← back to summary

NTAP, §1A diff (2024 → 2025)

Similarity1.00
Added+11770 words
Removed-11823 words

Added paragraphs (11770 words)

The following discussion and the sections entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” “Quantitative and Qualitative Disclosures About Market Risk” and “Management's Report on Internal Control Over Financial Reporting” reflect our current judgment regarding the most significant risks we face. These risks can and will change in the future.

Global economic and geopolitical conditions have adversely affected and may in the future continue to adversely affect our industry, business operations, and financial performance, including our revenue growth, profitability, financial condition and cash flows.

As a global company, our business is influenced by worldwide economic and market conditions, including, among others, inflation, slower growth, economic downturn or recession, changes in fiscal and monetary policies, higher interest and tax rates, economic uncertainty, political instability, regional conflicts, military warfare, extreme weather events and effects from climate change, natural disasters and pandemics, supply chain interruptions and shortages, changes in laws, reduced consumer confidence and spending, international trade protection measures and disputes (including economic and trade barriers, tariffs, sanctions and export controls), and the threat and potential of retaliatory trade control policies (including retaliatory tariffs). These factors, as well as the fear or anticipation of such conditions, may influence decisions and actions by our key stakeholders and the market generally, and can lead to increased volatility in the IT industry, making it difficult to predict future demand for our products and services. They can also negatively impact the availability of supplies and limit access to capital for our suppliers, customers and partners.

Any of these factors above, as well as other adverse macroeconomic conditions can significantly reduce demand for our products and negatively affect our operating results due to customer concerns about declining demand for their products, reduced asset values, fluctuating energy costs, geopolitical issues, the cost and availability of credit, and the stability of financial institutions, markets, businesses, and governments. These conditions may be widespread, and their resolution could be uncertain. If we are not able to efficiently and effectively resolve such issues in a timely manner, or if our chosen strategies are not successful, then our business, operations and financial condition could be materially adversely impacted. Consequently, these risks and conditions could materially adversely affect our future sales and operating results.

Our business may be negatively impacted by technological trends in our market or our inability to keep pace with rapid industry, technological, and market changes.

The growth in our industry and the markets we compete in is driven by the increasing demand for data, which in turn drives the need for storage and data management solutions. However, our markets could face challenges due to technology transitions, increased storage efficiency, competitive pricing dynamics, changing consumption models, and uncertain macroeconomic conditions. Additionally, the impact of generative artificial intelligence (GenAI) on the storage and data management markets and regulation thereof is still unfolding and could evolve unpredictably.

As customers undergo their information technology (IT) transformations, leveraging modern architectures and hybrid cloud environments, they seek simpler solutions and new consumption models. This shift is directing spending towards transformational projects and architectures like flash storage, hybrid cloud, cloud storage, and IT as a service. The future impact of these trends on both short- and long-term demand for our products is uncertain, and we may struggle to meet customer demand with the expected level of quality and support for new products or services.

Our business may suffer if we fail to keep pace with rapid industry, technological, or market changes, or if our products and services are not well-received in the marketplace. These factors, along with other considerations discussed in this Annual Report on Form 10-K, could lead to a decline in customer demand for our products and services, resulting in decreased revenue on a year-over-year basis, as seen in fiscal 2017, 2020, and 2024. If the overall growth rate of industry declines, if specific markets we compete in experience reduced growth, if storage consumption models change, if our new and existing products and services do not gain customer acceptance, or if we do not adapt our sales programs to market changes, our business, operating results, financial condition, and cash flows could be adversely affected.

The global nature of our business exposes us to risks that could materially harm our operations, revenues, and financial results.

A significant portion of our operations and revenues are derived from outside of the U.S., and most of our products are sourced and manufactured outside of the U.S. We also have research and development, sales, and service centers internationally. Consequently, our international operations and future financial results could be adversely affected by various economic, business, regulatory, social and political factors in foreign countries. These factors include government controls, local political or economic conditions such as recessions, economic downturns, inflation and political uncertainty, economic sanctions, trade protections and regulations, export and import requirements (including but not limited to government and regulatory authorizations), tariffs, investment restrictions, tax

policies, treaties or laws, local labor conditions, transportation costs, government spending patterns, geopolitical tensions and uncertainties, acts of terrorism, international conflicts, natural disasters, and adverse public health developments.

Changes in laws or policies governing the terms of foreign trade, and in particular increased trade restrictions, tariffs or taxes on imports from countries where we source and/or manufacture products, including the impact on our suppliers and contract manufacturers who may look to pass through additional costs imposed on them, could have a material adverse effect on our business and financial results. The U.S. government has recently enacted changes to U.S. trade policy and has signaled plans for possible additional changes. For example, the U.S. government has imposed sweeping tariffs on certain products and countries and has signaled that further tariffs may be imposed in the future. The U.S. government's tariffs policy remains fluid, with tariffs on certain countries delayed or reduced in scope, and additional tariffs likely to be forthcoming on other countries or specified products. Additional tariffs and restrictive policies, particularly with respect to the tariffs on Mexico, could have a significant impact on our business and results of operations. The exact magnitude of any potential impact remains uncertain given possible further changes in tariffs and increased tensions with U.S. trading partners targeted by tariffs or other restrictive trade policies. Our risk exposure may increase further if any countries levy retaliatory tariffs, taxes, or other trade restrictions or penalties against the United States or U.S. companies.

Additionally, ongoing trade tensions between the U.S. and China and recent investment restrictions, such as the U.S. Outbound Investment Security Program, could impact our business and operating results. Any increase in tensions between China and Taiwan, including threats of military actions or escalation of military activities, could adversely affect our or our contract manufacturers’ ability to source key supply chain components included in our products. As a result of Russia’s actions in Ukraine, numerous countries and organizations have imposed sanctions and export controls, while businesses, including the Company, have limited or suspended Russian operations. Russia has likewise imposed currency restrictions and regulations and may further take retaliatory trade or other actions, including the nationalization of foreign businesses. These actions could impact our supply chain, pricing, business and operating results and expose us to cyberattacks. In addition, due to the global nature of our business, we are subject to complex legal and regulatory requirements in the U.S. and the foreign jurisdictions in which we operate and sell our products, including antitrust and anti-competition laws, and regulations related to data privacy, data protection, and cybersecurity. We are also subject to the potential loss of proprietary information due to piracy, misappropriation, or laws that may be less protective of our intellectual property rights than U.S. laws. Such factors have had or could have an adverse impact on our business, operating results, financial condition and cash flows.

We face exposure to adverse movements in foreign currency exchange rates as a result of our international operations. These exposures may change over time as business practices evolve, and they could have a material adverse impact on our operating results, financial condition and cash flows. We utilize forward and option contracts in an attempt to reduce the adverse impact of exchange rate fluctuations on certain assets and liabilities. Our hedging strategies may not be successful, and currency exchange rate fluctuations could have a material adverse effect on our operating results and cash flows. In addition, our foreign currency exposure on assets, liabilities, and cash flows that we do not hedge could have a material impact on our financial results in periods when the U.S. dollar significantly fluctuates in relation to foreign currencies.

Moreover, in many foreign countries, particularly in those with developing economies, it is a common business practice to engage in activities that are prohibited by NetApp's internal policies and procedures, or laws and regulations applicable to us. There can be no assurance that all our employees, contractors and agents, as well as those companies to which we outsource certain of our business operations, will comply with these policies, procedures, laws and/or regulations. Any such violation could subject us to fines and other penalties, which could have a material adverse effect on our business, operating results, financial condition and cash flows.

The dynamic markets in which we operate and our sales and distribution structure make it challenging to forecast revenues, and any disruption could harm our business, operating results, financial condition, and cash flows.

We participate in dynamic markets and employ diverse business and sales models, which complicate revenue forecasting. We sell to a wide range of customers across various industries and geographies, both directly and through multiple channels, each with different sales cycles. Most of our sales are made and/or fulfilled indirectly through channel partners, including value-added resellers, systems integrators, distributors, original equipment manufacturers (OEMs), and strategic business partners, including public cloud providers. This structure makes it particularly difficult to predict future revenue, especially within any specific fiscal quarter or year.

Our relationships with our indirect channel partners and strategic business partners are crucial to our success. The loss of one or more of our key indirect channel partners in a particular region, or the failure of our channel or strategic partners, including public cloud providers, to promote our products could negatively impact our operating results. Qualifying and developing new indirect channel partners typically requires significant time and resource investment before achieving acceptable productivity levels.

If we fail to maintain strong relationships with our indirect channel partners and strategic partners, including public cloud providers, if our partners seek to renegotiate or terminate existing contracts or agreements, or if their financial condition, business, or

customer relationships weaken, if they fail to comply with legal or regulatory requirements, or if we cease to do business with them for these or other reasons, our business, operating results, financial condition and cash flows could be adversely affected.

Our business, operating results, financial condition, and cash flows could be adversely affected if we are unable to develop, introduce and gain market acceptance for new products and services while managing the transition from older ones, or if we cannot provide the expected level of quality and support for our new products and services.

Our future growth relies on the successful development and introduction of new hardware and software products and services. The complexity of storage and data management software, subsystems and appliances, as well as the challenges in estimating the engineering effort required to produce new products and services, pose significant technical and quality control risks for these new products and services. If we encounter technological challenges, customer reluctance, or other obstacles that prevent us from developing, introducing and gaining market acceptance for new products and services, or if we fail to provide the expected level of product and support quality, our business, operating results, financial condition and cash flows could be materially and adversely affected. Introducing new products and features exposes us to additional financial and operational risks. These include the ability to forecast customer preferences and demand, managing production capacity to meet the demand for new products and services and avoid excessive inventories of older products and components, manage the transition from older products and solutions, and handle the impact of customer demand for new offerings versus those being replaced.

As customers transition from older products to newer ones, delays or decisions to postpone the transition could lead to non-renewal of new offerings, impacting our ability to manage and forecast customer churn and expansion rates. Additionally, uncertainties related to the price-performance of new products compared to competitors, competitors’ responses to our new products, extended evaluation periods by customers, and our partners’ investment in selling our new products add to the inherent risks. If we do not manage these risks effectively, our business, operating results, financial condition, and cash flows could face significant adverse impacts. Furthermore, entering new or emerging markets will likely increase demands on our service and support operations and expose us to additional competition. We may struggle to provide competitive products, services and support for these market opportunities.

Our gross margins may fluctuate.

Our gross margins are influenced by a variety of factors, including macroeconomic volatility, competitive pricing, component and product design costs, inflation, foreign exchange currency fluctuations, and the volume and relative mix of revenues from product sales, software support, hardware support, and other services offerings. Factors such as increased component and labor costs, pricing and discounting pressures, changes in component costs and product prices, or shifts in revenue mix and volume from different offerings could negatively impact our revenues, gross margins or earnings.

Additionally, our gross margins are affected by the cost of any substandard materials and our sales and distribution activities, including pricing actions, rebates, sales initiatives, discount levels, and the timing of service contract renewals. Third-party component costs make up a significant portion of our product costs. We may have difficulty managing these costs if supplies of certain components, including NAND, become limited or component prices rise. Such limitations could increase our product costs.

We have experienced, and may continue to experience, negative impacts on our gross margins due to rising component costs, logistics costs, tariffs and other trade barriers, and inflationary pressures. An increase in component or design costs relative to our product prices could harm our gross margins and earnings. Failure to sustain or improve our gross margins may have a material adverse effect on our business and stock price.

Issues related to the development and use of artificial intelligence (AI), including GenAI, could lead to legal or regulatory action, damage our reputation, or otherwise materially harm our business.

As a technology company at the forefront of AI innovation, our business faces potential risks associated with the rapidly evolving regulatory landscape for AI. Governments and regulatory bodies worldwide are increasingly enacting new laws and guidelines to address the ethical, privacy, and security implications of AI technologies. Non-compliance, even if inadvertent or without our knowledge, with these emerging regulations could result in legal and financial penalties, reputational damage, and operational disruptions. Additionally, the diverse and sometimes conflicting nature of international AI regulations may pose challenges in maintaining consistent compliance across different jurisdictions. The complexity and novelty of these laws may also require investments in compliance infrastructure, including enhanced data governance frameworks, algorithmic transparency, and bias mitigation strategies.

We are increasingly building and/or leveraging AI technology in certain products, services, and business operations, and our research and development in this area is ongoing. As with many innovations, AI presents risks, challenges, and potential unintended consequences that could affect our and our customers’ adoption and use of this technology. AI algorithms and training methodologies may be flawed, and AI technologies are complex and rapidly evolving. We face significant competition in the market and from other companies regarding such technologies.

We may be unsuccessful in identifying or resolving ethical and legal issues presented by the use of AI before they arise. AI-related issues, deficiencies and/or failures could result in (i) legal or regulatory action, including to enforce new legislation regulating AI in various jurisdictions where we operate, and the application of existing data protection, privacy, intellectual property, and other laws; (ii) damage to our reputation; (iii) time-consuming and costly litigation, including related to intellectual property; (iv) inability to protect our intellectual property; (v) disclosure of our confidential information or (vi) other material harm to our business. If regulation significantly delays or impedes the adoption of AI, we may not be able to meet our development goals or our sales forecasts.

Our markets are highly competitive, fragmented, and characterized by rapidly changing technology. We face competition from many companies, including established public companies, newer public companies with a strong focus on flash storage, and new market entrants targeting opportunities in GenAI and application data management for Kubernetes. Some competitors offer a broad range of IT products and services (full-stack vendors), while others offer a more limited set.

Technology trends, such as GenAI, hosted or public cloud storage, software as a service (SaaS), IT as a service, and flash storage are driving significant changes in storage architectures and solution requirements. Cloud service providers offer storage on demand without requiring capital expenditure, which meets rapidly evolving business needs and has altered the competitive landscape. Competitors may develop new technologies, products, or services ahead of us or establish new business models, more flexible purchase models, or disruptive technologies. By extending our offerings in flash, cloud storage, converged infrastructure, and block storage, and GenAI, we are entering new segments and facing competition from both traditional competitors and emerging competitors. The long-term potential and competitiveness of emerging vendors remains uncertain.

New competitors or alliances among existing competitors could emerge and quickly gain significant market share or buying power. Changes in customer requirements or increased industry consolidation could result in stronger competitors better able to compete. Additionally, current and potential competitors may establish cooperative relationships among themselves or with third parties, including some of our partners or suppliers. For additional information regarding our competitors, see the section entitled “Competition” contained in Part I, Item 1 - Business of this Annual Report on Form 10-K.

Transition to consumption-based business models may adversely affect our revenues and profitability in other areas of our business, potentially harming our business, operating results, financial condition and cash flows.

We offer customers a variety of consumption models, including cloud-based storage services and storage as a service (STaaS) delivered on-premises. As these business models continue to evolve, we may face challenges in competing effectively, generating significant revenues, or maintaining the profitability of our consumption-based offerings. Additionally, the growing prevalence of cloud and SaaS delivery models offered by us and our competitors may reduce overall demand for our traditional on-premises offerings sold through a capital expenditure (capex) model, which could negatively impact our revenues and cash flow, at least in the short term. Failure to successfully execute our consumption model strategy or anticipate customer needs could lead to a decline in our revenues and our profitability could decline.

As customer demand for our consumption model offerings increases, we will encounter differences in the timing of revenue recognition compared to our traditional purchase arrangements. Revenue from traditional purchases is generally recognized in full at the time of delivery, whereas revenue from consumption model offerings is generally recognized ratably over the term of the arrangement. We incur certain expenses related to the infrastructure and marketing of our consumption model offerings before we can recognize the associated revenues.

Our success depends on our ability to hire and retain qualified personnel to advance our corporate strategy and maintain key aspects of our corporate culture. As our future success relies on enhancing and introducing new products and features, we particularly need to attract and retain qualified engineers and technical talent, especially in emerging technology areas like AI and machine learning. To increase revenues, we must also increase the productivity of our sales force, which may require an increase in support infrastructure and personnel, to achieve adequate customer coverage.

Competition for qualified employees, particularly in the technology industry, is intense. We have periodically reduced our workforce, including restructuring plans announced in fiscal 2023, fiscal 2024, and fiscal 2025, respectively. These actions may make it more challenging to attract and retain qualified employees. Failure to hire and retain skilled management and personnel, particularly engineers, salespeople, and key executive management, could disrupt our development efforts, sales results, business relationships, and our ability to execute our business plan and strategy, adversely affecting our operating results, financial conditions and cash flows.

Many of our employees participate in our hybrid work program and work remotely on a full- or part-time basis. Changes to our office environments, including the adoption of new work models and our requirements and/or expectations about when or how often certain employees work on-site or remotely may not meet the expectations of our employees, and may create challenges in attracting and retaining qualified personnel, adversely affecting our business operations and financial performance.

Additionally, many of our employees are foreign nationals relying on visas and entry permits to work legally in the U.S. and other countries, and may be dependent on licenses to work with controlled technology. Restrictions or difficulties in obtaining H-1B, L-1 and other business visas, as well as licenses to work with controlled technologies, along with compliance with new immigration and labor laws and unintended impacts from changes in immigration policy or in the enforcement of existing immigration laws and policies, could lead to unexpected labor costs and hinder our ability to retain and attract skilled professionals, negatively impacting our business, results of operations or financial conditions.

Equity grants are a crucial part of our compensation programs, supporting talent attraction and engagement and aligning employee interests with stockholders. A competitive broad-based equity compensation program is essential to compete for talent in both the hardware and software industries, where competitors offer significant equity compensation. Reducing, modifying, or eliminating our equity programs, or failing to grant equity competitively, may hinder our ability to attract and retain critical employees.

Furthermore, the structure of our sales, cash, and equity incentive compensation plans may increase the risk of losing employees at certain times, such as after the payment of periodic bonuses or the vesting of equity awards.

Our acquisitions or divestitures may not achieve the expected benefits and could increase our liabilities, disrupt our existing business, and harm our operating results, financial condition and cash flows.

As part of our strategy, we may seek to acquire other businesses and technologies to complement our current products and services, expand our market reach, or enhance our technical capabilities. The benefits we have received, and expect to receive, from these and other acquisitions depend on our ability to successfully conduct due diligence, negotiate the terms of the acquisition and integrate the acquired business into our systems, procedures and organizational structure. We may also divest businesses, product lines, or divisions that no longer align with our current offerings. For example, we sold our FinOps business to Flexera in fiscal 2025. Realizing the benefits we would expect to receive from a divestiture would depend on our ability to manage the separation of operations, services, products, and personnel, in addition to other risks.

Any inaccuracy in our assumptions or failures to identify and mitigate liabilities or risks associated with an acquisition or divestiture – such as differing or inadequate cybersecurity and data privacy protection controls or contractual limitations of liability – could reduce or eliminate the expected acquisition or divestiture benefits. If we fail to make acquisitions or divestitures on favorable terms, integrate or divest the subject business or assets as planned, or retain or separate key employees, our costs could increase, our operations could be disrupted, and we could face additional liabilities, investigations and litigation. This could harm our strategy, business, and operating results. Additionally, the failure to achieve expected benefits from acquisitions or divestitures may result in impairment charges for goodwill and intangible assets.

Risks Related to Our Operations

We often incur expenses before receiving related benefits, and it may be difficult to reduce expenses quickly if demand declines.

We base our expense levels partly on future revenue expectations, and a significant portion of our expenses are fixed. Reducing these fixed costs quickly can be challenging, and if our revenue falls below expectations, our operating results could be adversely impacted. During periods of uneven growth or decline, we may incur costs before realizing the anticipated benefits, which could also harm our operating results.

We have made, and will continue to make, significant investments in engineering, sales, service and support, marketing, and other functions to support and grow our business. The costs associated with these investments are likely to be recognized earlier than some of the related anticipated benefits, such as revenue growth. Additionally, the return on these investments may be lower or may develop more slowly than we expect, which could harm our business, operating results, financial condition and cash flows.

Initiatives to improve our cost structure, business processes, and systems may not achieve the expected benefits and could negatively impact our reputation, business, operating results, financial condition and cash flows.

We continuously strive to make our cost structure and business processes more efficient, including by relocating our business activities from higher-cost to lower-cost locations, outsourcing certain business processes and functions, and implementing changes to our business information systems. These efforts require significant investment of financial and human resources and substantial changes to our current operations. For example, in fiscal 2025, we continued our implementation of certain new business information systems, including a new enterprise resource planning (ERP) system to enhance and standardize our processes, improve oversight, and better serve our customers. However, any disruption during this transition could impact our ability to send and track invoices, process

vendor payments, pay employees, fulfill contractual obligations, report financial results, maintain effective internal controls, or operate our business effectively.

We may also encounter difficulties in implementing new business information systems or maintaining and upgrading existing systems and software. These difficulties could lead to significant expenses or losses due to unexpected additional costs, disruption in business operations, loss of sales or profits, or delays in processing and reporting key financial information. As a result, our business, results of operations, financial condition and prospects could be materially adversely affected.

Additionally, as we move operations to lower-cost jurisdictions and outsource certain business processes, we become subject to new regulatory regimes and lose control of certain aspects of our operations, increasing our dependence upon third-party systems and processes. If we fail to move operations, outsource processes, or implement new information in compliance with local laws and maintain adequate standards, controls and procedures, the quality of our products and services may suffer, and we may face increased litigation risk. These issues could adversely affect our business, operating results, and financial condition.

