ARM Holdings PLC ADR (ARM) Risk Analysis

To remain competitive, we must continue to innovate and develop new products and services, as well as enhancements to our existing products and services, in response to expressed or anticipated customer demand and new market opportunities. We actively consider the impact of next generation technology adopted by market participants, which has resulted in us allocating resources to, and exploring, new markets and/or different products and solutions for existing and prospective customers in various end markets. For example, on February 21, 2024, we introduced a CSS targeted at customers in the infrastructure space. We intend to continue allocating resources and engaging with our ecosystem partners to explore the viability and development of new products including, without limitation, new products in our IP portfolio, as well as solutions beyond individual IP designs such as RTL-based CSSs, GDSII-based CSSs, chiplets and complete end chip solutions. For example, we have been, and may in the future be, engaged to advise on or design chips for certain existing customers and other third parties, including affiliates of SoftBank Group, across a variety of use cases and end markets. Any products or solutions that constitute an entry into new markets or offerings of different solutions may be unsuccessful for any number of reasons. For example, as with any company entering a new market or offering new products or solutions, we will compete with companies that have a more established presence, longstanding customer relationships and established brand awareness. Additionally, any such new business activities may be undertaken utilizing any number of commercial arrangements, including as a technical advisor or licensor to SoftBank Group or its affiliates. Additionally, because our resources must be allocated amongst developing and maintaining our existing IP portfolio and developing and commercializing any new, more integrated compute products or solutions, companies that focus their efforts on a single product or solution or a limited number of products or solutions may have significantly greater financial, technical, manufacturing, marketing, sales and distribution resources dedicated to such markets and solutions than we do. Such companies may also have a more developed IP portfolio for the applicable markets and solutions and may be able to leverage these resources and competitive factors to gain or maintain market share. Further, although more integrated compute products may provide our customers superior performance and faster routes to market for their products (compared to licensing and integrating separate IP components), our customers may prefer to continue integrating our IP components in their products and solutions, and, therefore, our more integrated compute products may not be adopted by customers on our expected timeline or at all. In addition, to the extent any such developments in our product offerings, and other future changes to our products and services, create real or perceived conflicts with companies that are important to our business, such customers or partners may terminate or materially reduce their relationship with us and seek alternative architectures or products from competitors. Accordingly, to the extent that we pursue entry into any new market or offer any new product or solution, we may not realize the anticipated financial benefits of such changes in the amounts we may anticipate, on our expected timeline or at all. Furthermore, we have, and may in the future, need to recruit and hire engineers or other employees or acquire companies that possess the requisite expertise, which we may not be able to do successfully on a timely basis, on competitive terms or at all. We have also begun exploring potential acquisitions of, or service agreements with, companies with the required expertise. The recruitment and retention of engineers and other employees or the acquisition of companies may require significant expenditures, including compensation costs or the acquisition of businesses employing the required expertise. We may also be required to seek to hire engineers or other employees from customers, partners or competitors in order to secure the necessary expertise to develop new or enhanced products or solutions, which may result in customers or partners terminating or materially reducing their relationship with us. Additionally, to the extent we seek to hire engineers or other employees from competitors, we may be unsuccessful due to, among other reasons, such competitors having greater resources or long-standing relationships with such engineers and other employees. To the extent that we do not have the technical expertise, financial resources or other capabilities for a particular research and development project with respect to new products or solutions, we have partnered, and may in the future partner, with third parties, including SoftBank Group and/or its affiliates. There can be no assurance that such partnerships will be established on a timely basis, on competitive terms or at all. In such circumstances, we rely on third parties over which we exercise little or no control, and we can provide no assurances that any such third parties will dedicate the resources, or have the requisite technical or other capabilities, necessary to achieve our and/or our customers' expectations.

