Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - BB

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. RISK FACTORS

Investors in the Company’s securities should carefully consider the following risks, as well as the other information contained in MD&A (as defined below) and elsewhere in this Annual Report on Form 10-K for the fiscal year ended February 28, 2026. Any of the following risks, in whole or in part, could materially and adversely impact the Company’s business, financial condition and operating results. The risks and uncertainties described below are not the only ones the Company faces. Additional risks and uncertainties, including those of which the Company is unaware or the Company currently deems immaterial, may also have a material adverse effect on the Company’s business, financial condition and results of operations

Risks Related to the Company’s Business

The Company may not be able to maintain or expand its customer base for its software and services offerings to grow revenue or achieve sustained profitability.

The Company has focused its strategy on software and services to grow revenue and generate sustainable profitability. The Company also needs to sell additional software and services over time to the same customers, or have customers upgrade their level of service. If the Company is unable to promote a compelling value proposition to customers and its efforts to sell or upsell software or services as described above are not successful, its results of operations could be materially impacted.

Existing customers that purchase the Company’s software and services have no contractual obligation to renew their subscriptions or purchase additional solutions after the initial subscription or contract period. The Company’s customers’ expansion and renewal rates may decline or fluctuate as a result of a number of factors, including the perceived need for such additional software and services, the level of satisfaction with the Company’s software and services, features or functionality, the reliability of the Company’s software and services, the Company’s customer support, customer budgets and other competitive factors, such as pricing and competitors’ offerings.

Further, the Company’s future success depends in part on the growth, if any, in the markets for embedded solutions and secure communications software. If growth trends in the Company’s target markets do not continue or are delayed due to security

incidents, technological challenges, lack of customer acceptance, weakening economic conditions or other reasons, demand for the Company’s products, and those of its competitors, could be negatively affected.

The Company faces intense competition.

Some of the Company’s competitors have greater name recognition, larger customer bases and significantly greater financial, technical, marketing, public relations, sales, distribution and other resources than the Company does. Some of the Company’s OEM and Tier 1 customers have advanced the internal development of embedded solutions, and are exploring the use of open source software that is perceived to be free to use. In addition, competition may intensify as the Company’s competitors enter into business combinations or alliances and established companies in other market segments expand to become competitive with the Company’s business.

The impact of the competition described above could result in fewer customer orders, loss of market share, pressure to reduce prices, commoditization of product and service categories in which the Company participates, reduced revenue and reduced margins. If the Company is unable to compete successfully, there could be a material adverse effect on the Company’s business, results of operations and financial condition.

The Company must obtain and maintain certain product approvals and certifications from governmental authorities, regulated enterprise customers and third-party standards bodies in order to remain competitive, meet contractual requirements and enable its customers to meet their certification needs.

The Company may not be able to enhance, develop, introduce or monetize its products and services in a timely manner with competitive pricing, features and performance.

The industries in which the Company competes are characterized by rapid technological change, frequent new product introductions, frequent market price reductions, constant improvements in features and short product life cycles.

Rapid advances in generative AI and automated coding tools are reducing the time and cost required to design, test, and deploy software applications. As these technologies become widely accessible, existing and emerging competitors may accelerate their development cycles, release new features more quickly, or replicate functionality comparable to that of the Company’s products with materially lower investment. Similarly, the use of AI technologies or increasingly pervasive open source tools by the Company’s customers to support development internally could have a negative impact on the Company’s business, including the revenues derived from the number of user licenses and the provision of professional services. If the Company is unable to integrate AI-enabled development at a competitive pace, its market position, customer acquisition, and renewal rates could be adversely affected.

The successful introduction of new software platforms, such as the Alloy Kore™ platform recently launched by QNX with Vector Informatik, is inherently uncertain and involves numerous costs and risks, including delays in development, unforeseen technical challenges, integration complexities, and lower‑than‑expected customer adoption. If a new platform fails to perform as intended, fails to drive market adoption, or generates unanticipated maintenance and support costs, the Company’s competitive position, brand reputation and financial results could be materially adversely affected.

Significant changes in government customer demand or procurement requirements could have an adverse effect on the Company’s business and results of operations.

The Company’s Secure Communications business depends, to a significant degree, on sales to government organizations. Government demand for communications solutions that support digital sovereignty and can be hosted on-premise, such as the Company’s Secure Communications products, has increased in recent months; however, government procurement is unpredictable and subject to budgetary uncertainty and to reductions or delays in funding authorizations or processes. Government demand and payment for the Company’s products and services may also be impacted by changes in the political and administrative environment, including cost-cutting initiatives and changes in leadership, policies or priorities, and by shifting government attitudes towards the Company and the territories in which it operates. Such changes could cause governments and governmental agencies to delay or refrain from purchasing the Company’s solutions or otherwise have an adverse effect on the Company’s business and results of operations.

Sales to government entities and performance on classified contracts may require the Company to obtain personnel security clearances and facility clearances, and there is no guarantee that the Company will be able to obtain or maintain such clearances.

