarterly provision for income taxes and could have a significant adverse impact on our future income tax provision and tax rate.

Other countries also continue to consider changes to their tax laws that could negatively affect us by increasing taxes imposed on our international revenue streams, operations and cross-border transactions, including the imposition of taxes targeted at digital technology businesses and changes in withholding tax regimes. More fundamentally, longstanding international tax principles that determine each country's right to tax cross-border transactions are being reconsidered, creating significant uncertainty as to the future level of corporate income tax on our international operations. This re-examination of the global tax system is driven by a perceived need to provide greater taxing rights to market jurisdictions where customers or users are located. Various measures are being discussed, including adjustments to the manner in which taxable profits are allocated among jurisdictions, as well as the limitation of deductions for, or the imposition of additional withholding taxes on, intercompany payments.

The foregoing proposals to raise U.S. corporate income taxes in combination with the uncertain international tax environment have upended the predictability and reliability of the global tax system. Our future income tax provision and tax rate could significantly increase if such tax law changes are enacted in the U.S. or in countries in which we do business. Our provision for income taxes also could be adversely affected by shifts of earnings from jurisdictions that have relatively lower statutory tax rates to those in which the rates are relatively higher. In addition, changes in the valuation of our deferred tax assets or liabilities could negatively impact our income tax provision.

Our international sales and operations subject us to additional risks that can adversely affect our operating results. We derive a substantial portion of our revenues from, and have significant operations, outside of the U.S. Compliance with international and U.S. laws and regulations that apply to our international operations increases our cost of doing business in foreign jurisdictions. These laws and regulations include data privacy requirements, labor relations laws, tax laws, foreign currency-related regulations, competition regulations, anti-bribery laws and other laws prohibiting payments to governmental officials such as the U.S. Foreign Corrupt Practices Act (FCPA), market access regulations, tariffs, and import, export and general trade regulations, including but not limited to economic sanctions and embargos. Violations of these laws and regulations could result in fines and penalties, criminal sanctions against us, our officers or our employees, and prohibitions on the conduct of our business, including the loss of trade privileges. Any such violations could result in prohibitions on our ability to offer our products and services in one or more countries, could delay or prevent potential acquisitions and could also

27

materially damage our reputation, our brand, our international expansion efforts, our ability to attract and retain employees, our business and our operating results. These laws can require suspension or termination of business, including financial transactions, in certain countries, territories or with certain customers and any such action in the future could adversely affect our business, financial condition and results of operations. Compliance with these laws also requires a significant amount of management attention and effort, which may divert management's attention from running our business operations and could harm our ability to grow our business, or may increase our expenses as we engage specialized or other additional resources to assist us with our compliance efforts.

Our success depends, in part, on our ability to anticipate these risks and manage these difficulties. We monitor our operations and investigate allegations of improprieties relating to transactions and the way in which such transactions are recorded. Where circumstances warrant, we provide information and report our findings to government authorities, and in some circumstances such authorities conduct their own investigations and we respond to their requests or demands for information. No assurance can be given that action will not be taken by such authorities or that our compliance program will prove effective.

We are also subject to a variety of other risks and challenges in managing an organization operating globally, including those related to:

•

general economic conditions in each country or region;

•

public health risks, social risks and supporting infrastructure stability risks, particularly in areas in which we have significant operations;

•

fluctuations in currency exchange rates and related impacts on customer demand and our operating results;

•

difficulties in transferring funds from or converting currencies in certain countries that could lead to a devaluation of our net assets, in particular our cash assets, in that country's currency;

•

regulatory changes, including government austerity measures in certain countries that we may not be able to sufficiently plan for or avoid that may unexpectedly impair bank deposits or other cash assets that we hold in these countries or that impose additional taxes that we may be required to pay in these countries;

•

political unrest, terrorism and the potential for other hostilities;

•

common local business behaviors that are in direct conflict with our business ethics, practices and conduct policies;

•

natural disasters;

•

the effects of climate change (such as sea level rise, drought, flooding, wildfires and increased storm sensitivity);

•

longer payment cycles and difficulties in collecting accounts receivable;

•

overlapping tax regimes; and

•

reduced protection for intellectual property rights in some countries.

The variety of risks and challenges listed above could also disrupt or otherwise negatively impact our supply chain operations and sales of our products and services in affected countries or regions.