Our success and ability to compete depend significantly on protecting our IP rights. We primarily rely on patent, copyright, trade secret and trademark laws, trade secret protection and contractual protections, such as confidentiality, invention assignment and license agreements with our employees, customers, third-party partners and others, to protect our IP rights. The steps we take to protect our IP rights may be inadequate. We also may not be able to obtain desired patents, and our pending (of which we currently have approximately 2,500) or future patent applications, whether or not being currently challenged, may not result in the issuance of patents with the scope of protection we seek, including in jurisdictions of strategic importance and, if issued, may not provide any meaningful protection or competitive advantage. The scope of our patent protections may be adversely affected by changes in legal precedent and patent office interpretation of these precedents. Further, patents directed to particular subject matter associated with our business (e.g., CPU architecture) may be difficult to obtain and enforce in many jurisdictions and there may also be limits on recovery for damages in those jurisdictions. Any of our existing patents, and any future patents, may be challenged, narrowed, invalidated or circumvented. Further, we may be unsuccessful in executing adequate invention assignment agreements with all employees, contractors or other third parties involved in the development of our IP portfolio. In certain jurisdictions, rights to IP developed by our employees or contractors or other third parties may not automatically vest in us, and our employees or contractors or other third parties may claim ownership in IP that we believe is owned by us. We may also be required to spend significant resources to establish, monitor and protect our IP rights, particularly as we expand our operations globally. Our exposure to different legal jurisdictions also may impact our ability to exercise our contractual and other rights around IP in such jurisdictions, in particular in countries whose laws regarding the protection of IP are less rigorous or more difficult to enforce than in the U.K., the U.S. and the European Union. In jurisdictions where effective IP protection is unavailable or limited, our IP rights may be vulnerable to unauthorized disclosure, infringement, misappropriation or other violation by employees, third-party partners, suppliers, customers and other entities or individuals, even though our customers and partners are contractually restricted from using our IP outside of the agreed-upon licensing arrangements. Policing unauthorized use of our IP is difficult and expensive, and we may not be able, or may lack the resources, to prevent infringement, misappropriation or other violation of our IP rights, including increased difficulty as a foreign entity in certain international locations, particularly outside the U.K., the U.S. and the European Union. In addition, our ability to monitor and control theft, misappropriation or infringement is uncertain, particularly in countries outside of the U.K., the U.S. and the European Union, as the laws of some countries do not provide the same level of protection of our proprietary and confidential information as do the laws of the U.K., the U.S. and the European Union. Moreover, because we deliver our products to our customers in a source form, we have limited ability to trace the source of misappropriation of our IP and there are limited technological barriers (e.g., remote authorization requirements) we can put in place to protect our products from use by unauthorized parties. Additionally, theft of our IP or proprietary business information (including our trade secrets) could require substantial expenditures and resources to remedy. If we, our employees or our third-party partners, consultants, contractors, vendors or service providers were to suffer an attack or breach, for example, that results in the unauthorized access to, or use, theft, disclosure, misappropriation or sale of, our IP by any unauthorized third parties, we may have to notify consumers, partners or governmental authorities, and may be subject to investigations, civil penalties, administrative and enforcement actions and litigation, any of which could be costly and distracting or otherwise harm our business and reputation. We may be unable to successfully obtain, maintain, protect and enforce our IP rights (including defending against counterfeit, knock-off, grey-market, infringing or otherwise unauthorized goods). Specifically, third parties may distribute, license and sell counterfeit or grey-market versions of our products, which may be inferior or pose safety risks and could confuse consumers or customers, which could cause them to refrain from purchasing our brands in the future or otherwise damage our reputation. The presence of counterfeit versions of our products and technology in the market could also dilute the value of our brands, force us and our customers to compete with heavily discounted products and technology, cause us to be in breach of contract (including license agreements), impact our compliance with distribution and competition laws in jurisdictions including the U.K., the U.S., the European Union and the PRC, or otherwise have a negative impact on our reputation and business, prospects, financial condition or results of operations. Further, we may not be able to detect all violations of our IP rights and, even if we do become aware of any such violations, we may not be able to adequately enforce our IP rights in certain domestic and foreign jurisdictions. If we are unable to successfully navigate the relevant legal and regulatory environment and/or enforce our IP rights and/or contractual rights in relevant jurisdictions, our business, results of operations, financial condition and prospects could be materially and adversely impacted. Litigation may be necessary in the future to enforce our patents and other IP rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others, or to defend against claims of infringement, misappropriation or invalidity. Any such litigation, whether or not determined in our favor or settled by us, could be costly and would divert the efforts and attention of our management and technical talent from normal business operations, which could have a material adverse effect on our business, results of operations, financial condition and prospects. Furthermore, our efforts to enforce our IP rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our IP rights. In addition, counterparties in litigation may have greater resources that they can dedicate to litigation-related matters than we can. Moreover, litigation against current or former customers and partners may adversely impact existing relationships. Accordingly, we may not be able to prevent third parties from infringing, misappropriating or otherwise violating our IP rights. See also "-We may be sued by third parties for alleged infringement, misappropriation or other violation of their IP rights or proprietary rights and our defense against these claims can be costly." In any potential dispute involving our patents or other IP, our licensees or the customers of our licensees could also become the target of litigation and we may be bound to indemnify such parties under the terms of our license agreements. Although our indemnification obligations are generally subject to a maximum amount, such obligations could nevertheless result in substantial expenses to us. See "Item 4. Information on the Company-B. Business Overview-Legal Proceedings." In addition to the time and expense required for us to indemnify our licensees or the customers of our licensees, such parties' development, marketing and sales of chips and end products utilizing our products could be severely disrupted or discontinued as a result of litigation, which, in turn, could have a material adverse effect on our business, results of operations, financial condition and prospects. Moreover, the semiconductor industry is generally subject to high turnover of employees, so the risk of trade secret misappropriation may be amplified. If any of our trade secrets are subject to unauthorized disclosure or are otherwise misappropriated by third parties, our competitive position may be materially and adversely affected. Any adverse determinations in litigation could result in the loss of our IP rights or proprietary rights, subject us to significant liabilities, require us to seek licenses from third parties or prevent us from licensing our products, any of which could have a material adverse effect on our business, results of operations, financial condition and prospects. Our failure to obtain, maintain, protect, defend and enforce our IP rights could have a material adverse effect on our brand or our business, results of operations, financial condition and prospects. Furthermore, because our products are often based on a common architecture and our new products are often based on legacy products, adverse events related to our IP may have a more significant impact on us than if our products were less related.