The Company’s sales cycles can be long and unpredictable and its sales efforts require considerable time and expense.

For many customers, licensing the Company’s solutions represents a significant strategic decision and, as a result, sales cycles can be long and unpredictable, particularly during times of rising economic or geopolitical uncertainty. QNX revenue recognition is also subject to delays in the advancement of software-defined vehicle programs and the time to the start of production of new designs by automotive and GEM OEMs.

The Company’s ability to grow software and services revenue is dependent in part on its ability to maintain a qualified direct sales force, which requires significant time and resources, including investment in systems and training. There can be no assurance that the Company will be successful in implementing its sales and distribution strategy.

The occurrence or perception of a breach of the Company’s network cybersecurity measures or an inappropriate disclosure of confidential or personal information could significantly harm its business

The Company is continuously exposed to cyber threats through the actions of outside parties, such as hacking, viruses, and other malicious software, denial of service attacks, industrial espionage and other methods designed to breach the Company’s network or data security, which may be further enhanced in frequency or effectiveness through threat actors’ use of AI. The Company is also exposed to risk as a result of process, coding or human errors and through attempts by third parties to fraudulently induce employees to provide access to confidential or personal information.

The Company devotes significant resources to network security, encryption and authentication technologies and other measures, including security policies and procedures, vulnerability testing and awareness training, to mitigate cyber risk to its systems, endpoints and data. In addition, the Company engineers novel security and reliability features, deploys software updates to address vulnerabilities, and maintains a security infrastructure that protects the integrity of the Company’s network, products and services. The Company also mitigates risk by actively monitoring external threats, reviewing best practices and implementing appropriate internal controls, including incident response plans. However, the techniques used to obtain unauthorized access or to disable or degrade service are constantly evolving and becoming more sophisticated in nature, and frequently are not recognized or identified until after they have been deployed against a target. The Company may not be able to anticipate these techniques, to implement adequate preventative measures or to identify and respond to them in a timely manner, and the Company’s efforts to do so may have a material adverse impact on the Company’s operating margins, the user experience or compatibility with third party products and services.

Although to date the Company has not experienced any material financial or other losses relating to technology failure, cyberattacks or security breaches, there is no assurance that the Company will not experience material loss or damage in the future. If the network and product security measures implemented by the Company or its partners, including third-party data center operators, cloud service providers and product manufacturers are breached, or perceived to be breached, or if the confidentiality, integrity or availability of the Company’s data, including intellectual property and legally protected personal data, is compromised, the Company could be exposed to significant litigation, service disruptions, investigation and

remediation costs, regulatory sanctions, fines and contractual penalties. In addition, any such event could materially damage the Company’s reputation, which is built in large measure on the security and reliability of BlackBerry products and services, and could result in the loss of investor confidence, channel partners, competitive advantages, revenues and customers, including the Company’s most significant OEM, government and regulated enterprise customers. While the Company maintains cybersecurity insurance, the Company’s coverage may be insufficient to cover all losses or types of claims that may arise from cyber incidents, and any incidents may result in the loss of, or increased costs of, the Company’s insurance.

The Company’s use of AI technology and tools in its operations and in product development may expose the Company to reputational harm, operational challenges, legal liability, and regulatory concerns

The Company is increasingly incorporating AI technologies, including generative AI, into its operations to make business processes more efficient. The introduction of generative AI into the Company’s operations may result in new or enhanced governmental or regulatory scrutiny, litigation, confidentiality, ethical concerns, or other complications that could adversely affect the Company’s business, reputation, or financial results. Known risks of generative AI currently include risks related to errors, algorithmic bias, flawed training methodologies, privacy and security, and data provenance. For example, generative AI may create content that appears to be correct but is factually inaccurate or contains copyrighted or other protected material.

The evolving AI regulatory environment may, among other impacts, result in inconsistencies among AI regulations and frameworks across jurisdictions, increase the Company’s compliance, governance and research and development costs, or increase the Company’s exposure to regulatory scrutiny, proceedings and claims with the potential to result in significant penalties and reputational harm.

The Company has begun to rely on commercial AI models to support elements of its software development lifecycle. Any failure by our employees, contractors, or partners to adhere to our policies regarding the appropriate use of AI in development could result in violations of confidentiality obligations, laws, or regulations, jeopardize the Company’s intellectual property rights, or expose the Company’s products or business systems to defects and malware, any of which could adversely affect the Company’s business, financial condition, results of operations, and prospects. Additionally, the integration of these models into engineering workflows may expose the Company to heightened regulatory scrutiny with respect to products that are classified as high‑risk under emerging global AI and safety‑critical regulations. Failure to demonstrate adequate human review and testing or explainability of AI‑assisted development processes could delay product approvals or impair the Company’s ability to offer solutions in regulated markets. Changes in model performance, licensing terms, training‑data provenance, or vendor compliance with applicable AI regulations may impair the Company’s ability to validate and certify its products.

Adverse macroeconomic and geopolitical conditions, including trade policies and national security concerns, have had and may in the future have a material adverse effect on the Company’s business, results of operations and financial condition.

