ordering and managing materials from suppliers

misuse, changing consumer perceptions of certain ingredients, negative perceptions of packaging (such as plastic and other petroleum- based materials), lack of recyclability or other environmental impacts, concerns about actual or alleged labor or equality and inclusion practices, privacy lapses or data breaches, allegations of product tampering or the distribution and sale of counterfeit products. Additionally, negative or inaccurate postings or comments on social media or networking websites about the Company or one of its brands could generate adverse publicity that could damage the reputation of our brands or the Company. If we are unable to effectively manage real or perceived issues, including concerns about safety, quality, ingredients, efficacy, environmental or social impacts or similar matters, sentiments toward the Company or our products could be negatively impacted, and our results of operations or cash flows could suffer. Our Company also devotes time and resources to citizenship efforts that are consistent with our corporate values and are designed to strengthen our business and protect and preserve our reputation, including programs driving ethics and corporate responsibility, strong communities, equality and inclusion, and environmental sustainability. If these programs are not executed as planned or suffer negative publicity, the Company’s reputation and results of operations or cash flows could be adversely impacted.

We rely on third parties in many aspects of our business, which creates additional risk.

Due to the scale and scope of our business, we must rely on relationships with third parties, including our suppliers, contract manufacturers, distributors, contractors, commercial banks, joint venture partners and external business partners, for certain functions. If we are unable to effectively manage our third-party relationships and the agreements under which our third-party partners operate, our results of operations and cash flows could be adversely impacted. Further, failure of these third parties to meet their obligations to the Company or substantial disruptions in the relationships between the Company and these third parties could adversely impact our operations and financial results. Additionally, while we have policies and procedures for managing these relationships, they inherently involve a lesser degree of control over business operations, governance and compliance, thereby potentially increasing our financial, legal, reputational and operational risk.

A significant information security or operational technology incident, including a cybersecurity breach, or the failure of one or more key information or operations technology systems, networks, hardware, processes, and/or associated sites owned or operated by the Company or one of its service providers could have a material adverse impact on our business or reputation.

We rely extensively on information and operational technology (IT/OT) systems, networks and services, including internet and intranet sites, data hosting and processing facilities and technologies, physical security systems and other hardware, software and technical applications and platforms, many of which are managed,

hosted, provided and/or used by third parties or their vendors, to assist in conducting our business. The various uses of these IT/OT systems, networks and services include, but are not limited to:

• ordering and managing materials from suppliers;

• converting materials to finished products;

• shipping products to customers;

• marketing and selling products to consumers;

• collecting, transferring, storing and/or processing customer, consumer, employee, vendor, investor, and other stakeholder information and personal data, including such data from persons covered by an expanding landscape of privacy and data regulations, such as citizens of the European Union who are covered by the GDPR or residents of California covered by the California Consumer Privacy Act (CCPA);

• summarizing and reporting results of operations, including financial reporting;

• managing our banking and other cash liquidity systems and platforms;

• hosting, processing and sharing, as appropriate, confidential and proprietary research, business plans and financial information;

• collaborating via an online and efficient means of global business communications;

• complying with regulatory, legal and tax requirements;

• providing data security; and

• handling other processes necessary to manage our business.

Numerous and evolving information security threats, including advanced persistent cybersecurity threats, pose a risk to the security of our services, systems, networks and supply chain, as well as to the confidentiality, availability and integrity of our data and of our critical business operations. In addition, because the techniques, tools and tactics used in cyber-attacks frequently change and may be difficult to detect for periods of time, we may face difficulties in anticipating and implementing adequate preventative measures or fully mitigating harms after such an attack.

Our IT/OT databases and systems and our third-party providers’ databases and systems have been, and will likely continue to be, subject to advanced computer viruses or other malicious codes, ransomware, unauthorized access attempts, denial of service attacks, phishing, social engineering, hacking and other cyber-attacks. Such attacks may originate from outside parties, hackers, criminal organizations or other threat actors, including nation states. In addition, insider actors-malicious or otherwise-could cause technical disruptions and/or confidential data leakage. We cannot guarantee that our security efforts or the security efforts of our third-party providers will prevent material breaches, operational incidents or other breakdowns to our or our third-party providers’ IT/OT databases or systems.