As the majority shareholder of Oracle Financial Services Software Limited, a publicly traded company in India, and Oracle Corporation Japan, a publicly traded company in Japan, we are faced with several additional risks, including being subject to local securities regulations and being unable to exert full control that we would otherwise have if these entities were wholly-owned subsidiaries.

Our sales to government clients expose us to business volatility and risks, including government budgeting cycles and appropriations, procurement regulations, governmental policy shifts, early termination of contracts, audits,

28

investigations, sanctions and penalties. We derive revenues from contracts with the U.S. government, state and local governments, and foreign governments and are subject to procurement laws relating to the award, administration and performance of those contracts.

Governmental entities are variously pursuing policies that affect our ability to sell our products and services. Changes in government procurement policy, priorities, regulations, technology initiatives and/or requirements may negatively impact our potential for growth in the government sector. For example, the U.S. government imposes evolving cybersecurity requirements, including, for example, the FedRAMP authorization process and the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC). These requirements may impact our lines of business in the U.S. federal government market. Compliance with these cybersecurity requirements is complex and costly, and failure to meet, or delays in meeting, the required security controls could limit our ability to sell products and services, directly or indirectly, to the DoD and other federal and state government entities that implement similar cybersecurity requirements.

We are also subject to early termination of our contracts. Many governmental entities have the right to terminate contracts at any time, without cause. For example, the U.S. federal government may terminate any of our government contracts and subcontracts at its convenience, or for default based on our performance.

U.S. federal, state and local government and foreign government contracts are generally subject to government funding authorizations/appropriations. Contracts may be terminated based upon a lack of government funds.

There is increased pressure on governments and their agencies, both domestically and internationally, to reduce spending as governments continue to face significant deficit reduction pressures. This may adversely impact spending on government programs.

Government contracts laws and regulations impose certain risks, and contracts are generally subject to audits and investigations. If violations of law are found, they could result in civil and criminal penalties and administrative sanctions, including termination of contracts, refund of a portion of fees received, forfeiture of profits, suspension of payments, fines and suspensions or debarment from future government business.

Environmental and other related laws and regulations subject us to a number of risks and could result in significant liabilities and costs. Some of our cloud and hardware operations are subject to state, federal and international laws governing protection of the environment, proper handling and disposal of materials used for these products, human health and safety, the use of certain chemical substances and the labor practices of suppliers, as well as local testing and labeling requirements. Compliance with these ever-changing environmental and other laws in a timely manner could increase our product design, development, procurement, manufacturing, delivery, cloud operations and administration costs, limit our ability to manage excess and obsolete non-compliant inventory, change our sales activities, or otherwise impact future financial results of our cloud and hardware businesses. Any violation of these laws can subject us to significant liability, including fines, penalties and possible prohibition of sales of our products and services into one or more states or countries and result in a material adverse effect on the financial condition or results of operations of our cloud and hardware businesses. Regulatory, market, and competitive pressures regarding the greenhouse gas emissions and energy mix for our data center operations may also grow.

A significant portion of our hardware revenues come from international sales. Environmental legislation, such as the EU Directive on Restriction of Hazardous Substances (RoHS), the EU Waste Electrical and Electronic Equipment Directive (WEEE Directive) and China's regulation on Management Methods for Controlling Pollution Caused by Electronic Information Products, among others, may increase our cost of doing business internationally and impact our hardware revenues from the EU, China and other countries with similar environmental legislation as we endeavor to comply with and implement these requirements. The UK Government has announced a procurement policy that includes environmental, social and economic sustainability measures.

The SEC requires public disclosure for registrants that use certain "conflict minerals" in their products. Our supply chain is multi-tiered, global and highly complex. As a provider of hardware end-products, we are several steps removed from the mining and smelting or refining of any conflict minerals in our supply chain. Accordingly, our ability to determine with certainty the origin and chain of custody of conflict minerals is limited.

29

We have an Environmental Steering Committee (ESC) comprised of senior individuals from a wide range of Oracle business units, including our Chief Sustainability Officer who reports to our Chief Executive Officer and oversees our overall sustainability strategy, including climate related risk mitigation. The ESC evaluates if climate or environmental risks have the potential for significant chronic or acute impact on our core and/or strategic business functions, including service delivery and support, product development and deployment, supply chain management, facility operations, employee recruitment and retention, or brand reputation. A failure by the ESC to identify and assess these risks could adversely affect our reputation, business, financial performance and growth.