Sales cycles, in turn, have been materially affected and may in the future materially affect the Company’s business, results of operations and financial condition. Such economic factors and uncertainties are beyond the Company’s control and the Company has no comparative advantage in forecasting their effects.

Additionally, the imposition of tariffs and national security policies relating to technology supply chains or other barriers to trade that directly or indirectly impact the Company’s automotive customers, or the Company’s ability to transact business with certain customers, could have a material adverse effect on the Company’s results of operations. For example, since 2025 the U.S. presidential administration has imposed or threatened to impose new tariffs on imported products from Canada, Mexico, China and other countries, including most notably tariffs on imports of steel, aluminum and automobiles. The administration has also proposed or is in the process of imposing additional tariffs and has indicated that it intends to pursue significant renegotiations of the Canada–United States–Mexico Agreement (known as the U.S.–Mexico–Canada Agreement in the United States) beginning later in 2026. Such U.S. tariffs, any retaliatory tariffs, or trade negotiations may adversely affect the operations of the Company’s customers and, consequently, demand for the Company’s solutions. There can be no assurance that the Company will be able to mitigate the impacts of any trade measures, which could be material to the Company’s business operations or harm the Company’s competitive position.

A failure or perceived failure of the security features or functionality of the Company’s solutions could materially adversely affect the Company’s reputation, financial condition and results of operations.

The Company’s products and services frequently involve the transmission, processing and storage of data, including proprietary, confidential and personally-identifiable information, and a security compromise, misconfiguration or malfunction involving the Company’s software could result in such information being accessible to attackers or other third parties. Real or perceived security breaches against a customer using the Company’s solutions could cause damage or disruption to the customer and subject the Company to liability, and may result in the customer and the public believing that the Company’s solutions are ineffective.

Additionally, the Company’s products and services are highly complex and may contain design defects, bugs or security vulnerabilities impacting reliability and performance that are difficult to detect and correct. If errors are discovered, correcting them could require significant expenditures by the Company and the Company may not be able to successfully correct them in a timely manner or at all.

Litigation against the Company may result in adverse outcomes.

Consequently, actual results may differ materially from those expressed or implied by the Company’s forward-looking statements and may not meet the expectations of analysts or investors, which can contribute to the volatility of the market price of the Company’s common shares.

Liability claims related to product defects, bugs or vulnerabilities could give rise to class action litigation or to the withdrawal of certifications, and the Company may be subject to such claims either directly or indirectly through indemnities that it provides to certain of its customers. The Company’s exposure to product liability risk may increase as the Company continues to commercialize its software innovations for autonomous and connected vehicles, as well as physical AI robotics.

Litigation resulting from these claims and from actions asserted by the Company could be costly and time-consuming and could divert the attention of management and key personnel from the Company’s business operations. The complexity of the technology involved and the inherent uncertainty of commercial, class action, securities, employment and other claims increases these risks. In recognition of these considerations, the Company may enter into settlements resulting in material expenditures, the payment of which could have a material adverse effect on the Company’s business, results of operation and financial condition. Similarly, if the Company is unsuccessful in its defence of material litigation claims, the Company may be faced with significant monetary damages or injunctive relief against it that could have a material adverse effect on the Company’s business, BlackBerry brand, results of operations and financial condition. Administrative or regulatory actions against the Company or its employees could also have a material adverse effect on the Company’s business, reputation, results of operations and financial condition. See Note 11 to the Consolidated Financial Statements for information regarding certain legal proceedings in which the Company is involved.

The Company’s success depends on its continuing ability to attract new personnel, retain existing key personnel and manage its staffing effectively.

The Company’s success is largely dependent on its continuing ability to identify, attract, develop, motivate and retain skilled employees, including members of its executive team, top research developers and experienced salespeople with specialized knowledge. Competition for such people is intense, continuous, and increasing in the industries in which the Company participates, and the Company has experienced solicitations of its employees by its competitors.

Competition for highly skilled personnel is intense, especially in the Waterloo and Ottawa, Ontario areas, where the Company has a substantial presence and need for highly skilled personnel. The Company is also substantially dependent on the continued service of its existing engineering personnel because of the complexity and specialization of its products and services.

To attract and retain critical personnel, the Company may experience increased compensation costs that are not offset by increased productivity or higher prices for the Company’s products and services. Also, the Company’s financial results and share price performance (particularly for senior employees for whom equity-based compensation is a key element of their total compensation), among other factors, may impact the Company’s ability to attract new, and retain existing, employees. Any failure by the Company to maintain appropriate staffing, develop effective business continuity and succession programs, mitigate turnover and effectively utilize employees with the right mix of skills and experience across the functions necessary to

meet the current and future needs of its business could have a material adverse effect on the Company’s business, results of operations and financial condition.

Network disruptions or other business interruptions could have a material adverse effect on the Company’s business and harm its reputation.