6 The Procter & Gamble Company

A breach of our data security systems or failure of our IT/OT databases and systems may have a material adverse impact on our business operations and financial results. If the IT/OT systems, networks or service providers we rely upon fail to function properly or cause operational outages or aberrations, or if we or one of our third-party providers suffer significant unavailability of key operations, or inadvertent disclosure of, lack of integrity of, or loss of our sensitive business or stakeholder information, due to any number of causes, including catastrophic events, natural disasters, power outages, computer and telecommunications failures, improper data handling, viruses, phishing attempts, cyber-attacks, malware and ransomware attacks, security breaches, security incidents or employee error or malfeasance, and our business continuity plans do not effectively address these failures on a timely basis, we may suffer interruptions in our ability to manage operations and be exposed to reputational, competitive, operational, financial and business harm as well as litigation and regulatory action. If our critical IT systems or back-up systems or those of our third-party vendors are damaged or cease to function properly, we may have to make a significant investment to repair or replace them.

In addition, if a ransomware attack or other cybersecurity incident occurs, either internally or at our third-party technology service providers, we could be prevented from accessing our data or systems, which may cause interruptions or delays in our business operations, cause us to incur remediation costs, subject us to demands to pay a ransom, or damage our reputation. In addition, such events could result in unauthorized disclosure of confidential information, and we may suffer financial and reputational damage because of lost or misappropriated confidential information belonging to us or to our partners, our employees, customers, and suppliers. Additionally, we could be exposed to potential liability, litigation, governmental inquiries, investigations, or regulatory enforcement actions; and we could be subject to payment of fines or other penalties, legal claims by our suppliers, customers or employees, and significant remediation costs.

Periodically, we also upgrade our IT/OT systems or adopt new technologies. If such a new system or technology does not function properly or otherwise exposes us to increased cybersecurity breaches and failures, it could affect our ability to order materials, make and ship orders, and process payments in addition to other operational and information integrity and loss issues. The costs and operational consequences of responding to the above items and implementing remediation measures could be significant and could adversely impact our results of operations and cash flows.

We must successfully manage the demand, supply, and operational challenges associated with the effects of a disease outbreak, including epidemics, pandemics, or similar widespread public health concerns.

Our business may be negatively impacted by the fear of exposure to or actual effects of a disease outbreak, epidemic, pandemic, or similar widespread public health concern, such

as travel restrictions or recommendations or mandates from governmental authorities to avoid large gatherings or to self-quarantine as a result of the novel coronavirus (COVID-19) pandemic. These impacts include, but are not limited to:

• Significant reductions in demand or significant volatility in demand for one or more of our products, which may be caused by, among other things: the temporary inability of consumers to purchase our products due to illness, quarantine or other travel restrictions, or financial hardship, shifts in demand away from one or more of our more discretionary or higher priced products to lower priced products, or stockpiling or similar pantry-loading activity. If prolonged, such impacts can further increase the difficulty of business or operations planning and may adversely impact our results of operations and cash flows;

• Inability to meet our customers’ needs and achieve cost targets due to disruptions in our manufacturing and supply arrangements caused by constrained workforce capacity or the loss or disruption of other essential manufacturing and supply elements such as raw materials or other finished product components, transportation, or other manufacturing and distribution capability;

• Failure of third parties on which we rely, including our suppliers, contract manufacturers, distributors, contractors, commercial banks, joint venture partners and external business partners, to meet their obligations to the Company, or significant disruptions in their ability to do so, which may be caused by their own financial or operational difficulties and may adversely impact our operations; or

• Significant changes in the political conditions in markets in which we manufacture, sell or distribute our products, including quarantines, import/export restrictions, price controls, or governmental or regulatory actions, closures or other restrictions that limit or close our operating and manufacturing facilities, restrict our employees’ ability to travel or perform necessary business functions, or otherwise prevent our third- party partners, suppliers, or customers from sufficiently staffing operations, including operations necessary for the production, distribution, sale, and support of our products, which could adversely impact our results of operations and cash flows.

Despite our efforts to manage and remedy these impacts to the Company, their ultimate impact also depends on factors beyond our knowledge or control, including the duration and severity of any such outbreak as well as third-party actions taken to contain its spread and mitigate its public health effects. In the case of COVID-19, the availability and public acceptance of effective vaccines has initially varied and may continue to vary significantly across regions and countries where we operate, leading to further volatility and disparity in our results and operations across geographies.

The Procter & Gamble Company 7