If we do not achieve the expected benefits of these and other transformational initiatives, our business, operating results, financial condition, and cash flows could be harmed.

We are exposed to credit risks, fluctuations in the market value of our investment portfolio, and potential adverse effects on our cash and cash equivalents if the financial institutions holding them fail.

We maintain an investment portfolio of various holdings, types, and maturities. The credit ratings and pricing of our investments can be negatively affected by factors such as volatile macroeconomic conditions, liquidity issues, credit deterioration, financial results, economic risk, political risk, sovereign risk, or other factors. Consequently, the value and liquidity of our investments and their returns may fluctuate significantly. Unfavorable macroeconomic conditions, rising interest rates, international trade protection measures and disputes (including economic and trade barriers, tariffs, sanctions and export controls), or other circumstances could lead to an economic slowdown or global recession, potentially causing failures of counterparties, including financial institutions, governments, and insurers. This could materially decrease the value of our investment portfolio and substantially reduce our investment returns.

We regularly maintain cash balances at large third-party financial institutions that exceed the Federal Deposit Insurance Corporation (FDIC) insurance limit of $250,000 and similar regulatory insurance limits outside the United States. If a depository institution where we maintain deposits fails or faces adverse financial or credit markets conditions, we may not be able to recover all of our deposits, which adversely impacts our operating liquidity and financial performance.

Additionally, if our customers or partners experience liquidity issues due to financial institution defaults or non-performance where they hold cash assets, their ability to pay us may be impaired. This could materially affect our results of operations, including the collection of accounts receivable and cash flows.

Our initiatives and disclosures related to sustainability and corporate responsibility matters expose us to risks that could adversely affect our reputation and performance.

We have publicly announced, and may continue to establish and announce, initiatives regarding sustainability and corporate responsibility matters, as well as other related matters in our Impact Report, on our website and elsewhere. These statements, which are included in our Impact Report, on our website, in our SEC filings, and elsewhere, reflect our current plans and aspirations but are not guarantees of achievement. Implementing these initiatives and goals can be challenging and costly, and our current plans and aspirations may not all succeed or be achieved in the way and on the timelines we expect or at all. While these initiatives and goals are not a critical part of our business operations and may not significantly impact our financial performance directly, they are an important part of our business ethos and corporate culture that we believe is valued and appreciated by our investors and key stakeholders.

There is growing attention from governments, investors, customers, employees, and other stakeholders on sustainability and corporate responsibility matters, and laws and regulations regarding disclosure, reporting and diligence requirements continue to evolve. We may face scrutiny from stakeholders regarding the scope or nature of our sustainability and corporate responsibility initiatives or any changes to these initiatives. In addition, state attorneys general and other governmental authorities may take action against certain sustainability and corporate responsibility policies or practices, and we may become subject to restrictions on sustainability and corporate responsibility initiatives. Incomplete or inaccurate sustainability and corporate responsibility-related data, failure to achieve sustainability and corporate responsibility goals, or government enforcement actions or litigation relating to sustainability and corporate responsibility initiatives could negatively impact our ability to attract or retain employees, our attractiveness as an investment or business partner, and ultimately our business, financial performance, and growth.

A portion of our revenues is generated by large, recurring purchases from various customers, resellers and distributors.

A significant portion of our net revenues rely on sales to a limited number of customers and distributors. We typically do not enter into binding long-term purchase commitments with our customers, resellers, and distributors, meaning there is no guarantee that we will continue to receive large, recurring orders from them. For instance, our reseller agreements generally do not require minimum purchases, and our customers, resellers, and distributors can stop purchasing and marketing our products at any time. The loss, cancellation, or delay of purchases has previously impacted our revenues and could again in the future.

Any deterioration in the financial stability of our customers, resellers, and distributors, or their ability to obtain credit to finance purchases of our products, could significantly adversely affect our results of operations and cash flow. If any of our key customers, resellers, or distributors changes its pricing practices, reduces the size or frequency of its orders, or stops purchasing our products altogether, our operating results, financial condition, and cash flows could be materially adversely impacted. Additionally, major customers may seek pricing, payment, intellectual property-related, or other commercial terms that are less favorable to us, which could negatively impact our business, cash flow, and operating results.

Our growth strategy relies on developing and maintaining strategic partnerships with major third-party software and hardware vendors to integrate our products into their products and co-market them. Many of our strategic partners are industry leaders that provide us with expanded access to market segments where we do not directly participate. Strategic partnerships with public cloud providers and other cloud service vendors are particularly critical to the success of our cloud-based business.

However, there is intense competition for attractive strategic partners, and these relationships may not be exclusive, may not generate significant revenues, and may be terminated on short notice. Some of our partners also collaborate with our competitors, which can increase the availability of competing solutions and hinder our ability to grow these relationships. Additionally, some partners, especially large and diversified technology companies, including major cloud providers, are also our competitors, complicating our relationships.

If we are unable to establish new or maintain current partnerships, if our strategic partners prioritize their relationships with other vendors in the storage industry, if our strategic partners seek to renegotiate or terminate our agreements, or if our strategic partners increasingly compete with us, we could experience lower-than-expected revenues, delays in product development, and other adverse effects on our business, operating results, financial condition and cash flows.

Our success depends upon our ability to effectively plan and manage our resources and periodically restructure our business, which may adversely affect our business, operating results, financial condition, and cash flows.

To successfully offer our products and services in a rapidly evolving market, we need effective planning, forecasting, and management processes that allow us to scale and adjust our business in response to changing market opportunities and conditions.

In fiscal 2024 and fiscal 2025, we reorganized our sales resources, including changes and additions to our sales leadership team, to gain operational efficiencies and better align our resources with customer and market opportunities. However, such reorganization and ongoing adjustments to our go-to-market model could disrupt our sales cycles in the short- or long-term, may not yield the desired efficiencies and benefits, and could harm our operating results, financial condition, and cash flows.

We have undertaken, and may in the future undertake, initiatives that include reorganizing our workforce, restructuring, discontinuing certain products, acquisitions and dispositions of businesses, reducing facilities, or a combination of these actions, which could result in restructuring charges. Rapid changes in the size, alignment, or organization of our workforce, including our business unit structure, structure of our sales team, and sales account coverage, could impair our ability to develop, sell and deliver products and services as planned, or hinder our ability to achieve our business and financial objectives. Charges associated with these activities could harm our operating results.

Our ability to achieve the anticipated cost savings and other benefits from these initiatives depends on many estimates and assumptions, which are subject to uncertainties. If our estimates and assumptions are incorrect, if we are unsuccessful at implementing changes, or if other unforeseen events occur, our business, financial condition, and results of operations could be adversely affected.

Reduced U.S. government demand could materially harm our business, operating results, financial condition and cash flows.

The U.S. government is an important customer for us, but its demand is uncertain due to political and budgetary fluctuations and constraints. Uncertainty related to the U.S. government budget and debt levels, changes to governmental agency structure, compliance with new initiatives and executive orders, and reductions in force have increased demand uncertainty for our products. Changes in administration may also lead to programs and initiatives moving in or out of favor, which may lead to varied perception of our company in the U.S. government market and may negatively impact our sales to the U.S. government. Additionally, the U.S. government, like other customers, may evaluate competing products and delay purchases during technology transitions in the storage

industry. If the U.S. government or its agencies reduce or shift their IT spending patterns, our revenues and operating results may be adversely affected.

Selling our products to the U.S. government, whether directly or through channel partners, subjects us to specific regulatory and contractual requirements, which may change or increase at short notice. Some of these requirements may extend past the specific nature and products of the arrangement and impact our broader corporate policies, initiatives and employee resources. Failure to comply with these requirements by either us or our channel partners could lead to investigations, fines, and other penalties (including the loss of such government contracts), harming our operating results and financial condition. For example, the U.S. Department of Justice (DOJ) has previously pursued claims and settlements with IT vendors, including us and our competitors and channel partners, under the False Claims Act and other statutes related to violations of regulatory and contractual requirements, which may include such areas as pricing and discount practices, cybersecurity, or procurement integrity. These actions, in addition to potential fines and other penalties as well as potential government audits and investigations, could also result in suspension or disbarment from future government contracts. Additionally, government certification requirements may change and, in doing so, restrict our ability to sell into the government sector until we have attained revised certifications (or are able to make the required certifications to the government). We could also be harmed by claims of non-compliance with these requirements by us or our channel partners. Any of these outcomes could materially adversely affect our business, operating results, financial condition and cash flows. In response to evolving and increasing security threats, the U.S. government has imposed additional requirements on IT vendors, including us. These requirements range from software development security (e.g., the Executive Order on Improving the Nation’s Cybersecurity (EO 14028), issued in May 2021, to require attestation to minimum requirements for our software development framework), to supply chain security (e.g., Section 5949 of the FY23 National Defense Authorization Act (NDAA) prohibits us from including in our products or using in our corporate environment certain semiconductor products and services), to cybersecurity (e.g., the U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program). Failure to meet these requirements as they apply to us and our products may result in delays or inability to execute contracts with customers, particularly with government entities.

We derive a significant amount of our revenues in any given quarter from orders booked in the same quarter. These orders typically follow intra-quarter seasonality patterns, with a significant portion occurring toward the end of the quarter. If we fail to achieve the forecasted level, timing, and mix of orders in line with our quarterly targets and historical patterns, or if we experience cancellations of significant orders, our operating results, financial condition and cash flows could be adversely affected.

Most of our sales to customers are on an open credit basis, with typical payment terms of 30 days. During periods of economic uncertainty, when access to liquidity may be limited, we may experience increased losses as more customers become unable to pay their obligations to us, either in full or in part. Additionally, some customers have entered into recourse and non-recourse financing leasing arrangements using third-party leasing companies. Under recourse leases, which typically last three years or less, we remain liable for the unpaid remaining lease payments to the third-party leasing companies if the end-user customer defaults.

Our exposure to credit risks from our customers increases during economic uncertainty or volatility. This risk may further increase if our customers, their customers, or their lease financing sources are adversely affected by global economic conditions.

We do not manufacture certain components used in our products. We rely on third parties to manufacture critical components and handle associated logistics. Our lack of direct control over these elements, combined with the diverse international geographic locations of our manufacturing partners and suppliers, creates significant risks for us, including:

•Potential for binding price or purchase commitments with our suppliers at higher than market rates;

•Geopolitical disputes, acts of terrorism, cyber attacks and hacktivism disrupting our supply chain;

•Business, regulatory compliance, legal compliance, litigation, trade controls and financial concerns affecting our suppliers or their ability to manufacture and ship components in the quantities, quality and manner as required; and

•Disruptions due to floods, earthquakes, storms, fires and other natural disasters, especially those caused by climate change, and particularly in countries with limited infrastructure and disaster recovery resources.

These risks have subjected us, and could in the future subject us, to supply constraints, price increases, and minimum purchase requirements, which could harm our business, operating results, financial condition, and cash flows. The risks associated with our outsourced manufacturing model are particularly acute when we transition products to new facilities or manufacturers, introduce and increase volumes of new products, or qualify new contract manufacturers or suppliers. During these times, our ability to manage relationships among ourselves, our manufacturing partners, and our component suppliers, becomes critical. New manufacturers, products, components, or facilities create increased costs and risk that we will fail to deliver high quality products in the required volumes to our customers. Any failure of a manufacturer or component supplier to meet our quality, quantity or delivery requirements in a cost-effective manner will harm our business, including customer relationships and as a result could harm our operating results, financial condition and cash flows. Additionally, disruption to our manufacturing operations, or those of our contract manufacturers, could significantly impact our ability to supply our customers and could produce a near-term severe impact on the Company.

We depend on a limited number of suppliers for drives and other components used in assembling our products, including some single-source suppliers. This reliance has subjected us, and could in the future subject us, to price rigidity, periodic supply constraints, and challenges in producing our products with the required quality and quantities. Consolidation among suppliers, particularly within the semiconductor and storage media industries, has led to price volatility and supply constraints. When industry supply is constrained or the supply chain is disrupted, our suppliers may allocate volumes away from us and to our competitors, who depend on many of the same suppliers as we do. As a result, our business, operating results, financial condition and cash flows may be adversely affected.

If a material cybersecurity or other security breach impacts our services, systems, supply chain, or end-user customer systems, or if stored data is improperly accessed, our business could suffer significant harm.

We store and transmit, and sell products and services that store and transmit, personal, sensitive and proprietary data related to our products, our employees, customers, clients, partners (including third-party vendors such as data centers and providers of SaaS, cloud computing, and internet infrastructure and bandwidth), and their respective customers. This data includes intellectual property, records, and personal information. It is critical to our business strategy that our infrastructure, products, and services remain secure and are perceived as secure by customers, clients, and partners.

There are numerous and evolving cybersecurity and privacy risks, including criminal hacking (eCrime), state-sponsored intrusions, industrial espionage, hacktivism, insider threats, inadvertent disclosure, ransomware attacks, social-engineering, exploitation of unpatched or unmanaged vulnerabilities, cyber-attacks to the Company’s service providers, suppliers or vendors, technological vulnerabilities, or destruction or other misuse of data that could harm the Company, operations or our competitive position. In some cases, these types of attacks have been successful. Increasing use of AI in techniques employed by threat actors will continue to increase the risk of successful attacks, while also providing opportunities for improved attack detection and prevention capabilities. Our information systems and data have been specifically targeted by various threat actors, including nation-state affiliated threat actors, and we expect that our information systems and data will continue to be targeted in the future. Cybersecurity incidents or other security breaches have in the past and could in the future result in: (1) unauthorized access to, or loss or unauthorized use, alteration, or disclosure of, personal, sensitive and/or proprietary data; (2) litigation, indemnity obligations, government investigations and proceedings, regulatory fines and penalties, and other possible liabilities; (3) revenue loss; (4) negative publicity and damage to our reputation; and (5) disruptions to our internal and external operations.

These outcomes could damage our reputation, harm our business, and lead to significant liabilities. Additionally, a cybersecurity incident or loss of personal information has in the past and could in the future result in remediation costs, disruption of internal operations, increased cybersecurity protection costs, significant fines, and/or lost revenues.

Our clients and their customers use our platforms to transmit and store sensitive data. We do not generally have the ability to review the information or content they upload and store, nor do we control the substance of this information or content. If our employees, clients, partners, or their respective customers use our platforms for the transmission or storage of sensitive information, or our supply-chain cybersecurity is compromised and our security measures are breached as a result of third-party action, employee

error, malfeasance, stolen or fraudulently obtained log-in credentials or otherwise, our reputation could be damaged, our business may be harmed and we could incur significant liabilities.

Security industry experts and U.S. government officials continue to emphasize risks to our industry. Cyber-attacks and security breaches continue to increase, and of particular concern are supply-chain attacks against software development and breaches of technology service providers. We anticipate that cyberattacks will continue to increase in the future given cyber warfare has become a consistent lever within geopolitical conflicts and increasingly leverages hacktivism. We cannot give assurance that we will always be successful in preventing or repelling unauthorized access to our systems. We also may face delays in our ability to identify or otherwise respond to any cybersecurity incident or any other breach. Future cyber-attacks or incidents could persist undetected in our environments for a period of time. Additionally, we use third-party service providers to provide some services to us that involve the storage or transmission of data, such as SaaS, cloud computing, and internet infrastructure and bandwidth, and they face various cybersecurity threats and also may suffer cybersecurity incidents or other security breaches. While we conduct diligence on these third parties, our ability to monitor these third parties’ information security practices is limited, and these third parties may not have adequate information security measures in place. In addition, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties’ infrastructure in our supply chain or our third-party partners’ supply chains have not been or will not be compromised. Many jurisdictions require companies to notify regulators or individuals of data security incidents involving certain types of personal data. These mandatory disclosures regarding security incidents often lead to widespread negative publicity. The risk of reputational harm may be magnified by the rapid dissemination of information online. Any security incident, loss of data, or other security breach, whether actual or perceived, or whether impacting us or our third-party service providers, could harm our reputation, erode customer confidence in the effectiveness of our data security measures, negatively impact our ability to attract new customers, cause existing customers to elect not to renew their support contracts or their SaaS subscriptions, or subject us to third-party lawsuits, regulatory fines or other action or liability, which could materially and adversely affect our business and operating results.

If a data center or other third-party who relies on our products experiences a disruption in service or a loss of data, such disruption could be attributed to the quality of our products.

Our clients, including data centers, SaaS providers, cloud computing services and internet infrastructure and bandwidth providers, rely on our products for their data storage needs. These clients may authorize third-party technology providers to access their data on our systems. Errors or wrongdoing by clients, their customers, or third-party technology providers resulting in actual or perceived security breaches may result in such actual or perceived breaches being attributed to us.

A failure to meet our customers’ and partners’ expectations regarding security and confidentiality, due to disruptions in services provided by third-party vendors or the loss or alteration of data stored by such vendors, could cause financial or reputational harm to our business. This harm could occur if the disruption or data loss is caused by, or perceived to be caused by, defects in our products. The risk of reputational harm may be magnified by the rapid dissemination of information over the internet, including through news articles, blogs, social media, and other online communication forums and services. This could affect our ability to retain clients and attract new business.

Additionally, our operations and select cloud services rely on third-party cloud providers. Interruptions due to technical failures such as hardware or software issues or connectivity problems, security incidents, compliance changes, operational challenges and natural disasters could reduce revenue due to the cloud services’ metered billing and could pose reputational risks. Moreover, dependence on key cloud infrastructure providers carries systemic risks, as we could face amplified reputational damage if observability features fail during client outages.

Failure to comply with new and existing laws and regulations related to privacy, data protection, AI and information security could cause harm to our reputation, result in liability (including regulatory penalties and litigation), and adversely impact our business.

Our business is increasingly subject to regulation by various federal, state and international governmental agencies responsible for enacting and enforcing laws and regulations relating to privacy, data protection, and information security. For example, since the EU’s General Data Protection Regulation became effective in 2018, the Court of Justice of the EU has issued rulings that have impacted how multinational companies must implement that law and the European Commission (EC) has published new regulatory

requirements relating to cross-border data transfers. NetApp relies on compliance methods such as Standard Contractual Clauses (SCCs) to transfer personal data of individuals located in the European Economic Area (EEA) to other countries. In June 2021, the EC imposed new SCC requirements which impose certain contractual and operational requirements on NetApp and its contracting parties, including requirements related to government access transparency, enhanced data subject rights, and broader third-party assessments to ensure safeguards necessary to protect personal data transferred from NetApp or its partners to countries outside the EEA, requiring NetApp to revise customer and vendor agreements. Other global governments have adopted new privacy and data protection laws implementing similarly comprehensive regulatory frameworks.

The interpretation and application of many privacy, data protection, and information security laws and regulations, along with industry standards, are uncertain. These laws, regulations, or standards may be interpreted and applied in ways that are inconsistent with our data management practices or product features. Additionally, government certification requirements for products like ours may change and, in doing so, restrict our ability to sell into the government sector until we have attained revised certifications. Any failure, or perceived failure, by us or our business partners to comply with relevant laws, regulations, contractual commitments, required certifications, self-regulatory standards, or our policies could subject us to claims, investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages, civil and criminal liability, penalties, or injunctions.

As a technology provider, our customers expect us to demonstrate compliance with privacy, data protection, and information security laws and regulations. Our inability, or perceived inability, to do so may adversely impact sales of our products and services, especially to customers in highly regulated industries. We have invested resources in complying with new laws and regulations and may need to make additional significant changes to our business operations, which could adversely affect our revenue and overall business. Non-compliance could harm our reputation and brand, incur significant costs, materially affect our financial and operating results, and require modifications to our products or business practices.

Our business could face stricter obligations, greater fines, and private causes of action under new privacy, data protection, and information security laws and regulations, including the GDPR, which provides for penalties of up to 20 million Euros or four percent of our total worldwide annual turnover of the preceding financial year (whichever is higher), the California Consumer Privacy Act, the California Privacy Rights Act, and other similar U.S. state-based regulations, as well as new and emerging privacy laws globally.

As NetApp provides technology services to EU financial institutions, the Digital Operational Resilience Act (DORA) imposes financial and legal risks. These include compliance costs for enhancing cybersecurity, performing resilience testing, requiring comprehensive documentation, increased audits, and detailed reporting. Stricter contractual obligations will be imposed by financial institution clients, necessitating more robust incident reporting and data protection measures. Non-compliance could result in legal liabilities, suspension of services and reputational damage. Additionally, NetApp must ensure that its subcontractors and suppliers also comply with DORA requirements, further increasing the complexity and potential liability.

If our products or services are defective, or are perceived to be defective, including as a result of improper use or maintenance, our operating results and customer relationships may be harmed.

