Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

Risk Factors - DDOG

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$DDOG Risk Factor changes from 00/02/24/23/2023 to 00/02/23/24/2024

Item 1A. Risk FactorsOur operations and financial results are subject to various risks and uncertainties including those described below.

You should consider carefully the risks and uncertainties described below, in addition to other information contained in this Annual Report on Form 10-K, including our consolidated financial statements and related notes. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that adversely affect our business. If any of the following risks or others not specified below materialize, our business, financial condition and results of operations could be materially and adversely affected. In that case, the trading price of our Class A common stock could decline.Risks Associated with our GrowthUnfavorable conditions in our industry or the global economy, or reductions in information technology spending, could limit our ability to grow our business and negatively affect our results of operations.Our results of operations may vary based on the impact of unfavorable changes in our industry or the global economy on us or our customers and potential customers. Unfavorable conditions in the economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth in the United States or abroad, financial and credit market fluctuations, inflation, rising interest rates, international trade relations, political turmoil, natural catastrophes, outbreaks of contagious diseases, such as the COVID-19 pandemic, warfare and terrorist attacks on the United States, Europe, the Asia Pacific region or elsewhere, such as the conflict in the Middle East, could cause a decrease in business investments, including spending on information technology, disrupt the timing and cadence of key industry events, and negatively affect the growth of our business and our results of operations. Unfavorable conditions in the economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth in the United States or abroad, financial and credit market fluctuations, inflation, rising interest rates, international trade relations, political turmoil, natural catastrophes, outbreaks of contagious diseases (such as the COVID-19 pandemic), warfare and terrorist attacks on the United States, Europe, the Asia Pacific region or elsewhere, could cause a decrease in business investments, including spending on information technology, disrupt the timing and cadence of key industry events, and negatively affect the growth of our business and our results of operations. For example, the COVID-19 pandemic adversely affected workforces, economies and financial markets globally, leading to a reduction in the ability of, or the inability of, customers, partners, suppliers, vendors or other parties to meet their contractual obligations, and for a period of time, a reduction in customer spending on technology, and such conditions may reoccur in the future.20The COVID-19 pandemic adversely affected workforces, economies and financial markets globally, leading to a reduction or an inability for our customers, partners, suppliers or vendors or other parties with whom we do business to meet their contractual obligations, and for a period of time, a reduction in customer spending on our solutions, and such conditions may reoccur. The war in Ukraine and the related political and economic responses imposed on Russia such as sanctions, may also exacerbate these issues and trends especially in Europe. The war in Ukraine and the related political and economic responses imposed on Russia such as sanctions, may exacerbate these issues and trends especially in Europe. More recently, in response to persistently high inflation, the U.S. Federal Reserve has increased interest rates, which may reduce economic growth and cause companies to decrease spending on information technology. These types of unfavorable conditions could disrupt the timing of and attendance at key industry events, which we rely upon in part to generate sales of our products. If those events are disrupted, our marketing investments, sales pipeline and ability to generate new customers and sales of our products could be negatively and adversely affected. Our competitors, many of which are larger and have greater financial resources than we do, may respond to challenging market conditions by lowering prices in an attempt to attract our 13customers and may be less dependent on key industry events to generate sales for their products. The increased pace of consolidation in certain industries may result in reduced overall spending on our products and solutions. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or how any such event may impact our business. Our recent rapid growth may not be indicative of our future growth.Our recent rapid growth may not be indicative of our future growth. Our rapid growth also makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.Our revenue was $2,128.Our revenue was $1,675. 4 million, $1,675.1 million, $1,028. 1 million and $1,028.7 million and $24. 8 million for the years ended December 31, 2023, 2022 and 2021, respectively. You should not rely on the revenue growth of any prior quarterly or annual period as an indication of our future performance. Even if our revenue continues to increase, we expect that our revenue growth rate will decline in the future as a result of a variety of factors, including the maturation of our business. Overall growth of our revenue depends on a number of factors, including our ability to:•price our products effectively so that we are able to attract new customers and expand sales to our existing customers;•expand the functionality and use cases for the products we offer on our platform;•maintain and expand the rates at which customers purchase and renew subscriptions to our platform;•provide our customers with support that meets their needs;•continue to introduce our products to new markets outside of the United States;•successfully identify and acquire or invest in businesses, products or technologies that we believe could complement or expand our platform; and•increase awareness of our brand on a global basis and successfully compete with other companies.We may not successfully accomplish any of these objectives, and as a result, it is difficult for us to forecast our future results of operations. If the assumptions that we use to plan our business are incorrect or change in reaction to changes in our market, or if we are unable to maintain consistent revenue or revenue growth, our stock price could be volatile, and it may be difficult to achieve and maintain profitability. You should not rely on our revenue for any prior quarterly or annual periods as any indication of our future revenue or revenue growth.In addition, we expect to continue to expend substantial financial and other resources on:•our technology infrastructure, including systems architecture, scalability, availability, performance and security;•our sales and marketing organization to engage our existing and prospective customers, increase brand awareness and drive adoption of our products;•product development, including investments in our product development team and the development of new products and new functionality for our platform as well as investments in further optimizing our existing products and infrastructure;•acquisitions or strategic investments;•international expansion; and•general administration.These investments may not result in increased revenue growth in our business. If we are unable to maintain or increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial position, and results of operations will be harmed, and we may not be able to achieve or maintain profitability over the long term. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays, and other unknown factors that may result in losses in future periods. If our revenue growth does not meet our expectations in future periods, our business, financial position and results of operations may be harmed, and we may not achieve or maintain profitability in the future.We have a history of operating losses and may not achieve or sustain profitability in the future.We have experienced net losses in several recent fiscal years and as of December 31, 2023, we had an accumulated deficit of $153.7 million.3 million. While we have experienced significant revenue growth in recent periods and periods of 14profitability, we are not certain whether or when we will obtain a high enough volume of sales to sustain or increase our growth or maintain profitability in the future. While we have experienced significant revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales to sustain or increase our growth or achieve or maintain profitability in the future. We also expect our costs and expenses to increase in future periods, which could negatively affect our future results of operations if our revenue does not increase. In particular, we intend to continue to expend significant funds to further develop our platform, including by introducing new products and functionality, and to expand our inside and field sales teams and customer success team to drive new customer adoption, expand use cases and integrations, and support international expansion. We will also face increased compliance costs associated with growth and the expansion of our customer base. We will also face increased compliance costs associated with growth, the expansion of our customer base, and being a public company. Our efforts to grow our business may be costlier than we expect, or the rate of our growth in revenue may be slower than we expect, and we may not be able to increase our revenue enough to offset our increased operating expenses. We may incur significant losses in the future for a number of reasons, including the other risks described herein, and unforeseen expenses, difficulties, complications or delays, and other unknown events. If we are unable to sustain profitability, the value of our business and Class A common stock may significantly decrease. If we are unable to achieve and sustain profitability, the value of our business and Class A common stock may significantly decrease. We have a limited operating history at our current scale, which makes it difficult to forecast our future results of operations.As a result of our limited operating history at our current scale and the introduction of several new products in recent years, our ability to accurately forecast our future results of operations is limited and subject to a number of uncertainties, including our ability to plan for and model future growth. Our historical revenue growth should not be considered indicative of our future performance. Further, in future periods, our revenue growth could slow or our revenue could decline for a number of reasons, including slowing demand for our products, increasing competition, changes to technology, a decrease in the growth of our overall market, or our failure, for any reason, to continue to take advantage of growth opportunities. We have also encountered, and will continue to encounter, risks and uncertainties frequently experienced by growing companies in rapidly changing industries, such as the risks and uncertainties described herein. If our assumptions regarding these risks and uncertainties and our future revenue growth are incorrect or change, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations, and our business could suffer.We may require additional capital to support the growth of our business, and this capital might not be available on acceptable terms, if at all.We have funded our operations since inception primarily through equity and debt financings and sales of our products. We cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business. We intend to continue to make investments to support our business, which may require us to engage in equity or debt financings to secure additional funds. Additional financing may not be available on terms favorable to us, if at all. If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, operating results, and financial condition. If we incur additional debt, the debt holders would have rights senior to holders of common stock to make claims on our assets, and the terms of any debt could restrict our operations, including our ability to pay dividends on our common stock. Because our decision to issue securities in the future will depend on numerous considerations, including factors beyond our control, we cannot predict or estimate the amount, timing, or nature of any future issuances of debt or equity securities. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our common stock and diluting their interests.Strategic and Operational RisksOur business depends on our existing customers purchasing additional subscriptions and products from us and renewing their subscriptions. If our customers do not renew or expand their subscriptions with us, our future operating results would be harmed.Our future success depends in part on our ability to sell additional subscriptions and products to our existing customers, and our customers renewing their subscriptions when the contract term expires. The terms of our subscription agreements are primarily monthly or annual, with some quarterly, semiannual and multi-year. Our customers have no obligation to renew their subscriptions for our products after the expiration of their subscription period. In order for us to maintain or improve our results of operations, it is important that our customers renew or expand their subscriptions with us. Whether our customers renew or expand their subscriptions with us may be impacted by a number of factors, including business strength or weakness of our customers, customer usage, customer satisfaction with our products and platform capabilities and customer support, our prices, the capabilities and prices of competing products, mergers and acquisitions affecting our customer base, consolidation of affiliates’ multiple paid business accounts into a single paid business account, or reductions in our customers’ spending on IT solutions or their spending levels generally. These factors may be exacerbated by unfavorable conditions in the economy, see “Risks Associated with our Growth—Unfavorable conditions in our industry or the global economy, or reductions in information technology spending, could limit our ability to grow our business and negatively affect our results of operations” above. These factors may also be exacerbated if, consistent with our growth strategy, our customer base continues 15to grow to encompass larger enterprises, which may also require more sophisticated and costly sales efforts. If our customers do not purchase additional subscriptions and products from us or our customers fail to renew their subscriptions, our revenue may decline and our business, financial condition and results of operations may be harmed.If we are unable to attract new customers, our business, financial condition and results of operations will be adversely affected.To increase our revenue, we must continue to attract new customers. Our success will depend to a substantial extent on the widespread adoption of our platform and products as an alternative to existing solutions. Many enterprises have invested substantial personnel and financial resources to integrate traditional on-premise architectures into their businesses and, therefore, may be reluctant or unwilling to migrate to cloud computing. Further, the adoption of SaaS business software may be slower in industries with heightened data security interests or business practices requiring highly-customizable application software. In addition, as our market matures, our products evolve, and competitors introduce lower cost or differentiated products that are perceived to compete with our platform and products, our ability to sell subscriptions for our products could be impaired. Similarly, our subscription sales could be adversely affected if customers or users within these organizations perceive that features incorporated into competitive products reduce the need for our products or if they prefer to purchase other products that are bundled with solutions offered by other companies that operate in adjacent markets and compete with our products. As a result of these and other factors, we may be unable to attract new customers, which may have an adverse effect on our business, financial condition and results of operations.Failure to effectively develop and expand our sales and marketing capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our products.Our ability to increase our customer base and achieve broader market acceptance of our products and platform capabilities will depend to a significant extent on our ability to expand our sales and marketing organization. We plan to continue expanding our direct sales force, both domestically and internationally. We also plan to dedicate significant resources to sales and marketing programs. All of these efforts will require us to invest significant financial and other resources, including in channels in which we have limited or no experience to date. Our business and results of operations will be harmed if our sales and marketing efforts do not generate significant increases in revenue or increases in revenue that are smaller than anticipated. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop, integrate and retain talented and effective sales personnel, if our new and existing sales personnel, on the whole, are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective.If we or our third-party service providers experience, or are unable to protect against cyber-attacks, ransomware, security incidents, or security breaches, or if unauthorized parties otherwise obtain access to or otherwise compromise our customers’ data, our data, or our platform and information technology systems, then our solution may be perceived as not being secure, our reputation may be harmed, demand for our platform and products may be reduced, and we may incur significant liabilities or additional expenses.If we or our third-party service providers experience, or are unable to protect against cyber attacks, ransomware, security incidents, or security breaches, or if unauthorized parties otherwise obtain access to our customers’ data, our data, or our platform and information technology systems, then our solution may be perceived as not being secure, our reputation may be harmed, demand for our platform and products may be reduced, and we may incur significant liabilities or additional expenses. We collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of and share personal information, confidential information and other information necessary to provide our services, to operate our business, for legal and marketing purposes, and for other business-related purposes.We collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of and share personal information, confidential information and other information necessary to provide our service, to operate our business, for legal and marketing purposes, and for other business-related purposes. Our platform and products involve the storage and transmission of data, including personal information, and security breaches or unauthorized access to our platform and products, or those of our third-party service providers, could result in the unauthorized, unlawful, or accidental acquisition, modification, destruction, loss, alteration, encryption, disclosure of, or access to sensitive information including our customers' data.Our platform and products involve the storage and transmission of data, including personal information, and security breaches or unauthorized access to our platform and products, or those of our third-party service providers, could result in the unauthorized, unlawful, or accidental acquisition, modification, destruction, loss, alteration, encryption, disclosure of, or access to sensitive information including our customers' data. Consequently, we may be subject to significant litigation, indemnity obligations, fines, penalties, disputes, investigations and other liabilities. We have previously and may in the future become the target of cyber-attacks by third parties seeking to gain unauthorized access to and exfiltrate our or our customers’ data, including confidential and personal information, from certain of our infrastructure resources, or to disrupt our ability to provide our services. We have previously and may in the future become the target of cyber-attacks by third parties seeking unauthorized access to our or our customers’ data or to disrupt our ability to provide our services. In addition, many of our employees are working remotely, which may pose additional data security risks (including, for example, an increase in phishing and malicious emails we began experiencing during 2020). The reliability and continuous availability of our platform is critical to our success. However, complex software such as ours can contain errors, defects, security vulnerabilities or software bugs that, despite testing by us, are difficult to detect and correct, particularly when such vulnerabilities are first introduced or when new versions or enhancements of our platform are released. Real or perceived errors, defects, security vulnerabilities or software bugs in our products could result in reputational harm, reduce the demand for our products and expose us to breach of contract claims, regulatory fines and related liabilities. Real or perceived errors, defects, security vulnerabilities or software bugs in our products could result in reputational harm, reduce the demand for our products and expose us to breach of contract claims, regulatory fines and related liabilities. 