Our products have in the past and could have a substantial technical flaw or an undetected design error, which could result in unanticipated costs. Our products are used in billions of consumer and enterprise products across a wide range of industries, and many of these products are depended on by individuals and businesses. We use third-party AI software products in our business, including use by our engineers. AI software products rely on extracting and processing data from various sources, including third parties, and new training methods, and the resulting products offered by us or our customers may contain unknown or undetected defects and errors, or reflect unintended bias. The discovery of any design defect, fault or bug associated with our products, as well as any ensuing litigation or claims for indemnification could adversely affect our reputation and our relationships with partners, thereby having a material adverse effect on our business, results of operations, financial condition and prospects. Any such defects, faults or bugs could cause us to lose customers, increase our service costs, subject us to liability for damages or divert our resources from other tasks, any one of which could materially and adversely affect our business, results of operations, financial condition and prospects. The ramifications of a design defect, fault, or bug may be further exacerbated by the fact that many of our products are based on a common architecture and our new architecture products often are based on legacy products. Accordingly, a design defect, fault, or bug may affect multiple end products that are based on the same products, thereby potentially exposing us to additional liability and requiring additional resources to remedy the error. In addition, our software could contain errors, defects or bugs, especially when first introduced or when new versions are released. Product errors, including those resulting from third-party suppliers and open-source vendors, could affect the performance or interoperability of our products, could delay the development or release of new products or new versions of products and could adversely affect market acceptance or perception of the quality and attractiveness of our products. Any such errors or delays in releasing new products or new versions of products, or allegations of unsatisfactory performance, could cause us to lose customers, increase our service costs, subject us to liability for damages or divert our resources from other tasks, any one of which could materially and adversely affect our business, results of operations, financial condition and prospects. Security vulnerabilities have previously been, and may in the future be, identified in our products, and it is possible that vulnerabilities may not be mitigated before they become known. Publicity related to any such security vulnerabilities, whether accurate or inaccurate, and any attempted or successful exploitation of such vulnerabilities, may cause increased third-party attempts to identify additional security vulnerabilities or could result in litigation, indemnification or other regulatory actions or inquiries, which could harm our brand and have an adverse effect on our business and results of operations and financial performance. Additionally, our products are used, and may be used in the future, in a variety of safety critical systems and equipment, including, but not limited to, autonomous vehicles, robotics, drones, data centers and medical equipment. Faults, security vulnerabilities or errors in such systems can result in harm to individuals, including loss of life. Any such fault, security vulnerability, or errors that may be attributed to our products, regardless of merit, could result in litigation, indemnification obligations or regulatory actions or inquiries, which could harm our brand and have a material adverse effect on our business, results of operations and financial performance. Some of our customers have stringent technical and quality requirements that require us to meet certain test and qualification criteria or to adopt and comply with specific quality standards. Certain customers also periodically audit our performance. Failure to meet technical or quality requirements or a negative customer audit could result in the loss of current sales revenue, customers, and future sales.

New technologies may use algorithms that are not suitable for a general purpose CPU, such as our processors. Consequently, our processors may become less important in a chip based on our products, thus eroding its value to the customer and resulting in lower revenue for us. If we are unable to develop and commercialize processors that are compatible with new technologies or competitors are successful in developing compatible technologies more quickly or efficiently than we can, our business, competitive position, results of operations, financial condition and prospects may be materially and adversely affected. In addition, the introduction of new technologies into our processors may increase IP, cybersecurity, operational, data protection and technological risks and result in new or enhanced governmental or regulatory scrutiny, litigation, ethical concerns, or other complications that could materially and adversely affect our business. As a result of the complexity and rapid development of new technologies, it is not possible to predict all of the legal, operational or technological risks related to use of such technologies.

A portion of our revenue is derived from contracts with governmental entities, governmental subcontractors and public universities. Our contracts with such entities, including in the U.K., the European Union and its member states, and the U.S., are subject to various regulations and other requirements relating to their formation, administration and performance. We may be subject to audits and investigations relating to government contracts, and any violations could result in various civil and criminal penalties and administrative sanctions, including termination of the contract, payment of fines or suspension or debarment from future government business.