Our products and services are complex. We have experienced in the past, and expect to experience in the future, quality issues impacting certain products, and we could experience reliability issues with services we provide, including security vulnerabilities, software bugs, hardware failure in networked storage appliances, incompatibility issues with customer systems or other applications, performance deficiencies causing slow data retrieval or processing, firmware or software updates causing system instability, compliance with various product certifications, and data breaches due to flaws in the product design. Such quality and reliability issues may be due to, for example, our own designs or processes, the designs or processes of our suppliers, and/or flaws in third-party software used in our products. These types of risks are most acute when we are introducing new products. Quality or reliability issues have and could again in the future cause customers to experience outages or disruptions in service, data loss or data corruption. If we fail to remedy a product defect or flaw, we may experience a failure of a product line, temporary or permanent withdrawal from a product or market, damage to our reputation, loss of revenue, inventory costs or product reengineering expenses and higher ongoing warranty and service costs, and these occurrences could have a material impact on our gross margins, business and operating results. In addition, we exercise little control over how our customers use or maintain our products and services, and in some cases improper usage or maintenance could impair the performance of our products and services, which could lead to a perception of a quality or reliability issue. Customers may experience losses that may result from or are alleged to result from defects or flaws in our products and services, which could subject us to claims for damages, including consequential damages.

The laws and regulations governing the manufacturing, sourcing, distribution and use of our products have become increasingly complex and stringent. For example, in addition to various environmental laws relating to carbon emissions, the use and discharge of hazardous materials, and the use of certain minerals originating from identified conflict zones, many governments, including the U.S.,

the United Kingdom, and Australia, have adopted regulations to address the risk of human trafficking in supply chains, which govern how workers are recruited and managed.

We incur costs to comply with these requirements. Given the complexity of our supply chain, we may face reputational harm if our customers or other stakeholders conclude that we are unable to verify sufficiently the origins of the minerals used in the products we sell or the actions of our suppliers with respect to workers. As the laws and regulations governing our products continue to expand and change, our costs are likely to rise, and the failure to comply with any such laws and regulations could subject us to business interruptions, litigation risks and reputational harm.

Any violation of U.S. export control laws and other laws affecting the countries in which our products and services may be sold, distributed, or delivered could have a material and adverse effect on our business, operating results, financial condition and cash flows.

Due to the global nature of our business, we are subject to import and export restrictions and regulations, including the Export Administration Regulations administered by the Commerce Department’s Bureau of Industry and Security (BIS) and the trade and economic sanctions regulations administered by the Treasury Department’s Office of Foreign Assets Control (OFAC). The U.S., through the BIS and OFAC, places restrictions on the sale or export of certain products and services to certain countries, entities, and persons, including most recently to Russia, Belarus and regions of Ukraine. These regulations have caused us to temporarily stop selling or servicing our products temporarily in restricted areas.

Violators of export control and sanctions laws may be subject to significant penalties, which may include significant monetary fines, criminal proceedings against them and their officers and employees, a denial of export privileges, and suspension or debarment from selling products to the federal government. Our products could be diverted by third parties (including potentially our channel partners) to countries or end users under sanctions / embargo orders, despite our precautions.

If we were ever found to have violated U.S. export control laws or any trade-related laws or regulations, even if inadvertent or without our knowledge, we may be subject to various penalties available under the laws, any of which could have a material and adverse impact on our business, operating results and financial condition. Even if we were not found to have violated such laws, the political and media scrutiny surrounding any governmental investigation of us could cause us significant expense and reputational harm. Such collateral consequences could have a material adverse impact on our business, operating results, financial condition and cash flows.

Our success depends significantly upon developing, maintaining and protecting our proprietary technology. We rely on a combination of patents, copyrights, trademarks, trade secrets, confidentiality procedures and contractual provisions with employees, resellers, strategic partners and customers, to protect our proprietary rights. We currently have multiple U.S. and international patent applications pending and multiple U.S. and international patents issued. The pending applications may not be approved, and our existing and future patents may be challenged. If such challenges are brought, the patents may be invalidated. We may not be able to develop proprietary products or technologies that are patentable, and patents issued to us may not provide us with any competitive advantages and may be challenged by third parties. Further, the patents of others may materially and adversely affect our ability to do business. In addition, a failure to obtain and defend our trademark registrations may impede our marketing and branding efforts and competitive condition. Litigation may be necessary to protect our proprietary technology. Any such litigation may be time-consuming and costly. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. In addition, the laws of some foreign countries do not protect proprietary rights to as great an extent as do the laws of the U.S. Our means of protecting our proprietary rights may not be adequate or our competitors may independently develop similar technology, duplicate our products, or design around patents issued to us or other intellectual property rights of ours. There is persistent risk that some individuals will improperly take our intellectual property after terminating their employment or other engagements with us, which could lead to intellectual property leakage to competitors and a loss of our competitive advantages.

Patent litigation is particularly common in our industry. We have been, and continue to be, in active patent litigations with non-practicing entities. There is no guarantee that, in patent or other types of intellectual property litigation, we will prevail at trial or be able to settle at a reasonable cost. If a judge or jury were to find that our products infringe, we could be required to pay significant monetary damages and be subject to an injunction that could cause product shipment delays, require us to redesign our products, affect our ability to supply or service our customers, and/or require us to enter into compulsory royalty or licensing agreements.

We expect that companies in the enterprise storage and data management, and cloud storage, operational and workload services markets will increasingly be subject to infringement claims as the number of products and competitors in our industry segment grows and the functionality of products in different industry segments overlaps. Any such claims, and any such infringement claims discussed above, could be time consuming, result in costly litigation, cause suspension of product shipments or product shipment delays, require us to redesign our products, or require us to enter into royalty or licensing agreements, any of which could materially and adversely affect our operating results, financial condition and cash flows. Such royalty or licensing agreements, if required, may not be available on terms acceptable to us or at all.

Many of our products are designed to include software licensed from third parties. Such third-party software includes software licensed from commercial suppliers and software licensed under public or open-source licenses. We have internal processes to manage our use of such third-party software. However, if we fail to adequately manage our use of third-party software, then we may be subject to copyright infringement or other third-party claims. If we are non-compliant with a license for commercial software, then we may be required to pay penalties or undergo costly audits pursuant to the license agreement. In the case of open-source software licensed under certain “copyleft” licenses, the license itself may require, or a court-imposed remedy for non-compliant use of the open-source software may require, that proprietary portions of our own software be publicly disclosed or licensed. Additionally, contract proposals, negotiations and software proposals are complex and frequently involve lengthy bidding and selection processes. We may not be able to negotiate extensions to our current third-party licenses when due for renewal or continue to secure such licenses under commercially reasonable terms. Each of the foregoing could result in a loss of intellectual property rights, increased costs, damage to our reputation and/or a loss of revenue.

In addition, many of our products use open-source software. Such open-source software generally does not provide any warranty or contractual protection and may be susceptible to compromise and supply-chain attacks by threat actors. Further, open-source software or third-party software may contain vulnerabilities, which may or may not be known at the time of our inclusion of the software in a product. If a vulnerability in such software is successfully exploited, we could be subject to damages including remediation costs, reputational damage, and lost revenues.

Emerging standards may adversely affect the UNIX®, Windows® and World Wide Web server markets upon which we depend. For example, we provide our open access data retention solutions to customers within the financial services, healthcare, pharmaceutical and government market segments, industries that are subject to various evolving governmental regulations, certifications and controls with respect to data access, reliability and permanence in the U.S. and in the other countries in which we operate. If our products do not meet and continue to comply with these evolving governmental regulations in this regard, customers in these market and geographical segments will not purchase our products, and we may not be able to expand our product offerings in these market and geographical segments at the rates which we have forecasted.

Our stock price is subject to changes in recommendations or earnings estimates by financial analysts, changes in investors' or analysts' valuation measures for our stock, changes in our capital structure, including issuance of additional debt, changes in our credit ratings, our ability to pay dividends and to continue to execute our stock repurchase program as planned and market trends and economic volatility unrelated to our performance.

If we fail to meet any investor expectations related to dividends and/or stock repurchases, the market price of our stock could decline significantly, and could have a material adverse impact on investor confidence. Additionally, price volatility of our stock over a given period may cause the average price at which we repurchase our own stock to exceed the stock’s market price at a given point in time.

Furthermore, speculation in the press or investment community about our strategic position, financial condition, results of operations or business can cause changes in our stock price. These factors, as well as general economic and political conditions and the timing of announcements in the public market regarding new products or services, product enhancements or technological

advances by our competitors or us, and any announcements by us of acquisitions, major transactions, or management changes may adversely affect our stock price.

As of April 25, 2025, we had $3.3 billion aggregate principal amount of outstanding indebtedness for our senior notes that mature at specific dates in calendar years 2025, 2027, 2030, 2032 and 2035. We may incur additional indebtedness in the future under existing credit facilities and/or enter into new financing arrangements. We may fail to pay these or additional future obligations, as and when required. Specifically, if we are unable to generate sufficient cash flows from operations or to borrow sufficient funds in the future to service or refinance our debt, our business, operating results, financial condition and cash flows will be harmed. Any downgrades from credit rating agencies such as Moody’s Investors Service or Standard & Poor’s Rating Services may adversely impact our ability to obtain additional financing or the terms of such financing and reduce the market capacity for our commercial paper. Furthermore, if prevailing interest rates or other factors result in higher interest rates upon any potential future financing, then interest expense related to the refinance indebtedness would increase.

We depend on the ability of our personnel, inventories, equipment and products to move reasonably unimpeded around the world. Any political, military, terrorism, global trade, world health or other issue that hinders this movement or restricts the import or export of materials could lead to significant business disruptions. For example, the COVID-19 pandemic impeded the mobility of our personnel, inventories, equipment and products and disrupted our business operations. Furthermore, any economic failure or other material disruption caused by natural disasters, including fires, floods, droughts, hurricanes, tornadoes, earthquakes, and volcanoes; power or water loss or shortages; environmental disasters; telecommunications or business information systems failures or break-ins and similar events could also adversely affect our ability to conduct business. As a result of climate change, we expect the frequency and impact of such natural disasters or other material disruptions to increase. If such disruptions result in cancellations of customer orders or contribute to a general decrease in economic activity or corporate spending on IT, or directly impact our marketing, manufacturing, financial and logistics functions, or impair our ability to meet our customer demands, our operating results and financial condition could be materially adversely affected. Our headquarters is located in Northern California, an area susceptible to earthquakes and wildfires. If any significant disaster were to occur there, our ability to operate our business and our operating results, financial condition and cash flows could be adversely impacted.

Our effective tax rate is influenced by a variety of factors, many of which are outside of our control. These factors include among other things, fluctuations in our earnings and financial results in the various countries and states in which we do business, changes to

the tax laws in such jurisdictions and the outcome of income tax audits. Changes to any of these factors could materially impact our operating results, financial condition and cash flows.

Many countries around the world are beginning to implement legislation and other guidance to align their international tax rules with the Organization for Economic Co-operation and Development’s Base Erosion and Profit Shifting Project (BEPS) recommendation and related action plans that aim to standardize and modernize global corporate tax policy, including changes to cross-border tax, transfer pricing documentation rules and nexus-based tax incentive practices. As a result, many of these changes, if enacted in whole or in part, could increase our worldwide effective tax rate and harm our operating results, financial condition, and cash flows. Implementation of the BEPS inclusive framework (Inclusive Framework), including potential incremental taxes under a new global minimum tax framework known as Pillar Two, is effective in most jurisdictions for fiscal years beginning on or after January 1, 2024. We are currently subject to Pillar Two rules starting in our fiscal year 2025 and could potentially be subject to additional taxes under the Inclusive Framework. Amount B under Pillar One of the Inclusive Framework is related to standardized returns for baseline marketing and distribution activities. Amount B is applicable to NetApp beginning in fiscal 2026 and we could be subject to higher controlled profit requirements for some of our global distribution entities which could increase our global tax burden.

Our effective tax rate could also be adversely affected by changes in tax laws and regulations and interpretations of such laws and regulations, which in turn would negatively impact our earnings and cash and cash equivalent balances we currently maintain. Additionally, our effective tax rate could also be adversely affected if there is a change in international operations, our tax structure and how our operations are managed and structured, and as a result, we could experience harm to our operating results and financial condition. We continue to evaluate the impacts of changes in tax laws and regulations on our business.

We may not be able to maintain appropriate internal financial reporting controls and procedures.

We cannot be assured that significant deficiencies or material weaknesses in our internal control over financial reporting will not exist in the future. Any failure to maintain or implement required new or improved controls, or any difficulties we encounter in their implementation, including in connection with our new ERP system, could result in significant deficiencies or material weaknesses, cause us to fail to timely meet our periodic reporting obligations, or result in material misstatements in our financial statements. Any such failure could also adversely affect the results of periodic management evaluations and annual auditor attestation reports regarding disclosure controls and the effectiveness of our internal control over financial reporting required under the Sarbanes-Oxley Act and the rules promulgated thereunder. The existence of a material weakness could result in errors in our financial statements that could result in a restatement of financial statements, cause us to fail to timely meet our reporting obligations, or cause investors to lose confidence in our reported financial information, which could cause a decline in the market price of our stock and we could be subject to sanctions or investigations by the SEC or other regulatory authorities including equivalent foreign authorities. Further, irrespective of the controls that we adopt, we cannot be assured that we will not experience fraudulent financial reporting in the future, including earnings mismanagement, recording fictitious revenues, improper asset valuation, understating liabilities or expenses, inadequate disclosure, reserve manipulation, misuse of judgments in financial reporting, concealing fraud or illegal activities, information tampering, and insider trading based on non-public information about the Company's financials.

Removed paragraphs (11823 words)

The information included elsewhere in this Annual Report on Form 10-K should be considered and understood in the context of the following risk factors, which describe circumstances that may materially harm our future business, operating results or financial condition. The following discussion reflects our current judgment regarding the most significant risks we face. These risks can and will change in the future.

Global economic and geopolitical conditions may harm our industry, business, and operating results, including our revenue growth and profitability, financial condition and cash flows.

We operate globally and as a result, our business, revenues and profitability are impacted by global economic and market conditions, including, among others, inflation, slower growth or recession, changes to fiscal and monetary policy, higher interest rates, tax rates, economic uncertainty, political instability, warfare, changes in laws, reduced consumer confidence and spending, and economic and trade barriers. Such factors may contribute to increased periodic volatility in the IT industry at large and limit our ability to forecast future demand for our products and services, impact availability of supplies and could constrain future access to capital for our suppliers, customers and partners. Additionally, adverse macroeconomic conditions, including those identified above, could materially adversely impact the demand for our products and our operating results amid customer concerns over slowing demand for their products, reduced asset values, volatile energy costs, geopolitical issues, the availability and cost of credit and the stability and solvency of financial institutions, financial markets, businesses, local and state governments, and sovereign nations. The impacts of these circumstances are global and pervasive, and the timing and nature of any ultimate resolution of these matters remain highly uncertain. All of these risks and conditions could materially adversely affect our future sales and operating results.

Our business may be harmed by technological trends in our market or if we are unable to keep pace with rapid industry, technological and market changes.

The growth in our industry and the markets in which we compete is driven by the increasing demand for data, which increases demand for, and purchases of, storage and data management solutions. Despite these growth drivers, our markets could be adversely impacted by technology transitions, increased storage efficiency, competitive pricing dynamics, changing consumption models, and/or uncertain macroeconomic conditions. Additionally, the impact of generative artificial intelligence (GenAI) in the markets for storage and data management solutions has yet to be fully realized and could evolve in unexpected ways. While customers are navigating through their information technology (IT) transformations, which leverage modern architectures and hybrid cloud environments, they are also looking for simpler solutions and changing how they consume IT. This evolution is diverting spending towards transformational projects and architectures like flash, hybrid cloud, cloud storage, and IT as a service. The future impact of these trends on both short- and long-term growth patterns is uncertain, and we may be unable to meet customer demand, with an expected level of quality and support for new products or services.

Our business may be adversely impacted if we are unable to keep pace with rapid industry, technological or market changes or if our products and services are not accepted in the marketplace. As a result of these and other factors discussed in this report, customer demand for our products and services may fall and our revenue may decline on a year-over-year basis, as it did in fiscal 2017, 2020, and 2024. If the general historical rate of industry growth declines, if the growth rates of some or all of the specific markets in which we compete decline, if the consumption model of storage changes, if our new and existing products, services and solutions do not receive customer acceptance and/or if we do not adapt our sales programs to address market changes, our business, operating results, financial condition and cash flows could suffer.

If we are unable to develop, introduce and gain market acceptance for new products and services while managing the transition from older ones, or if we cannot provide the expected level of quality and support for our new products and services, our business, operating results, financial condition and cash flows could be harmed.

Our future growth depends upon the successful development and introduction of new hardware and software products and services. Due to the complexity of storage software, cloud operations software, subsystems and appliances and the difficulty in gauging the engineering effort required to produce new products and services, such products and services are subject to significant technical and quality control risks.

If we are unable, for technological, customer reluctance or other reasons, to develop, introduce and gain market acceptance for new products and services, or if we are unable to provide the expected level of product and support quality for our new products and services, each as and when required by the market and our customers, our business, operating results, financial condition and cash flows could be materially and adversely affected.

New or additional product and feature introductions, such as new all-flash arrays, including the block-optimized ASA families, and capacity flash C-series, subject us to additional financial and operational risks, including our ability to forecast customer preferences

and/or demand, our ability to successfully manage the transition from older products and solutions, our ability to forecast and manage the impact of customers’ demand for new products, services and solutions or the products being replaced, and our ability to manage production capacity to meet the demand for new products and services. In addition, as existing customers transition from older products and solutions to newer ones, the transition could take longer than expected, or the customer could decide to delay the transition, either of which could result in non-renewal of the new offerings or affect our ability to manage and forecast customer churn and expansion rates for new offerings. As new or enhanced products and services are introduced, we must avoid excessive levels of older product inventories and related components and ensure that new products and services can be delivered to meet customers’ demands. Further risks inherent in the introduction of new products, services and solutions include the uncertainty of price-performance relative to products of competitors, competitors’ responses to the introductions, delays in sales caused by the desire of customers to evaluate new products for extended periods of time and our partners’ investment in selling our new products and solutions. If these risks are not managed effectively, we could experience material risks to our business, operating results, financial condition and cash flows.

As we enter new or emerging markets, we will likely increase demands on our service and support operations and may be exposed to additional competition. We may not be able to provide products, services and support to effectively compete for these market opportunities.

The dynamic markets in which we participate and our sales and distribution structure makes forecasting revenues difficult and, if disrupted, could harm our business, operating results, financial condition and cash flows.

The dynamic markets in which we participate, and our business and sales models make revenues difficult to forecast. We sell to a variety of customers, across multiple industries and geographies, both directly and through various channels, with a corresponding variety of sales cycles. The majority of our sales are made and/or fulfilled indirectly through channel partners, including value-added resellers, systems integrators, distributors, original equipment manufacturers (OEMs) and strategic business partners, which include public cloud providers. This structure significantly complicates our ability to forecast future revenue, especially within any particular fiscal quarter or year. Moreover, our relationships with our indirect channel partners and strategic business partners are critical to our success. The loss of one or more of our key indirect channel partners in a given geographic area or the failure of our channel or strategic partners, including public cloud providers, to promote our products could harm our operating results. Qualifying and developing new indirect channel partners typically requires a significant investment of time and resources before acceptable levels of productivity are met. If we fail to maintain our relationships with our indirect channel partners and strategic partners, including public cloud providers, if their financial condition, business or customer relationships were to weaken, if they fail to comply with legal or regulatory requirements, or if we were to cease to do business with them for these or other reasons, our business, operating results, financial condition and cash flows could be harmed.

Our gross margins may vary.

Our gross margins reflect a variety of factors, including competitive pricing, component and product design, inflation, foreign exchange currency fluctuations, and the volume and relative mix of revenues from product, software support, hardware support and other services offerings. Increased component and labor costs, increased pricing and discounting pressures, the relative and varying rates of increases or decreases in component costs and product prices, or changes in the mix of revenue or decreased volume from product, software support, hardware support and other services offerings could harm our revenues, gross margins or earnings. Our gross margins are also impacted by the cost of any materials that are of poor quality and our sales and distribution activities, including, without limitation, pricing actions, rebates, sales initiatives and discount levels, and the timing of service contract renewals. The costs of third-party components comprise a significant portion of our product costs. While we generally have been able to manage our component and product design costs, we may have difficulty managing these costs if supplies of certain components, including NAND, become limited or component prices increase. Any such limitation could result in an increase in our product costs. We have seen, and may continue to see, our gross margins negatively impacted by increases in component costs, logistics costs, and inflationary pressures. An increase in component or design costs relative to our product prices could harm our gross margins and earnings. Failure to sustain or improve our gross margins may have a material adverse effect on our business and stock price.

Issues related to the development and use of artificial intelligence (AI), including GenAI, could give rise to legal and/or regulatory action, damage our reputation or otherwise materially harm our business.

We are increasingly building and/or leveraging AI technology, including GenAI, in certain of our products and services and in our business operations. Our research and development of such technology remains ongoing. As with many innovations, AI presents risks, challenges, and potential unintended consequences that could affect our and our customers’ adoption and use of this technology. AI algorithms and training methodologies may be flawed, and AI technologies are complex and rapidly evolving. We face significant competition in the market and from other companies regarding such technologies.

