ONE Gas, Inc.

“We are subject to all the risks and hazards typically associated with the natural gas distribution business that could affect public safety as well as the reliability of our distribution system. Operating risks include, but are not limited to, leaks, accidents, pipeline ruptures, and the breakdown or failure of equipment or processes. Other operational hazards and unforeseen interruptions include adverse weather conditions, third-party damage to our system, accidents, explosions, fires, the collision of equipment or vehicles with our pipeline facilities, and catastrophic events, such as severe…”

“The unavailability of adequate natural gas pipeline transportation and storage capacity or a decrease in natural gas supply may decrease and impair our ability to meet customers’ natural gas requirements, and our financial condition may be adversely affected.”

“To meet customers’ natural gas demands, we rely on and must obtain sufficient natural gas supply, pipeline transportation, and storage capacity from third parties. If we are unable to obtain these, our ability to meet our customers’ natural gas requirements could be impaired. If a substantial disruption to or reduction in natural gas supply, pipeline capacity, or storage capacity occurred due to operational failures or disruptions, legislative or regulatory actions, hurricanes, tornadoes, wildfires, floods, earthquakes, extreme cold weather, acts of terrorism, cyber-attacks, or acts of war, ou…”

“Due to technological advances, we have become more reliant on technology to operate our business effectively. We use computer programs and applications to help run our business, including an enterprise resource planning system that integrates data and reporting activities across the Company. Additionally, certain portions of our IT systems and infrastructure are provided or maintained by third-party vendors. The failure of these or other similarly important technologies, the lack of alternative technologies, or our inability to have these technologies supported, updated, expanded, or integrate…”

“Our Company employs a comprehensive cybersecurity program, with robust technical defenses and implemented policies, procedures, and controls aimed at protecting our information technology, operational technology, and data systems from acts of terrorism, cyber-attacks, and security breaches. Our program, however, cannot guarantee the prevention nor mitigation of all incidents. Any cyber breaches or physical security attacks, or threats of such attacks, that affect our IT systems, distribution facilities, customers, suppliers, and third-party service providers or any financial data could disrupt…”