From time to time, we are involved in various legal, administrative and regulatory proceedings, claims, demands and investigations relating to our business, which may include claims with respect to commercial, product liability, IP, cybersecurity, privacy, data protection, antitrust, breach of contract, labor and employment, whistleblower, mergers and acquisitions and other matters. We are involved in pending litigation, including, but not limited to, lawsuits with Qualcomm Inc. and Qualcomm Technologies, Inc. (together "Qualcomm") and Nuvia, Inc. ("Nuvia"). In addition, our products are involved in pending litigation to which we are not a party. We cannot provide you any assurances regarding how any such litigation will be resolved, what benefits we will obtain or what losses we might incur. On August 31, 2022, we sued Qualcomm and Nuvia, in the U.S. District Court for the District of Delaware, on the basis that Qualcomm and Nuvia: (i) breached the termination provisions of Nuvia's Architecture License Agreement (the "Nuvia ALA") with us by failing to destroy technology Nuvia developed under the Nuvia ALA, which we terminated in March 2022 based on Nuvia's failure to obtain our consent to the assignment of the Nuvia ALA to Qualcomm; and (ii) will infringe our trademarks if Qualcomm uses them in connection with the Nuvia technology which is subject to a destruction obligation under the Nuvia ALA. Our complaint sought, among other things, specific performance of the Nuvia ALA termination provisions to require Qualcomm and Nuvia to stop using and to destroy the relevant Nuvia technology, and to stop their improper use of our trademarks with their related products. We also sought declaratory judgment, injunctive relief and damages relating to Qualcomm's and Nuvia's breach of contract and infringement of our trademarks in connection with the relevant Nuvia technology. Qualcomm originally responded and brought a counterclaim against us seeking a declaratory judgment that after Qualcomm's acquisition of Nuvia, Qualcomm's proposed products are fully licensed from us under its separate license agreements with us and that it has complied with its contractual obligations to us and Nuvia did not breach the Nuvia ALA. On March 6, 2024, the Court denied-in-part Qualcomm's motion to amend its counterclaims, but allowed Qualcomm to raise a new claim alleging that Arm breached the termination provisions of the Nuvia ALA by continuing to use Nuvia confidential information following termination. The original claims were narrowed by both parties to the contractual issues arising from the Nuvia ALA and the Qualcomm license and were tried to a jury in December 2024. The jury failed to reach a complete verdict on the three issues presented to it. The jury concluded that certain technology was licensed to Qualcomm under the Qualcomm license and that Qualcomm had not breached the Nuvia ALA but failed to reach a verdict on whether Nuvia breached the Nuvia ALA. Both parties have filed post-trial motions seeking judgment as a matter of law and/or a new trial on the issues that were tried. Those motions remain pending. The timing and manner in which the post-trial motions will be resolved cannot be estimated. On April 18, 2024, Qualcomm brought a new action in Delaware against us, asserting claims that were rejected for inclusion in the original action. In this new action, Qualcomm asserted that we failed to satisfy certain delivery obligations under Qualcomm's Architecture License Agreement with us (the "Qualcomm ALA"). On December 16, 2024, Qualcomm amended its complaint to add allegations relating to an Arm notice of breach of the Qualcomm ALA and related tort and anti-competition claims. On March 7, 2025, Qualcomm indicated that it planned to seek leave to amend its complaint again to add claims relating to an alleged breach of Qualcomm's Technology Licensing Agreement with us. We disagree with the assertions made by Qualcomm in this action and intend to vigorously defend against them. The case is currently set for trial on March 9, 2026. We can provide no assurances regarding the outcome of either litigation or how the litigation will affect our relationship with or revenue from Qualcomm, which is currently a major customer of ours and accounted for 10% of our total revenue for the fiscal year ended March 31, 2025. These cases will likely require significant legal expenditures going forward and may also require substantial time and attention from our executives or employees, which could distract them from operating our business. Further, we are subject to antitrust laws and regulations in multiple jurisdictions, which could subject us to investigations by antitrust regulators. Our involvement in litigation with Qualcomm or in any antitrust investigation could cause us to incur significant reputational damage in the industry, in our relationship with Qualcomm or in our relationship with other third-party partners. These matters can be time-consuming, divert management's attention and resources, and cause us to incur significant expenses. Any allegations made in the course of regulatory or legal proceedings may also harm our reputation, regardless of whether there is merit to such claims.