While we aim to develop and use AI responsibly and attempt to identify and mitigate ethical and legal issues presented by its use, we may be unsuccessful in identifying or resolving issues before they arise. AI-related issues, deficiencies and/or failures could (i)

give rise to legal and/or regulatory action, including with respect to proposed legislation regulating AI in various jurisdictions in which we operate, and as a result of new applications of existing data protection, privacy, intellectual property, and other laws; (ii) damage our reputation; or (iii) otherwise materially harm our business. To the extent regulation materially delays or impedes the adoption of AI, demand for our products may not meet our forecasts.

Our markets are intensely competitive and are characterized by fragmentation and rapidly changing technology. We compete with many companies in the markets we serve, including established public companies, newer public companies with a strong flash focus, and new market entrants addressing the opportunity for GenAI and application data management for Kubernetes. Some offer a broad spectrum of IT products and services (full-stack vendors) and others offer a more limited set of products or services. Technology trends, such as hosted or public cloud storage, software as a service (SaaS) and flash storage are driving significant changes in storage architectures and solution requirements. Cloud service provider competitors provide customers storage on demand, without requiring a capital expenditure, which meets rapidly evolving business needs and has changed the competitive landscape. We also compete in the emerging cloud operations market, where growth is being driven by increased customer cloud usage and commensurate spend, but customer requirements are still evolving. There is no clear leader in this market.

Competitors may develop new technologies, products or services in advance of us or establish new business models, more flexible purchase models or new technologies disruptive to us. By extending our flash, cloud storage, converged infrastructure and cloud operations offerings, we are competing in new segments with both traditional competitors and new competitors, particularly smaller emerging storage and cloud operations vendors. The longer-term potential and competitiveness of these emerging vendors remains to be determined. In cloud and converged infrastructure, we also compete with large well-established competitors.

It is possible that new competitors or alliances among competitors might emerge and rapidly acquire significant market share or buying power. Changes in customer requirements or an increase in industry consolidation might result in stronger competitors that are better able to compete. In addition, current and potential competitors have established or might establish cooperative relationships among themselves or with third parties, including some of our partners or suppliers. For additional information regarding our competitors, see the section entitled “Competition” contained in Part I, Item 1 – Business of this Form 10-K.

Transition to consumption-based business models may adversely affect our revenues and profitability in other areas of our business and as a result may harm our business, operating results, financial condition and cash flows.

We offer customers a full range of consumption models, including cloud-based storage services and storage as a service (STaaS) delivered on premises. These business models continue to evolve, and we may not be able to compete effectively, generate significant revenues or maintain the profitability of our consumption-based offerings. Additionally, the increasing prevalence of cloud and SaaS delivery models offered by us and our competitors may have a dampening impact on overall demand for our on-premises offerings sold in a traditional capex model, which could reduce our revenues and cash flow, at least in the near term. If we do not successfully execute our consumption model strategy or anticipate the needs of our customers, our revenues and profitability could decline.

As customer demand for our consumption model offerings increases, we will experience differences in the timing of revenue recognition between our traditional purchase arrangements (for which revenue is generally recognized in full at the time of delivery), relative to our consumption model offerings (for which revenue is generally recognized ratably over the term of the arrangement). We incur certain expenses associated with the infrastructure and marketing of our consumption model offerings in advance of our ability to recognize the revenues associated with these offerings.

Due to the global nature of our business, risks inherent in our international operations could materially harm our business.

A significant portion of our operations are located, and a significant portion of our revenues are derived, outside of the U.S. In addition, most of our products are manufactured outside of the U.S., and we have research and development, sales and service centers overseas. Accordingly, our international operations, business and future operating results could be adversely impacted by economic, business, regulatory, social and political factors in foreign countries including, among other things, the imposition of government controls, local political or economic conditions including recessionary cycles, inflationary conditions and political uncertainty, economic sanctions, trade protections and regulations and export and import requirements, tariffs, tax policies, treaties or laws, local labor conditions, transportation costs, government spending patterns, geopolitical tensions and uncertainties, acts of terrorism, international conflicts and natural disasters in areas with limited infrastructure and adverse public health developments. In particular, ongoing trade tensions between the U.S. and China could impact our business and operating results. Any increase in tensions between China and Taiwan, including threats of military actions or escalation of military activities, could adversely affect our or our contract manufacturers’ ability to source key supply chain components included in our products. As a result of Russia’s actions in Ukraine, numerous countries and organizations have imposed sanctions and export controls, while businesses, including the Company, have limited or suspended Russian operations. Russia has likewise imposed currency restrictions and regulations and may further take

retaliatory trade or other actions, including the nationalization of foreign businesses. These actions could impact our supply chain, pricing, business and operating results and expose us to cyberattacks. In addition, due to the global nature of our business, we are subject to complex legal and regulatory requirements in the U.S. and the foreign jurisdictions in which we operate and sell our products, including antitrust and anti-competition laws, and regulations related to data privacy, data protection, and cybersecurity. We are also subject to the potential loss of proprietary information due to piracy, misappropriation, or laws that may be less protective of our intellectual property rights than U.S. laws. Such factors have or could have an adverse impact on our business, operating results, financial condition and cash flows.

We face exposure to adverse movements in foreign currency exchange rates as a result of our international operations. These exposures may change over time as business practices evolve, and they could have a material adverse impact on our operating results, financial condition and cash flows. We utilize forward and option contracts in an attempt to reduce the adverse earnings impact from the effect of exchange rate fluctuations on certain assets and liabilities. Our hedging strategies may not be successful, and currency exchange rate fluctuations could have a material adverse effect on our operating results and cash flows. In addition, our foreign currency exposure on assets, liabilities, and cash flows that we do not hedge could have a material impact on our financial results in periods when the U.S. dollar significantly fluctuates in relation to foreign currencies.

Moreover, in many foreign countries, particularly in those with developing economies, it is a common business practice to engage in activities that are prohibited by NetApp's internal policies and procedures, or U.S. laws and regulations applicable to us, such as the Foreign Corrupt Practices Act. There can be no assurance that all our employees, contractors and agents, as well as those companies to which we outsource certain of our business operations, will comply with these policies, procedures, laws and/or regulations. Any such violation could subject us to fines and other penalties, which could have a material adverse effect on our business, operating results, financial condition and cash flows.

Our continued success depends, in part, on our ability to hire and retain qualified personnel and to advance our corporate strategy and preserve the key aspects of our corporate culture. Because our future success is dependent on our ability to continue to enhance and introduce new products and features, we are particularly dependent on our ability to hire and retain qualified engineers and technical talent, including in emerging areas of technology such as AI and machine learning. In addition, to increase revenues, we will be required to increase the productivity of our sales force and support infrastructure to achieve adequate customer coverage. Competition for qualified employees, particularly in the technology industry, remains tight. We have periodically reduced our workforce, including reductions of approximately 9% and 2% announced in fiscal 2023 and fiscal 2024, respectively, and these actions may make it more difficult to attract and retain qualified employees. Our inability to hire and retain qualified management and skilled personnel, particularly engineers, salespeople and key executive management, could disrupt our development efforts, sales results, business relationships and/or our ability to execute our business plan and strategy on a timely basis and could materially and adversely affect our operating results, financial conditions and cash flows.

Many of our employees participate in our hybrid work program, and work remotely on a full- or part-time basis. While this has been generally well received by employees, it may also create other challenges that impact our ability to attract and retain qualified personnel, including, but not limited to, some employees may prefer an in person work environment, difficulty collaborating and communicating among employees, and ability to maintain consistent experience of our corporate culture and workforce morale. If we are unable to effectively manage the risks and challenges associated with hybrid work, our business operations and financial performance may be adversely affected.

A number of our employees are foreign nationals who rely on visas and entry permits in order to legally work in the U.S. and other countries. In recent years, the U.S. has increased the level of scrutiny in granting H-1B, L-1 and other business visas. Compliance with new and unexpected U.S. immigration and labor laws could also require us to incur additional unexpected labor costs and expenses or could restrain our ability to retain and attract skilled professionals. Any of these restrictions could have a negative material adverse effect on our business, results of operations or financial conditions.

Equity grants are a critical component of our current compensation programs as they support attraction and engagement of key talent and align employee interests with shareholders. A competitive broad-based equity compensation program is essential to compete for talent in both the hardware and software industries, in which competitors for talent provide a more significant portion of compensation via equity. If we reduce, modify or eliminate our equity programs or fail to grant equity competitively, we may have difficulty attracting and retaining critical employees.

In addition, because of the structure of our sales, cash and equity incentive compensation plans, we may be at increased risk of losing employees at certain times. For example, the retention value of our compensation plans decreases after the payment of periodic bonuses or the vesting of equity awards.

Our acquisitions or divestitures may not achieve expected benefits, and may increase our liabilities, disrupt our existing business and harm our operating results, financial condition and cash flows.

As part of our strategy, we seek to acquire other businesses and technologies to complement our current products and services, expand the breadth of our markets, or enhance our technical capabilities, and may seek to divest a business, product line, or division which no longer complements our current products or services. For example, we acquired a number of privately held companies in the past several years. The benefits we have received, and expect to receive, from these and other acquisitions depend on our ability to successfully conduct due diligence, negotiate the terms of the acquisition and integrate the acquired business into our systems, procedures and organizational structure. Similarly, the benefits we would expect to receive from a divestiture would depend on our ability to manage separation of operations, services, product, and personnel, in addition to other risks. Any inaccuracy in our assumptions or any failure to uncover or mitigate liabilities or risks associated with an acquisition or divestiture, such as differing or inadequate cybersecurity and data privacy protection controls or contractual limitations of liability, and any failure to make an acquisition or divestiture on favorable terms, integrate or divest the subject business or assets as and when expected, or retain or separate key employees of the subject company or business may reduce or eliminate the expected benefits to us, increase our costs, disrupt our operations, result in additional liabilities, investigations and litigation, and may also harm our strategy, our business and our operating results. The failure to achieve expected acquisition or divestiture benefits may also result in impairment charges for goodwill and intangible assets.

We often incur expenses before we receive related benefits, and expenses may be difficult to reduce quickly if demand declines.

We base our expense levels in part on future revenue expectations and a significant percentage of our expenses are fixed. It is difficult to reduce our fixed costs quickly, and if revenue levels are below our expectations, operating results could be adversely impacted. During periods of uneven growth or decline, we may incur costs before we realize the anticipated related benefits, which could also harm our operating results. We have made, and will continue to make, significant investments in engineering, sales, service and support, marketing and other functions to support and grow our business. We are likely to recognize the costs associated with these investments earlier than some of the related anticipated benefits, such as revenue growth, and the return on these investments may be lower, or may develop more slowly, than we expect, which could harm our business, operating results, financial condition and cash flows.

Initiatives intended to make our cost structure, business processes and systems more efficient may not achieve the expected benefits and could inadvertently have an adverse effect on our business, operating results, financial condition and cash flows.

We continuously seek to make our cost structure and business processes more efficient, including by moving our business activities from higher-cost to lower-cost locations, outsourcing certain business processes and functions, and implementing changes to our business information systems. These efforts may involve a significant investment of financial and human resources and significant changes to our current operating processes. For example, in fiscal 2024, we implemented, and in fiscal 2025 we will continue to implement, certain new business information systems, including implementing our new enterprise resource planning system. We may encounter difficulties in implementing these new business information systems or maintaining and upgrading existing systems and software. Such difficulties may lead to significant expenses or losses due to unexpected additional costs required to implement or maintain systems, disruption in business operations, loss of sales or profits, or disruption to our ability to timely and accurately process and report key aspects of our financial statements and, as a result, may have a material adverse effect on our business, results of operations, financial condition and prospects.

In addition, as we move operations into lower-cost jurisdictions and outsource certain business processes, we become subject to new regulatory regimes and lose control of certain aspects of our operations and, as a consequence, become more dependent upon the systems and business processes of third-parties. If we are unable to move our operations, outsource business processes or implement new business information systems in a manner that complies with local law and maintains adequate standards, controls and procedures, the quality of our products and services may suffer and we may be subject to increased litigation risk, either of which could have an adverse effect on our business, operating results and financial condition. Additionally, we may not achieve the expected benefits of these and other transformational initiatives, which could harm our business, operating results, financial condition and cash flows.

We are exposed to credit risks, our investment portfolio may experience fluctuations in market value or returns, and our cash and cash equivalents could be adversely affected if the financial institutions in which we hold our cash and cash equivalents fail.

We maintain an investment portfolio of various holdings, types, and maturities. Credit ratings and pricing of our investments can be negatively affected by liquidity, credit deterioration, financial results, economic risk, political risk, sovereign risk or other factors. As a result, the value and liquidity of our investments and the returns thereon may fluctuate substantially. Unfavorable macroeconomic conditions, rising interest rates, or other circumstances could result in an economic slowdown and possibly cause a global recession. An economic slowdown or increased regional or global economic uncertainty may lead to failures of counterparties, including financial institutions, governments and insurers, which could result in a material decline in the value of our investment portfolio and

substantially reduce our investment returns. We regularly maintain cash balances at large third-party financial institutions in excess of the Federal Deposit Insurance Corporation (FDIC) insurance limit of $250,000 and similar regulatory insurance limits outside the United States. If a depository institution where we maintain deposits fails or is subject to adverse conditions in the financial or credit markets, we may not be able to recover all of our deposits, which could adversely impact our operating liquidity and financial performance. Similarly, if our customers or partners experience liquidity issues as a result of financial institution defaults or non-performance where they hold cash assets, their ability to pay us may become impaired and could have a material adverse effect on our results of operations, including the collection of accounts receivable and cash flows.

Our goals and disclosures related to environmental, social and governance (ESG) matters expose us to risks that could adversely affect our reputation and performance.

We have established and publicly announced, and may continue to establish and publicly announce, initiatives and goals regarding environmental matters, diversity, and other related matters, including our commitment to reducing our greenhouse gas emissions and increasing our representation of women in our global workforce and underrepresented minorities in our US workforce, in our ESG Report, on our website, in our SEC filings and elsewhere. These statements reflect our current plans and aspirations and are not quotas or guarantees that we will be able to achieve them. These initiatives and goals could be difficult and expensive to implement, the technologies we need to implement them may not be cost effective and may not advance at a sufficient pace, and ensuring the accuracy, adequacy or completeness of the disclosure of our ESG initiatives can be costly, difficult and time-consuming. Our failure to accomplish or accurately track and report on these goals on a timely basis, or at all, could adversely affect our reputation, financial performance and growth, and expose us to increased scrutiny from our stakeholders, the investment community as well as enforcement authorities.

There is an increasing focus from U.S. and foreign government agencies, investors, customers, consumers, employees and other stakeholders concerning ESG matters, including sustainable products. These changing rules, regulations and stakeholder expectations have resulted in, and are likely to continue to result in, increased general and administrative expenses and increased management time and attention spent complying with or meeting such regulations and expectations. For example, developing and acting on ESG initiatives, and collecting, measuring and reporting ESG information and metrics can be costly, difficult and time consuming and is subject to evolving reporting standards, including the SEC’s climate-related reporting requirements, the California climate reporting rules and, to the extent applicable, the European Union's (EU) Corporate Sustainability Reporting Directive. Statements about our ESG initiatives and goals, and progress against those goals, may be based on standards for tracking, measuring and reporting ESG matters that are continuing to evolve and assumptions that are subject to change. This may result in a lack of consistent or meaningful comparative data from period to period or between the Company and other companies in the same industry. In addition, our processes and controls may not always comply with evolving standards for identifying, measuring and reporting ESG metrics, including ESG-related disclosures that may be required of public companies by the Securities and Exchange Commission, and such standards may change over time, which could result in significant revisions to our current goals, reported progress in achieving such goals, or ability to achieve such goals in the future.

We could also face scrutiny from certain stakeholders for the scope or nature of our ESG initiatives or goals, or for any revisions to these goals. If our ESG related data, processes and reporting are incomplete or inaccurate, if we fail to achieve progress with respect to our ESG goals on a timely basis, or at all, or if we were to be subject to government enforcement actions or private litigation from stakeholders because of our ESG initiatives, our ability to attract or retain employees, and our attractiveness as an investment, business partner, acquiror or supplier could be negatively impacted and our business, financial performance and growth could be adversely affected.

A portion of our revenues is generated by large, recurring purchases from various customers, resellers and distributors. A loss, cancellation or delay in purchases has negatively affected our revenues in the past, and could negatively affect our revenues in the future.

A significant portion of our net revenues depends on sales to a limited number of customers and distributors. We generally do not enter into binding purchase commitments with our customers, resellers and distributors for extended periods of time, and thus there is no guarantee we will continue to receive large, recurring orders from these customers, resellers or distributors. For example, our reseller agreements generally do not require minimum purchases, and our customers, resellers and distributors can stop purchasing and marketing our products at any time. Any deterioration in the solvency of our customers, resellers and distributors or the ability of such customers, resellers and distributors to obtain credit to finance purchases of our products could have a significant adverse effect on our results of operations and cash flow. If any of our key customers, resellers or distributors changes its pricing practices, reduces the size or frequency of its orders for our products, or stops purchasing our products altogether, our operating results, financial condition and cash flows could be materially adversely impacted. In addition, major customers may also seek pricing, payment, intellectual property-related, or other commercial terms that are less favorable to us, which may have a negative impact on our business, cash flow and operating results.

Our growth strategy includes developing and maintaining strategic partnerships with major third-party software and hardware vendors to integrate our products into their products and also co-market our products with them. A number of our strategic partners are industry leaders that offer us expanded access to segments in which we do not directly participate. In particular, strategic partnerships with public cloud providers and other cloud service vendors are critical to the success of our cloud-based business. However, there is intense competition for attractive strategic partners, and these relationships may not be exclusive, may not generate significant revenues and may be terminated on short notice. For instance, some of our partners are also partnering with our competitors, which may increase the availability of competing solutions and harm our ability to grow our relationships with those partners. Moreover, some of our partners, particularly large, more diversified technology companies, including major cloud providers, are also competitors, thereby complicating our relationships. If we are unable to establish new partnerships or maintain existing partnerships, if our strategic partners favor their relationships with other vendors in the storage industry or if our strategic partners increasingly compete with us, we could experience lower than expected revenues, suffer delays in product development, or experience other harm to our business, operating results, financial condition and cash flows.

Our success depends upon our ability to effectively plan and manage our resources and to periodically restructure our business, and such actions may have an adverse effect on our business, operating results, financial condition and cash flows.

Our ability to successfully offer our products and services in a rapidly evolving market requires an effective planning, forecasting, and management process to enable us to effectively scale and adjust our business in response to fluctuating market opportunities and conditions.

In fiscal 2024, we reorganized our sales resources, which included changes and additions to our sales leadership team, to gain operational efficiencies and improve the alignment of our resources with customer and market opportunities. Reorganization of our sales resources, and ongoing evolution of our go-to-market model, could result in short or long-term disruption of our sales cycles, may not produce the efficiencies and benefits desired, and could harm our operating results, financial condition and cash flows.

We have and may in the future undertake initiatives that could include reorganizing our workforce, restructuring, disposing of, and/or otherwise discontinuing certain products, facility reductions or a combination of these actions which have resulted in, or may result in, restructuring charges. Rapid changes in the size, alignment or organization of our workforce, including our business unit structure, structure of our sales team, and sales account coverage, could adversely affect our ability to develop, sell and deliver products and services as planned or impair our ability to realize our current or future business and financial objectives. Charges associated with these activities could harm our operating results. Our ability to achieve the anticipated cost savings and other benefits from these initiatives is subject to many estimates and assumptions, which are subject to uncertainties. If our estimates and assumptions are incorrect, if we are unsuccessful at implementing changes, or if other unforeseen events occur, our business, financial condition, and results of operations could be adversely affected.

Reduced U.S. government demand could materially harm our business, operating results, financial condition and cash flows. In addition, we could be harmed by claims that we have or a channel partner has failed to comply with regulatory and contractual requirements applicable to sales to the U.S. government.

The U.S. government is an important customer for us. However, government demand is uncertain, as it is subject to political and budgetary fluctuations and constraints. Events such as the U.S. federal government shutdown from December 2018 to January 2019 and continued uncertainty regarding the U.S. budget and debt levels have increased demand uncertainty for our products. In addition, like other customers, the U.S. government may evaluate competing products and delay purchasing in the face of the technology transitions taking place in the storage industry. If the U.S. government or an individual agency or multiple agencies within the U.S. government continue to reduce or shift their IT spending patterns, our operating results, including revenues may be harmed.

Selling our products to the U.S. government, whether directly or through channel partners, also subjects us to certain regulatory and contractual requirements. Failure to comply with these requirements by either us or our channel partners could subject us to investigations, fines, and other penalties, which could materially harm our operating results and financial condition. As an example, the United States Department of Justice (DOJ) and the General Services Administration (GSA) have in the past pursued claims against and financial settlements with IT vendors, including us and several of our competitors and channel partners, under the False Claims Act and other statutes related to pricing and discount practices and compliance with certain provisions of GSA contracts for sales to the federal government. Although the DOJ and GSA currently have no claims pending against us, we could face claims in the future. Violations of certain regulatory and contractual requirements, including with respect to cybersecurity, procurement process or affirmative action program requirements could also result in us being suspended or debarred from future government contracting. Any of these outcomes could have a material adverse effect on our business, operating results, financial condition and cash flows.