We publish an annual Corporate Citizenship Report, which includes disclosure of our Environmental, Social and Governance (ESG) matters and goals. Our disclosures on these matters, and standards we set for ourselves or a failure to meet these standards, may potentially harm our reputation and brand. By electing to set and share publicly these corporate ESG standards, our business may also face increased scrutiny related to ESG activities.

Financial Risks

Our quarterly results of operations may fluctuate significantly based on a number of factors that make our results of operations difficult for us to predict. Our revenues, particularly certain of our cloud license and on-premise license revenues and hardware revenues, can be difficult to forecast. A substantial portion of our cloud license, on-premise license and hardware contracts is completed in the latter part of a quarter, and a significant percentage of these is comprised of larger value orders. Because a significant portion of our cost structure is largely fixed in the short term, sales and revenue shortfalls tend to have a disproportionately negative impact on our profitability. The number of large license transactions and, to a lesser extent, hardware products transactions increases the risk of fluctuations in our quarterly results because a delay in even a small number of these transactions could cause our quarterly sales, revenues and profitability to fall significantly short of our predictions. In addition, sudden shifts in regional or global economic activity, such as what we experienced initially at the outset of the COVID-19 pandemic, may cause our sales forecasts to be inaccurate.

We may experience foreign currency gains and losses. Changes in currency exchange rates can adversely affect customer demand and our revenue and profitability. We conduct a significant number of transactions and hold cash in currencies other than the U.S. Dollar. Changes in the values of major foreign currencies, particularly the Euro, Japanese Yen and British Pound, relative to the U.S. Dollar can significantly affect our total assets, revenues, operating results and cash flows, which are reported in U.S. Dollars. Fluctuations in foreign currency rates, including the strengthening of the U.S. Dollar against the Euro and most other major international currencies, adversely affects our revenue growth in terms of the amounts that we report in U.S. Dollars after converting our foreign currency results into U.S. Dollars and in terms of actual demand for our products and services as certain of these products may become relatively more expensive for foreign currency-based enterprises to purchase. In addition, currency variations can adversely affect margins on sales of our products in countries outside of the U.S. Generally, our reported revenues and operating results are adversely affected when the dollar strengthens relative to other currencies and are positively affected when the dollar weakens. In addition, our reported assets generally are adversely affected when the dollar strengthens relative to other currencies as a portion of our consolidated cash and bank deposits, among other assets, are held in foreign currencies and reported in U.S. Dollars.

In addition, we incur foreign currency transaction gains and losses, primarily related to sublicense fees and other intercompany agreements among us and our subsidiaries that we expect to cash settle in the near term, which are charged to earnings in the period incurred. We have a program which primarily utilizes foreign currency forward contracts designed to offset the risks associated with certain foreign currency exposures. We may suspend the program from time to time. As part of this program, we enter into foreign currency forward contracts so that increases or decreases in our foreign currency exposures are offset at least in part by gains or losses on the foreign currency forward contracts in an effort to mitigate the risks and volatility associated with our foreign currency transaction gains or losses. A large portion of our consolidated operations are international, and we expect that we will continue to realize gains or losses with respect to our foreign currency exposures, net of gains or losses from our foreign currency forward contracts. For example, we will experience foreign currency gains and losses in certain instances if it is not possible or cost-effective to hedge our foreign currency exposures, if our hedging efforts are ineffective, or should we suspend our foreign currency forward contract program. Our ultimate realized

30

loss or gain with respect to currency fluctuations will generally depend on the size and type of cross-currency exposures that we enter into, the currency exchange rates associated with these exposures and changes in those rates, whether we have entered into foreign currency forward contracts to offset these exposures and any related fees paid to purchase such contracts, and other factors. All of these factors could materially impact our results of operations, financial position and cash flows.

We have incurred foreign currency losses associated with the devaluation of currencies in certain highly inflationary economies relative to the U.S. Dollar. We could incur future losses in emerging market countries where we do business should their currencies become designated as highly inflationary.

There are risks associated with our outstanding and future indebtedness. As of May 31, 2021, we had an aggregate of $84.2 billion of outstanding indebtedness that will mature between calendar year 2021 and calendar year 2061, and we may incur additional indebtedness in the future. Our ability to pay interest and repay the principal for our indebtedness is dependent upon our ability to manage our business operations, generate sufficient cash flows to service such debt and the other factors discussed in this section. There can be no assurance that we will be able to manage any of these risks successfully.