16We may use third-party service providers and sub-processors to help us deliver services to our customers. These vendors, such as cloud infrastructure providers, may store or process personal and confidential information for us or our customers. We use third-party technology, systems and services in a variety of contexts, including, without limitation, encryption and authentication technology, employee email, content delivery to customers, back-office support, credit card processing and other functions. While we have taken steps to protect the confidential and personal information that we have access to, our security measures or those of our third-party service providers that store or otherwise process certain of our and our customers’ data on our behalf could be breached or we could suffer a loss of our or our customers’ data. Our ability to monitor our third-party service providers’ data security is limited. Cyber-attacks, computer malware, viruses, employee mistakes or malfeasance, social engineering (including spear phishing), malicious code, denial-of-service attacks, credential harvesting and general hacking have become more prevalent in our industry, particularly against cloud services. Cyber-attacks, computer malware, viruses, employee mistakes or malfeasance, social engineering (including spear phishing and ransomware attacks), malicious code, denial-of-service attacks, credential harvesting and general hacking have become more prevalent in our industry, particularly against cloud services. Ransomware attacks, including those from organized criminal threat actors, nation-states and nation-state supported actors, are becoming increasingly prevalent and can lead to significant interruptions, delays, or outages in our operations, loss of data (including customer data), loss of income, significant extra expenses to restore data or systems, reputational loss and the diversion of funds. To alleviate the financial, operational and reputational impact of a ransomware attack it may be preferable to make extortion payments, but we may be unwilling or unable to do so (including, for example, if applicable laws or regulations prohibit such payments). Similarly, supply chain attacks have increased in frequency and severity, and we cannot guarantee that third parties and infrastructure in our supply chain have not been compromised or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our platform, systems and networks or the systems and networks of third parties that support us and our services. Despite the security controls we have in place, such attacks are very difficult to avoid. There can be no assurance that any security measures that we or our third-party service providers have implemented will be effective against current or future security threats. While we have developed systems and processes designed to protect the integrity, confidentiality, and security of our and our customers’ data, our security measures or those of our third-party service providers could fail and result in unauthorized access to or disclosure, modification, misuse, loss or destruction of such data.Third parties may also conduct attacks designed to temporarily deny customers access to our cloud services. Any security breach or other security incident, or the perception that one has occurred, could result in a loss of customer confidence in the security of our platform and damage to our brand, reduce the demand for our products, disrupt normal business operations, require us to spend material resources to investigate or correct the breach and to prevent future security breaches and incidents, expose us to legal liabilities, including litigation, regulatory enforcement, and indemnity obligations, and adversely affect our business, financial condition and results of operations. These risks are likely to increase as we continue to grow and process, store, and transmit increasingly large amounts of data.In addition, we do not directly control content that our customers store in our products. If our customers use our products for the collection, transmission or storage of personal information and our security measures are or are believed to have been breached as a result of third-party action, employee error, malfeasance or otherwise, our reputation could be damaged, our business may suffer, and we could incur significant liability. In addition, our remediation efforts may not be successful.We also process, store and transmit our own data as part of our business and operations. This data may include personal, confidential or proprietary information. We may expend significant resources, fundamentally change our business activities and practices, or modify our operations or information technology in an effort to protect against security incidents and to mitigate, detect, and remediate actual and potential vulnerabilities.We take steps designed to detect, mitigate, and remediate vulnerabilities in our information systems (such as our hardware and/or software, including that of third parties upon which we rely). We may not, however, detect and remediate all such vulnerabilities on a timely basis. Among other things, our applications, systems, networks, software, other computer assets and physical facilities could be breached or could otherwise malfunction or fail, or the personal or confidential information that we store could be otherwise compromised due to employee error or malfeasance, if, for example, third parties fraudulently induce our employees or our members to disclose information or user names and/or passwords, or otherwise compromise the security of our networks, systems and/or physical facilities. Additionally, from time to time employees or service providers may inadvertently misconfigure resources or misdirect certain communications, leading to security vulnerabilities or incidents that we must then expend effort and incur expenses to correct.We may have contractual and other legal obligations to notify relevant stakeholders of security incidents. For instance, most jurisdictions have enacted laws, such as the U.S. Health Insurance Portability and Accountability Act of 1996, or HIPAA, requiring companies to notify individuals, regulatory authorities, and others of security breaches involving certain types of data. Such mandatory contractual and legal disclosures are costly, could lead to negative publicity, may cause our 17customers to lose confidence in the effectiveness of our security measures and require us to expend significant capital and other resources to respond to and/or alleviate problems caused by the actual or perceived security breach, and any failure to provide appropriate notice may violate the terms of our customer contracts. Applicable laws, our contracts, our representations, or industry standards may require us to use industry-standard or reasonable measures to safeguard sensitive personal information or confidential information. A security breach could lead to claims by our customers, or other relevant stakeholders, that we have failed to comply with such legal or contractual obligations. As a result, we could be subject to legal action or our customers could end their relationships with us. Further, there can be no assurance that any limitations of liability in our contracts would be enforceable or adequate or would otherwise protect us from liabilities or damages.The costs to respond to a security breach and/or mitigate any security vulnerabilities that may be identified could be significant, our efforts to address these problems may not be successful, and these problems could result in unexpected interruptions, delays, cessation of service, negative publicity, and other harm to our business and our competitive position. We could be required to fundamentally change our business activities and practices in response to a security breach or related regulatory actions or litigation, which could have an adverse effect on our business.Additionally, we cannot be certain that our insurance coverage will be adequate for fines, judgments, settlements, penalties, costs, attorney fees and other impacts that arise out of privacy or security incidents or breaches. If the impacts of a privacy or security incident or breach, or the successful assertion of one or more large claims against us that exceeds our available insurance coverage, or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements), it could have an adverse effect on our business. In addition, we cannot be sure that our existing insurance coverage, cyber coverage and coverage for errors and omissions will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could adversely affect our reputation, business, financial condition and results of operations. Our risks are likely to increase as we continue to expand, grow our customer base, and process, store, and transmit increasingly large amounts of proprietary and sensitive data.Interruptions or performance problems associated with our products and platform capabilities may adversely affect our business, financial condition and results of operations.Our continued growth depends in part on the ability of our existing and potential customers to access our products and platform capabilities at any time and within an acceptable amount of time. We have experienced, and may in the future experience, disruptions, outages, and other performance problems due to a variety of factors, including infrastructure changes, introductions of new functionality, human or software errors, capacity constraints due to an overwhelming number of users accessing our products and platform capabilities simultaneously, denial of service attacks, or other security-related incidents. For example, in March 2023, our platform experienced widespread outages across multiple products and regions, which was substantially resolved in approximately a day.It may become increasingly difficult to maintain and improve our performance, especially during peak usage times and as our products and platform capabilities become more complex and our user traffic increases. If our products and platform capabilities are unavailable or if our users are unable to access our products and platform capabilities within a reasonable amount of time or at all, we may experience a loss of customers, lost or delayed market acceptance of our platform and products, delays in payment to us by customers, injury to our reputation and brand, legal claims against us, and the diversion of our resources. In addition, to the extent that we do not effectively address capacity constraints, upgrade our systems as needed and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology, our business, financial condition and results of operations may be adversely affected.18We may not be able to successfully manage our growth, and if we are not able to grow efficiently, our business, financial condition and results of operations could be harmed.As usage of our platform capabilities grow, we will need to devote additional resources to improving and maintaining our infrastructure and integrating with third-party applications. In addition, we will need to appropriately scale our internal business systems and our services organization, including customer support and professional services, to serve our growing customer base. Any failure of or delay in these efforts could result in impaired system performance and reduced customer satisfaction, resulting in decreased sales to new customers, lower dollar-based net retention rates or, the issuance of service credits or requested refunds, which would hurt our revenue growth and our reputation. Further, any failure in optimizing our spend on third-party cloud services as we scale could negatively impact our gross margins. Even if we are successful in our expansion efforts, they will be expensive and complex, and require the dedication of significant management time and attention. We could also face inefficiencies or service disruptions as a result of our efforts to scale our internal infrastructure. We cannot be sure that the expansion of and improvements to our internal infrastructure will be effectively implemented on a timely basis, if at all, and such failures could harm our business, financial condition and results of operations.We rely upon third-party providers of cloud-based infrastructure to host our products. Any disruption in the operations of these third-party providers, limitations on capacity or interference with our use could adversely affect our business, financial condition and results of operations.We outsource substantially all of the infrastructure relating to our cloud solution to third-party hosting services. Customers of our cloud-based products need to be able to access our platform at any time, without interruption or degradation of performance, and we provide them with service-level commitments with respect to uptime. Our cloud-based products depend on protecting the virtual cloud infrastructure hosted by third-party hosting services by maintaining its configuration, architecture, features and interconnection specifications, as well as the information stored in these virtual data centers, which is transmitted by third-party internet service providers. Any limitation on the capacity of our third-party hosting