The Company’s operations rely to a significant degree on the efficient and uninterrupted operation of complex technology systems and networks, which are in some cases integrated with those of cloud service providers and third-party data center operators. The Company’s network operations and technology systems are potentially vulnerable to damage or interruption from a variety of sources, including by fire, earthquake, power loss, telecommunications or computer systems failure, cyberattack, human error, terrorist acts, war, and the threatened or actual suspension of BlackBerry services at the request of a government for alleged non-compliance with local laws or other events. The increased number of third-party applications on the Company’s network may also enhance the risk of network disruption or cyberattack for the Company. There may also be system or network interruptions if new or upgraded systems are defective or not installed properly, or if data center operators fail to meet agreed service levels.

The Company has experienced network events, including those arising from third-party applications, in the past, none of which had a material impact on the Company. Any future outage in a network or system or other unanticipated problem that leads to an interruption or disruption of BlackBerry services, however, could have a material adverse effect on the Company’s business, results of operations and financial condition, and could adversely affect the Company’s reputation.

The loss of, or inability to maintain these developer relationships may materially and adversely affect the desirability of the Company’s products and, hence, the Company’s revenue from the sale of its products.

The Company’s ability to maintain and expand its market reach depends in part on establishing, developing and maintaining relationships with third party resellers and channel partners, especially silicon providers and hardware platform vendors in its QNX embedded software business.

If the Company is not able to effectively identify and establish new relationships with successful resellers and channel partners, or to maintain or enhance existing relationships without giving rise to conflicts between channels, or if the Company’s partners do not act in a manner that will promote the success of the Company’s products and services, the Company’s business, results of operations and financial condition could be materially adversely affected.

The Company’s products and services are dependent upon interoperability with rapidly changing systems provided by third parties.

If the Company fails to support timely integrations with third-party solutions, the Company’s business and reputation could suffer. This could further disrupt the Company’s product roadmap and cause it to delay introduction of planned products and services, features and functionality, which could harm the Company’s business.

Risks Related to Intellectual Property and Technology Licensing

Failure to protect the Company’s intellectual property could harm its ability to compete effectively and the Company may not earn the revenues it expects from intellectual property rights.

The Company’s commercial success is highly dependent upon its ability to protect its proprietary technology. The Company relies on a combination of patents, copyrights, trademarks, trade secrets, confidentiality procedures and contractual provisions to protect its proprietary rights, all of which offer only limited protection. Despite the Company’s efforts, the steps taken to protect its proprietary rights may not be adequate to preclude misappropriation of its proprietary information or infringement of its intellectual property rights. Detecting and protecting against the unauthorized use of the Company’s products, technology proprietary rights, and intellectual property rights is expensive, difficult and, in some cases, impossible. Litigation may be necessary in the future to enforce or defend the Company’s intellectual property rights and could result in substantial costs and

diversion of management resources, either of which could harm the Company’s business, financial condition and results of operations, and there is no assurance that the Company will be successful. Further, the laws of certain countries in which the Company’s products and services are sold or licensed do not protect intellectual property rights to the same extent as the laws of Canada or the United States.

With respect to patent rights, the Company cannot be certain whether any of its pending patent applications will result in the issuance of patents or whether the examination process will require the Company to narrow its claims. Furthermore, any patents issued could be challenged, invalidated or circumvented and may not provide proprietary protection or a competitive advantage. In addition, a number of the Company’s competitors and other third parties have been issued patents, and may have filed patent applications or may obtain additional patents and proprietary rights, for technologies similar to those that the Company has made or may make in the future. Public awareness of new technologies often lags behind actual discoveries, making it difficult or impossible to know all relevant patent applications at any particular time. Consequently, the Company cannot be certain that it was the first to develop the technology covered by its pending patent applications or that it was the first to file patent applications for the technology. In addition, the disclosure in the Company’s patent applications may not be sufficient to meet the statutory requirements for patentability in all cases.

While the Company enters into confidentiality and non-disclosure agreements with its employees, consultants, contract manufacturers, customers, potential customers and others to attempt to limit access to, and distribution of, proprietary and confidential information, it is possible that:

•some or all of its confidentiality agreements will not be honored;

•third parties will independently develop equivalent technology or misappropriate the Company’s technology or designs;

•disputes will arise with the Company’s strategic partners, customers or others concerning the ownership of intellectual property;

•unauthorized disclosure or use of the Company’s intellectual property, including source code, know-how or trade secrets will occur; or

•contractual provisions may not be enforceable.

Changes in the law may weaken the Company’s ability to collect royalty revenue for licensing its patents. Similarly, licensees of the Company’s patents may fail to satisfy their obligations to pay royalties, or may contest the scope and extent of their obligations. In addition, ongoing commercial relationships with potential licensees may limit the Company’s ability to optimize its patent licensing revenue.

The consideration payable to the Company from the sale of its non-core patent portfolio to Malikie Innovations Limited in fiscal 2024 (the “Malikie Transaction”) is expected to include potential future royalty payments.

Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Some open source licenses contain requirements that the Company make available source code for modifications or derivative works created by the Company based upon the type of open source software used. If the Company combines its proprietary solutions with open source software in a certain manner, the Company could, under certain of the open source licenses, face claims from third parties claiming ownership of or demanding the public release of the source code of the Company’s proprietary solutions, or demanding that the Company offer its solutions to users at no cost. This could allow the Company’s competitors to create similar solutions with lower development effort and time and ultimately could result in a loss of revenue to the Company. The Company could also be subject to litigation by parties claiming that what the Company believes to be licensed open source software infringes their intellectual property rights.

The terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that such licenses could be construed in a manner that could impose unanticipated conditions or restrictions on the Company’s ability to commercialize its products and services. In such an event, the Company could be exposed to litigation or reputational damage, and could be required to obtain licenses from third parties in order to continue offering its products and services or to re-engineer its products

or services, or discontinue their sale in the event re-engineering cannot be accomplished on a timely basis, any of which could materially and adversely affect the Company’s business and operating results.

The termination of any of these licenses, or the failure of such third parties to adequately maintain, protect or update their software or intellectual property rights, could delay the Company’s ability to offer its products while the Company seeks to implement alternative technology offered by other sources (which may not be available on commercially reasonable terms) or develop such technology internally (which would require significant unplanned investment on the Company’s part). The use of third-party software in the Company’s products could also expose the Company and its customers to security vulnerabilities.

The Company could be found to have infringed on the intellectual property rights of others.

Companies in the software and technology industries, including some of the Company’s current and potential competitors, own large numbers of patents, copyrights, trademarks and trade secrets and frequently engage in litigation based on allegations of infringement or other violations of intellectual property rights. Although the Company believes that third-party software included in the Company’s products is licensed from the entity holding the intellectual property rights and that its products do not infringe on the rights of third parties, third parties have and are expected to continue to assert infringement claims against the Company in the future. The Company may be subject to these types of claims either directly or indirectly through indemnities that it provides to certain of its customers, partners and suppliers against these claims.

Many intellectual property infringement claims are brought by entities whose business model is to obtain patent-licensing revenues from operating companies such as the Company. Because such entities do not typically generate their own products or services, the Company cannot deter their claims based on counterclaims that they infringe patents in the Company’s portfolio or by entering into cross-licensing arrangements.

Regardless of whether patent or other intellectual property infringement claims against the Company have any merit, they could:

•adversely affect the Company’s relationships with its customers;

•be time-consuming and expensive to evaluate and defend, including in litigation or other proceedings;

•result in negative publicity for the Company;

•divert management’s attention and resources;

•cause product delays or stoppages;

•subject the Company to significant liabilities;

•require the Company to develop possible workaround solutions that may be costly and disruptive to implement; and

•require the Company to cease certain activities or to cease selling its products and services in certain markets.

In addition, any such claim may require the Company to enter into costly royalty agreements or obtain a license for the intellectual property rights of third parties. Such licenses may not be available or they may not be available on commercially reasonable terms.

Any of the foregoing infringement claims and related litigation could have a significant adverse impact on the Company’s business and operating results, as well as the Company’s ability to generate future revenues and profits. See also “Legal Proceedings” in this Annual Report on Form 10-K.

Risks Related to Assets, Indebtedness and Taxation

The Company has incurred indebtedness, which could adversely affect its operating flexibility and financial condition.

The Company has, and may from time to time in the future have, third-party debt service obligations pursuant to its outstanding indebtedness, which currently includes $200 million aggregate principal amount of 3.00% Senior Convertible Notes maturing on February 15, 2029 (the “Notes”). The degree to which the Company is leveraged could have important consequences, including that:

•the Company’s ability to obtain additional debt financing may be limited; and

•a portion of the Company’s cash flow from operations or other capital resources will be dedicated to the payment of the principal of, and/or interest on, indebtedness, thereby reducing funds available for working capital, capital expenditures, strategic initiatives or other business purposes.

If the Company cannot maintain an adequate cash balance or positive cash flow from operations, the Company may be unable to pay amounts due under its outstanding indebtedness or to fund other liquidity needs and it may be required to refinance all or part of its then existing indebtedness, sell assets, reduce or delay capital expenditures or seek to raise additional capital, any of which could have a material adverse effect on the Company’s business, results of operations and financial condition. There can be no assurance that the Company would be able to restructure or refinance the Notes on terms as favourable as those currently in place.

The Notes are subject to restrictive and other covenants that may limit the discretion of the Company and its subsidiaries with respect to certain business matters. A breach of any of these covenants could result in a default under the Company’s outstanding indebtedness, which would have a material adverse effect on the Company’s business, results of operations and financial condition.

As partial consideration for the sale of its Cylance endpoint security assets and liabilities to Arctic Wolf, the Company received common shares of Arctic Wolf. The common shares of Arctic Wolf are illiquid securities without a public market and, as such, they cannot be readily sold or exchanged for cash and they may be difficult to value accurately. The Company may not be able to sell these shares at desired times or prices, which could negatively impact its financial condition and results of operations.