We conduct business globally and file income tax returns in multiple jurisdictions. Our consolidated effective income tax rate, and the tax treatment of our ADSs and ordinary shares, could be materially adversely affected by several factors, including: changing tax laws, regulations and treaties, or the interpretation thereof; tax policy initiatives and reforms under consideration (such as those related to the Inclusive Framework (as defined below), the European Commission's state aid investigations and other initiatives); the practices of tax authorities in jurisdictions in which we operate; and the resolution of issues arising from tax audits or examinations and any related interest or penalties. Such changes may include (but are not limited to) the taxation of operating income, investment income, dividends received or (in the specific context of withholding tax) dividends paid, or the stamp duty or SDRT treatment of our ADSs or ordinary shares. The Organisation for Economic Co-Operation and Development ("OECD") and the G20 Inclusive Framework on Base Erosion and Profit Shifting (the "Inclusive Framework") have put forth two proposals-Pillar One and Pillar Two-that revise the existing profit allocation and nexus rules and ensure a minimal level of taxation, respectively. In July 2023, the U.K. enacted legislation to implement the OECD framework for Pillar Two, part of which went into effect January 1, 2024. A number of other countries where we do business, including the U.S., Japan, and many countries in the European Union, have implemented, or are considering implementing, changes in relevant tax, accounting and other laws, regulations and interpretations. The overall tax environment has made it increasingly challenging for multinational corporations to operate with certainty about taxation in many jurisdictions. In the U.S., various proposals to raise corporate income taxes are periodically considered, such as the Inflation Reduction Act, which introduced a 15% Corporate Alternative Minimum Tax beginning in 2023. These proposed and enacted changes in tax laws, treaties or regulations, or their interpretation or enforcement, could have a material adverse impact on our future tax positions. We believe that our provision for income taxes is reasonable, but the ultimate tax outcome may differ from the amounts recorded in our financial statements and may materially affect our financial results in the period or periods in which such outcome is determined. We are unable to predict what tax reform may be proposed or enacted in the future or what effect such changes would have on our business, but such changes, to the extent they are brought into tax legislation, regulations, policies or practices in jurisdictions in which we operate, could increase the estimated tax liability that we have expensed to date and paid or accrued on our financial statements, and otherwise affect our financial position, future results of operations, cash flows in a particular period and overall or effective tax rates in the future in countries where we have operations, reduce post-tax returns to our shareholders and increase the complexity, burden and cost of tax compliance. Additionally, our future tax liability could be impacted by changes in accounting principles or changes in applicable tax jurisdictions. In addition, we may periodically restructure our legal entities and if taxing authorities were to disagree with our tax positions in connection with any such restructurings, our tax liability could be materially affected. In connection with any restructuring, we could also incur additional charges associated with consulting fees and other charges. We carry out extensive research and development activities, and as a result, we benefit in the U.K. from the research and development expenditure credit ("RDEC") regime, which provides relief against U.K. corporation tax. Broadly, RDEC provides a tax credit currently equal to 20% of ‘qualifying research and development expenditure' incurred from April 1, 2023 (the rate was previously 13% of qualifying research and development expenditure incurred from April 1, 2020 to March 31, 2023) by certain companies where certain criteria are met. To the extent a company cannot utilize the RDEC against U.K. corporation tax then certain rules apply that allow the RDEC to, among other things, reduce the tax liability of certain specified taxes (for example, value added tax or employee taxes), or be surrendered to a group company, and to the extent it is not possible to utilize the RDEC in full, then the net tax credit is paid to the company by HMRC in cash. On February 22, 2024, the U.K. government enacted changes to its research and development tax relief legislation which apply for accounting periods beginning on or after April 1, 2024. These changes include the merger of the RDEC regime and the small and medium-sized enterprise regime into a single RDEC regime. The merged RDEC regime provides the same tax credit as under the old RDEC scheme (currently equal to 20% of ‘qualifying research and development expenditure'). The enacted changes also restrict research and development relief where the research and development activity is subcontracted and takes place outside of the U.K. We also benefit from the U.K.'s "patent box" regime, which allows certain profits attributable to revenues from patented products (and other qualifying income) to be taxed at an effective corporation tax rate of 10%. If, however, there are unexpected adverse changes to the RDEC or the "patent box" regime, or for any reason we are unable to qualify for such tax incentives, then our business, results of operations and financial condition may be adversely affected.

