regulations, the risk of accidental contamination or injury from these materials may not be completely eliminated, and as a result we could incur related liabilities or expenses.
We are subject to requirements relating to environmental and safety regulations and environmental remediation matters, which could adversely affect our business, results of operation and reputation.
We are subject to numerous federal, state and local environmental laws and regulations governing, among other things, solid and hazardous waste storage, treatment and disposal, and remediation of releases of hazardous materials. There are significant capital, operating and other costs associated with compliance with these environmental laws and regulations. Environmental laws and regulations may become more stringent in the future, which could increase costs of compliance or require us to manufacture with alternative technologies and materials.
Federal, state and local authorities also regulate a variety of matters, including, but not limited to, health, safety and permitting in addition to the environmental matters discussed above. New legislation and regulations may require us to make material changes to our operations, resulting in significant increases to the cost of production.
Our manufacturing process will have hazards such as, but not limited to, hazardous materials, machines with moving parts, and high voltage and/or high current electrical systems typical of large manufacturing equipment and related safety incidents. There may be safety incidents that damage machinery or product, slow or stop production, or harm employees. Consequences may include litigation, regulation, fines, increased insurance premiums, mandates to temporarily halt production, workers’ compensation claims, or other actions that impact the company brand, finances, or ability to operate.
We are subject to stringent and evolving U.S. and foreign laws, regulations, rules, contractual obligations, policies and other obligations related to privacy, data protection and security. Our actual or perceived failure to comply with such obligations could lead to adverse business consequences.
Our data storage and processing activities, including the establishment and operation of future quantum data centers, may subject us to numerous privacy, data protection and security obligations, such as various laws, regulations, guidance, industry standards, external and internal privacy and security policies, contractual requirements and other obligations relating to privacy, data localization and security. Laws and regulations governing privacy, data protection and data sovereignty are rapidly evolving, extensive, complex, and include inconsistencies and uncertainties that may conflict with other rules or our practices. Further, new laws, rules, and regulations could be enacted with which we are not familiar or with which our practices do not comply.
In the United States, federal, state, and local governments have enacted numerous privacy and security laws, including data breach notification laws, personal data privacy laws, consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., wiretapping laws). For example, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “CCPA”) applies to personal information of California consumers and imposes various requirements on businesses, including to provide specific disclosures in privacy notices and honor requests of California consumers to exercise certain privacy rights. The CCPA provides for civil penalties of up to $7,500 per violation and allows private litigants affected by certain data breaches to recover significant statutory damages. Numerous other states have enacted, are in the process of enacting, are proposing to enact or are considering state-level privacy laws. Such laws are also being considered at the federal and local levels.
Our employees and personnel use generative AI technologies to perform their work, and the disclosure and use of personal information in generative AI technologies is subject to various evolving laws, regulations, guidance, industry standards, and other obligations. Additionally, several states and localities have enacted measures related to the use of AI and machine learning in products and services. Generally, we understand the use of AI for employee productivity also presents emerging ethical and social issues and may draw public scrutiny or controversy, and may also create or assist in producing output that appear correct but are factually inaccurate, incomplete, misleading, biased, or otherwise flawed, or produce other discriminatory or unexpected results, errors, or inadequacies, any of which may not be easily detectable. These circumstances and developments may further complicate compliance efforts, and may increase legal risk and compliance costs for us, the third parties upon whom we rely, and our customers.
Outside the United States, an increasing number of laws, regulations, industry standards and other obligations may govern privacy, data protection and security. For example, the European Union’s General Data Protection Regulation (“EU GDPR”), the United Kingdom’s General Data Protection Regulation (“UK GDPR”), Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, or “LGPD”) (Law No. 13,709/2018), and China’s Personal Information Protection Law (“PIPL”) impose strict requirements for processing personal data.
For example, under the EU GDPR, companies may face temporary or definitive bans on data processing and other corrective actions; fines of up to 20 million Euros or 4% of annual global revenue, whichever is greater; or private litigation related to processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests. Additionally, we also target