Under U.S. GAAP, the Company reviews its long-lived assets for impairment when events or changes in circumstances indicate the carrying value may not be recoverable. The Company’s ability to generate sufficient cash flows to fully recover the current carrying value of these assets depends on the successful execution of its strategies. If it is determined that sufficient future cash flows do not exist to support the current carrying value, the Company will be required to record an impairment charge for long-lived assets in order to adjust the value of these assets to the newly established estimated value.

Goodwill represents the excess of the acquisition price over the fair value of identifiable net assets acquired. Under U.S. GAAP, the Company tests goodwill for impairment annually, during the fourth quarter, or more frequently if events or changes in circumstances indicate that the asset may be impaired.

Tax provision changes, the adoption of new tax legislation or exposure to additional tax liabilities could materially impact the Company’s financial condition.

Significant judgment is required in determining its worldwide liability for income, indirect and other taxes, as well as potential penalties and interest. In the ordinary course of the Company’s business, there are many transactions and calculations where the ultimate tax determination is uncertain. Although the Company believes that its tax estimates are reasonable, there can be no assurance that the final determination of any tax audits will not be materially different from that which is reflected in historical income, indirect and other tax provisions and accruals. Should additional taxes or penalties and interest be assessed as a result of an audit, litigation or changes in tax laws, there could be a material adverse effect on the Company’s current and future results and financial condition. In addition, there is a risk of recoverability of future deferred tax assets.

The Company’s future effective tax rate will depend on the relative profitability of the Company’s domestic and foreign operations, the statutory tax rates and taxation laws of the related tax jurisdictions, the tax treaties between the countries in which the Company operates, the timing of the release, if any, of the valuation allowance, and the relative proportion of research and development incentives to the Company’s profitability.

Under U.S. federal income tax laws, if a company is, or for any past period was, a passive foreign investment company (“PFIC”), there could be adverse U.S. federal income tax consequences to U.S. shareholders even if the Company is no longer a PFIC. While the Company does not believe that it is currently a PFIC, there can be no assurance that the Company was not a PFIC in the past and will not be a PFIC in the future.

Risks Related to Regulation

The use and management of user data and personal information could give rise to liabilities as a result of legal, customer and other third-party requirements.

User data and personal information is increasingly subject to new and amended legislation and regulations in numerous jurisdictions around the world that are intended to protect the privacy and security of personal information, as well as the collection, storage, transmission, use and disclosure of such information.

The interpretation of privacy and data protection laws and their application to the Internet and mobile communications in a number of jurisdictions is unclear and evolving. There is a risk that these laws may be interpreted and applied in conflicting ways from country to country and in a manner that is not consistent with the Company’s current data protection practices. Complying with these varying international requirements could cause the Company to incur additional costs and change the Company’s business practices. In addition, because the Company’s services are accessible worldwide, certain foreign jurisdictions may claim that the Company is required to comply with their laws, even where the Company has no local entity, employees, or infrastructure. Non-compliance could result in penalties or significant legal liability and the Company’s business, results of operations and financial condition may be adversely affected.

Such expectations or requirements could subject the Company to additional costs, liabilities or negative publicity, and limit its future growth. In addition, governmental authorities may require access to limited data stored by the Company through lawful access demands and capabilities, which could subject the Company to legal liability, unforeseen compliance cost and negative publicity. Even a perception that the Company’s products or practices do not adequately protect users’ privacy or data collected by the Company, made available to the Company or stored in or through the Company’s products, or that they are being used by third parties to access personal or consumer data, could impair the Company’s sales or its reputation.

Government regulations applicable to the Company’s products and services, including products containing encryption capabilities, could negatively impact the Company’s business.

Various countries have enacted laws and regulations, adopted controls, license or permit requirements, and restrictions on the export, import, and use of products or services that contain encryption technology. Complying with such regulations could also require the Company to devote additional research and development resources to change the Company’s software or services or alter the methods by which the Company makes them available, which could be costly. In addition, failure to comply with such regulations could result in penalties, costs and restrictions on import or export privileges or adversely affect sales to government agencies or government funded projects.

Environmental, social and governance (“ESG”) expectations and standards expose the Company to risks that could adversely affect the Company’s reputation and performance.

Regulatory requirements and standards for identifying, measuring and reporting ESG matters continue to evolve in many of the jurisdictions in which the Company operates. If the Company’s ESG practices or disclosures do not meet evolving investor or other stakeholder expectations and standards, then the reputation of the Company, its ability to attract or retain employees, and its attractiveness as an investment, business partner, acquiror or service provider could be negatively impacted. Further, the Company’s failure or perceived failure to pursue or fulfill ESG objectives or to satisfy applicable reporting standards on a timely basis, or at all, could have similar negative impacts or expose the Company to government enforcement actions and private litigation

At the same time, “anti-ESG” sentiment has recently gained momentum across the U.S., as evidenced most notably by state legislative actions, investor initiatives, and an executive order opposing diversity, equity and inclusion (“DEI”) programs in the private sector. Anti-ESG and anti-DEI-related policies, legislation, initiatives, litigation, and scrutiny could result in the Company facing additional compliance obligations, becoming the subject of investigations or enforcement actions, or sustaining reputational harm.