Privacy and data protection has become a significant issue in the U.K., the U.S., the European Union and in many other jurisdictions where we operate and where the chips and end products incorporating our products are offered. The regulatory framework for privacy and data protection issues worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future, which could expose us to further regulatory burdens. Many government bodies and agencies, including in the U.K., the European Union and the U.S., have adopted or are considering adopting or modifying laws and regulations addressing privacy and data protection, including the collection, storage, transfer, use and other processing of personal information. Certain jurisdictions have also enacted data localization laws mandating that certain types of data collected in a particular country be stored and/or processed primarily within that country. It is possible that our practices may be deemed not to comply with those privacy and data protection legal requirements that apply to us now or in the future, which could adversely affect our operations, financial condition, and reputation. In the European Union and in the U.K., we are subject to the GDPR and the U.K. GDPR, respectively, which impose stringent obligations regarding the collection, control, use, sharing, disclosure and other processing of personal data. Failure to comply with the GDPR or the U.K. GDPR can result in significant fines and other liability. European data protection authorities have already imposed fines on companies for GDPR violations up to, in some cases, hundreds of millions of euros. While the U.K. GDPR currently imposes substantially the same obligations as the GDPR, the U.K. GDPR does not automatically incorporate changes to the GDPR, which creates a risk of divergent parallel regimes and related uncertainty. We cannot predict how the U.K. GDPR and other U.K. privacy and data protection laws, regulations or rules may develop, including as compared to the GDPR, nor can we predict the effects of divergent laws and related guidance. Moreover, the U.K. government has introduced proposed reforms to the U.K. GDPR in ways that, if formalized, may create a risk of divergent parallel regimes and related uncertainty, along with the potential for increased compliance costs. In addition, in the European Union, there are a number of new and revised laws focused on cybersecurity and product security. For example, the new Network and Informative Security Directive ("NIS2") establishes a high common level of cybersecurity across the European Union by strengthening the security of network and information systems and covers a wider range of sectors and entities, including critical infrastructure. Further, the EU Cyber Resilience Act (the "CRA") is a new regulation, which imposes obligations on manufacturers, importers and distributors of products with a digital component to ensure that such products adhere to minimum security requirements. Other jurisdictions have enacted or are considering similar cross-border personal data transfer laws and local personal data residency laws, any of which would increase the cost and complexity of doing business and could result in fines from regulators. For example, China's law imposes various requirements relating to data processing and data localization. Data broadly defined as important under China's law, including personal data, may not be transferable outside of China without prior assessment and approval by the Cyberspace Administration of China ("CAC"). Compliance with these requirements, including CAC assessments and any deemed failures of such assessments, could cause us to incur liability, prevent us from using data collected in China or impact our ability to transfer data outside of China. The inability to import personal data to the United States could significantly and negatively impact our business operations, limit our ability to collaborate with parties that are subject to European, China and other data privacy and security laws, or require us to increase our personal data processing capabilities in Europe and/or elsewhere at significant expense. Some European regulators have prevented companies from transferring personal data out of Europe for allegedly violating the GDPR's cross-border data transfer limitations, which could negatively impact our business. Further, our business may be affected by laws, regulations, rules and standards aimed at regulating the use of personal information for marketing purposes, the tracking of the online activities of individuals and the regulation of machine-to-machine communications. For example, the European Union's proposed ePrivacy Regulation, which is still being negotiated, may impose burdensome requirements around obtaining consent and impose fines for violations that are materially higher than those imposed under the European Union's current ePrivacy Directive and related European Union member state legislation. Compliance with these laws, regulations, rules and standards may result in increased costs and limit the effectiveness of our marketing activities, while failure to comply may subject us to substantial fines and reputational damage. In the U.S., we are subject to various federal, state and local privacy and data protection laws, rules, and regulations governing the collection, sharing, use, retention, disclosure, security, transfer, storage and other processing of personal information. For example, at the state level, we are subject to the CCPA, which broadly defines personal information and gives California residents expanded privacy rights and protections, such as affording them the right to access and request deletion of their information and to opt out of certain sharing and sales of personal information. The CCPA provides for severe civil penalties and statutory damages for violations and a private right of action for certain data breaches that result in the loss of unencrypted personal information. Numerous other states also have enacted, or are in the process of enacting or considering, comprehensive state-level privacy and data protection laws, rules and regulations that share similarities with the CCPA. Additionally, the U.S. Department of Justice has recently issued rules concerning the cross-border transfer of certain sensitive data that will have widespread compliance implications. Moreover, we make public statements about our collection, use, disclosure and other processing of personal information through our privacy policies and information on our website. Although we endeavor to comply with our public statements and documentation, we may at times fail to do so or be alleged to have failed to do so. Our privacy policies and other public statements that provide promises and assurances about privacy, information security, and data protection can subject us to potential government or legal action if they are found to be deceptive, unfair or misrepresentative of our actual practices. Any concerns about our privacy and data protection practices, even if unfounded, could damage our reputation and adversely affect our business. Although we monitor the regulatory environment and have invested in addressing new developments, we may be required to make additional changes to our services and business practices to enable us and our customers to comply with applicable laws, regulations, rules, standards and other obligations. Evolving regulatory and legal obligations may also increase our potential liability exposure through higher potential penalties for non-compliance. Laws, regulations, rules, standards and other obligations relating to privacy and data protection are subject to differing interpretations and may be inconsistent among jurisdictions, thereby making compliance with such obligations challenging. Revising our services and business practices to comply with these requirements could reduce demand for our services, require us to take on more onerous obligations in our contracts, or restrict our ability to store, transfer and otherwise process data or, in some cases, impact our ability or our customers' ability to offer our services in certain locations, to deploy our products, to reach current and prospective customers, or to derive insights from customer data globally. Third-party partners with access to personal information or other sensitive or confidential information for which we are responsible could breach their contractual obligations to us, or may experience data breaches or security incidents, which could impact our business, including by causing us to breach our obligations under privacy and data protection laws, regulations, rules, standards and other obligations. This could in turn adversely affect our business, results of operations and financial condition. In addition, our third-party due diligence, contractual measures, and other privacy and data protection-related safeguards may not sufficiently protect us from the risks associated with the third-party processing, storage and transmission of such information. Our failure or perceived failure to comply with any applicable privacy or data protection laws, regulations, rules, standards or other obligations could result in increased costs for our products, monetary penalties, damage to our reputation, government and regulatory inquiries, investigations and enforcement actions, fines, orders to stop or limit processing of personal information, or legal action. Furthermore, the uncertain and shifting regulatory environment and trust climate may cause concerns regarding privacy and data protection and may cause our customers or their customers to resist providing the data necessary to allow our customers to use our services effectively. Even the perception that the privacy of personal information is not satisfactorily protected or does not meet regulatory requirements could inhibit sales of our products or services and could limit adoption of our products. Any of the foregoing could have a material adverse effect on our business, results of operations, financial condition and prospects.

Due to various factors, including pressure, encouragement or incentives from, as well as the policies of, the PRC government (whose "Made in China 2025" campaign targets 70% semiconductor self-sufficiency by 2025), concerns over actual, threatened or potential U.S., U.K. or PRC government actions or policies, including trade or national security policies, or other reasons, PRC semiconductor companies and OEMs may increasingly develop their own technology and use such technology in their devices, or use our competitors' technology in their devices. Specifically, the PRC government's 14th Five-Year Plan and related initiatives have identified the development of globally competitive PRC companies in "core technologies" such as semiconductors as a key policy focus. As part of a government-wide effort to encourage investment and development of domestic semiconductor capabilities, the PRC government could encourage financing opportunities to our competitors in the PRC on favorable terms, or influence major PRC customers to favor adoption of IP of our competitors in the PRC over our own IP. With respect to Arm China, although the terms of the IPLA with Arm China prohibit Arm China from developing microprocessor cores and only allow Arm China to develop derivative products using Arm IP with our consent, Arm China may independently develop competitive products other than microprocessor cores and could divert customer interest from our products to increase its market share to our detriment. The realization of any such risks could materially harm our business, results of operations, cash flows and financial condition.