In response to increasing cybersecurity threats, the U.S. government has subjected IT vendors, including us, to certain additional requirements. As an example, the Executive Order on Improving the Nation’s Cybersecurity (EO 14028), released in May 2021,

outlines the U.S. government’s plan to address software supply chain security for “critical software” and other software. NetApp’s products are categorized as critical software, requiring us to achieve compliance with the Secure Software Development Framework (SSDF) under NIST special publication 800-218. The current deadline for compliance is subject to the U.S. government’s finalization of their common attestation form, and any products that cannot attest to compliance with the SSDF may result in delays or inability to execute contracts with customers, particularly with government entities.

We derive a majority of our revenues in any given quarter from orders booked in the same quarter. Orders typically follow intra-quarter seasonality patterns weighted toward the back end of the quarter. If we do not achieve the level, timing and mix of orders consistent with our quarterly targets and historical patterns, or if we experience cancellations of significant orders, our operating results, financial condition and cash flows could be harmed.

Most of our sales to customers are on an open credit basis, with typical payment terms of 30 days. We may experience increased losses as potentially more customers are unable to pay all or a portion of their obligations to us, particularly in the current macroeconomic environment when access to sources of liquidity may be limited. Beyond our open credit arrangements, some of our customers have entered into recourse and non-recourse financing leasing arrangements using third-party leasing companies. Under the terms of recourse leases, which are generally three years or less, we remain liable for the aggregate unpaid remaining lease payments to the third-party leasing companies in the event of end-user customer default. During periods of economic uncertainty, our exposure to credit risks from our customers increases. In addition, our exposure to credit risks of our customers may increase further if our customers and their customers or their lease financing sources are adversely affected by global economic conditions.

We do not manufacture certain components used in our products. We rely on third parties to manufacture critical components, as well as for associated logistics. Our lack of direct responsibility for, and control over, these elements of our business, as well as the diverse international geographic locations of our manufacturing partners and suppliers, creates significant risks for us, including, among other things:

•The potential for binding price or purchase commitments with our suppliers at higher than market rates;

•Geopolitical disputes disrupting our supply chain;

•Business, legal compliance, litigation and financial concerns affecting our suppliers or their ability to manufacture and ship components in the quantities, quality and manner we require; and

•Disruptions due to floods, earthquakes, storms and other natural disasters, especially those caused by climate change, and particularly in countries with limited infrastructure and disaster recovery resources.

Such risks have subjected us, and could in the future subject us, to supply constraints, price increases and minimum purchase requirements and our business, operating results, financial condition and cash flows could be harmed. The risks associated with our outsourced manufacturing model are particularly acute when we transition products to new facilities or manufacturers, introduce and increase volumes of new products or qualify new contract manufacturers or suppliers, at which times our ability to manage the relationships among us, our manufacturing partners and our component suppliers, becomes critical. New manufacturers, products, components or facilities create increased costs and risk that we will fail to deliver high quality products in the required volumes to our

customers. Any failure of a manufacturer or component supplier to meet our quality, quantity or delivery requirements in a cost-effective manner will harm our business, including customer relationships and as a result could harm our operating results, financial condition and cash flows. Additionally, disruption to our manufacturing operations, or those of our contract manufacturers, could significantly impact our ability to supply our customers and could produce a near-term severe impact on the Company.

We rely on a limited number of suppliers for drives and other components utilized in the assembly of our products, including certain single source suppliers, which has subjected us, and could in the future subject us, to price rigidity, periodic supply constraints, and the inability to produce our products with the quality and in the quantities demanded. Consolidation among suppliers, particularly within the semiconductor and storage media industries, has contributed to price volatility and supply constraints. When industry supply is constrained, or the supply chain is disrupted, our suppliers may allocate volumes away from us and to our competitors, all of which rely on many of the same suppliers as we do. Accordingly, our business, operating results, financial condition and cash flows may be harmed.

If a material cybersecurity or other security breach impacts our services or occurs on our systems, within our supply chain, or on our end-user customer systems, or if stored data is improperly accessed, customers may reduce or cease using our solutions, our reputation may be harmed and we may incur significant liabilities.

We store and transmit, and sell products and services that store and transmit, personal, sensitive and proprietary data related to our products, our employees, customers, clients and partners (including third-party vendors such as data centers and providers of SaaS, cloud computing, and internet infrastructure and bandwidth), and their respective customers, including intellectual property, books of record and personal information. It is critical to our business strategy that our infrastructure, products and services remain secure and are perceived by customers, clients and partners to be secure. There are numerous and evolving risks to cybersecurity and privacy, including criminal hackers, state-sponsored intrusions, industrial espionage, human error and technological vulnerabilities. Material cybersecurity incidents or other security breaches could result in (1) unauthorized access to, or loss or unauthorized use, alteration, or disclosure of, such information; (2) litigation, indemnity obligations, government investigations and proceedings, regulatory fines and penalties, and other possible liabilities; (3) negative publicity; and (4) disruptions to our internal and external operations. Any of these could damage our reputation and public perception of the security and reliability of our products, as well as harm our business and cause us to incur significant liabilities. In addition, a material cybersecurity incident or loss of personal information, or other material security breach could result in other negative consequences, including remediation costs, disruption of internal operations, increased cybersecurity protection costs and lost revenues.

Our clients and customers use our platforms for the transmission and storage of sensitive data. We do not generally review the information or content that our clients and their customers upload and store, and we have no direct control over the substance of the information or content stored within our platforms. If our employees, or our clients, partners or their respective customers use our platforms for the transmission or storage of personal or other sensitive information, or our supply chain cybersecurity is compromised and our security measures are breached as a result of third-party action, employee error, malfeasance, stolen or fraudulently obtained log-in credentials or otherwise, our reputation could be damaged, our business may be harmed and we could incur significant liabilities.

Security industry experts and US Government officials continue to emphasize risks to our industry. Cyber attacks and security breaches continue to increase, and of particular concern are supply-chain attacks against software development and breaches of technology service providers. We anticipate that cyberattacks will continue to increase in the future given cyber warfare has become a consistent lever within geopolitical conflicts and increasingly leverages hacktivism. We cannot give assurance that we will always be successful in preventing or repelling unauthorized access to our systems. We also may face delays in our ability to identify or otherwise respond to any cybersecurity incident or any other breach. Additionally, we use third-party service providers to provide some services to us that involve the storage or transmission of data, such as SaaS, cloud computing, and internet infrastructure and bandwidth, and they face various cybersecurity threats and also may suffer cybersecurity incidents or other security breaches.

Many jurisdictions have enacted or are enacting laws requiring companies to notify regulators or individuals of data security incidents involving certain types of personal data. These mandatory disclosures regarding security incidents often lead to widespread negative publicity. Moreover, the risk of reputational harm may be magnified and/or distorted through the rapid dissemination of information over the internet, including through news articles, blogs, social media, and other online communication forums and services. Any security incident, loss of data, or other security breach, whether actual or perceived, or whether impacting us or our third-party service providers, could harm our reputation, erode customer confidence in the effectiveness of our data security measures, negatively impact our ability to attract new customers, cause existing customers to elect not to renew their support contracts or their SaaS subscriptions, or subject us to third-party lawsuits, regulatory fines or other action or liability, which could materially and adversely affect our business and operating results.

If a data center or other third-party who relies on our products experiences a disruption in service or a loss of data, such disruption could be attributed to the quality of our products, thereby causing financial or reputational harm to our business.

Our clients, including data centers, SaaS, cloud computing and internet infrastructure and bandwidth providers, rely on our products for their data storage needs. Our clients may authorize third-party technology providers to access their data on our systems. Because we do not control the transmissions between our clients, their customers, and third-party technology providers, or the processing of such data by third-party technology providers, we cannot ensure the complete integrity or security of such transmissions or processing. Errors or wrongdoing by clients, their customers, or third-party technology providers resulting in actual or perceived security breaches may result in such actual or perceived breaches being attributed to us.

A failure or inability to meet our clients’ expectations with respect to security and confidentiality through a disruption in the services provided by these third-party vendors, or the loss or alteration of data stored by such vendors, could result in financial or reputational harm to our business to the extent that such disruption or loss is caused by, or perceived by our customers to have been caused by, defects in our products. Moreover, the risk of reputational harm may be magnified and/or distorted through the rapid dissemination of information over the internet, including through news articles, blogs, social media, and other online communication forums and services. This may affect our ability to retain clients and attract new business.

Failure to comply with new and existing laws and regulations relating to privacy, data protection, AI and information security could cause harm to our reputation, result in liability and adversely impact our business.

Our business is subject to increasing regulation by various federal, state and international governmental agencies responsible for enacting and enforcing laws and regulations relating to privacy, data protection, and information security. For example, since the effective date of the EU’s General Data Protection Regulation in 2018, the Court of Justice of the EU has issued rulings that have impacted how multinational companies must implement that law and the European Commission (EC) has published new regulatory requirements relating to cross-border data transfers applicable to multinational companies like NetApp. NetApp relies on a variety of compliance methods to transfer personal data of European Economic Area (EEA) individuals to other countries, including Binding Corporate Rules and Standard Contractual Clauses (SCCs). In June 2021, the EC imposed new SCC requirements which impose certain contract and operational requirements on NetApp and its contracting parties, including requirements related to government access transparency, enhanced data subject rights, and broader third-party assessments to ensure safeguards necessary to protect personal data transferred from NetApp or its partners to countries outside the EEA, requiring NetApp to revise customer and vendor agreements. In addition to the EU’s General Data Protection Regulation, other global governments have adopted new privacy and data protection laws implementing similarly comprehensive regulatory frameworks.

The rapidly evolving regulatory landscape in this area is likely to remain uncertain for the foreseeable future given heightened cyber-security threats, and amid the innovation and adoption of GenAI technology. For example, the Artificial Intelligence Act, recently adopted by the EU, sets forth new AI risk categorization, obligations, and prohibitions. In addition, changes in the interpretation and enforcement of existing laws and regulations could impact our business operations and those of our partners, vendors and customers. Customers, privacy advocates and industry groups also may propose new and different self-regulatory standards or standards of care that may legally or contractually apply to us, and these standards may be subject to change. These factors create uncertainty and we cannot yet determine the impact such future laws, regulations and standards, or changes to such laws, regulations, or standards, or to their interpretation or enforcement, may have on our business or the businesses of our partners, vendors and customers. In addition, changes in the interpretation of existing laws and regulations could impact our business operations and those of our partners, vendors and customers.

Because the interpretation and application of many laws and regulations relating to privacy, data protection and information security, along with industry standards, are uncertain, it is possible that relevant laws, regulations, or standards may be interpreted and applied in manners that are, or are alleged to be, inconsistent with our data management practices or the features of our products. Any failure, or perceived failure, by us or our business partners to comply with federal, state or international laws and regulations relating to privacy, data protection, and information security, commitments relating to privacy, data protection, and information security contained in our contracts, self-regulatory standards that apply to us or that third parties assert are applicable to us, or our policies or notices we post or make available could subject us to claims, investigations, sanctions, enforcement actions and other proceedings, disgorgement of profits, fines, damages, civil and criminal liability, penalties or injunctions.

Additionally, as a technology provider, our customers expect that we can demonstrate compliance with laws and regulations relating to privacy, data protection, and information security, and our inability or perceived inability to do so may adversely impact sales of our products and services, particularly to customers in highly-regulated industries. We have invested company resources in complying with new laws, regulations, and other obligations relating to privacy, data protection, and information security, and we may be required to make additional, significant changes in our business operations, all of which may adversely affect our revenue and our business overall. As a result of any inability to comply with such laws and regulations, our reputation and brand may be harmed, we could incur significant costs, and financial and operating results could be materially adversely affected, and we could be required to modify or change our products or our business practices, any of which could have an adverse effect on our business. Our business could be subject to stricter obligations, greater fines and private causes of action, including class actions, under the enactment of new laws and regulations relating to privacy, data protection, and information security, including but not limited to, the European Union General Data Protection Regulation, which provides for penalties of up to 20 million Euros or four percent of our annual global revenues, the California Consumer Privacy Act and the California Privacy Rights Act, and other U.S. state-based regulation.

If our products or services are defective, or are perceived to be defective as a result of improper use or maintenance, our operating results, including gross margins, and customer relationships may be harmed.

Our products and services are complex. We have experienced in the past, and expect to experience in the future, quality issues impacting certain products, and in the future, we could experience reliability issues with services we provide. Such quality and reliability issues may be due to, for example, our own designs or processes, the designs or processes of our suppliers, and/or flaws in third-party software used in our products. These types of risks are most acute when we are introducing new products. Quality or reliability issues have and could again in the future cause customers to experience outages or disruptions in service, data loss or data corruption. If we fail to remedy a product defect or flaw, we may experience a failure of a product line, temporary or permanent withdrawal from a product or market, damage to our reputation, loss of revenue, inventory costs or product reengineering expenses and higher ongoing warranty and service costs, and these occurrences could have a material impact on our gross margins, business and operating results. In addition, we exercise little control over how our customers use or maintain our products and services, and in some cases improper usage or maintenance could impair the performance of our products and services, which could lead to a perception of a quality or reliability issue. Customers may experience losses that may result from or are alleged to result from defects or flaws in our products and services, which could subject us to claims for damages, including consequential damages.

The laws and regulations governing the manufacturing, sourcing, distribution and use of our products have become more complex and stringent over time. For example, in addition to various environmental laws relating to carbon emissions, the use and discharge of hazardous materials and the use of certain minerals originating from identified conflict zones, many governments, including the U.S., the United Kingdom and Australia, have adopted regulations concerning the risk of human trafficking in supply chains which govern how workers are recruited and managed. We incur costs to comply with the requirements of such laws. Further, since our supply chain is complex, we may face reputational harm if our customers or other stakeholders conclude that we are unable to verify sufficiently the origins of the minerals used in the products we sell or the actions of our suppliers with respect to workers. As the laws and regulations governing our products continue to expand and change, our costs are likely to rise, and the failure to comply with any such laws and regulations could subject us to business interruptions, litigation risks and reputational harm.

Some of our products are subject to U.S. export control laws and other laws affecting the countries in which our products and services may be sold, distributed, or delivered, and any violation of these laws could have a material and adverse effect on our business, operating results, financial condition and cash flows.

Due to the global nature of our business, we are subject to import and export restrictions and regulations, including the Export Administration Regulations administered by the Commerce Department’s Bureau of Industry and Security (BIS) and the trade and economic sanctions regulations administered by the Treasury Department’s Office of Foreign Assets Control (OFAC). The U.S., through the BIS and OFAC, places restrictions on the sale or export of certain products and services to certain countries and persons, including most recently to Russia, Belarus and portions of Ukraine. These regulations have caused the Company to stop selling or servicing our products temporarily in restricted areas, such as Russia, Belarus and portions of Ukraine. The BIS and OFAC have also placed restrictions on dealing with certain "blocked” entities, such as Russia’s federal security service (FSB), including the Company’s filing of notifications to the FSB for exporting certain products to Russia. Violators of these export control and sanctions laws may be subject to significant penalties, which may include significant monetary fines, criminal proceedings against them and their officers and employees, a denial of export privileges, and suspension or debarment from selling products to the federal government. Our products could be shipped to those targets by third parties, including potentially our channel partners, despite our precautions.

If we were ever found to have violated U.S. export control laws, we may be subject to various penalties available under the laws, any of which could have a material and adverse impact on our business, operating results and financial condition. Even if we were not

found to have violated such laws, the political and media scrutiny surrounding any governmental investigation of us could cause us significant expense and reputational harm. Such collateral consequences could have a material adverse impact on our business, operating results, financial condition and cash flows.

Our success depends significantly upon developing, maintaining and protecting our proprietary technology. We rely on a combination of patents, copyrights, trademarks, trade secrets, confidentiality procedures and contractual provisions with employees, resellers, strategic partners and customers, to protect our proprietary rights. We currently have multiple U.S. and international patent applications pending and multiple U.S. and international patents issued. The pending applications may not be approved, and our existing and future patents may be challenged. If such challenges are brought, the patents may be invalidated. We may not be able to develop proprietary products or technologies that are patentable, and patents issued to us may not provide us with any competitive advantages and may be challenged by third parties. Further, the patents of others may materially and adversely affect our ability to do business. In addition, a failure to obtain and defend our trademark registrations may impede our marketing and branding efforts and competitive condition. Litigation may be necessary to protect our proprietary technology. Any such litigation may be time-consuming and costly. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. In addition, the laws of some foreign countries do not protect proprietary rights to as great an extent as do the laws of the U.S. Our means of protecting our proprietary rights may not be adequate or our competitors may independently develop similar technology, duplicate our products, or design around patents issued to us or other intellectual property rights of ours. In addition, while we train employees in confidentiality practices and include terms in our employee and consultant agreements to protect our intellectual property, there is persistent risk that some individuals will improperly take our intellectual property after terminating their employment or other engagements with us, which could lead to intellectual property leakage to competitors and a loss of our competitive advantages.

Patent litigation is particularly common in our industry. We have been, and continue to be, in active patent litigations with non-practicing entities. While we vigorously defend our ability to compete in the marketplace, there is no guarantee that, in patent or other types of intellectual property litigation, we will prevail at trial or be able to settle at a reasonable cost. If a judge or jury were to find that our products infringe, we could be required to pay significant monetary damages and be subject to an injunction that could cause product shipment delays, require us to redesign our products, affect our ability to supply or service our customers, and/or require us to enter into compulsory royalty or licensing agreements.

We expect that companies in the enterprise storage and data management, cloud storage and cloud operations markets will increasingly be subject to infringement claims as the number of products and competitors in our industry segment grows and the functionality of products in different industry segments overlaps. Any such claims, and any such infringement claims discussed above, could be time consuming, result in costly litigation, cause suspension of product shipments or product shipment delays, require us to redesign our products, or require us to enter into royalty or licensing agreements, any of which could materially and adversely affect our operating results, financial condition and cash flows. Such royalty or licensing agreements, if required, may not be available on terms acceptable to us or at all.

Many of our products are designed to include software licensed from third parties. Such third-party software includes software licensed from commercial suppliers and software licensed under public or open source licenses. We have internal processes to manage our use of such third-party software. However, if we fail to adequately manage our use of third-party software, then we may be subject to copyright infringement or other third-party claims. If we are non-compliant with a license for commercial software, then we may be required to pay penalties or undergo costly audits pursuant to the license agreement. In the case of open-source software licensed under certain “copyleft” licenses, the license itself may require, or a court-imposed remedy for non-compliant use of the open source software may require, that proprietary portions of our own software be publicly disclosed or licensed. Additionally, contract proposals, negotiations and software proposals are complex and frequently involve lengthy bidding and selection processes. We may not be able to negotiate extensions to our current third-party licenses when due for renewal or continue to secure such licenses under

commercially reasonable terms. Each of the foregoing could result in a loss of intellectual property rights, increased costs, damage to our reputation and/or a loss of revenue.

In addition, many of our products use open-source software. Such open-source software generally does not provide any warranty or contractual protection, and may be susceptible to attack from bad actors. Further, open-source software may contain vulnerabilities, which may or may not be known at the time of our inclusion of the software in a product. If a vulnerability in such software is successfully exploited, we could be subject to damages including remediation costs, reputational damage and lost revenues.

Emerging standards may adversely affect the UNIX®, Windows® and World Wide Web server markets upon which we depend. For example, we provide our open access data retention solutions to customers within the financial services, healthcare, pharmaceutical and government market segments, industries that are subject to various evolving governmental regulations with respect to data access, reliability and permanence in the U.S. and in the other countries in which we operate. If our products do not meet and continue to comply with these evolving governmental regulations in this regard, customers in these market and geographical segments will not purchase our products, and we may not be able to expand our product offerings in these market and geographical segments at the rates which we have forecasted.

Our stock price is subject to changes in recommendations or earnings estimates by financial analysts, changes in investors' or analysts' valuation measures for our stock, changes in our capital structure, including issuance of additional debt, changes in our credit ratings, our ability to pay dividends and to continue to execute our stock repurchase program as planned and market trends unrelated to our performance.

Our ability to pay quarterly dividends and to continue to execute our stock repurchase program as planned will be subject to, among other things, our financial condition and operating results, available cash and cash flows in the U.S., capital requirements, and other factors. Future dividends are subject to declaration by our Board of Directors, and our stock repurchase program does not obligate us to acquire any specific number of shares. However, if we fail to meet any investor expectations related to dividends and/or stock repurchases, the market price of our stock could decline significantly, and could have a material adverse impact on investor confidence. Additionally, price volatility of our stock over a given period may cause the average price at which we repurchase our own stock to exceed the stock’s market price at a given point in time.

Furthermore, speculation in the press or investment community about our strategic position, financial condition, results of operations or business can cause changes in our stock price. These factors, as well as general economic and political conditions and the timing of announcements in the public market regarding new products or services, product enhancements or technological advances by our competitors or us, and any announcements by us of acquisitions, major transactions, or management changes may adversely affect our stock price.