services could impede our ability to onboard new customers or expand the usage of our existing customers, which could adversely affect our business, financial condition and results of operations. In addition, any incident affecting our third-party hosting services’ infrastructure that may be caused by cyber-attacks, natural disasters, fire, flood, severe storm, earthquake, power loss, telecommunications failures, outbreaks of contagious diseases, terrorist or other attacks, and other similar events beyond our control could negatively affect our cloud-based products. A prolonged service disruption affecting our cloud-based solution for any of the foregoing reasons would negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the third-party hosting services we use.In the event that our service agreements with our third-party hosting services are terminated, or there is a lapse of service, elimination of services or features that we utilize, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our cloud solution for deployment on a different cloud infrastructure service provider, which could adversely affect our business, financial condition and results of operations.We offer free trials and a free tier of our platform to drive developer awareness of our products, and encourage usage and adoption. If these marketing strategies fail to lead to customers purchasing paid subscriptions, our ability to grow our revenue will be adversely affected.To encourage awareness, usage, familiarity and adoption of our platform and products, we offer free trials and a free tier of our platform. These strategies may not be successful in leading customers to purchase our products, as users of our free tier may not lead to them or others within their organization purchasing and deploying our platform. These strategies may not be successful in leading customers to purchase our products. To the extent that users do not become, or we are unable to successfully attract paying customers, we will not realize the intended benefits of these marketing strategies and our ability to grow our revenue will be adversely affected.We expect fluctuations in our financial results, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors with respect to our results of operations, our stock price could decline.Our results of operations have fluctuated in the past and are expected to fluctuate in the future due to a variety of factors, many of which are outside of our control. As a result, our past results may not be indicative of our future performance. In addition to the other risks described herein, factors that may affect our results of operations include the following:•fluctuations in demand for or pricing of our platform and products;19•fluctuations in usage of our platform and products;•our ability to attract new customers;•our ability to retain our existing customers;•customer expansion rates and the pricing and quantity of subscriptions renewed;•the pricing of subscriptions from customers in our cloud-provider marketplaces;•timing and amount of our investments to expand the capacity of our third-party cloud infrastructure providers;•seasonality driven by industry conferences;•the investment in new products and features relative to investments in our existing infrastructure and products;•the timing of our customer purchases;•fluctuations or delays in purchasing decisions in anticipation of new products or enhancements by us or our competitors;•changes in customers’ budgets and in the timing of their budget cycles and purchasing decisions;•our ability to control costs, including our operating expenses;•the amount and timing of payment for operating expenses, particularly research and development and sales and marketing expenses, including commissions;•the amount and timing of non-cash expenses, including stock-based compensation, goodwill impairments and other non-cash charges;•the amount and timing of costs associated with recruiting, training and integrating new employees and retaining and motivating existing employees;•the effects of acquisitions and their integration;•general economic conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers participate, including those impacted by the COVID-19 pandemic, war in Ukraine and conflict in the Middle East;•the effect of other economic factors, including inflation, pricing and currency fluctuations;•the impact of new accounting pronouncements;•changes in regulatory or legal environments that may cause us to incur, among other elements, expenses associated with compliance;•changes in the competitive dynamics of our market, including consolidation among competitors or customers; and•significant security breaches of, technical difficulties with, or interruptions to, the delivery and use of our products and platform capabilities.The global economy, including credit and financial markets, has experienced extreme volatility and disruptions, including severely diminished liquidity and credit availability, declines in consumer confidence, declines in economic growth, increases in unemployment rates, increases in inflation rates, higher interest rates and uncertainty about economic stability. For example, the COVID-19 pandemic resulted in widespread unemployment, economic slowdown and extreme volatility in the capital markets. The ongoing military conflict between Russia and Ukraine has also created extreme volatility in the global capital markets and is expected to have further global economic consequences. Any such volatility and disruptions may have adverse consequences on us or the third parties on whom we rely. If the equity and credit markets deteriorate, or do not improve, including as a result of political unrest or war, it may make any necessary debt or equity financing more difficult to obtain in a timely manner or on favorable terms, more costly or more dilutive. Increased inflation rates can adversely affect us by increasing our costs, including personnel costs.Any of these and other factors, or the cumulative effect of some of these factors, may cause our results of operations to vary significantly. If our quarterly results of operations fall below the expectations of investors and securities 20analysts who follow our stock, the price of our Class A common stock could decline substantially, and we could face costly lawsuits, including securities class action suits.Seasonality may cause fluctuations in our sales and results of operations.Historically, we have experienced seasonality in new customer bookings, as we typically enter into a higher percentage of subscription agreements with new customers and renewals with existing customers in the fourth quarter of the year.Historically, we have experienced seasonality in new customer bookings, as we typically we enter into a higher percentage of subscription agreements with new customers and renewals with existing customers in the fourth quarter of the year. We believe that this results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers. We expect that this seasonality will continue to affect our bookings and our results of operations in the future, and might become more pronounced as we continue to target larger enterprise customers.Downturns or upturns in our sales may not be immediately reflected in our financial position and results of operations.Because we recognize a large portion of our revenue ratably over the term of the subscription agreement, any decreases in new subscriptions or renewals in any one period may not be immediately reflected as a decrease in revenue for that period, but could negatively affect our revenue in future quarters. This also makes it difficult for us to rapidly increase our revenue through the sale of additional subscriptions in any period, as revenue is recognized over the term of the subscription agreement. In addition, fluctuations in monthly subscriptions based on usage could affect our revenue on a period-over-period basis. If our quarterly results of operations fall below the expectations of investors and securities analysts who follow our stock, the price of our Class A common stock would decline substantially, and we could face costly lawsuits, including securities class actions.We target enterprise customers, and sales to these customers involve risks that may not be present or that are present to a lesser extent with sales to smaller entities.We have a field sales team that targets enterprise customers. Sales to large customers involve risks that may not be present or that are present to a lesser extent with sales to smaller entities, such as longer sales cycles, more complex customer requirements, substantial upfront sales costs, and less predictability in completing some of our sales. For example, enterprise customers may require considerable time to evaluate and test our solutions and those of our competitors prior to making a purchase decision and placing an order. A number of factors influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our solutions, the discretionary nature of purchasing and budget cycles, and the competitive nature of evaluation and purchasing approval processes. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, may vary significantly from customer to customer, with sales to large enterprises typically taking longer to complete. Moreover, large enterprise customers often begin to deploy our products on a limited basis, but nevertheless demand configuration, integration services and pricing negotiations, which increase our upfront investment in the sales effort with no guarantee that these customers will deploy our products widely enough across their organization to justify our substantial upfront investment.If we fail to retain and motivate members of our management team or other key employees, or fail to attract additional qualified personnel to support our operations, our business and future growth prospects would be harmed.Our success and future growth depend largely upon the continued services of our executive officers, particularly Olivier Pomel, our co-founder and Chief Executive Officer, Alexis Lê-Quôc, our co-founder and Chief Technology Officer, and David Obstler, our Chief Financial Officer, as well as our other key employees in the areas of research and development and sales and marketing functions.Our success and future growth depend largely upon the continued services of our executive officers, particularly Olivier Pomel, our co-founder and Chief Executive Officer, Alexis Lê-Quôc, our co-founder, President and Chief Technology Officer, and David Obstler, our Chief Financial Officer, as well as our other key employees in the areas of research and development and sales and marketing functions. From time to time, there may be changes in our executive management team or other key employees resulting from the hiring or departure of these personnel. Our executive officers and other key employees are employed on an at-will basis, which means that these personnel could terminate their employment with us at any time. The loss of one or more of our executive officers, or the failure by our executive team to effectively work with our employees and lead our company, could harm our business. We also are dependent on the continued service of our existing software engineers because of the complexity of our products and platform capabilities.In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially for engineers experienced in designing and developing SaaS applications and experienced sales professionals. If we are unable to attract such personnel in cities where we are located, we may need to hire in other locations which may add to the complexity and costs of our business operations. We have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached their legal obligations, resulting in a diversion of our time and resources. In addition, prospective and existing employees often consider 21the value of the equity awards they receive in connection with their employment. If the value or perceived value of our equity awards declines, experiences significant volatility, or increases such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to recruit and retain key employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects would be harmed.If we fail to maintain and enhance our brand, our ability to expand our customer base will be impaired and our business, financial condition and results of operations may suffer.We believe that maintaining and enhancing the Datadog brand is important to support the marketing and sale of our existing and future products to new customers and expand sales of our platform and products to existing customers. We also believe that the importance of brand recognition will increase as competition in our market increases. Successfully maintaining and enhancing our brand will depend largely on the effectiveness of our marketing efforts, our ability to provide reliable products that continue to meet the needs of our customers at competitive prices, our ability to maintain our customers’ trust, our ability to continue to develop new functionality and use cases, and our ability to successfully differentiate our products and platform capabilities from competitive products. Our brand promotion activities may not generate customer awareness or yield increased revenue, and even if they do, any increased revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand, our business, financial condition and results of operations may suffer.If we cannot maintain our company culture as we grow, our success and our business and competitive position may be harmed.We believe our culture has been a key contributor to our success to date and that the critical nature of the platform that we provide promotes a sense of greater purpose and fulfillment in our employees. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel, which is critical to our growth, and to effectively focus on and pursue our corporate objectives. As we continue to grow and expand globally, we may find it difficult to maintain these important aspects of our culture particularly given remote or hybrid work arrangements, which increased as a result of the COVID-19 pandemic. As we continue to grow and expand globally, we may find it difficult to maintain these important aspects of our culture particularly given the COVID-19 pandemic and remote work arrangements. If we fail to maintain our company culture, our business and competitive position may be harmed.If we fail to offer high-quality support, our reputation could suffer.Our customers rely on our customer support personnel to resolve issues and realize the full benefits that our platform provides. High-quality support is also important for the renewal and expansion of our subscriptions with existing customers. The importance of our support function will increase as we expand our business and pursue new customers. If we do not help our customers quickly resolve issues and provide effective ongoing support, our ability to maintain and expand our subscriptions to existing and new customers could suffer, and our reputation with existing or potential customers could suffer.Acquisitions, strategic investments, partnerships, or alliances could be difficult to identify, pose integration challenges, divert the attention of management, disrupt our business, dilute stockholder value, and adversely affect our business, financial condition and results of operations.We have in the past and may in the future seek to acquire or invest in businesses, joint ventures, products and platform capabilities, or technologies that we believe could complement or expand our services and platform capabilities, enhance our technical capabilities, or otherwise offer growth opportunities. Any such acquisition or investment may divert the attention of management and cause us to incur various expenses in identifying, investigating and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products and platform capabilities, personnel internal controls or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management or otherwise. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products and platform capabilities, personnel, internal controls or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management or otherwise. These transactions may also disrupt our business, divert our resources, and require significant management attention that would otherwise be available for development of our existing business. Any such transactions that we are able to complete may not result in any synergies or other benefits we had expected to achieve, which could result in impairment charges that could be substantial. In addition, we may not be able to find and identify desirable acquisition targets or business opportunities or be successful in entering into an agreement with any particular strategic partner. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. In addition, if the resulting business from such a transaction fails to meet our expectations, our business, financial condition and results of operations may be adversely affected or we may be exposed to unknown risks or liabilities.Industry and Competitive Risks22If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, changing regulations, or to changing customer needs, requirements or preferences, our platform and products may become less competitive.Our ability to attract new users and customers and increase revenue from existing customers depends in large part on our ability to enhance and improve our existing products, increase adoption and usage of our products, and introduce new products and capabilities. The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards, and changing regulations, as well as changing customer needs, requirements and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis. For example, some of our products use artificial intelligence, or AI, and machine learning, and we are making investments in expanding our artificial intelligence capabilities, which will require significant investment in infrastructure and personnel. However, AI technologies are complex and rapidly evolving in a changing competitive market and market acceptance of AI technologies remains uncertain, see “Industry and Competitive Risks—We use artificial intelligence in our products and services which may result in operational challenges, legal liability, reputational harm, competitive risks and regulatory concerns that could adversely affect our business and results of operations.” below. If we were unable to enhance our products and platform capabilities to keep pace with rapid technological and regulatory change, or if new technologies emerge that are able to deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our products, our business, financial condition and results of operations could be adversely affected. If we were unable to enhance our products and platform capabilities that keep pace with rapid technological and regulatory change, or if new technologies emerge that are able to deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our products, our business, financial condition and results of operations could be adversely affected. The success of our platform depends, in part, on its ability to be deployed in a self-service installation process. We currently offer more than 700 out-of-the-box integrations to assist customers in deploying Datadog, and we need to continuously modify and enhance our products to adapt to changes and innovation in existing and new technologies to maintain and grow our integrations. We expect that the number of integrations we will need to support will continue to expand as developers adopt new software platforms, and we will have to develop new versions of our products to work with those new platforms. This development effort may require significant engineering, sales and marketing resources, all of which would adversely affect our business. Any failure of our products to operate effectively with future infrastructure platforms and technologies could reduce the demand for our products. If we are unable to respond to these changes in a cost-effective manner, our products may become less marketable and less competitive or obsolete, and our business, financial condition and results of operations could be adversely affected.The markets in which we participate are competitive, and if we do not compete effectively, our business, financial condition and results of operations could be harmed.Our unified platform combines functionality from numerous traditional product categories, and hence we compete in each of these categories with home-grown and open-source technologies, as well as a number of different vendors. With respect to on-premise infrastructure monitoring, we compete with diversified technology companies and systems management vendors including IBM, Microsoft Corporation, and SolarWinds Corporation. With respect to APM, we compete with companies including Cisco Systems, Inc., New Relic, Inc. and Dynatrace Software Inc. With respect to log management, we compete with companies including Splunk Inc. and Elastic N.V. With respect to cloud monitoring, we compete with native solutions from cloud providers such as AWS, GCP and Microsoft Azure. In addition, we may increasingly choose to allow these third-party hosting providers to offer our solutions directly through their customer marketplaces. An increasing number of sales through cloud provider marketplaces could reduce both the number of customers with whom we have direct commercial relationships as well as our profit margins on sales made through such marketplaces.With the introduction of new technologies and market entrants, we expect that the competitive environment will remain intense going forward. Some of our actual and potential competitors have been acquired by other larger enterprises and have made or may make acquisitions or may enter into partnerships or other strategic relationships that may provide more comprehensive offerings than they individually had offered or achieve greater economies of scale than us. In addition, new entrants not currently considered to be competitors may enter the market through acquisitions, partnerships or strategic relationships. As we look to market and sell our products and platform capabilities to potential customers with existing internal solutions, we must convince their internal stakeholders that our products and platform capabilities are superior to their current solutions.We compete on the basis of a number of factors, including:•ability to provide unified, real-time observability of IT environments;•ability to operate in dynamic and elastic environments;•extensibility across the enterprise, including development, operations and business users;23•propensity to enable collaboration between development, operations and business users;•ability to monitor any combination of public clouds, private clouds, on-premise and multi-cloud hybrids;•ability to provide advanced analytics and machine learning;•ease of deployment, implementation and use;•ability to operate across a broad range of geographies in compliance with local regulations; •breadth of offering and key technology integrations;•performance, security, scalability and reliability;•quality of service and customer satisfaction;•total cost of ownership; and•brand recognition and reputation.We compete on the basis of a number of factors, including:•ability to provide unified, real-time observability of IT environments;•ability to operate in dynamic and elastic environments;•extensibility across the enterprise, including development, operations and business users;•propensity to enable collaboration between development, operations and business users;•ability to monitor any combination of public clouds, private clouds, on-premise and multi-cloud hybrids;•ability to provide advanced analytics and machine learning;•ease of deployment, implementation and use;•breadth of offering and key technology integrations;•performance, security, scalability and reliability;•quality of service and customer satisfaction;23•total cost of ownership; and•brand recognition and reputation. Our competitors vary in size and in the breadth and scope of the products offered. Many of our competitors and potential competitors have greater name recognition, longer operating histories, more established customer relationships and installed customer bases, larger marketing budgets and greater resources than we do. Further, other potential competitors not currently offering competitive solutions may expand their product or service offerings to compete with our products and platform capabilities, or our current and potential competitors may establish cooperative relationships among themselves or with third parties that may further enhance their resources and product offerings in our addressable market. Our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, and customer requirements. An existing competitor or new entrant could introduce new technology that reduces demand for our products and platform capabilities. In addition to product and technology competition, we face pricing competition. Some of our competitors offer their solutions at a lower price, which has resulted in, and may continue to result in, pricing pressures.For all of these reasons, we may not be able to compete successfully against our current or future competitors, and this competition could result in the failure of our platform to continue to achieve or maintain market acceptance, any of which would harm our business, results of operations, and financial condition.The market for our solutions may develop more slowly or differently than we expect.It is difficult to predict customer adoption rates and demand for our products, the entry of competitive products or the future growth rate and size of the cloud-based software and SaaS business software markets. The expansion of these markets depends on a number of factors, including: the cost, performance, and perceived value associated with cloud-based and SaaS business software as an alternative to legacy systems, as well as the ability of cloud-based software and SaaS providers to address heightened data security and privacy concerns. If we have a security incident or other cloud-based software and SaaS providers experience security incidents, loss of customer data, disruptions in delivery or other similar problems, which is an increasing focus of the public and investors in recent years, the market for these applications as a whole, including our platform and products, may be negatively affected. If cloud-based and SaaS business software does not continue to achieve market acceptance, or there is a reduction in demand caused by a lack of customer acceptance, technological challenges, weakening economic conditions, data security or privacy concerns, governmental regulation, competing technologies and products, or decreases in information technology spending or otherwise, the market for our platform and products might not continue to develop or might develop more slowly than we expect, which would adversely affect our business, financial condition and results of operations.We use artificial intelligence in our products and services which may result in operational challenges, legal liability, reputational harm, competitive risks and regulatory concerns that could adversely affect our business and results of operations.We incorporate AI, including generative AI, into our products. These technologies are complex and rapidly evolving and building them requires significant investment in infrastructure and personnel with no assurance that we will realize the desired or anticipated benefits. Our competitors may more successfully incorporate AI into their products and achieve higher market acceptance of their AI solutions, which could impair our ability to compete effectively and adversely affect our results of operations. We may also encounter new risks, challenges, and unintended consequences as a result of our use of AI. For example, the issue of intellectual property ownership and license rights surrounding AI technologies has not been fully 24addressed by U.S. courts or federal or state laws and regulations, and the incorporation of AI technologies into our products and services could expose us to intellectual property claims or mandatory compliance with open source software or other license terms. Our use of AI may also lead to novel cybersecurity or privacy risks which may adversely affect our operations and reputation. Various governments have proposed policy and regulatory responses to oversee the use of AI, including the EU’s Artificial Intelligence Act, which would apply beyond the European Union’s borders. Compliance with regulations as well as social and ethical standards relating to AI may require significant research and development costs as well as management and employee attention. Any actual or perceived failure to comply with these laws, regulations or ethical standards could include severe penalties, reputational harm, and slow adoption of AI in our products and services. In addition, our business may be disrupted if any of the third-party AI services we use become unavailable due to extended outages or commercially unreasonable terms of service.Legal and Regulatory RisksWe typically provide service-level commitments under our subscription agreements. Legal and Regulatory RisksWe typically provide service-level commitments under our subscription agreements. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service or face subscription termination with refunds of prepaid amounts, which would lower our revenue and harm our business, financial condition and results of operations.Our subscription agreements typically contain service-level commitments. If we are unable to meet the stated service-level commitments, including failure to meet the uptime and response time requirements under our customer subscription agreements, we may be contractually obligated to provide these customers with service credits which could significantly affect our revenue in the periods in which the failure occurs and the credits are applied. We could also face subscription terminations and a reduction in renewals, which could significantly affect both our current and future revenue. Any service-level failures could also damage our reputation, which could also adversely affect our business, financial condition and results of operations.Indemnity provisions in various agreements to which we are party potentially expose us to substantial liability for infringement, misappropriation or other violation of intellectual property rights, data protection and other losses.Our agreements with our customers and other third parties may include indemnification provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of infringement, misappropriation or other violation of intellectual property rights, data protection, damages caused by us to property or persons, or other liabilities relating to or arising from our software, services, platform, our acts or omissions under such agreements or other contractual obligations. Some of these indemnity agreements provide for uncapped liability and some indemnity provisions survive termination or expiration of the applicable agreement. Large indemnity payments could harm our business, financial condition and results of operations. Although we attempt to contractually limit our liability with respect to such indemnity obligations, we are not always successful and may still incur substantial liability related to them, and we may be required to cease use of certain functions of our platform or products as a result of any such claims. Any dispute with a customer or other third party with respect to such obligations could have adverse effects on our relationship with such customer or other third party and other existing or prospective customers, reduce demand for our products and services and adversely affect our business, financial conditions and results of operations. In addition, although we carry general liability insurance, our insurance may not be adequate to indemnify us for all liability that may be imposed or otherwise protect us from liabilities or damages with respect to claims alleging compromises of customer data, and any such coverage may not continue to be available to us on acceptable terms or at all.We and our third-party service providers are subject to stringent and changing laws, regulations, standards, and contractual obligations related to data privacy and security.We and our third-party service providers are subject to stringent and changing laws, regulations and standards, and contractual obligations related to data privacy and security. Actual or perceived failure by us or our third-party service providers to comply with such laws, regulations, standards, or contractual obligations could harm our business.We have legal, contractual and other applicable obligations regarding the protection and appropriate use of personal information, confidential information, and other proprietary information that we, our third-party service providers or other partners process. We are subject to a variety of federal, state, local and foreign laws, directives, regulations, and industry standards, relating to the collection, use, retention, security, disclosure, transfer and other processing of personal information. We are subject to a variety of federal, state, local and international laws, directives, regulations, and industry standards, relating to the collection, use, retention, security, disclosure, transfer and other processing of personal information. The regulatory framework for and users' expectations around privacy and security issues worldwide is rapidly evolving and as a result, implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future resulting in possible significant operational costs for compliance and risk to our business. In addition, new technologies we use in our products or in our business, like AI and machine learning, may also subject us to new or enhanced governmental or regulatory scrutiny, litigation, ethical concerns, or other complications that could adversely affect our business, reputation, or financial results. 25Internationally, nearly every jurisdiction in which we operate has established its own data security and privacy legal framework with which we, our third-party service providers, or our customers must comply.Internationally, nearly every jurisdiction in which we operate has established its own data security and privacy legal framework with which we, our third-party service providers, or our customers must comply. For example, the European Union's General Data Protection Regulation, or EU GDPR, contains numerous requirements and changes from previously existing law, including more robust obligations on data processors and heavier documentation requirements for data protection compliance programs by companies and data protection authorities. Under the EU GDPR, companies may face temporary or definitive bans on data processing and other corrective actions, significant monetary fines, and private litigation related to processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests.In addition, Europe and other jurisdictions have enacted data localization laws and cross-border personal data transfer laws. In addition, certain jurisdictions have enacted data localization laws and cross-border personal data transfer laws. For example, the European Economic Area (EEA) and the United Kingdom have significantly restricted the transfer of personal data to the United States and other countries whose privacy laws it generally believes are inadequate. Although there are currently various mechanisms that may be used to transfer personal data from the EEA and United Kingdom to the United States in compliance with law, such as the EEA standard contractual clauses, the United Kingdom’s International Data Transfer Agreement/Addendum, and the EU-U.S. Data Privacy Framework and the United Kingdom extension thereto (which allows for transfers for relevant U.S.-based organizations who self-certify compliance and participate in the Framework), these mechanisms are subject to legal challenges, and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the United States.Additionally, other countries outside of Europe have enacted or are considering enacting similar cross-border data transfer restrictions and laws requiring local data residency, and strict limitations to the processing of personal information, which could increase the cost and complexity of delivering our services and operating our business. For example, Brazil enacted the General Data Protection Law, New Zealand enacted the New Zealand Privacy Act, China enacted its Personal Information Protection Law, and Canada introduced the Digital Charter Implementation Act.If we are unable to implement a valid compliance mechanism for cross-border personal information transfers, we may face increased exposure to regulatory actions, substantial fines and injunctions against processing or transferring personal information from Europe or elsewhere. Inability to import personal information from other jurisdictions to the United States may significantly and negatively impact our business operations, including by lowering sales on our platform due to the difficulty of establishing a lawful mechanism for personal information transfers out of Europe or other jurisdictions, or requiring us to increase our data processing capabilities in Europe or elsewhere at significant expense. Some European regulators have ordered certain companies to suspend or permanently cease certain transfers out of Europe for allegedly violating the GDPR’s cross-border data transfer limitations.Additionally, European legislative proposals and present laws and regulations apply to cookies and similar tracking technologies, electronic communications, and marketing. In the EU and the United Kingdom, regulators are increasingly focusing on compliance with requirements related to the online behavioral advertising ecosystem and requirements around consent. It is anticipated that the ePrivacy Regulation will replace the current national laws that implement the ePrivacy Directive that governs electronic communications. Outside of Europe, other laws and regulations, including legislative proposals, individual behavior and industry practices are increasingly resistant to the use of personal information to deliver targeted advertising, making certain online advertising activities more difficult and subject to additional scrutiny. Outside of Europe, other laws and regulations, including legislative proposals, individual behavior and industry practices are increasingly resistant to the use of personal data to deliver targeted advertising, making certain online advertising activities more difficult and subject to additional scrutiny. For example, the California Consumer Privacy Act, or CCPA, grants California residents the right to opt-out of a company’s sharing of personal information for cross-context behavioral advertising purposes. For example, the CCPA grants California residents the right to opt-out of a company’s sharing of personal data for advertising purposes in exchange for money or other valuable consideration. Other comprehensive U.S. state privacy laws extend similar rights to residents. As a result of these developments, we may be required to change the way we market our products, which would impair our ability to reach new or existing customers.Complying with these and other applicable laws may cause us to incur substantial operational costs or require us to change our business practices. Despite our efforts to bring practices into compliance with all applicable laws, we may not be successful in our efforts to achieve compliance either due to internal or external factors such as resource allocation limitations or a lack of vendor cooperation. Non-compliance could result in proceedings against us by governmental entities, customers, data subjects or others. We may also experience difficulty retaining or obtaining new European or multi-national customers due to the legal requirements, compliance cost, potential risk exposure, and uncertainty for these entities, and we may experience significantly increased liability with respect to these customers pursuant to the terms set forth in our engagements with them. While we utilize a data center in the EEA to maintain certain customer data (which may include personal information) originating from the EEA, we may find it necessary to establish additional systems and processes to maintain such data in the EEA, which may involve substantial expense and distraction from other aspects of our business. While we utilize a data center in the EEA to maintain certain customer data (which may include personal data) originating from the EEA, we may find it necessary to establish additional systems and processes to maintain such data in the EEA, which may involve substantial expense and distraction from other aspects of our business. Domestic laws in this area are also complex and developing rapidly, and we are, or may become, subject to numerous U.S. data privacy and security laws. In the United States, laws governing data privacy and security include those promulgated under the authority of the Federal Trade Commission Act, the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, the CCPA, HIPAA, and numerous other state and federal laws relating to privacy and data security. In the United States, laws governing data privacy and security include those promulgated under the authority of the Federal Trade Commission Act, the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, the California Consumer Privacy Act, or CCPA, HIPAA, and other state and federal laws relating to privacy and data security. Many state legislatures have adopted legislation that regulates how businesses operate online, including measures 26relating to privacy, data security and data breaches. Laws in all 50 states require businesses to provide notice to customers whose personal information has been disclosed as a result of a data breach. The laws are not consistent, and compliance in the event of a widespread data breach is costly. States are also constantly amending existing laws, requiring attention to frequently changing legal requirements.The CCPA, which became effective on January 1, 2020, gives California residents (including consumers, employees, job applicants and business representatives) expanded rights to access and delete their personal information, opt out of the sale of personal information, and receive detailed information about how their personal information is used.The CCPA, which became effective on January 1, 2020, gives California residents expanded rights to access and delete their personal information, opt out of the sale of personal information, and receive detailed information about how their personal information is used. The CCPA provides a private right of action and statutory damages for data breaches and may increase our compliance costs and potential liability with respect to other personal information we collect about California residents. In addition, the amendments to the CCPA made by the California Privacy Rights Act, or the CPRA, went into effect on January 1, 2023. The CPRA amends the CCPA to give California residents the ability to limit the use of their sensitive information, provide additional penalties for CPRA violations concerning California residents under the age of 16, and establish a new California Privacy Protection Agency to implement and enforce the law. These changes to the CCPA could impact our business activities depending on how they are interpreted. These laws exemplify the vulnerability of our business to the evolving regulatory environment related to the protection of personal information. Other states have enacted or proposed comprehensive privacy laws as well. For example, privacy laws in Colorado, Connecticut, Utah and Virginia have recently gone into effect and similar laws in other states, such as Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, and Texas have been enacted and are expected to go into effect over the next several years.Because the interpretation and application of many privacy and data protection laws and regulations, along with contractually imposed industry standards are uncertain, it is possible that they may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our products and platform capabilities. If so, in addition to the possibility of fines, lawsuits, mass arbitration demands, regulatory investigations and imprisonment of company officials, other claims and penalties, significant costs for remediation and damage to our reputation, we could be required to fundamentally change our business activities and practices or modify our products and platform capabilities, any of which could have an adverse effect on our business. If so, in addition to the possibility of fines, lawsuits, regulatory investigations and imprisonment of company officials, other claims and penalties, significant costs for remediation and damage to our reputation, we could be required to fundamentally change our business activities and practices or modify our products and platform capabilities, any of which could have an adverse effect on our business. In particular, plaintiffs have become increasingly more active in bringing privacy-related claims against companies, including class claims and mass arbitration demands. Some of these claims allow for the recovery of statutory damages on a per violation basis, and, if viable, carry the potential for monumental statutory damages, depending on the volume of data and the number of violations. Any inability to adequately address privacy and security concerns, even if unfounded, or comply with applicable privacy and data security laws, regulations, or contractual obligations, could result in additional cost and liability to us, damage our reputation, inhibit sales, and adversely affect our business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and contractual obligations that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our products. Privacy and data security concerns, whether valid or not valid, may inhibit market adoption of our products, particularly in certain industries and foreign countries. If we are not able to adjust to these changing laws, regulations, and contractual obligations, our business may be harmed.We publicly post our policies and other documentation regarding our practices concerning the collection, processing, use, transfer, and disclosure of data. Although we endeavor to comply with our published policies and documentation, we may at times fail to do so or be alleged to have failed to do so. The publication of our policies and other documentation that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be deceptive, unfair, or misrepresentative of our actual practices. Any failure by us, our third-party service providers or other parties with whom we do business to comply with our policies or other documentation could result in proceedings against us by governmental entities, private parties or others. We are or may also be subject to the terms of our external and internal privacy and security policies, codes, representations, certifications, industry standards, publications and frameworks and contractual obligations to third parties related to privacy, information security, including contractual obligations to indemnify and hold harmless third parties from the costs or consequences of non-compliance with data protection laws or other obligations.We are subject to anti-corruption, anti-bribery, anti-money laundering, and similar laws, and non-compliance with such laws can subject us to criminal or civil liability and harm our business, financial condition and results of operations.We are subject to the U.S. Foreign Corrupt Practices Act, or FCPA, U.S. domestic bribery laws, the UK Bribery Act, and other anti-corruption and anti-money laundering laws in the countries in which we conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. As we increase our international sales and business and sales to the public sector, we may engage with business partners and third-party intermediaries to market our products and 27to obtain necessary permits, licenses, and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners and agents, even if we do not explicitly authorize such activities.While we have policies and procedures to address compliance with such laws, we cannot assure you that all of our employees and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.Detecting, investigating, and resolving actual or alleged violations of anti-corruption laws can require a significant diversion of time, resources, and attention from senior management. In addition, noncompliance with anti-corruption, anti-bribery, or anti-money laundering laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, enforcement actions, fines, damages, other civil or criminal penalties or injunctions, suspension or debarment from contracting with certain persons, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, financial condition and results of operations could be harmed. In addition, responding to any action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees.Sales to government entities and highly regulated organizations are subject to a number of challenges and risks.We may sell to U.S. federal, state, and local, as well as foreign, governmental agency customers, as well as to customers in highly regulated industries such as financial services, telecommunications and healthcare. Sales to such entities are subject to a number of challenges and risks. Selling to such entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Government contracting requirements may change which may restrict our ability to sell into the government sector until we are able to comply with the revised contracting requirements. Government contracting requirements may change and in doing so restrict our ability to sell into the government sector until we have attained the revised certification. Government demand and payment for our products are affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products.Further, governmental and highly regulated entities may demand contract terms that differ from our standard arrangements and are less favorable than terms agreed with private sector customers. Such entities may have statutory, contractual, or other legal rights to terminate contracts with us or our partners for convenience or for other reasons. Any such termination may adversely affect our ability to contract with other government customers as well as our reputation, business, financial condition and results of operations.We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate the controls.Our platform and products are subject to U.S. export controls, including the Export Administration Regulations, and we incorporate encryption technology into certain of our products. These encryption products and the underlying technology may be exported outside of the United States only with the required export authorizations, including by license, a license exception, or other appropriate government authorizations, including the filing of an encryption classification request or self-classification report.Furthermore, our activities are subject to U.S. economic sanctions laws and regulations administered by the Office of Foreign Assets Control that prohibit the shipment of most products and services to embargoed jurisdictions or sanctioned parties without the required export authorizations. Obtaining the necessary export license or other authorization for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities. Violations of U.S. sanctions or export control regulations can result in significant fines or penalties and possible incarceration for responsible employees and managers.If our channel partners fail to obtain appropriate import, export, or re-export licenses or permits, we may also be adversely affected through reputational harm, as well as other negative consequences, including government investigations and penalties.Also, various countries, in addition to the United States, regulate the import and export of certain encryption and other technology, including import and export licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our end-customers’ ability to implement our products in those countries. Changes in our 28products or future changes in export and import regulations may create delays in the introduction of our platform in international markets, prevent our end-customers with international operations from deploying our platform globally or, in some cases, prevent the export or import of our products to certain countries, governments, or persons altogether. From time to time, various governmental agencies have proposed additional regulation of encryption technology. Any change in export or import regulations, economic sanctions or related legislation, increased export and import controls, or change in the countries, governments, persons, or technologies targeted by such regulations, could result in decreased use of our platform by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our platform or limitation on our ability to export or sell our products would adversely affect our business, results of operations, and growth prospects.Any future litigation against us could be costly and time-consuming to defend.We are and in the future may become subject to legal proceedings and claims that arise in the ordinary course of business, such as claims brought by our customers in connection with commercial disputes or employment claims made by our current or former employees. Litigation might result in substantial costs and may divert management’s attention and resources, which might seriously harm our business, financial condition and results of operations. Insurance might not cover such claims, might not provide sufficient payments to cover all the costs to resolve one or more such claims, and might not continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, potentially harming our business, financial position and results of operations.We are subject to risks related to our environmental, social, and governance practices and disclosures.There is an increasing focus from regulators, certain investors and other stakeholders concerning environmental, social, and governance, or ESG, matters, both in the United States and internationally. In response, we are in the process of evaluating and developing our ESG practices. Any of our current or future ESG practices and initiatives, if any, could be difficult to achieve and costly to implement. Furthermore, if these practices are not perceived to be adequate, or if the initiatives and positions we take (or choose not to take) on ESG issues are unpopular with some of our employees, customers or potential customers, our reputation could be harmed, which could negatively impact our ability to attract or retain employees or customers.Standards for tracking and reporting ESG matters continue to evolve. Our interpretation or application of frameworks and standards may change from time to time or differ from those of others. This may result in a lack of consistent or meaningful comparative data from period to period or between us and other companies in the same industry. In addition, our processes and controls may not comply with evolving standards for identifying, measuring and reporting ESG metrics, including ESG-related disclosures that may be required by various regulators, and such standards may change over time, which could result in significant revisions to our ESG metrics. The costs of changing any of our current practices to comply with any new legal and regulatory requirements in the United States and elsewhere may be substantial.We could be required to collect additional sales taxes or be subject to other tax liabilities that may increase the costs our clients would have to pay for our products and adversely affect our results of operations.An increasing number of states have considered or adopted laws that attempt to impose tax collection obligations on out-of-state companies. Additionally, the Supreme Court of the United States ruled in South Dakota v. Wayfair, Inc. et al, or Wayfair, that online sellers can be required to collect sales and use tax despite not having a physical presence in the buyer’s state. In response to Wayfair, or otherwise, states or local governments may adopt, or begin to enforce, laws requiring us to calculate, collect, and remit taxes on sales in their jurisdictions. A successful assertion by one or more states requiring us to collect taxes where we presently do not do so, or to collect more taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest. The imposition by state governments or local governments of sales tax collection obligations on out-of-state sellers could also create additional administrative burdens for us, put us at a competitive disadvantage if they do not impose similar obligations on our competitors, and decrease our future sales, which could have a material adverse effect on our business and results of operations.Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.As of December 31, 2023, we had NOL carryforwards for federal and state income tax purposes of approximately $148.9 million and $206.7 million and $24. 4 million, respectively, which may be available to offset taxable income in the future, and which expire in 2026 for state purposes if not utilized. Unused U.S. federal NOLs for taxable years beginning before January 1, 2018, may be carried forward to offset future taxable income, if any, until such unused NOLs expire. Under current law, U.S. federal NOLs incurred in taxable years after December 31, 2017, can be carried forward indefinitely, but the deductibility of such U.S. 29federal NOLs is limited to 80% of taxable income. It is uncertain if and to what extent various states will conform to federal tax laws. A lack of future taxable income would adversely affect our ability to utilize portions of these NOLs before they expire. In general, under Section 382 of the Internal Revenue Code of 1986, as amended, or the Code, a corporation that undergoes an “ownership change” (as defined under Section 382 of the Code and applicable Treasury Regulations) is subject to limitations on its ability to utilize its pre-