A number of business combinations, including mergers, asset acquisitions and strategic partnerships, have been consummated among our customers in the semiconductor and electronics industries, and more could occur in the future. Consolidation among our customers could lead to a loss of customers, increased customer bargaining power, or reduced customer spending on our products, each of which could have a material adverse effect on our business, results of operations, financial condition and prospects. For example, in the past, some of our larger customers who have negotiated lower pricing models have acquired customers with higher pricing models. In some cases, we have been, and in the future may be, required to renegotiate the pricing model with the acquired company or to honor the lower pricing model applicable for the acquiring customer while providing the same products prior to the acquisition by the larger company.

Adding new customers while maintaining our existing customers, selling additional products to our existing customers and increasing the price we charge to existing customers represent our principal opportunities to increase revenue (particularly licensing revenue). We generate a significant portion of our revenues from customers who incorporate our products into chips used in smartphones, consumer electronics and other embedded chips. If growth in these markets declines (especially in the mobile applications processors market which is our largest single market for royalty revenue), our business, financial condition, results of operations and cash flows could be negatively affected, and we would become more dependent on new growth areas to increase revenue and improve our financial condition. We are currently focused on growing our business in key areas such as cloud computing, automotive, IoT, AI and 5G. Numerous factors, however, may impede our ability to grow our business in these key areas, add new customers and sell additional products to our existing customers. Those factors include, among others: - failure to develop new products that are attractive to current and prospective customers;- slow adoption of our new products in key areas such as cloud computing, automotive, IoT, AI and 5G;- failure to develop or expand relationships with channel partners;- failure to develop new distribution channels appropriate for such new technology areas;- failure to successfully provide quality technical support once deployed; and - failure to retain new customers and failure to ensure the effectiveness of our marketing programs. In addition, if prospective customers do not perceive our products to be of sufficiently high value and quality or they do not believe the costs of our products relative to competing technology can be passed along to their customers, we may not be able to effectively attract new customers, which would materially and adversely affect our business, results of operations, financial condition and prospects.

We have been, and may in the future be, engaged to advise on or design chips for certain existing customers and other third parties, including affiliates of SoftBank Group, across a variety of use cases and end markets. We can provide no assurances that customers would engage us to supply custom chip designs or, even if one or more customers were to engage us, that we would be successful in designing chips for our customers' intended use cases. Designing chips for one or more customers may necessitate substantial investments in technology and human capital, and it could take several years for us to realize any associated benefits, if ever. This may reduce our cash available for operations and other uses, which could hurt our ability to grow our business. In addition, any efforts to design chips may require substantial time and attention from our executives, engineers and other employees, which could distract them from operating our business, and divert attention and resources away from our core IP licensing business. Further, in such circumstances, we may partner with third parties, which may include SoftBank Group and/or its affiliates, which may expose us to additional risks, including risks related to oversight of the project and quality control. See "-Our development of CSS, chiplets, and complete end chip solutions as well as other more integrated compute products may subject us to new or enhanced competitive, brand, technological, regulatory and financial risks." and "-Failure to adequately fund our research and development efforts may materially impair our ability to compete effectively." Furthermore, any decision to design chips for customers may create real or perceived competitive conflicts with companies that are important to our business, and as a result of such competition, such companies might terminate or materially reduce their relationship with us, particularly if we agreed to design chips exclusively for certain customers. If our relationships with existing customers deteriorated or terminated as a result of any opportunistic expansion into chip designs, our business, results of operations and prospects could be materially and adversely affected.

Our future success is substantially dependent on our ability to attract, integrate, retain and motivate our management team and other key talent and we are particularly dependent on our senior management team, including Mr. Haas, our Chief Executive Officer, Mr. Child, our Chief Financial Officer, Mr. Collins, our Chief Legal Officer, Mr. Grisenthwaite, our Chief Architect, and other key employees. Competition for highly skilled talent, and particularly engineers, can be intense. Other companies may be successful in recruiting and hiring members of our management team or other key employees, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms or at all. We experience voluntary attrition on an ongoing basis. If we lose the services of any of our senior management, other key talent or a significant number of our engineers or sales and marketing talent, our development efforts or business relationships could be disrupted, which could have a material adverse effect on our business, results of operations, financial condition and prospects. Our future success significantly depends on our ability to identify, attract, motivate and retain qualified engineers and consultants with the requisite educational background and industry experience. Competition for such qualified engineers is intense and the cost of attracting and retaining qualified employees and consultants may increase without a corresponding increase in the prices we charge our customers, which could materially and adversely affect our profitability. In certain geographic regions, there is also intense competition for sales and marketing talent, which may adversely affect our ability to expand into new markets. Particularly, changes to the U.K.'s border and immigration policy could occur, potentially affecting our ability to recruit and retain employees from outside the U.K. If we are unsuccessful in attracting and retaining qualified talent to fulfill our current or future needs, our business, results of operations, financial condition and prospects could be materially and adversely affected.