As of April 26, 2024, we had $2.4 billion aggregate principal amount of outstanding indebtedness for our senior notes that mature at specific dates in calendar years 2024, 2025, 2027 and 2030. We may incur additional indebtedness in the future under existing credit facilities and/or enter into new financing arrangements. We may fail to pay these or additional future obligations, as and when required. Specifically, if we are unable to generate sufficient cash flows from operations or to borrow sufficient funds in the future to service or refinance our debt, our business, operating results, financial condition and cash flows will be harmed. Any downgrades from credit rating agencies such as Moody’s Investors Service or Standard & Poor’s Rating Services may adversely impact our ability to obtain additional financing or the terms of such financing and reduce the market capacity for our commercial paper. Furthermore, if prevailing interest rates or other factors result in higher interest rates upon any potential future financing, then interest expense related to the refinance indebtedness would increase.

We depend on the ability of our personnel, inventories, equipment and products to move reasonably unimpeded around the world. Any political, military, terrorism, global trade, world health or other issue that hinders this movement or restricts the import or export of materials could lead to significant business disruptions. For example, the COVID-19 pandemic impeded the mobility of our personnel, inventories, equipment and products and disrupted our business operations. Furthermore, any economic failure or other material disruption caused by natural disasters, including fires, floods, droughts, hurricanes, earthquakes, and volcanoes; power loss or shortages; environmental disasters; telecommunications or business information systems failures or break-ins and similar events could also adversely affect our ability to conduct business. As a result of climate change, we expect the frequency and impact of such natural disasters or other material disruptions to increase. If such disruptions result in cancellations of customer orders or contribute to a general decrease in economic activity or corporate spending on IT, or directly impact our marketing, manufacturing, financial and logistics functions, or impair our ability to meet our customer demands, our operating results and financial condition could be materially adversely affected. Our headquarters is located in Northern California, an area susceptible to earthquakes and wildfires. If any significant disaster were to occur there, our ability to operate our business and our operating results, financial condition and cash flows could be adversely impacted.

Our effective tax rate is influenced by a variety of factors, many of which are outside of our control. These factors include among other things, fluctuations in our earnings and financial results in the various countries and states in which we do business, changes to the tax laws in such jurisdictions and the outcome of income tax audits. Changes to any of these factors could materially impact our operating results, financial condition and cash flows.

Many countries around the world are beginning to implement legislation and other guidance to align their international tax rules with the Organization for Economic Co-operation and Development’s Base Erosion and Profit Shifting Project (“BEPS”) recommendation and related action plans that aim to standardize and modernize global corporate tax policy, including changes to cross-border tax, transfer pricing documentation rules and nexus-based tax incentive practices. As a result, many of these changes, if enacted in whole or in part, could increase our worldwide effective tax rate and harm our operating result, financial condition, and cash flows. Implementation of the BEPS inclusive framework (“Inclusive Framework”), including potential incremental taxes under a new global minimum tax framework known as Pillar Two, is effective in most jurisdictions for fiscal years beginning on or after January 1, 2024. The first fiscal year for which NetApp will be potentially subject to additional taxes under the Inclusive Framework is fiscal year 2025.

Our effective tax rate could also be adversely affected by changes in tax laws and regulations and interpretations of such laws and regulations, which in turn would negatively impact our earnings and cash and cash equivalent balances we currently maintain. Additionally, our effective tax rate could also be adversely affected if there is a change in international operations, our tax structure and how our operations are managed and structured, and as a result, we could experience harm to our operating results and financial condition. For example, on August 16, 2022, the U.S. enacted the Inflation Reduction Act, which includes a corporate minimum tax

and a 1% excise tax on net stock repurchases. We continue to evaluate the impacts of changes in tax laws and regulations on our business.

Current §1A text (2025)

Show full section (12793 words)

Item 1A. Risk Factors

The following discussion and the sections entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” “Quantitative and Qualitative Disclosures About Market Risk” and “Management's Report on Internal Control Over Financial Reporting” reflect our current judgment regarding the most significant risks we face. These risks can and will change in the future.

Risks Related to Our Business and Industry

Global economic and geopolitical conditions have adversely affected and may in the future continue to adversely affect our industry, business operations, and financial performance, including our revenue growth, profitability, financial condition and cash flows.

As a global company, our business is influenced by worldwide economic and market conditions, including, among others, inflation, slower growth, economic downturn or recession, changes in fiscal and monetary policies, higher interest and tax rates, economic uncertainty, political instability, regional conflicts, military warfare, extreme weather events and effects from climate change, natural disasters and pandemics, supply chain interruptions and shortages, changes in laws, reduced consumer confidence and spending, international trade protection measures and disputes (including economic and trade barriers, tariffs, sanctions and export controls), and the threat and potential of retaliatory trade control policies (including retaliatory tariffs). These factors, as well as the fear or anticipation of such conditions, may influence decisions and actions by our key stakeholders and the market generally, and can lead to increased volatility in the IT industry, making it difficult to predict future demand for our products and services. They can also negatively impact the availability of supplies and limit access to capital for our suppliers, customers and partners.

Any of these factors above, as well as other adverse macroeconomic conditions can significantly reduce demand for our products and negatively affect our operating results due to customer concerns about declining demand for their products, reduced asset values, fluctuating energy costs, geopolitical issues, the cost and availability of credit, and the stability of financial institutions, markets, businesses, and governments. These conditions may be widespread, and their resolution could be uncertain. If we are not able to efficiently and effectively resolve such issues in a timely manner, or if our chosen strategies are not successful, then our business, operations and financial condition could be materially adversely impacted. Consequently, these risks and conditions could materially adversely affect our future sales and operating results.

Our business may be negatively impacted by technological trends in our market or our inability to keep pace with rapid industry, technological, and market changes.

The growth in our industry and the markets we compete in is driven by the increasing demand for data, which in turn drives the need for storage and data management solutions. However, our markets could face challenges due to technology transitions, increased storage efficiency, competitive pricing dynamics, changing consumption models, and uncertain macroeconomic conditions. Additionally, the impact of generative artificial intelligence (GenAI) on the storage and data management markets and regulation thereof is still unfolding and could evolve unpredictably.

As customers undergo their information technology (IT) transformations, leveraging modern architectures and hybrid cloud environments, they seek simpler solutions and new consumption models. This shift is directing spending towards transformational projects and architectures like flash storage, hybrid cloud, cloud storage, and IT as a service. The future impact of these trends on both short- and long-term demand for our products is uncertain, and we may struggle to meet customer demand with the expected level of quality and support for new products or services.

Our business may suffer if we fail to keep pace with rapid industry, technological, or market changes, or if our products and services are not well-received in the marketplace. These factors, along with other considerations discussed in this Annual Report on Form 10-K, could lead to a decline in customer demand for our products and services, resulting in decreased revenue on a year-over-year basis, as seen in fiscal 2017, 2020, and 2024. If the overall growth rate of industry declines, if specific markets we compete in experience reduced growth, if storage consumption models change, if our new and existing products and services do not gain customer acceptance, or if we do not adapt our sales programs to market changes, our business, operating results, financial condition, and cash flows could be adversely affected.

The global nature of our business exposes us to risks that could materially harm our operations, revenues, and financial results.

A significant portion of our operations and revenues are derived from outside of the U.S., and most of our products are sourced and manufactured outside of the U.S. We also have research and development, sales, and service centers internationally. Consequently, our international operations and future financial results could be adversely affected by various economic, business, regulatory, social and political factors in foreign countries. These factors include government controls, local political or economic conditions such as recessions, economic downturns, inflation and political uncertainty, economic sanctions, trade protections and regulations, export and import requirements (including but not limited to government and regulatory authorizations), tariffs, investment restrictions, tax

15

policies, treaties or laws, local labor conditions, transportation costs, government spending patterns, geopolitical tensions and uncertainties, acts of terrorism, international conflicts, natural disasters, and adverse public health developments.

Changes in laws or policies governing the terms of foreign trade, and in particular increased trade restrictions, tariffs or taxes on imports from countries where we source and/or manufacture products, including the impact on our suppliers and contract manufacturers who may look to pass through additional costs imposed on them, could have a material adverse effect on our business and financial results. The U.S. government has recently enacted changes to U.S. trade policy and has signaled plans for possible additional changes. For example, the U.S. government has imposed sweeping tariffs on certain products and countries and has signaled that further tariffs may be imposed in the future. The U.S. government's tariffs policy remains fluid, with tariffs on certain countries delayed or reduced in scope, and additional tariffs likely to be forthcoming on other countries or specified products. Additional tariffs and restrictive policies, particularly with respect to the tariffs on Mexico, could have a significant impact on our business and results of operations. The exact magnitude of any potential impact remains uncertain given possible further changes in tariffs and increased tensions with U.S. trading partners targeted by tariffs or other restrictive trade policies. Our risk exposure may increase further if any countries levy retaliatory tariffs, taxes, or other trade restrictions or penalties against the United States or U.S. companies.

Additionally, ongoing trade tensions between the U.S. and China and recent investment restrictions, such as the U.S. Outbound Investment Security Program, could impact our business and operating results. Any increase in tensions between China and Taiwan, including threats of military actions or escalation of military activities, could adversely affect our or our contract manufacturers’ ability to source key supply chain components included in our products. As a result of Russia’s actions in Ukraine, numerous countries and organizations have imposed sanctions and export controls, while businesses, including the Company, have limited or suspended Russian operations. Russia has likewise imposed currency restrictions and regulations and may further take retaliatory trade or other actions, including the nationalization of foreign businesses. These actions could impact our supply chain, pricing, business and operating results and expose us to cyberattacks. In addition, due to the global nature of our business, we are subject to complex legal and regulatory requirements in the U.S. and the foreign jurisdictions in which we operate and sell our products, including antitrust and anti-competition laws, and regulations related to data privacy, data protection, and cybersecurity. We are also subject to the potential loss of proprietary information due to piracy, misappropriation, or laws that may be less protective of our intellectual property rights than U.S. laws. Such factors have had or could have an adverse impact on our business, operating results, financial condition and cash flows.

We face exposure to adverse movements in foreign currency exchange rates as a result of our international operations. These exposures may change over time as business practices evolve, and they could have a material adverse impact on our operating results, financial condition and cash flows. We utilize forward and option contracts in an attempt to reduce the adverse impact of exchange rate fluctuations on certain assets and liabilities. Our hedging strategies may not be successful, and currency exchange rate fluctuations could have a material adverse effect on our operating results and cash flows. In addition, our foreign currency exposure on assets, liabilities, and cash flows that we do not hedge could have a material impact on our financial results in periods when the U.S. dollar significantly fluctuates in relation to foreign currencies.

Moreover, in many foreign countries, particularly in those with developing economies, it is a common business practice to engage in activities that are prohibited by NetApp's internal policies and procedures, or laws and regulations applicable to us. There can be no assurance that all our employees, contractors and agents, as well as those companies to which we outsource certain of our business operations, will comply with these policies, procedures, laws and/or regulations. Any such violation could subject us to fines and other penalties, which could have a material adverse effect on our business, operating results, financial condition and cash flows.

The dynamic markets in which we operate and our sales and distribution structure make it challenging to forecast revenues, and any disruption could harm our business, operating results, financial condition, and cash flows.

We participate in dynamic markets and employ diverse business and sales models, which complicate revenue forecasting. We sell to a wide range of customers across various industries and geographies, both directly and through multiple channels, each with different sales cycles. Most of our sales are made and/or fulfilled indirectly through channel partners, including value-added resellers, systems integrators, distributors, original equipment manufacturers (OEMs), and strategic business partners, including public cloud providers. This structure makes it particularly difficult to predict future revenue, especially within any specific fiscal quarter or year.

Our relationships with our indirect channel partners and strategic business partners are crucial to our success. The loss of one or more of our key indirect channel partners in a particular region, or the failure of our channel or strategic partners, including public cloud providers, to promote our products could negatively impact our operating results. Qualifying and developing new indirect channel partners typically requires significant time and resource investment before achieving acceptable productivity levels.

If we fail to maintain strong relationships with our indirect channel partners and strategic partners, including public cloud providers, if our partners seek to renegotiate or terminate existing contracts or agreements, or if their financial condition, business, or

16

customer relationships weaken, if they fail to comply with legal or regulatory requirements, or if we cease to do business with them for these or other reasons, our business, operating results, financial condition and cash flows could be adversely affected.

Our business, operating results, financial condition, and cash flows could be adversely affected if we are unable to develop, introduce and gain market acceptance for new products and services while managing the transition from older ones, or if we cannot provide the expected level of quality and support for our new products and services.

Our future growth relies on the successful development and introduction of new hardware and software products and services. The complexity of storage and data management software, subsystems and appliances, as well as the challenges in estimating the engineering effort required to produce new products and services, pose significant technical and quality control risks for these new products and services. If we encounter technological challenges, customer reluctance, or other obstacles that prevent us from developing, introducing and gaining market acceptance for new products and services, or if we fail to provide the expected level of product and support quality, our business, operating results, financial condition and cash flows could be materially and adversely affected. Introducing new products and features exposes us to additional financial and operational risks. These include the ability to forecast customer preferences and demand, managing production capacity to meet the demand for new products and services and avoid excessive inventories of older products and components, manage the transition from older products and solutions, and handle the impact of customer demand for new offerings versus those being replaced.

As customers transition from older products to newer ones, delays or decisions to postpone the transition could lead to non-renewal of new offerings, impacting our ability to manage and forecast customer churn and expansion rates. Additionally, uncertainties related to the price-performance of new products compared to competitors, competitors’ responses to our new products, extended evaluation periods by customers, and our partners’ investment in selling our new products add to the inherent risks. If we do not manage these risks effectively, our business, operating results, financial condition, and cash flows could face significant adverse impacts. Furthermore, entering new or emerging markets will likely increase demands on our service and support operations and expose us to additional competition. We may struggle to provide competitive products, services and support for these market opportunities.

Our gross margins may fluctuate.

Our gross margins are influenced by a variety of factors, including macroeconomic volatility, competitive pricing, component and product design costs, inflation, foreign exchange currency fluctuations, and the volume and relative mix of revenues from product sales, software support, hardware support, and other services offerings. Factors such as increased component and labor costs, pricing and discounting pressures, changes in component costs and product prices, or shifts in revenue mix and volume from different offerings could negatively impact our revenues, gross margins or earnings.

Additionally, our gross margins are affected by the cost of any substandard materials and our sales and distribution activities, including pricing actions, rebates, sales initiatives, discount levels, and the timing of service contract renewals. Third-party component costs make up a significant portion of our product costs. We may have difficulty managing these costs if supplies of certain components, including NAND, become limited or component prices rise. Such limitations could increase our product costs.

We have experienced, and may continue to experience, negative impacts on our gross margins due to rising component costs, logistics costs, tariffs and other trade barriers, and inflationary pressures. An increase in component or design costs relative to our product prices could harm our gross margins and earnings. Failure to sustain or improve our gross margins may have a material adverse effect on our business and stock price.

Issues related to the development and use of artificial intelligence (AI), including GenAI, could lead to legal or regulatory action, damage our reputation, or otherwise materially harm our business.

As a technology company at the forefront of AI innovation, our business faces potential risks associated with the rapidly evolving regulatory landscape for AI. Governments and regulatory bodies worldwide are increasingly enacting new laws and guidelines to address the ethical, privacy, and security implications of AI technologies. Non-compliance, even if inadvertent or without our knowledge, with these emerging regulations could result in legal and financial penalties, reputational damage, and operational disruptions. Additionally, the diverse and sometimes conflicting nature of international AI regulations may pose challenges in maintaining consistent compliance across different jurisdictions. The complexity and novelty of these laws may also require investments in compliance infrastructure, including enhanced data governance frameworks, algorithmic transparency, and bias mitigation strategies.

We are increasingly building and/or leveraging AI technology in certain products, services, and business operations, and our research and development in this area is ongoing. As with many innovations, AI presents risks, challenges, and potential unintended consequences that could affect our and our customers’ adoption and use of this technology. AI algorithms and training methodologies may be flawed, and AI technologies are complex and rapidly evolving. We face significant competition in the market and from other companies regarding such technologies.

17

We may be unsuccessful in identifying or resolving ethical and legal issues presented by the use of AI before they arise. AI-related issues, deficiencies and/or failures could result in (i) legal or regulatory action, including to enforce new legislation regulating AI in various jurisdictions where we operate, and the application of existing data protection, privacy, intellectual property, and other laws; (ii) damage to our reputation; (iii) time-consuming and costly litigation, including related to intellectual property; (iv) inability to protect our intellectual property; (v) disclosure of our confidential information or (vi) other material harm to our business. If regulation significantly delays or impedes the adoption of AI, we may not be able to meet our development goals or our sales forecasts.

Increasing competition and industry consolidation could harm our business, operating results, financial condition and cash flows.

Our markets are highly competitive, fragmented, and characterized by rapidly changing technology. We face competition from many companies, including established public companies, newer public companies with a strong focus on flash storage, and new market entrants targeting opportunities in GenAI and application data management for Kubernetes. Some competitors offer a broad range of IT products and services (full-stack vendors), while others offer a more limited set.

Technology trends, such as GenAI, hosted or public cloud storage, software as a service (SaaS), IT as a service, and flash storage are driving significant changes in storage architectures and solution requirements. Cloud service providers offer storage on demand without requiring capital expenditure, which meets rapidly evolving business needs and has altered the competitive landscape. Competitors may develop new technologies, products, or services ahead of us or establish new business models, more flexible purchase models, or disruptive technologies. By extending our offerings in flash, cloud storage, converged infrastructure, and block storage, and GenAI, we are entering new segments and facing competition from both traditional competitors and emerging competitors. The long-term potential and competitiveness of emerging vendors remains uncertain.

New competitors or alliances among existing competitors could emerge and quickly gain significant market share or buying power. Changes in customer requirements or increased industry consolidation could result in stronger competitors better able to compete. Additionally, current and potential competitors may establish cooperative relationships among themselves or with third parties, including some of our partners or suppliers. For additional information regarding our competitors, see the section entitled “Competition” contained in Part I, Item 1 - Business of this Annual Report on Form 10-K.

Transition to consumption-based business models may adversely affect our revenues and profitability in other areas of our business, potentially harming our business, operating results, financial condition and cash flows.

We offer customers a variety of consumption models, including cloud-based storage services and storage as a service (STaaS) delivered on-premises. As these business models continue to evolve, we may face challenges in competing effectively, generating significant revenues, or maintaining the profitability of our consumption-based offerings. Additionally, the growing prevalence of cloud and SaaS delivery models offered by us and our competitors may reduce overall demand for our traditional on-premises offerings sold through a capital expenditure (capex) model, which could negatively impact our revenues and cash flow, at least in the short term. Failure to successfully execute our consumption model strategy or anticipate customer needs could lead to a decline in our revenues and our profitability could decline.

As customer demand for our consumption model offerings increases, we will encounter differences in the timing of revenue recognition compared to our traditional purchase arrangements. Revenue from traditional purchases is generally recognized in full at the time of delivery, whereas revenue from consumption model offerings is generally recognized ratably over the term of the arrangement. We incur certain expenses related to the infrastructure and marketing of our consumption model offerings before we can recognize the associated revenues.

If we are unable to attract and retain qualified personnel, our business, operating results, financial condition and cash flows could be harmed.

Our success depends on our ability to hire and retain qualified personnel to advance our corporate strategy and maintain key aspects of our corporate culture. As our future success relies on enhancing and introducing new products and features, we particularly need to attract and retain qualified engineers and technical talent, especially in emerging technology areas like AI and machine learning. To increase revenues, we must also increase the productivity of our sales force, which may require an increase in support infrastructure and personnel, to achieve adequate customer coverage.

Competition for qualified employees, particularly in the technology industry, is intense. We have periodically reduced our workforce, including restructuring plans announced in fiscal 2023, fiscal 2024, and fiscal 2025, respectively. These actions may make it more challenging to attract and retain qualified employees. Failure to hire and retain skilled management and personnel, particularly engineers, salespeople, and key executive management, could disrupt our development efforts, sales results, business relationships, and our ability to execute our business plan and strategy, adversely affecting our operating results, financial conditions and cash flows.

18

Many of our employees participate in our hybrid work program and work remotely on a full- or part-time basis. Changes to our office environments, including the adoption of new work models and our requirements and/or expectations about when or how often certain employees work on-site or remotely may not meet the expectations of our employees, and may create challenges in attracting and retaining qualified personnel, adversely affecting our business operations and financial performance.

Additionally, many of our employees are foreign nationals relying on visas and entry permits to work legally in the U.S. and other countries, and may be dependent on licenses to work with controlled technology. Restrictions or difficulties in obtaining H-1B, L-1 and other business visas, as well as licenses to work with controlled technologies, along with compliance with new immigration and labor laws and unintended impacts from changes in immigration policy or in the enforcement of existing immigration laws and policies, could lead to unexpected labor costs and hinder our ability to retain and attract skilled professionals, negatively impacting our business, results of operations or financial conditions.

Equity grants are a crucial part of our compensation programs, supporting talent attraction and engagement and aligning employee interests with stockholders. A competitive broad-based equity compensation program is essential to compete for talent in both the hardware and software industries, where competitors offer significant equity compensation. Reducing, modifying, or eliminating our equity programs, or failing to grant equity competitively, may hinder our ability to attract and retain critical employees.