Failure of the Company’s suppliers, subcontractors, channel partners and representatives to use acceptable ethical business practices or to comply with applicable laws could negatively impact the Company’s business.

The Company expects its suppliers, subcontractors, licensees and other partners to operate in compliance with applicable laws, rules and regulations regarding working conditions, labour and employment practices, environmental compliance, anti-corruption, and patent and trademark licensing, as detailed in the Company’s Supplier Code of Conduct. However, the Company does not directly control their labour and other business practices. If one of the Company’s suppliers or subcontractors violates applicable labour, anti-corruption or other laws, or implements labour or other business practices that are regarded as unethical, or if a supplier or subcontractor fails to comply with procedures designed by the Company to adhere to existing or proposed regulations, the delivery of BlackBerry products could be interrupted, orders could be canceled, relationships could be terminated, the Company’s reputation could be damaged, and the Company may be subject to liability. Any of these events could have a negative impact on the Company’s business, results of operations and financial condition.

General Risk Factors

Acquisitions, divestitures, investments and other business initiatives may negatively affect the Company’s results of operations.

The Company actively evaluates opportunities to acquire or invest in businesses, assets, products, services and technologies.

As business circumstances dictate, the Company may also decide to divest itself of assets or businesses. The Company’s inability to address these risks could adversely affect the Company’s business, results of operations and financial condition.

The Company’s business is subject to risks inherent in foreign operations, including fluctuations in foreign currencies.

Sales outside of North America account for a significant portion of the Company’s revenue. The Company maintains offices in a number of foreign jurisdictions and intends to continue to pursue growth in select international markets. The Company is subject to a number of risks associated with its foreign operations that may increase liability and costs, lengthen sales cycles and require significant management attention. These risks include:

•compliance with the laws and regulations of Canada, the United States and other countries that apply to the Company’s international operations, including import and export legislation, trade sanctions, lawful access, and privacy, anti-corruption and consumer protection laws;

•reliance on third parties to establish and maintain foreign operations;

•instability in economic or political conditions;

•foreign exchange controls and cash repatriation restrictions;

•tariffs and other trade barriers;

•increased credit risk and difficulties in collecting accounts receivable;

•potential adverse tax consequences;

•uncertainties of laws and enforcement relating to the protection of intellectual property;

•litigation in foreign court systems;

•cultural and language differences; and

•difficulty in managing a geographically dispersed workforce.

In addition, the Company is exposed to foreign exchange risk as a result of transactions in currencies other than its U.S. dollar functional currency. The majority of the Company’s revenue is denominated in U.S. dollars; however, some revenue, and a substantial portion of operating costs and capital expenditures are incurred in other currencies, primarily Canadian dollars, euros and British Pounds. For more details, please refer to the discussion of foreign exchange and income taxes in the Company’s MD&A for the fiscal year ended February 28, 2026.

All of the above factors may have a material adverse effect on the Company’s business, results of operations and financial condition and there can be no assurance that the policies and procedures implemented by the Company to address or mitigate these risks will be successful, that Company personnel will comply with them, or that the Company will not experience these factors in the future.

Environmental events may negatively affect the Company.

The Company has operations in numerous locations around the world that expose the Company to additional diverse environmental risks. A significant natural disaster, such as an earthquake, fire or flood could have a material adverse impact on the Company’s business and operations and could cause the Company to incur costs to repair damages to its facilities, equipment and infrastructure. From time to time, the Company’s offices and remote working locations have historically

experienced, and are projected to continue to experience, climate-related events including drought, heat waves, ice storms, power shortages, and wildfires and resultant air quality impacts. The increasing frequency and impact of extreme weather events on the infrastructure of the Company and its suppliers, as well as public infrastructure, have the potential to disrupt the business of the Company, its suppliers and its customers.

Although the Company maintains incident management and disaster response plans, they may prove to be inadequate in the event of a major disruption caused by a natural disaster or geopolitical incident and the Company may be unable to continue its operations and may endure system interruptions, reputational harm, delays in its development activities, lengthy interruptions in service, breaches of data security and loss of critical data, and the Company’s insurance may not cover such events or may be insufficient to compensate the Company for the potentially significant losses it may incur.

The Company expects its quarterly revenue and operating results to fluctuate.

The Company’s revenues can change from one quarter to the next, including due to unexpected developments late in a quarter, such as lower-than-anticipated demand for the Company’s products and services, issues with new product or service introductions, an internal systems failure, or challenges with one of the Company’s distribution channels or other partners (including licensees and manufacturers).

Gross margins on the Company’s products and services vary across product lines and can change over time as a result of product transitions, pricing and configuration changes, and cost fluctuations. In addition, the Company’s gross margin and operating margin percentages, as well as overall profitability, may be materially adversely impacted as a result of a shift in product/service, geographic or channel mix, component cost increases, price competition, or the introduction of new products and services, including those that have higher cost structures or reduced pricing.