The semiconductor industry relies on a limited number of companies to manufacture chips and related products. The chip manufacturing operations of these companies are concentrated in certain geographic regions, including Taiwan and other parts of East Asia, which makes us susceptible to adverse developments in these regions' economic and political conditions, particularly to the extent that such developments create an unfavorable business environment that significantly affects our and our customers' operations. These manufacturers or the geographic regions in which they operate may be impacted by events outside of our or their control, including, among other things, company-specific operational issues, trade conflicts and military action or terrorist activities and associated political instability, any of which could have a material adverse effect on our business, results of operations, financial condition and prospects. Although the governments of certain countries, including the U.S., have taken actions to make their countries more attractive for chip manufacturing operations, there can be no assurances that the current geographic concentration of chip manufacturing will be meaningfully changed in the near term or at all. Any escalation in geopolitical tensions in Asia, particularly between the PRC and Taiwan, could significantly disrupt semiconductor chip manufacturing and interrupt the global semiconductor chip supply chain. A significant portion of the world's semiconductor manufacturing is in Taiwan, and increased geopolitical tensions there could exacerbate supply chain disruptions. In addition, the war in Ukraine and conflicts in the Middle East could lead to market disruptions and exacerbate current supply chain constraints, including with respect to certain materials and metals, which are essential in semiconductor manufacturing.

For the fiscal years ended March 31, 2025, 2024, and 2023, revenues from the PRC accounted for approximately 19%, 22% and 25% of our total revenue, respectively, including both direct revenues and revenues derived from our relationship with Arm China. Our revenues in the PRC are derived from PRC semiconductor companies and OEMs, and from non-PRC semiconductor companies and OEMs that utilize our products in chips and end products they sell into the PRC, which, by country, has the largest number of smartphone users in the world. Our failure to maintain PRC-sourced revenues, access new and existing markets in the PRC or gain traction for new business areas in the PRC, or our loss of market share to competition in the PRC, could materially and adversely affect our results of operations and competitive position. The PRC is a significant source of semiconductor industry revenues. However, the near-term growth prospects of the PRC semiconductor industry and related industries are unclear due to the uncertain effects of trade and national security policies, continued elevated levels of private and public indebtedness and related policies. For the fiscal year ended March 31, 2025, our total revenues derived from the PRC increased by 7% as compared to the prior fiscal year, mainly due to royalty revenue growth. However, it is still premature to determine if this positive trend in royalty growth will continue. It is possible that a long-term decline or plateauing of royalty revenues derived from the PRC could occur. A prolonged downturn or slow recovery in the PRC semiconductor industry or the PRC economy generally could materially and adversely affect our results of operations and competitive position. Regulatory and legislative actions, including trade and national security policies of the U.S. and PRC governments, such as tariffs, placing companies on restricted lists, supply chain restrictions, export controls or new end-use controls, have in the past, currently do and could in the future limit or prevent us, directly or through our commercial relationship with Arm China, from transacting business with certain PRC customers or suppliers, limit, prevent or discourage certain PRC customers or suppliers from transacting business with us or Arm China, or make it more expensive to do so, which could adversely affect demand for our products. Given our revenue concentration in the PRC, if, due to actual, threatened or potential U.S., U.K. or PRC government actions or policies: Arm China is further limited in, or prohibited from, licensing our products to PRC semiconductor companies and OEMs; our non-PRC semiconductor companies and OEM customers were limited in, or prohibited from, selling devices into the PRC that incorporate our products; PRC semiconductor companies and OEMs develop and use their own technology or use our competitors' technology in some or all of their devices; or our PRC customers delay or cease making payments of license fees owed, our business, revenues, results of operations, cash flows and financial condition could be materially harmed. The U.S. and U.K. have trade and national security policies regarding exports to the PRC and certain countries that the U.S. Government suspects are supplying the PRC of technology with potential advanced compute, AI, advanced node semiconductor applications, or military uses that would require us to obtain export licenses for certain processors, which can be difficult to obtain. For example, our Neoverse V series processors meet or exceed performance thresholds under U.S. and U.K. export control regimes and thereby trigger U.S. and U.K. export license requirements prior to export and delivery to customers in the PRC. Given that national security concerns are higher for high-performance computing ("HPC") and advanced compute technologies destined for the PRC and certain countries suspected of supplying the PRC and government response timelines are not defined, it can be challenging and unpredictable to obtain such export licenses. Combined with customer need for certainty, we have been able to address customer demand by licensing other central processing unit ("CPU") cores that do not exceed the HPC performance or advanced compute export control thresholds but yet still present a compelling solution. Although our inability to sell such HPC or advanced compute processors into the PRC has not had a material impact on our business to date, future restrictions on sales of our products into the PRC could have a material adverse impact on our business. On October 28, 2024, the U.S. Department of Treasury issued a final rule implementing Executive Order 14105, issued on August 9, 2023 (the "Final Rule") to address investments by U.S. persons in companies located in the PRC that engage with certain categories of sensitive technology and products, including semiconductors and microelectronics, quantum information technologies and artificial intelligence. The Final Rule, which took effect January 2, 2025, implements limits on such investments. Given the nascency of the Final Rule, it is yet to have an effect on us but could potentially have a future impact on our PRC customers, our suppliers, Arm China, or our business with respect to China. Additionally, the U.S. federal government may affect the manner in which the Final Rule is interpreted and enforced. Finally, government policies in the PRC that regulate the amount and timing of funds that may flow out of the country have impacted and may continue to impact the timing and/or ability to receive funds generated from PRC-related revenues, which may negatively affect our cash flows.