Furthermore, the structure of our sales, cash, and equity incentive compensation plans may increase the risk of losing employees at certain times, such as after the payment of periodic bonuses or the vesting of equity awards.

Our acquisitions or divestitures may not achieve the expected benefits and could increase our liabilities, disrupt our existing business, and harm our operating results, financial condition and cash flows.

As part of our strategy, we may seek to acquire other businesses and technologies to complement our current products and services, expand our market reach, or enhance our technical capabilities. The benefits we have received, and expect to receive, from these and other acquisitions depend on our ability to successfully conduct due diligence, negotiate the terms of the acquisition and integrate the acquired business into our systems, procedures and organizational structure. We may also divest businesses, product lines, or divisions that no longer align with our current offerings. For example, we sold our FinOps business to Flexera in fiscal 2025. Realizing the benefits we would expect to receive from a divestiture would depend on our ability to manage the separation of operations, services, products, and personnel, in addition to other risks.

Any inaccuracy in our assumptions or failures to identify and mitigate liabilities or risks associated with an acquisition or divestiture – such as differing or inadequate cybersecurity and data privacy protection controls or contractual limitations of liability – could reduce or eliminate the expected acquisition or divestiture benefits. If we fail to make acquisitions or divestitures on favorable terms, integrate or divest the subject business or assets as planned, or retain or separate key employees, our costs could increase, our operations could be disrupted, and we could face additional liabilities, investigations and litigation. This could harm our strategy, business, and operating results. Additionally, the failure to achieve expected benefits from acquisitions or divestitures may result in impairment charges for goodwill and intangible assets.

Risks Related to Our Operations

We often incur expenses before receiving related benefits, and it may be difficult to reduce expenses quickly if demand declines.

We base our expense levels partly on future revenue expectations, and a significant portion of our expenses are fixed. Reducing these fixed costs quickly can be challenging, and if our revenue falls below expectations, our operating results could be adversely impacted. During periods of uneven growth or decline, we may incur costs before realizing the anticipated benefits, which could also harm our operating results.

We have made, and will continue to make, significant investments in engineering, sales, service and support, marketing, and other functions to support and grow our business. The costs associated with these investments are likely to be recognized earlier than some of the related anticipated benefits, such as revenue growth. Additionally, the return on these investments may be lower or may develop more slowly than we expect, which could harm our business, operating results, financial condition and cash flows.

Initiatives to improve our cost structure, business processes, and systems may not achieve the expected benefits and could negatively impact our reputation, business, operating results, financial condition and cash flows.

We continuously strive to make our cost structure and business processes more efficient, including by relocating our business activities from higher-cost to lower-cost locations, outsourcing certain business processes and functions, and implementing changes to our business information systems. These efforts require significant investment of financial and human resources and substantial changes to our current operations. For example, in fiscal 2025, we continued our implementation of certain new business information systems, including a new enterprise resource planning (ERP) system to enhance and standardize our processes, improve oversight, and better serve our customers. However, any disruption during this transition could impact our ability to send and track invoices, process

19

vendor payments, pay employees, fulfill contractual obligations, report financial results, maintain effective internal controls, or operate our business effectively.

We may also encounter difficulties in implementing new business information systems or maintaining and upgrading existing systems and software. These difficulties could lead to significant expenses or losses due to unexpected additional costs, disruption in business operations, loss of sales or profits, or delays in processing and reporting key financial information. As a result, our business, results of operations, financial condition and prospects could be materially adversely affected.

Additionally, as we move operations to lower-cost jurisdictions and outsource certain business processes, we become subject to new regulatory regimes and lose control of certain aspects of our operations, increasing our dependence upon third-party systems and processes. If we fail to move operations, outsource processes, or implement new information in compliance with local laws and maintain adequate standards, controls and procedures, the quality of our products and services may suffer, and we may face increased litigation risk. These issues could adversely affect our business, operating results, and financial condition.

If we do not achieve the expected benefits of these and other transformational initiatives, our business, operating results, financial condition, and cash flows could be harmed.

We are exposed to credit risks, fluctuations in the market value of our investment portfolio, and potential adverse effects on our cash and cash equivalents if the financial institutions holding them fail.

We maintain an investment portfolio of various holdings, types, and maturities. The credit ratings and pricing of our investments can be negatively affected by factors such as volatile macroeconomic conditions, liquidity issues, credit deterioration, financial results, economic risk, political risk, sovereign risk, or other factors. Consequently, the value and liquidity of our investments and their returns may fluctuate significantly. Unfavorable macroeconomic conditions, rising interest rates, international trade protection measures and disputes (including economic and trade barriers, tariffs, sanctions and export controls), or other circumstances could lead to an economic slowdown or global recession, potentially causing failures of counterparties, including financial institutions, governments, and insurers. This could materially decrease the value of our investment portfolio and substantially reduce our investment returns.

We regularly maintain cash balances at large third-party financial institutions that exceed the Federal Deposit Insurance Corporation (FDIC) insurance limit of $250,000 and similar regulatory insurance limits outside the United States. If a depository institution where we maintain deposits fails or faces adverse financial or credit markets conditions, we may not be able to recover all of our deposits, which adversely impacts our operating liquidity and financial performance.

Additionally, if our customers or partners experience liquidity issues due to financial institution defaults or non-performance where they hold cash assets, their ability to pay us may be impaired. This could materially affect our results of operations, including the collection of accounts receivable and cash flows.

Our initiatives and disclosures related to sustainability and corporate responsibility matters expose us to risks that could adversely affect our reputation and performance.

We have publicly announced, and may continue to establish and announce, initiatives regarding sustainability and corporate responsibility matters, as well as other related matters in our Impact Report, on our website and elsewhere. These statements, which are included in our Impact Report, on our website, in our SEC filings, and elsewhere, reflect our current plans and aspirations but are not guarantees of achievement. Implementing these initiatives and goals can be challenging and costly, and our current plans and aspirations may not all succeed or be achieved in the way and on the timelines we expect or at all. While these initiatives and goals are not a critical part of our business operations and may not significantly impact our financial performance directly, they are an important part of our business ethos and corporate culture that we believe is valued and appreciated by our investors and key stakeholders.

There is growing attention from governments, investors, customers, employees, and other stakeholders on sustainability and corporate responsibility matters, and laws and regulations regarding disclosure, reporting and diligence requirements continue to evolve. We may face scrutiny from stakeholders regarding the scope or nature of our sustainability and corporate responsibility initiatives or any changes to these initiatives. In addition, state attorneys general and other governmental authorities may take action against certain sustainability and corporate responsibility policies or practices, and we may become subject to restrictions on sustainability and corporate responsibility initiatives. Incomplete or inaccurate sustainability and corporate responsibility-related data, failure to achieve sustainability and corporate responsibility goals, or government enforcement actions or litigation relating to sustainability and corporate responsibility initiatives could negatively impact our ability to attract or retain employees, our attractiveness as an investment or business partner, and ultimately our business, financial performance, and growth.

Risks Related to Our Customers and Sales

A portion of our revenues is generated by large, recurring purchases from various customers, resellers and distributors.

20

A significant portion of our net revenues rely on sales to a limited number of customers and distributors. We typically do not enter into binding long-term purchase commitments with our customers, resellers, and distributors, meaning there is no guarantee that we will continue to receive large, recurring orders from them. For instance, our reseller agreements generally do not require minimum purchases, and our customers, resellers, and distributors can stop purchasing and marketing our products at any time. The loss, cancellation, or delay of purchases has previously impacted our revenues and could again in the future.

Any deterioration in the financial stability of our customers, resellers, and distributors, or their ability to obtain credit to finance purchases of our products, could significantly adversely affect our results of operations and cash flow. If any of our key customers, resellers, or distributors changes its pricing practices, reduces the size or frequency of its orders, or stops purchasing our products altogether, our operating results, financial condition, and cash flows could be materially adversely impacted. Additionally, major customers may seek pricing, payment, intellectual property-related, or other commercial terms that are less favorable to us, which could negatively impact our business, cash flow, and operating results.

If we are unable to maintain and develop relationships with strategic partners, our revenues may be harmed.

Our growth strategy relies on developing and maintaining strategic partnerships with major third-party software and hardware vendors to integrate our products into their products and co-market them. Many of our strategic partners are industry leaders that provide us with expanded access to market segments where we do not directly participate. Strategic partnerships with public cloud providers and other cloud service vendors are particularly critical to the success of our cloud-based business.

However, there is intense competition for attractive strategic partners, and these relationships may not be exclusive, may not generate significant revenues, and may be terminated on short notice. Some of our partners also collaborate with our competitors, which can increase the availability of competing solutions and hinder our ability to grow these relationships. Additionally, some partners, especially large and diversified technology companies, including major cloud providers, are also our competitors, complicating our relationships.

If we are unable to establish new or maintain current partnerships, if our strategic partners prioritize their relationships with other vendors in the storage industry, if our strategic partners seek to renegotiate or terminate our agreements, or if our strategic partners increasingly compete with us, we could experience lower-than-expected revenues, delays in product development, and other adverse effects on our business, operating results, financial condition and cash flows.

Our success depends upon our ability to effectively plan and manage our resources and periodically restructure our business, which may adversely affect our business, operating results, financial condition, and cash flows.

To successfully offer our products and services in a rapidly evolving market, we need effective planning, forecasting, and management processes that allow us to scale and adjust our business in response to changing market opportunities and conditions.

In fiscal 2024 and fiscal 2025, we reorganized our sales resources, including changes and additions to our sales leadership team, to gain operational efficiencies and better align our resources with customer and market opportunities. However, such reorganization and ongoing adjustments to our go-to-market model could disrupt our sales cycles in the short- or long-term, may not yield the desired efficiencies and benefits, and could harm our operating results, financial condition, and cash flows.

We have undertaken, and may in the future undertake, initiatives that include reorganizing our workforce, restructuring, discontinuing certain products, acquisitions and dispositions of businesses, reducing facilities, or a combination of these actions, which could result in restructuring charges. Rapid changes in the size, alignment, or organization of our workforce, including our business unit structure, structure of our sales team, and sales account coverage, could impair our ability to develop, sell and deliver products and services as planned, or hinder our ability to achieve our business and financial objectives. Charges associated with these activities could harm our operating results.

Our ability to achieve the anticipated cost savings and other benefits from these initiatives depends on many estimates and assumptions, which are subject to uncertainties. If our estimates and assumptions are incorrect, if we are unsuccessful at implementing changes, or if other unforeseen events occur, our business, financial condition, and results of operations could be adversely affected.

Reduced U.S. government demand could materially harm our business, operating results, financial condition and cash flows.

The U.S. government is an important customer for us, but its demand is uncertain due to political and budgetary fluctuations and constraints. Uncertainty related to the U.S. government budget and debt levels, changes to governmental agency structure, compliance with new initiatives and executive orders, and reductions in force have increased demand uncertainty for our products. Changes in administration may also lead to programs and initiatives moving in or out of favor, which may lead to varied perception of our company in the U.S. government market and may negatively impact our sales to the U.S. government. Additionally, the U.S. government, like other customers, may evaluate competing products and delay purchases during technology transitions in the storage

21

industry. If the U.S. government or its agencies reduce or shift their IT spending patterns, our revenues and operating results may be adversely affected.

Selling our products to the U.S. government, whether directly or through channel partners, subjects us to specific regulatory and contractual requirements, which may change or increase at short notice. Some of these requirements may extend past the specific nature and products of the arrangement and impact our broader corporate policies, initiatives and employee resources. Failure to comply with these requirements by either us or our channel partners could lead to investigations, fines, and other penalties (including the loss of such government contracts), harming our operating results and financial condition. For example, the U.S. Department of Justice (DOJ) has previously pursued claims and settlements with IT vendors, including us and our competitors and channel partners, under the False Claims Act and other statutes related to violations of regulatory and contractual requirements, which may include such areas as pricing and discount practices, cybersecurity, or procurement integrity. These actions, in addition to potential fines and other penalties as well as potential government audits and investigations, could also result in suspension or disbarment from future government contracts. Additionally, government certification requirements may change and, in doing so, restrict our ability to sell into the government sector until we have attained revised certifications (or are able to make the required certifications to the government). We could also be harmed by claims of non-compliance with these requirements by us or our channel partners. Any of these outcomes could materially adversely affect our business, operating results, financial condition and cash flows. In response to evolving and increasing security threats, the U.S. government has imposed additional requirements on IT vendors, including us. These requirements range from software development security (e.g., the Executive Order on Improving the Nation’s Cybersecurity (EO 14028), issued in May 2021, to require attestation to minimum requirements for our software development framework), to supply chain security (e.g., Section 5949 of the FY23 National Defense Authorization Act (NDAA) prohibits us from including in our products or using in our corporate environment certain semiconductor products and services), to cybersecurity (e.g., the U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program). Failure to meet these requirements as they apply to us and our products may result in delays or inability to execute contracts with customers, particularly with government entities.

If we do not achieve forecasted sales orders in any quarter, our operating results, financial condition and cash flows could be harmed.

We derive a significant amount of our revenues in any given quarter from orders booked in the same quarter. These orders typically follow intra-quarter seasonality patterns, with a significant portion occurring toward the end of the quarter. If we fail to achieve the forecasted level, timing, and mix of orders in line with our quarterly targets and historical patterns, or if we experience cancellations of significant orders, our operating results, financial condition and cash flows could be adversely affected.

We are exposed to the credit and non-payment risk of our customers, resellers and distributors, especially during times of economic uncertainty and tight credit markets, which could result in material losses.

Most of our sales to customers are on an open credit basis, with typical payment terms of 30 days. During periods of economic uncertainty, when access to liquidity may be limited, we may experience increased losses as more customers become unable to pay their obligations to us, either in full or in part. Additionally, some customers have entered into recourse and non-recourse financing leasing arrangements using third-party leasing companies. Under recourse leases, which typically last three years or less, we remain liable for the unpaid remaining lease payments to the third-party leasing companies if the end-user customer defaults.

Our exposure to credit risks from our customers increases during economic uncertainty or volatility. This risk may further increase if our customers, their customers, or their lease financing sources are adversely affected by global economic conditions.

Risks Related to Our Products and Services

Any disruption to our supply chain could materially harm our business, operating results, financial condition and cash flows.

We do not manufacture certain components used in our products. We rely on third parties to manufacture critical components and handle associated logistics. Our lack of direct control over these elements, combined with the diverse international geographic locations of our manufacturing partners and suppliers, creates significant risks for us, including:

•Limited number of suppliers for certain components;

•No guarantees of supply and limited ability to control the quality, quantity and cost of our products or of their components;

•Potential for binding price or purchase commitments with our suppliers at higher than market rates;

•Limited ability to adjust production volumes in response to our customers’ demand fluctuations;

•Labor and political unrest at facilities we do not operate or own;

22

•Geopolitical disputes, acts of terrorism, cyber attacks and hacktivism disrupting our supply chain;

•Impacts on our supply chain from adverse public health developments;

•Business, regulatory compliance, legal compliance, litigation, trade controls and financial concerns affecting our suppliers or their ability to manufacture and ship components in the quantities, quality and manner as required; and

•Disruptions due to floods, earthquakes, storms, fires and other natural disasters, especially those caused by climate change, and particularly in countries with limited infrastructure and disaster recovery resources.

These risks have subjected us, and could in the future subject us, to supply constraints, price increases, and minimum purchase requirements, which could harm our business, operating results, financial condition, and cash flows. The risks associated with our outsourced manufacturing model are particularly acute when we transition products to new facilities or manufacturers, introduce and increase volumes of new products, or qualify new contract manufacturers or suppliers. During these times, our ability to manage relationships among ourselves, our manufacturing partners, and our component suppliers, becomes critical. New manufacturers, products, components, or facilities create increased costs and risk that we will fail to deliver high quality products in the required volumes to our customers. Any failure of a manufacturer or component supplier to meet our quality, quantity or delivery requirements in a cost-effective manner will harm our business, including customer relationships and as a result could harm our operating results, financial condition and cash flows. Additionally, disruption to our manufacturing operations, or those of our contract manufacturers, could significantly impact our ability to supply our customers and could produce a near-term severe impact on the Company.

We rely on a limited number of suppliers for critical product components.

We depend on a limited number of suppliers for drives and other components used in assembling our products, including some single-source suppliers. This reliance has subjected us, and could in the future subject us, to price rigidity, periodic supply constraints, and challenges in producing our products with the required quality and quantities. Consolidation among suppliers, particularly within the semiconductor and storage media industries, has led to price volatility and supply constraints. When industry supply is constrained or the supply chain is disrupted, our suppliers may allocate volumes away from us and to our competitors, who depend on many of the same suppliers as we do. As a result, our business, operating results, financial condition and cash flows may be adversely affected.

If a material cybersecurity or other security breach impacts our services, systems, supply chain, or end-user customer systems, or if stored data is improperly accessed, our business could suffer significant harm.

We store and transmit, and sell products and services that store and transmit, personal, sensitive and proprietary data related to our products, our employees, customers, clients, partners (including third-party vendors such as data centers and providers of SaaS, cloud computing, and internet infrastructure and bandwidth), and their respective customers. This data includes intellectual property, records, and personal information. It is critical to our business strategy that our infrastructure, products, and services remain secure and are perceived as secure by customers, clients, and partners.

There are numerous and evolving cybersecurity and privacy risks, including criminal hacking (eCrime), state-sponsored intrusions, industrial espionage, hacktivism, insider threats, inadvertent disclosure, ransomware attacks, social-engineering, exploitation of unpatched or unmanaged vulnerabilities, cyber-attacks to the Company’s service providers, suppliers or vendors, technological vulnerabilities, or destruction or other misuse of data that could harm the Company, operations or our competitive position. In some cases, these types of attacks have been successful. Increasing use of AI in techniques employed by threat actors will continue to increase the risk of successful attacks, while also providing opportunities for improved attack detection and prevention capabilities. Our information systems and data have been specifically targeted by various threat actors, including nation-state affiliated threat actors, and we expect that our information systems and data will continue to be targeted in the future. Cybersecurity incidents or other security breaches have in the past and could in the future result in: (1) unauthorized access to, or loss or unauthorized use, alteration, or disclosure of, personal, sensitive and/or proprietary data; (2) litigation, indemnity obligations, government investigations and proceedings, regulatory fines and penalties, and other possible liabilities; (3) revenue loss; (4) negative publicity and damage to our reputation; and (5) disruptions to our internal and external operations.

These outcomes could damage our reputation, harm our business, and lead to significant liabilities. Additionally, a cybersecurity incident or loss of personal information has in the past and could in the future result in remediation costs, disruption of internal operations, increased cybersecurity protection costs, significant fines, and/or lost revenues.

Our clients and their customers use our platforms to transmit and store sensitive data. We do not generally have the ability to review the information or content they upload and store, nor do we control the substance of this information or content. If our employees, clients, partners, or their respective customers use our platforms for the transmission or storage of sensitive information, or our supply-chain cybersecurity is compromised and our security measures are breached as a result of third-party action, employee

23

error, malfeasance, stolen or fraudulently obtained log-in credentials or otherwise, our reputation could be damaged, our business may be harmed and we could incur significant liabilities.

Security industry experts and U.S. government officials continue to emphasize risks to our industry. Cyber-attacks and security breaches continue to increase, and of particular concern are supply-chain attacks against software development and breaches of technology service providers. We anticipate that cyberattacks will continue to increase in the future given cyber warfare has become a consistent lever within geopolitical conflicts and increasingly leverages hacktivism. We cannot give assurance that we will always be successful in preventing or repelling unauthorized access to our systems. We also may face delays in our ability to identify or otherwise respond to any cybersecurity incident or any other breach. Future cyber-attacks or incidents could persist undetected in our environments for a period of time. Additionally, we use third-party service providers to provide some services to us that involve the storage or transmission of data, such as SaaS, cloud computing, and internet infrastructure and bandwidth, and they face various cybersecurity threats and also may suffer cybersecurity incidents or other security breaches. While we conduct diligence on these third parties, our ability to monitor these third parties’ information security practices is limited, and these third parties may not have adequate information security measures in place. In addition, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties’ infrastructure in our supply chain or our third-party partners’ supply chains have not been or will not be compromised. Many jurisdictions require companies to notify regulators or individuals of data security incidents involving certain types of personal data. These mandatory disclosures regarding security incidents often lead to widespread negative publicity. The risk of reputational harm may be magnified by the rapid dissemination of information online. Any security incident, loss of data, or other security breach, whether actual or perceived, or whether impacting us or our third-party service providers, could harm our reputation, erode customer confidence in the effectiveness of our data security measures, negatively impact our ability to attract new customers, cause existing customers to elect not to renew their support contracts or their SaaS subscriptions, or subject us to third-party lawsuits, regulatory fines or other action or liability, which could materially and adversely affect our business and operating results.

There can be no assurance that the limitations of liability in our contracts would be enforceable or adequate or would otherwise protect us from any such liabilities or damages with respect to any particular claim. Our existing general liability insurance coverage, cybersecurity insurance coverage and coverage for errors and omissions may not continue to be available on acceptable terms or may not be available in sufficient amounts to cover one or more large claims, or our insurers may deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceeds available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, operating results, financial condition and cash flows.

If a data center or other third-party who relies on our products experiences a disruption in service or a loss of data, such disruption could be attributed to the quality of our products.

Our clients, including data centers, SaaS providers, cloud computing services and internet infrastructure and bandwidth providers, rely on our products for their data storage needs. These clients may authorize third-party technology providers to access their data on our systems. Errors or wrongdoing by clients, their customers, or third-party technology providers resulting in actual or perceived security breaches may result in such actual or perceived breaches being attributed to us.

A failure to meet our customers’ and partners’ expectations regarding security and confidentiality, due to disruptions in services provided by third-party vendors or the loss or alteration of data stored by such vendors, could cause financial or reputational harm to our business. This harm could occur if the disruption or data loss is caused by, or perceived to be caused by, defects in our products. The risk of reputational harm may be magnified by the rapid dissemination of information over the internet, including through news articles, blogs, social media, and other online communication forums and services. This could affect our ability to retain clients and attract new business.

Additionally, our operations and select cloud services rely on third-party cloud providers. Interruptions due to technical failures such as hardware or software issues or connectivity problems, security incidents, compliance changes, operational challenges and natural disasters could reduce revenue due to the cloud services’ metered billing and could pose reputational risks. Moreover, dependence on key cloud infrastructure providers carries systemic risks, as we could face amplified reputational damage if observability features fail during client outages.

Failure to comply with new and existing laws and regulations related to privacy, data protection, AI and information security could cause harm to our reputation, result in liability (including regulatory penalties and litigation), and adversely impact our business.

Our business is increasingly subject to regulation by various federal, state and international governmental agencies responsible for enacting and enforcing laws and regulations relating to privacy, data protection, and information security. For example, since the EU’s General Data Protection Regulation became effective in 2018, the Court of Justice of the EU has issued rulings that have impacted how multinational companies must implement that law and the European Commission (EC) has published new regulatory

24

requirements relating to cross-border data transfers. NetApp relies on compliance methods such as Standard Contractual Clauses (SCCs) to transfer personal data of individuals located in the European Economic Area (EEA) to other countries. In June 2021, the EC imposed new SCC requirements which impose certain contractual and operational requirements on NetApp and its contracting parties, including requirements related to government access transparency, enhanced data subject rights, and broader third-party assessments to ensure safeguards necessary to protect personal data transferred from NetApp or its partners to countries outside the EEA, requiring NetApp to revise customer and vendor agreements. Other global governments have adopted new privacy and data protection laws implementing similarly comprehensive regulatory frameworks.

The interpretation and application of many privacy, data protection, and information security laws and regulations, along with industry standards, are uncertain. These laws, regulations, or standards may be interpreted and applied in ways that are inconsistent with our data management practices or product features. Additionally, government certification requirements for products like ours may change and, in doing so, restrict our ability to sell into the government sector until we have attained revised certifications. Any failure, or perceived failure, by us or our business partners to comply with relevant laws, regulations, contractual commitments, required certifications, self-regulatory standards, or our policies could subject us to claims, investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages, civil and criminal liability, penalties, or injunctions.

As a technology provider, our customers expect us to demonstrate compliance with privacy, data protection, and information security laws and regulations. Our inability, or perceived inability, to do so may adversely impact sales of our products and services, especially to customers in highly regulated industries. We have invested resources in complying with new laws and regulations and may need to make additional significant changes to our business operations, which could adversely affect our revenue and overall business. Non-compliance could harm our reputation and brand, incur significant costs, materially affect our financial and operating results, and require modifications to our products or business practices.

Our business could face stricter obligations, greater fines, and private causes of action under new privacy, data protection, and information security laws and regulations, including the GDPR, which provides for penalties of up to 20 million Euros or four percent of our total worldwide annual turnover of the preceding financial year (whichever is higher), the California Consumer Privacy Act, the California Privacy Rights Act, and other similar U.S. state-based regulations, as well as new and emerging privacy laws globally.

As NetApp provides technology services to EU financial institutions, the Digital Operational Resilience Act (DORA) imposes financial and legal risks. These include compliance costs for enhancing cybersecurity, performing resilience testing, requiring comprehensive documentation, increased audits, and detailed reporting. Stricter contractual obligations will be imposed by financial institution clients, necessitating more robust incident reporting and data protection measures. Non-compliance could result in legal liabilities, suspension of services and reputational damage. Additionally, NetApp must ensure that its subcontractors and suppliers also comply with DORA requirements, further increasing the complexity and potential liability.

If our products or services are defective, or are perceived to be defective, including as a result of improper use or maintenance, our operating results and customer relationships may be harmed.

Our products and services are complex. We have experienced in the past, and expect to experience in the future, quality issues impacting certain products, and we could experience reliability issues with services we provide, including security vulnerabilities, software bugs, hardware failure in networked storage appliances, incompatibility issues with customer systems or other applications, performance deficiencies causing slow data retrieval or processing, firmware or software updates causing system instability, compliance with various product certifications, and data breaches due to flaws in the product design. Such quality and reliability issues may be due to, for example, our own designs or processes, the designs or processes of our suppliers, and/or flaws in third-party software used in our products. These types of risks are most acute when we are introducing new products. Quality or reliability issues have and could again in the future cause customers to experience outages or disruptions in service, data loss or data corruption. If we fail to remedy a product defect or flaw, we may experience a failure of a product line, temporary or permanent withdrawal from a product or market, damage to our reputation, loss of revenue, inventory costs or product reengineering expenses and higher ongoing warranty and service costs, and these occurrences could have a material impact on our gross margins, business and operating results. In addition, we exercise little control over how our customers use or maintain our products and services, and in some cases improper usage or maintenance could impair the performance of our products and services, which could lead to a perception of a quality or reliability issue. Customers may experience losses that may result from or are alleged to result from defects or flaws in our products and services, which could subject us to claims for damages, including consequential damages.

Changes in regulations relating to our products or their components, or the manufacture, sourcing, distribution or use thereof, may harm our business, operating results, financial condition and cash flows.

The laws and regulations governing the manufacturing, sourcing, distribution and use of our products have become increasingly complex and stringent. For example, in addition to various environmental laws relating to carbon emissions, the use and discharge of hazardous materials, and the use of certain minerals originating from identified conflict zones, many governments, including the U.S.,

25

the United Kingdom, and Australia, have adopted regulations to address the risk of human trafficking in supply chains, which govern how workers are recruited and managed.

We incur costs to comply with these requirements. Given the complexity of our supply chain, we may face reputational harm if our customers or other stakeholders conclude that we are unable to verify sufficiently the origins of the minerals used in the products we sell or the actions of our suppliers with respect to workers. As the laws and regulations governing our products continue to expand and change, our costs are likely to rise, and the failure to comply with any such laws and regulations could subject us to business interruptions, litigation risks and reputational harm.

Any violation of U.S. export control laws and other laws affecting the countries in which our products and services may be sold, distributed, or delivered could have a material and adverse effect on our business, operating results, financial condition and cash flows.

Due to the global nature of our business, we are subject to import and export restrictions and regulations, including the Export Administration Regulations administered by the Commerce Department’s Bureau of Industry and Security (BIS) and the trade and economic sanctions regulations administered by the Treasury Department’s Office of Foreign Assets Control (OFAC). The U.S., through the BIS and OFAC, places restrictions on the sale or export of certain products and services to certain countries, entities, and persons, including most recently to Russia, Belarus and regions of Ukraine. These regulations have caused us to temporarily stop selling or servicing our products temporarily in restricted areas.

Violators of export control and sanctions laws may be subject to significant penalties, which may include significant monetary fines, criminal proceedings against them and their officers and employees, a denial of export privileges, and suspension or debarment from selling products to the federal government. Our products could be diverted by third parties (including potentially our channel partners) to countries or end users under sanctions / embargo orders, despite our precautions.

If we were ever found to have violated U.S. export control laws or any trade-related laws or regulations, even if inadvertent or without our knowledge, we may be subject to various penalties available under the laws, any of which could have a material and adverse impact on our business, operating results and financial condition. Even if we were not found to have violated such laws, the political and media scrutiny surrounding any governmental investigation of us could cause us significant expense and reputational harm. Such collateral consequences could have a material adverse impact on our business, operating results, financial condition and cash flows.

Our failure to protect our intellectual property could harm our business, operating results, financial condition and cash flows.

Our success depends significantly upon developing, maintaining and protecting our proprietary technology. We rely on a combination of patents, copyrights, trademarks, trade secrets, confidentiality procedures and contractual provisions with employees, resellers, strategic partners and customers, to protect our proprietary rights. We currently have multiple U.S. and international patent applications pending and multiple U.S. and international patents issued. The pending applications may not be approved, and our existing and future patents may be challenged. If such challenges are brought, the patents may be invalidated. We may not be able to develop proprietary products or technologies that are patentable, and patents issued to us may not provide us with any competitive advantages and may be challenged by third parties. Further, the patents of others may materially and adversely affect our ability to do business. In addition, a failure to obtain and defend our trademark registrations may impede our marketing and branding efforts and competitive condition. Litigation may be necessary to protect our proprietary technology. Any such litigation may be time-consuming and costly. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. In addition, the laws of some foreign countries do not protect proprietary rights to as great an extent as do the laws of the U.S. Our means of protecting our proprietary rights may not be adequate or our competitors may independently develop similar technology, duplicate our products, or design around patents issued to us or other intellectual property rights of ours. There is persistent risk that some individuals will improperly take our intellectual property after terminating their employment or other engagements with us, which could lead to intellectual property leakage to competitors and a loss of our competitive advantages.

We may be found to infringe on intellectual property rights of others.

We compete in markets in which intellectual property infringement claims arise in the normal course of business. Third parties have, from time to time, asserted intellectual property-related claims against us, including claims for alleged patent infringement brought by non-practicing entities. Such claims may be made against our products and services, our customers’ use of our products and services, or a combination of our products and third-party products. We also may be subject to claims and indemnification obligations from customers and resellers with respect to third-party intellectual property rights pursuant to our agreements with them. If we refuse to indemnify or defend such claims, even in situations in which the third-party’s allegations are meritless, then customers and resellers may refuse to do business with us.

26

Patent litigation is particularly common in our industry. We have been, and continue to be, in active patent litigations with non-practicing entities. There is no guarantee that, in patent or other types of intellectual property litigation, we will prevail at trial or be able to settle at a reasonable cost. If a judge or jury were to find that our products infringe, we could be required to pay significant monetary damages and be subject to an injunction that could cause product shipment delays, require us to redesign our products, affect our ability to supply or service our customers, and/or require us to enter into compulsory royalty or licensing agreements.

We expect that companies in the enterprise storage and data management, and cloud storage, operational and workload services markets will increasingly be subject to infringement claims as the number of products and competitors in our industry segment grows and the functionality of products in different industry segments overlaps. Any such claims, and any such infringement claims discussed above, could be time consuming, result in costly litigation, cause suspension of product shipments or product shipment delays, require us to redesign our products, or require us to enter into royalty or licensing agreements, any of which could materially and adversely affect our operating results, financial condition and cash flows. Such royalty or licensing agreements, if required, may not be available on terms acceptable to us or at all.

We rely on software from third parties, and a failure to properly manage our use of third-party software could result in increased costs or loss of revenue.

Many of our products are designed to include software licensed from third parties. Such third-party software includes software licensed from commercial suppliers and software licensed under public or open-source licenses. We have internal processes to manage our use of such third-party software. However, if we fail to adequately manage our use of third-party software, then we may be subject to copyright infringement or other third-party claims. If we are non-compliant with a license for commercial software, then we may be required to pay penalties or undergo costly audits pursuant to the license agreement. In the case of open-source software licensed under certain “copyleft” licenses, the license itself may require, or a court-imposed remedy for non-compliant use of the open-source software may require, that proprietary portions of our own software be publicly disclosed or licensed. Additionally, contract proposals, negotiations and software proposals are complex and frequently involve lengthy bidding and selection processes. We may not be able to negotiate extensions to our current third-party licenses when due for renewal or continue to secure such licenses under commercially reasonable terms. Each of the foregoing could result in a loss of intellectual property rights, increased costs, damage to our reputation and/or a loss of revenue.

In addition, many of our products use open-source software. Such open-source software generally does not provide any warranty or contractual protection and may be susceptible to compromise and supply-chain attacks by threat actors. Further, open-source software or third-party software may contain vulnerabilities, which may or may not be known at the time of our inclusion of the software in a product. If a vulnerability in such software is successfully exploited, we could be subject to damages including remediation costs, reputational damage, and lost revenues.

Our failure to adjust to emerging standards may harm our business.

Emerging standards may adversely affect the UNIX®, Windows® and World Wide Web server markets upon which we depend. For example, we provide our open access data retention solutions to customers within the financial services, healthcare, pharmaceutical and government market segments, industries that are subject to various evolving governmental regulations, certifications and controls with respect to data access, reliability and permanence in the U.S. and in the other countries in which we operate. If our products do not meet and continue to comply with these evolving governmental regulations in this regard, customers in these market and geographical segments will not purchase our products, and we may not be able to expand our product offerings in these market and geographical segments at the rates which we have forecasted.

Risks Related to Our Securities

Our stock price is subject to volatility.

Our stock price is subject to changes in recommendations or earnings estimates by financial analysts, changes in investors' or analysts' valuation measures for our stock, changes in our capital structure, including issuance of additional debt, changes in our credit ratings, our ability to pay dividends and to continue to execute our stock repurchase program as planned and market trends and economic volatility unrelated to our performance.

If we fail to meet any investor expectations related to dividends and/or stock repurchases, the market price of our stock could decline significantly, and could have a material adverse impact on investor confidence. Additionally, price volatility of our stock over a given period may cause the average price at which we repurchase our own stock to exceed the stock’s market price at a given point in time.

Furthermore, speculation in the press or investment community about our strategic position, financial condition, results of operations or business can cause changes in our stock price. These factors, as well as general economic and political conditions and the timing of announcements in the public market regarding new products or services, product enhancements or technological

27

advances by our competitors or us, and any announcements by us of acquisitions, major transactions, or management changes may adversely affect our stock price.

Our quarterly operating results may fluctuate materially, which could harm our common stock price.

Our operating results have fluctuated in the past and will continue to do so, sometimes materially. All of the matters discussed in this Risk Factors section could impact our operating results in any fiscal quarter or year. In addition to those matters, we face the following issues, which could impact our quarterly results:

•Seasonality, such as our historical seasonal decline in revenues in the first quarter of our fiscal year and seasonal increase in revenues in the fourth quarter of our fiscal year;

•Linearity, such as our historical intra-quarter customer orders and revenue pattern in which a disproportionate percentage of each quarter’s total orders and related revenue occur in the last month of the quarter; and

•Unpredictability associated with larger scale enterprise software license agreements which generally take longer to negotiate and occur less consistently than other types of contracts, and for which revenue attributable to the software license component is typically recognized in full upon delivery.

If our operating results fall below our forecasts and the expectations of public market analysts and investors, the trading price of our common stock may decline.

There are risks associated with our outstanding and future indebtedness.

As of April 25, 2025, we had $3.3 billion aggregate principal amount of outstanding indebtedness for our senior notes that mature at specific dates in calendar years 2025, 2027, 2030, 2032 and 2035. We may incur additional indebtedness in the future under existing credit facilities and/or enter into new financing arrangements. We may fail to pay these or additional future obligations, as and when required. Specifically, if we are unable to generate sufficient cash flows from operations or to borrow sufficient funds in the future to service or refinance our debt, our business, operating results, financial condition and cash flows will be harmed. Any downgrades from credit rating agencies such as Moody’s Investors Service or Standard & Poor’s Rating Services may adversely impact our ability to obtain additional financing or the terms of such financing and reduce the market capacity for our commercial paper. Furthermore, if prevailing interest rates or other factors result in higher interest rates upon any potential future financing, then interest expense related to the refinance indebtedness would increase.

In addition, all our debt and credit facility arrangements subject us to continued compliance with restrictive and financial covenants. If we do not comply with these covenants or otherwise default under the arrangements, we may be required to repay any outstanding amounts borrowed under these agreements. Moreover, compliance with these covenants may restrict our strategic or operational flexibility in the future, which could harm our business, operating results, financial condition and cash flows.

General Risks

Our business could be materially and adversely affected as a result of natural disasters, terrorist acts or other catastrophic events.

We depend on the ability of our personnel, inventories, equipment and products to move reasonably unimpeded around the world. Any political, military, terrorism, global trade, world health or other issue that hinders this movement or restricts the import or export of materials could lead to significant business disruptions. For example, the COVID-19 pandemic impeded the mobility of our personnel, inventories, equipment and products and disrupted our business operations. Furthermore, any economic failure or other material disruption caused by natural disasters, including fires, floods, droughts, hurricanes, tornadoes, earthquakes, and volcanoes; power or water loss or shortages; environmental disasters; telecommunications or business information systems failures or break-ins and similar events could also adversely affect our ability to conduct business. As a result of climate change, we expect the frequency and impact of such natural disasters or other material disruptions to increase. If such disruptions result in cancellations of customer orders or contribute to a general decrease in economic activity or corporate spending on IT, or directly impact our marketing, manufacturing, financial and logistics functions, or impair our ability to meet our customer demands, our operating results and financial condition could be materially adversely affected. Our headquarters is located in Northern California, an area susceptible to earthquakes and wildfires. If any significant disaster were to occur there, our ability to operate our business and our operating results, financial condition and cash flows could be adversely impacted.

We could be subject to additional income tax liabilities.

Our effective tax rate is influenced by a variety of factors, many of which are outside of our control. These factors include among other things, fluctuations in our earnings and financial results in the various countries and states in which we do business, changes to

28

the tax laws in such jurisdictions and the outcome of income tax audits. Changes to any of these factors could materially impact our operating results, financial condition and cash flows.

We receive significant tax benefits from sales to our non-U.S. customers. These benefits are contingent upon existing tax laws and regulations in the U.S. and in the countries in which our international operations are located. Future changes in domestic or international tax laws and regulations or a change in how we manage our international operations could adversely affect our ability to continue realizing these tax benefits.

Many countries around the world are beginning to implement legislation and other guidance to align their international tax rules with the Organization for Economic Co-operation and Development’s Base Erosion and Profit Shifting Project (BEPS) recommendation and related action plans that aim to standardize and modernize global corporate tax policy, including changes to cross-border tax, transfer pricing documentation rules and nexus-based tax incentive practices. As a result, many of these changes, if enacted in whole or in part, could increase our worldwide effective tax rate and harm our operating results, financial condition, and cash flows. Implementation of the BEPS inclusive framework (Inclusive Framework), including potential incremental taxes under a new global minimum tax framework known as Pillar Two, is effective in most jurisdictions for fiscal years beginning on or after January 1, 2024. We are currently subject to Pillar Two rules starting in our fiscal year 2025 and could potentially be subject to additional taxes under the Inclusive Framework. Amount B under Pillar One of the Inclusive Framework is related to standardized returns for baseline marketing and distribution activities. Amount B is applicable to NetApp beginning in fiscal 2026 and we could be subject to higher controlled profit requirements for some of our global distribution entities which could increase our global tax burden.

Our effective tax rate could also be adversely affected by changes in tax laws and regulations and interpretations of such laws and regulations, which in turn would negatively impact our earnings and cash and cash equivalent balances we currently maintain. Additionally, our effective tax rate could also be adversely affected if there is a change in international operations, our tax structure and how our operations are managed and structured, and as a result, we could experience harm to our operating results and financial condition. We continue to evaluate the impacts of changes in tax laws and regulations on our business.

We are routinely subject to income tax audits in the U.S. and several foreign tax jurisdictions. If the ultimate determination of income taxes or at-source withholding taxes assessed under these audits results in amounts in excess of the tax provision we have recorded or reserved for, our operating results, financial condition and cash flows could be adversely affected.

We may not be able to maintain appropriate internal financial reporting controls and procedures.

We cannot be assured that significant deficiencies or material weaknesses in our internal control over financial reporting will not exist in the future. Any failure to maintain or implement required new or improved controls, or any difficulties we encounter in their implementation, including in connection with our new ERP system, could result in significant deficiencies or material weaknesses, cause us to fail to timely meet our periodic reporting obligations, or result in material misstatements in our financial statements. Any such failure could also adversely affect the results of periodic management evaluations and annual auditor attestation reports regarding disclosure controls and the effectiveness of our internal control over financial reporting required under the Sarbanes-Oxley Act and the rules promulgated thereunder. The existence of a material weakness could result in errors in our financial statements that could result in a restatement of financial statements, cause us to fail to timely meet our reporting obligations, or cause investors to lose confidence in our reported financial information, which could cause a decline in the market price of our stock and we could be subject to sanctions or investigations by the SEC or other regulatory authorities including equivalent foreign authorities. Further, irrespective of the controls that we adopt, we cannot be assured that we will not experience fraudulent financial reporting in the future, including earnings mismanagement, recording fictitious revenues, improper asset valuation, understating liabilities or expenses, inadequate disclosure, reserve manipulation, misuse of judgments in financial reporting, concealing fraud or illegal activities, information tampering, and insider trading based on non-public information about the Company's financials.