We may also need to refinance a portion of our outstanding debt as it matures. There is a risk that we may not be able to refinance existing debt or that the terms of any refinancing may not be as favorable as the terms of our existing debt. Furthermore, if prevailing interest rates or other factors at the time of refinancing result in higher interest rates upon refinancing, then the interest expense relating to that refinanced indebtedness would increase.

Should we incur future increases in interest expense, our ability to utilize certain of our foreign tax credits to reduce our U.S. federal income tax could be limited, which could unfavorably affect our provision for income taxes and effective tax rate. In addition, changes by any rating agency to our outlook or credit rating could negatively affect the value of both our debt and equity securities and increase the interest amounts we pay on certain outstanding or future debt. These risks could adversely affect our financial condition and results of operations.

Risks Related to Our Common Stock

Our stock price could become more volatile and your investment could lose value. All of the factors discussed within this Risk Factors section could affect our stock price. The timing of announcements in the public market by us or by our competitors regarding new cloud services, products, product enhancements, technological advances, acquisitions or major transactions could also affect our stock price. Changes in the amounts and frequency of share repurchases or dividends could affect our stock price. Our stock price could also be affected by factors, some of which are beyond our control, including, among others: speculation in the press, social media and the analyst community, changes in recommendations or earnings related estimates by financial analysts, changes in investors' or analysts' valuation measures for our stock, negative analyst surveys or channel check surveys, earnings announcements where our financial results differ from our guidance or investors' expectations, our credit ratings and market trends unrelated to our performance. The stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. A significant drop in our stock price could also expose us to the risk of securities class action lawsuits, which could result in substantial costs and divert management's attention and resources, which could adversely affect our business.

We cannot guarantee that our stock repurchase program will be fully implemented or that it will enhance long-term stockholder value. In fiscal 2021, our Board of Directors approved expansions of our stock repurchase program totaling $20.0 billion. The repurchase program does not have an expiration date and we are not obligated to repurchase a specified number or dollar value of shares. Our repurchase program may be suspended or terminated at any time and, even if fully implemented, may not enhance long-term stockholder value.

31

General Risks

Economic, political and market conditions can adversely affect our business, results of operations and financial condition, including our revenue growth and profitability, which in turn could adversely affect our stock price. Our business is influenced by a range of factors that are beyond our control and that we have no comparative advantage in forecasting. These include:

•

general economic and business conditions;

•

overall demand for enterprise cloud, license and hardware products and services;

•

governmental budgetary constraints or shifts in government spending priorities; and

•

general legal, regulatory and political developments.

Macroeconomic developments such as the global economic effects resulting from the COVID-19 pandemic, the United Kingdom leaving the EU (Brexit), evolving trade policies between the U.S. and international trade partners, or the occurrence of similar events in other countries that lead to uncertainty or instability in economic, political or market conditions could negatively affect our business, operating results, financial condition and outlook, which, in turn, could adversely affect our stock price. Any general weakening of, and related declining corporate confidence in, the global economy or the curtailment of government or corporate spending could cause current or potential customers to reduce or eliminate their IT budgets and spending, which could cause customers to delay, decrease or cancel purchases of our products and services or cause customers not to pay us or to delay paying us for previously purchased products and services.

In addition, international, regional or domestic political unrest and the related potential impact on global stability, terrorist attacks and the potential for other hostilities in various parts of the world, public health crises such as the COVID-19 pandemic, and natural disasters continue to contribute to a climate of economic and political uncertainty that could adversely affect our results of operations and financial condition, including our revenue growth and profitability. These factors generally have the strongest effect on our sales of cloud license and on-premise license, hardware and related services and, to a lesser extent, also may affect our renewal rates for license support and our subscription-based cloud offerings.

Business disruptions could adversely affect our operating results. A significant portion of our critical business operations are concentrated in a few geographic areas, some of which include emerging market international locations that may be less stable relative to running such business operations solely within the U.S. We are a highly automated business and a disruption or failure of our systems, supply chains and processes could cause delays in completing sales, providing services, including some of our cloud offerings, and enabling a seamless customer experience with respect to our customer facing back office processes. A major earthquake or fire, political, social or other disruption to infrastructure that supports our operations or other catastrophic event or the effects of climate change (such as increased storm severity, drought and pandemics) that results in the destruction or disruption of any of our critical business, supply chains or IT systems could severely affect our ability to conduct normal business operations and, as a result, our future operating results could be materially and adversely affected.