The market price of the Company’s common shares is volatile.

The market price of the Company’s outstanding common shares has been and continues to be volatile. In addition, dilutive share issuances could adversely affect the market price of the Company’s outstanding common shares.

In addition, broad market and industry factors may decrease the market price of the Company’s common shares, regardless of the Company’s operating performance. The stock market in general, and the securities of technology companies in particular, have often experienced extreme price and volume fluctuations. Periods of volatility in the market price of the Company’s securities may prompt securities class action litigation against the Company which, if not resolved swiftly, can result in substantial costs and a diversion of management’s attention and resources. See also the Risk Factor entitled “Litigation against the Company may result in adverse outcomes” and the “Legal Proceedings” section in this Annual Report on Form 10-K.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

ITEM 1C. CYBERSECURITY

Cybersecurity Risk Management and Strategy

The Company’s cybersecurity risk management program is an integral part of its overall enterprise risk management efforts.

To mitigate risk to its systems, endpoints and data, the Company evaluates internal and external threat intelligence, deploys encryption and authentication technologies and other protective measures, maintains security policies and procedures, and conducts awareness training. The Company also conducts penetration and vulnerability testing and other risk assessments,

implements appropriate internal controls, and engages independent third-party auditors to evaluate its compliance with security industry standards.

The Company’s incident response team, comprised of representatives from the Company’s information technology, information security, product security, engineering, communications, privacy and legal groups, is responsible for addressing potential and actual security threats and other security incidents and implementing the Company’s incident response plan.

The readiness of the incident response team is promoted through table-top exercises and threat simulations, including during the fiscal year ended February 28, 2026. The Company also conducts mandatory training of all employees on its security and data privacy practices and policies and periodically sends simulated phishing emails to employees to build resilience.

In addition, the Company maintains specific policies and practices to mitigate third party security risks, including a process for evaluating the security controls of vendors and service providers who exchange data with the Company or have access to or integrate with the Company’s systems.

For the years covered by this report, the Company did not identify any security threats or incidents that have materially affected or are reasonably likely to materially affect its business strategy, results of operations or financial condition. However, like all other enterprises, the Company faces known and unknown cybersecurity risks and threats that are not fully mitigated. While the Company works continuously to enhance its security programs and risk management efforts, it discovers vulnerabilities from time to time and there can be no assurance that the Company has not experienced an undetected cybersecurity incident or that it will not experience material loss or damage from an incident in the future.

Cybersecurity Governance

The Board oversees the Company’s enterprise risk management program, including cybersecurity risk. The Audit and Risk Management Committee assist the Board in this oversight. For more information, see Part 3, Item 10, “Directors, Executive Officers and Corporate Governance – Enterprise Risk Management”.

The Company’s cybersecurity program is managed by the Chief Information Security Officer (“CISO”), who leads a team of information security professionals and is responsible for activities to prevent, detect, mitigate, and remediate cybersecurity risk. The CISO provides quarterly updates to the Board on the program, including security control coverage and effectiveness, vulnerability testing and remediation, and security operations.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
BB	2 hours ago
IXAQF	2 hours ago
TLYS	2 hours ago
BEEM	2 hours ago
URSB	3 hours ago
DFNS	4 hours ago
BYND	21 hours ago
ALCY	1 day ago
HYEX	1 day ago
MOBQ	1 day, 1 hour ago
GAME	1 day, 2 hours ago
PPSI	1 day, 2 hours ago
HSPT	1 day, 2 hours ago
BBGI	1 day, 2 hours ago
BUDZ	1 day, 3 hours ago
HBUV	1 day, 4 hours ago
VIRC	1 day, 5 hours ago
GRUSF	1 day, 21 hours ago
SMTK	1 day, 21 hours ago
SBMW	2 days, 1 hour ago
AIEV	2 days, 1 hour ago
SKIL	2 days, 2 hours ago
QMCI	2 days, 4 hours ago
JAGX	2 days, 12 hours ago
CLCS	3 days ago
CMBMF	3 days, 1 hour ago
ELVG	3 days, 2 hours ago
SMXT	3 days, 2 hours ago
IQST	3 days, 2 hours ago
JBK	3 days, 7 hours ago
SAFX	1 week, 2 days ago
RVRC	1 week, 2 days ago
AIRS	1 week, 2 days ago
CYCU	1 week, 2 days ago
CBDY	1 week, 2 days ago
GEMI	1 week, 2 days ago
SOLC	1 week, 2 days ago
ZVSA	1 week, 2 days ago
LCGMF	1 week, 2 days ago
TRNR	1 week, 2 days ago
SLSN	1 week, 2 days ago
LTUM	1 week, 2 days ago
SVAQ	1 week, 2 days ago
INKT	1 week, 2 days ago
GNLN	1 week, 2 days ago
NCNO	1 week, 2 days ago
CEPS	1 week, 2 days ago
STSS	1 week, 2 days ago
BDCO	1 week, 2 days ago
SKAS	1 week, 2 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - BB

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - BB

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing