Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - DT

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. entitled “Risk Factors” in this Annual Report, and in our other U.S. Securities and Exchange Commission (“SEC”) filings. We assume no obligation to update any forward-looking statements contained in this Annual Report as a result of new information, future events, or otherwise.

SUMMARY OF THE MATERIAL RISKS ASSOCIATED WITH OUR BUSINESS

Our business is subject to numerous risks and uncertainties that you should be aware of in evaluating our business. Please see Item 1A. entitled “Risk Factors” in this Annual Report for a discussion of risks that we believe are material. These risks and uncertainties include, but are not limited to, the following:

•We have experienced rapid revenue growth in recent periods, which may not be indicative of our future growth.

•

•The markets in which we operate are highly competitive, which may adversely affect our ability to add new customers, retain existing customers, and grow our business.

•If we fail to innovate and do not continue to develop and effectively market solutions that anticipate and respond to the needs of our customers, our business, operating results, and financial condition may suffer.

•If we are unable to acquire new customers or retain and expand our relationships with existing customers, our future revenues and operating results will be harmed.

•Failure to effectively expand our sales and marketing capabilities could harm our ability to execute on our business plan, increase our customer base, and achieve broader market acceptance of our applications.

•If we are unable to maintain successful relationships with our partners, or if our partners fail to perform, our ability to market, sell, and distribute our applications and services will be limited, and our business, operating results, and financial condition could be harmed.

•If our platform and solutions do not effectively interoperate with our customers’ existing or future information technology (“IT”) infrastructures, installations of our solutions could be delayed or canceled, which would harm our business.

Table of Contents

•Our quarterly and annual operating results may be adversely affected due to a variety of factors, which could make our future results difficult to predict.

•Our use of new and evolving technologies, including AI in our offerings and business, may present risks and challenges that can impact our business, including by posing cybersecurity, operational, and other risks to our confidential and/or proprietary information, including personal information, and as a result we may be exposed to reputational harm and liability.

•Security breaches, computer malware, computer hacking attacks, and other security incidents or compromises could harm our business, reputation, brand and operating results.

•Real or perceived errors, failures, defects, or vulnerabilities in our solutions could adversely affect our financial results and growth prospects.

•

Table of Contents

PART I

ITEM 1. BUSINESS

Overview

Dynatrace combines broad and deep observability, continuous runtime application security, and advanced agentic AI operations to deliver answers and intelligent automation across IT operations, development, security, business, and executive teams. This unified approach enables organizations to optimize their rapidly evolving AI, cloud, and IT operations, accelerate secure software delivery, and improve digital performance. Our vision is a world where software works perfectly.

The Dynatrace platform is built to scale, partnering and integrating seamlessly into hybrid, multicloud ecosystems, including major hyperscalers such as Amazon Web Services (“AWS”), Microsoft Azure (“Azure”), and Google Cloud Platform (“GCP”), as well as traditional on-premises and mainframe solutions.

Our customers include many of the world’s largest enterprises which deploy the Dynatrace platform to support increasingly complex IT environments. As workloads scale and cybersecurity threats evolve, cloud modernization and rapid AI adoption have significantly increased data volume and complexity, rendering traditional monitoring and observability approaches insufficient for many organizations. We believe this positions Dynatrace to address a significant market opportunity through our differentiated platform, deep cloud ecosystem integrations, and trusted customer and partner relationships.

Key Differentiators

Dynatrace offers a fully integrated platform that brings together differentiated data, context, and intelligence layers. The Dynatrace platform’s architecture is built for the scale and complexity of modern cloud and AI-driven observability and operations. We believe the Dynatrace platform is different from other offerings through three connected capabilities:

•Dynatrace has a unified data foundation. We store and consolidate all observability, security, and business data types, including logs, traces, metrics, real user data, events, sessions, and other telemetry, in an integrated, highly performant and massively scalable data lakehouse called GrailTM, without the need for upfront indexing, schema design, or data movement. Through Grail’s single authoritative data layer, we enable AI to work from a comprehensive set of continuously updated information, which we believe makes insights and actions faster, more reliable, and more scalable than fragmented toolchains and multiple data stores.

•The Dynatrace platform provides near real-time causal context. Dynatrace stores unified data in context, and our proprietary Smartscape® technology is able to analyze billions of interdependencies across applications, infrastructure, networks, services, users, and other signals throughout an enterprise. Smartscape continuously maps these relationships, creating a living, near real time dependency graph. This allows an organization using Dynatrace to understand not just what is happening, but why it is happening and the resulting business and operational impact, providing a trusted foundation needed for AI-driven decisions, reliable automation, and autonomous operations.

•The Dynatrace platform utilizes AI-driven reasoning and automation. Earlier this year, we announced the general availability of Dynatrace Intelligence, a new agentic operations system built for modern software ecosystems that combines deterministic AI with agentic AI. Dynatrace Intelligence empowers organizations to build more resilient applications, elevate customer experiences, and drive autonomous action across modern digital ecosystems. With Dynatrace Intelligence at its core, we believe our platform is purpose-built for the agentic era, enabling a future where AI-powered observability can help customers automatically prevent, remediate, and optimize their IT environments. We are continuing to invest in AI best practices in services, data, and observability to support our customers on their AI journeys and to enable AI practices of our partners.

The Dynatrace Platform

The Dynatrace platform comprises several solutions, including the following:

•AI Observability (LLM and Agentic AI Observability) provides observability to improve the performance, resilience, explainability, and compliance of generative AI applications, large language models (“LLMs”), and agentic systems - including agent-to-agent interactions and actions taken by agents to better monitor and manage these workloads.

•Log Management and Analytics provides a unified approach to unlock the value of log data in the Dynatrace platform and can be developed for different use cases with enterprise-grade extensibility and customization.

•Modern Cloud Observability natively integrates with cloud and container environments to transform our customers’ cloud operations with complete visibility and proactive monitoring across their entire cloud infrastructure in one platform.

Table of Contents

•Infrastructure Observability provides complete visibility into a customer’s IT infrastructure layer across public and private clouds and hybrid, multicloud environments, including AWS, Azure, Google Cloud, VMware Tanzu, Red Hat OpenShift, and Kubernetes.

•Application Observability monitors the full stack (i.e.

•Digital Experience allows customers to monitor user experiences across channels with real-user and synthetic monitoring and session replays and encompasses mobile and web applications.

•Application Security automatically and continuously detects runtime vulnerabilities in applications, libraries, and code. It also provides near real-time detection and blocking to help protect against third-party cyber-attacks that can exploit critical vulnerabilities.

•Software Delivery leverages observability and security data to drive workflow automations created with a visual workflow creator or automation-as-code.

•Developer Experience is built upon rich data and context from the Dynatrace platform and puts it in the hands of developers to improve software resiliency and security.

•Business Analytics unify data flowing through the Dynatrace platform to provide precise, near real-time answers that enable teams to understand how the performance of their digital services affects critical key performance indicators and provides insights to help improve user experiences and drive better business outcomes.

The Dynatrace platform also includes the following:

•Bindplane offers telemetry pipelines that capture, optimize, and deliver data in an actionable form. This technology, which has become foundational to modern software ecosystems, optimizes and governs telemetry at the edge to improve data quality, reduce ingest costs, and enhance compliance through the removal, masking, and encryption of sensitive data.

•OpenPipeline uses high performance, stream processing technology to ingest, enrich, and contextualize data from a variety of sources (such as OpenTelemetry) for in-depth, AI-powered analytics. This helps organizations manage the cost and scale of large amounts of data, understand the context, and address security requirements.

•OneAgent deploys once on a host and instantly and continuously collects all relevant data and metrics along the full chain of applications that are being delivered. OneAgent helps organizations discover which processes are running on the host and automatically activates instrumentation.

•PurePath® captures and analyzes timing and code-level context for all distributed traces, end-to-end, across the full stack.

Key Customer Benefits

We believe the Dynatrace platform’s integrated approach reduces or eliminates the need for organizations to maintain a variety of disparate and siloed tools and helps them:

•improve the reliability and performance of their infrastructure and applications, which can help optimize the experience of their own users;

•improve organizational productivity, decision making and innovation, while also increasing transparency and collaboration between IT, site reliability engineers, development teams, and other business functions;

•tackle the complexity of emerging AI workloads, which are fundamentally more dynamic and less predictable than traditional software solutions;

•reduce operating costs; and

•mitigate risk.

Table of Contents

Dynatrace Deployment and Operations

Dynatrace provides out-of-the-box configuration for the leading cloud platforms, such as AWS, Azure, GCP, Red Hat OpenShift, and SAP, the leading AI and agentic AI frameworks and platforms, as well as Kubernetes and coverage for traditional on-premises systems, including mainframe and monolithic applications in a single, easy-to-use, intelligent platform.

The majority of our customers deploy Dynatrace as a Software-as-a-Service (“SaaS”) solution to get the latest Dynatrace features and updates with greatly reduced administrative effort. Our SaaS solution provides customers with the ability to scale up and down rapidly, without having to purchase, provision, and manage their hardware. We also provide options to deploy our platform in customer-provisioned infrastructure, which we call Dynatrace Managed. This offering allows customers the flexibility to maintain control of the environment where their data resides, whether in the cloud or on-premises, combining the simplicity of SaaS with the ability to adhere to their own data security and sovereignty requirements. We automatically upgrade all Dynatrace instances and offer on-premises cluster customers auto-deployment options that suit their specific enterprise management processes.

The Dynatrace Platform Subscription (“DPS”) licensing model provides customers with a flexible, scalable, and transparent subscription for the modern cloud. Any platform capability can be used in any quantity at any time based on the customer’s evolving needs. If a customer consumes more than their minimum annual spend commitment, they are not charged a penalty-style overage and they can continue to use the platform on an on-demand basis, billed monthly at the same rates as pre-paid consumption. Customers can alternatively increase their commitment spend to attain a higher discount. Existing Dynatrace customers can also license individual capabilities in a subscription model. Through a suite of tools in the Dynatrace Account Management portal, we provide customers with a near real-time view of licensed product consumption, with historical analysis at the daily or hourly level. In addition to raw data, these tools also provide customers with forecasting, alerting, and drilldowns that provide insights into their usage patterns.

Customers

As of March 31, 2026, we had approximately 4,100 customers in over 110 countries. Our customers reflect diverse industries including, but not limited to, banking and financial services, government, insurance, retail and wholesale, transportation, and software. There were no end-customers that represented more than 10% of revenue for the years ended March 31, 2026, 2025, and 2024. For the years ended March 31, 2026 and 2025, one channel partner accounted for 10% of revenue. No channel partners accounted for more than 10% of revenue for the year ended March 31, 2024.

Research and Development

We have a strong research and development organization that is responsible for designing, developing, testing, and operating all aspects of our offerings, including addressing new use cases, adding new innovative capabilities, extending the scale and scope of our technology, and embracing modern cloud and AI technologies while maintaining high quality.

We utilize an agile development process with 100% test automation to deliver major software releases throughout the year and hundreds of minor releases, fixes and updates. We believe the full stack monitoring required by dynamic multicloud environments requires a highly efficient and agile process to enable high-performing software across the diverse, dynamic cloud ecosystems of our customers.

Sales and Marketing

We take Dynatrace to market through a combination of our global direct sales team and a network of partners, including GSIs, cloud providers, resellers, and technology alliance partners. Dynatrace addresses customer needs at various scales and sizes, but our global direct sales team targets the largest 15,000 companies globally.

Our sales and marketing organizations seek to promote the Dynatrace brand, our platform capabilities, and develop partnerships to drive revenue growth. We nurture our existing customer base through ongoing education, and training, including expansion opportunities. We do this primarily through our digital online channels, such as the Dynatrace blog, Dynatrace Community, and Dynatrace University, as well as our customer event series ‘Perform’ and ‘Innovate.’

Table of Contents

Partners

We develop and maintain partnerships that help us market and deliver our offerings to our customers around the world. Our goal is to bring together industry experts and hands-on practitioners to create a world-class partner network. Through this intersection of industry and technology, our partner network extends the sales reach of the Dynatrace go-to-market team, while bringing enhanced value to our customers. This ecosystem contributes in all phases of our go-to-market approach: new sales opportunities, adoption, expansion through the identification of new use cases, integration into other market leading independent software vendors, and connecting us into other companies’ business transformation initiatives.

Our partner network includes:

•Global system integrators. We continue to see a robust technical readiness investment from our key strategic GSIs resulting in thousands of individuals trained or certified on the Dynatrace platform. These partners extend our scale and reach and collaborate with our direct sales teams, bringing domain expertise in technologies and industries along with additional offerings powered by Dynatrace.

•Cloud providers. Our software is developed to run in and integrate with leading cloud providers, such as AWS, Azure, and GCP. During our fiscal 2026, we announced deeper technical engagements with each of the major hyperscalers. Our customers are also able to procure our software through leading marketplaces, such as AWS, Azure, SAP, and Google.

•Resellers. Our resellers market, sell and deliver our offerings throughout the world. Our resellers often have a dedicated practice around observability. In addition, our resellers provide a go-to-market channel in countries and regions where we do not have a direct presence.

•Technology alliance partners.

Professional Services

Our Dynatrace Services Organization empowers our customers to innovate, automate, and transform the way they work with the Dynatrace platform through AI-driven insights and capabilities. Our expertise and cloud modernization practices cover cloud ecosystem integration, automated incident management and problem resolution, DevOps integration, user experience, business intelligence insights, digital business analytics, and more.

Dynatrace University is our global online, self-service education program that provides several learning options for customers and partners to develop their skills around monitoring, managing, integrating, and analyzing multicloud environments and application workloads with Dynatrace.

Customer Support

We have an innovative onboarding and support service that is focused on simplifying and streamlining customer experience. We use in-product chat as the primary vehicle for customer interaction to drive adoption and growth, as well as to handle issues and user questions. We also offer an extra level of success and support services for customers that want to accelerate their adoption of our platform, increase their access to support globally 24/7, and extend their hours of expert coverage.

Table of Contents

Our Growth Strategy

Key elements of our growth strategy include:

Extend our technology and market leadership position. We intend to maintain our position as a leading AI-powered observability platform through increased investment in research and development, and innovation. We plan to expand the functionality of our end-to-end Dynatrace platform and invest in capabilities that address new market opportunities. We plan to continue evolving our AI capabilities to drive differentiation, with a continued focus on agentic AI capabilities and functionalities that can act autonomously to make decisions and take actions without human intervention. We also believe we are well positioned to continue growing our next generation log management offering, which integrates logs, traces, metrics, and other core observability and security data types into a a fully integrated platform with a single datastore, providing customers with greater value than log management solutions that are viewed as too expensive, providing too little value, or largely operating independently from existing monitoring tools. We believe this strategy will enable new growth opportunities and allow us to deliver differentiated high-value outcomes to our customers.

We plan to establish new and deeper relationships within our existing customers’ organizations and expand the breadth of our platform capabilities to provide for expansion opportunities. We also believe that our DPS licensing model will drive broader consumption of the Dynatrace platform and further expansion opportunities for customers that prefer the flexibility and predictability of pricing under that model. With access to the full Dynatrace platform, DPS customers are able to adopt Dynatrace more broadly across their IT environments, which can lead to increased consumption.

Grow our customer base. We intend to drive new customer growth through ongoing investments in our go-to-market strategy focused on customer segmentation, partner enablement, and continued expansion of our sales motion beyond application performance to include end-to-end observability, tool consolidation, and cloud modernization. We plan to continue addressing customer needs at various scales and sizes, with our global direct sales team targeting the largest 15,000 companies globally. In addition, we plan to expand our reach internationally to what we believe are large, mostly untapped, markets for our company, while leveraging our sector specialization globally. We also are focused on intuitive ways for customer teams to onboard and receive additional value from Dynatrace, including through our free trial program.

Leverage our strategic partner ecosystem. Cloud migration and modernization are foundational growth drivers for our strategic partners and our company. By working more closely with strategic partners, our objective is to participate in digital transformation projects earlier in the purchasing cycle and enable customers to establish more resilient cloud deployments from the start.

We rely on a combination of patent, copyright, trademark, trade dress, and trade secret laws, as well as confidentiality procedures and contractual restrictions, to establish and protect our proprietary rights. As of March 31, 2026, we had 176 issued patents, 104 of which are U.S. patents, and 108 pending applications, of which 66 are U.S. applications. Our issued patents expire at various dates through November 2044.

We have registered “Dynatrace” and the “Dynatrace” logo as trademarks in the United States and other jurisdictions for our name and our product as well as certain other words and phrases that we use in our business, including “OneAgent,” “PurePath,” and “Smartscape.” We have registered numerous Internet domain names related to our business. We also license software from third parties for integration into our applications and utilize open-source software.

We enter into agreements with our employees, contractors, customers, partners, and other parties with which we do business to limit access to and disclosure of our confidential and proprietary information. See the “Risk Factors” section of this Annual Report for a discussion of risks related to our IP.

Table of Contents

Competition

The markets for AI observability, log management and analytics, modern cloud observability, infrastructure observability, application observability, digital experience, application security, software delivery, developer experience, and business analytics are evolving, complex, and defined by rapidly changing technology and customer needs. As we have expanded our platform capabilities, we increasingly compete with a wider range of vendors. We expect competition to continually evolve as enterprises shift to dynamic multicloud environments and as more mature vendors look to provide a holistic approach in areas of the market that we serve.

The principal competitive factors in our markets are:

•product features, functionality, and reliability;

•AI capabilities;

•automation;

•ease and cost of deployment, use, and maintenance;

•deployment options and flexibility;

•customer, technology, and platform support;

•ability to easily integrate with customers’ software application and IT infrastructure environments;

•the quality of data collection and correlation;

•interoperability and ease of integration;

•pricing (including ease of pricing) and perceived value of offerings; and

•brand recognition.

We compete either directly or indirectly with infrastructure monitoring vendors, APM vendors, log management vendors, digital experience monitoring (“DEM”) vendors, security vendors, open source and commercial open source vendors, point solutions from public cloud providers, and IT operations management and business intelligence providers with offerings that cover some portion of the capabilities that we provide.

We also face potential competition from vendors in adjacent markets that may offer capabilities that overlap with ours. We may also face greater competition from non-specialist solutions relying on generic LLMs, generative AI, and general-purpose agents to address a broad range of business needs. See the “Risk Factors” section of this Annual Report for a discussion of risks related to competition.

Sustainability

Overview

At Dynatrace, we believe technology has the power to shape the world in many ways, including as a force for good to drive innovation and foster a more sustainable future. We believe that focusing on sustainability is part of our responsibility as a global company. We group our material sustainability topics into three key pillars: sustaining our environment; people, culture, and community; and governance and ethics. With these topics at the forefront, we have embedded our sustainability strategy in our business priorities, mission, purpose, vision, and values. Our people, culture, and community pillar includes human capital management, which we discuss in more detail below.

During our fiscal 2026, we continued to develop and implement programs that drive progress on our sustainability initiatives, which we shared in our annual Sustainability Report in December 2025. A copy of our most recent Sustainability Report is posted on our website at www.dynatrace.com/company/sustainability/. The contents of our Sustainability Reports are not incorporated into this Annual Report and inclusion of the website address above is an inactive textual reference only.

Human Capital Management

Our company’s vitality is fueled by our employees who represent the approximately 40 countries in which we operate. At Dynatrace, people power our progress. Our culture, values, and global community shape how we work, how we innovate, and how we support our customers. In fiscal 2026, our teams played a central role in strengthening belonging, developing leaders, and building a workforce where people can grow and contribute to meaningful outcomes. Our most senior leaders, including our Chief Executive Officer and Chief People Officer, are visible and engaged advocates of our human capital management strategy and continued to discuss various human capital-related topics with our Board of Directors throughout the fiscal year.

Table of Contents

For several years, third party organizations have recognized Dynatrace as an employer of choice around the globe. Some of our employees in Europe are represented by works councils or are members of a trade union. We have not experienced any work stoppages due to labor disputes. We believe that our relations with our employees and works councils are good.

We have prioritized a number of initiatives as part of our human capital management strategy. These initiatives include: (1) inspiring employee engagement; (2) attracting and retaining the right talent; (3) investing in people and building the future; and (4) supporting an inclusive environment.

Inspiring employee engagement – We seek to inspire employee engagement through leadership effectiveness, structured feedback surveys and conversations, and programs that support career growth. We also support employee engagement through the Dynatrace Work Model, which has flex and remote options to support productivity and collaboration. For our Dynatrace-operated offices, our goal is to create dynamic environments that foster inclusion and connection, with designs and layouts that support creativity and wellbeing and embed sustainability.

Attracting and retaining the right talent – We focus on attracting and retaining talent by offering a differentiated employee value proposition that supports career longevity through meaningful engagement and development. Our approach includes career frameworks, opportunities for internal mobility, and programs that provide employees with opportunities to grow and contribute. We also value the health and wellbeing of our employees and we provide resources to employees that are focused on this area. Our compensation program is designed to attract, reward, and retain talented individuals who possess the skills necessary to support our business, contribute to our strategic goals, and create long-term value for our stockholders.

Investing in people and building the future – We invest in our employees through talent development strategies that support growth at every level. We utilize leadership programs, a global mentoring program, and other initiatives that foster connection across our distributed workforce. We also embrace a culture of continuous learning and offer various programs in this area.

Supporting an inclusive environment - We pride ourselves on providing a culture that empowers our employees, fosters inclusion across the entire career experience, and services the communities that we impact. Our presence and talent across approximately 40 countries provides us with valuable insights into the experiences and perspectives of different communities around the globe. Our employee resource groups play a strategic role in advancing an inclusive and supportive workforce.

Corporate Information

Our principal executive offices are located at 280 Congress Street, 11th Floor, Boston, Massachusetts 02210, and our telephone number is (781) 530-1000. Our website is www.dynatrace.com and our Investor Relations website is https://ir.dynatrace.com. Information contained on, or that can be accessed through, our websites is not incorporated by reference into this Annual Report and should not be considered to be part of this Annual Report, and inclusions of our website addresses in this Annual Report are inactive textual references only.

The Dynatrace design logo and our other registered or common law trademarks, service marks or trade names appearing in this Annual Report are the property of Dynatrace LLC. This Annual Report includes our trademarks and trade names, including, without limitation, Dynatrace, OneAgent®, Smartscape®, PurePath® and GrailTM which are our property and are protected under applicable IP laws. Other trademarks and trade names referred to in this Annual Report are the property of their respective owners.

Available Information

Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, and Current Reports on Form 8-K, including amendments and exhibits to these reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), are available free of charge on the Investor Relations section of our website at https://ir.dynatrace. The SEC maintains a website at www.sec.gov that contains our SEC filings and other information regarding us and other companies that file materials with the SEC electronically.

Investors and others should note that we announce material financial information to our investors using our Investor Relations website, press releases, SEC filings and public conference calls and webcasts. We also use these channels to disclose information about the company, our planned financial and other announcements, attendance at upcoming investor and industry conferences, and for complying with our disclosure obligations under Regulation FD. The information we post through these channels may be deemed material. Accordingly, we encourage investors to review the information we make available through these channels.

Table of Contents

ITEM 1A. RISK FACTORS

Investing in our common stock involves a high degree of risk. You should carefully consider the risks and uncertainties described below, together with all of the other information in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes, before making a decision to invest in our common stock. The risks and uncertainties described below may not be the only ones we face. If any of the risks actually occur, our business, operating results, financial condition and prospects could be materially and adversely affected. In that event, the market price of our common stock could decline, and you could lose all or part of your investment.

Risks Related to Our Business and Industry

We have experienced rapid revenue growth in recent periods, which may not be indicative of our future growth.

We have experienced rapid revenue growth in recent periods. Our annual revenue grew 19%, 19%, and 23% in the years ended March 31, 2026, 2025, and 2024, respectively, compared to the prior year. This revenue growth may not be indicative of our future revenue growth, and we may not be able to sustain revenue growth consistent with recent history, or at all. We believe our ability to continue to increase our revenue depends on several factors, including, but not limited to:

•our ability to attract new customers and retain and increase sales to existing customers;

•our ability to continue to expand customer adoption and usage of our Dynatrace platform;

•our ability to develop our existing platform, introduce new solutions, enhance and improve existing solutions on our platform, and keep pace with technological developments (including rapid advances in AI and other emerging technologies);

•continued growth of cloud-based services and solutions;

•our ability to continue to develop offerings and solutions that our customers prefer over those of our competitors;

•our ability to hire and retain sufficient numbers of sales and marketing, research and development, and general and administrative personnel; and

•our ability to expand into new geographies and markets, including the application security and log management markets, and expand our global operations.

If we are unable to achieve any of these, our revenue growth could be adversely affected.

We currently target the markets for AI observability, log management and analytics, modern cloud observability, infrastructure observability, application observability, digital experience, application security, software delivery, developer experience, and business analytics. It is difficult to predict customer demand, adoption, churn, and renewal rates for our new and existing solutions, the rate at which existing customers expand their usage of our solutions, and the size and growth rate of the market for our solutions.

The markets in which we operate are highly competitive, which may adversely affect our ability to add new customers, retain existing customers, and grow our business.

The markets in which we compete are highly competitive, fragmented, evolving, complex, and defined by rapidly changing technology (including, without limitation, new and evolving uses of AI) and customer needs, and we expect competition to continue to increase in the future. A number of companies, some of which are larger and have more resources than we do, have developed or are developing products and services that currently, or in the future may, compete with some or all of our solutions. We have also been expanding the scope of our solutions to include new offerings and we increasingly compete with other companies in new and adjacent markets. Competition could result in increased pricing pressure, reduced profit margins, increased sales and marketing expenses and our failure to increase, or loss of, market share, any of which could adversely affect our business, operating results, and financial condition.

Table of Contents

We have incorporated AI into our platform and AI is changing the competitive dynamics of our industry. Our competitors or other third parties may incorporate AI into their products more quickly or more successfully than us, may invest more in AI development than us, or have access to more advanced AI models or autonomous agents with greater capabilities or broader functionality, which could reduce demand for our platform and adversely affect our results of operations. We may also face greater competition from non-specialist solutions relying on generic LLMs, generative AI, and general-purpose agents to address a broad range of business needs. As part of our sales efforts, we must demonstrate to existing and prospective customers that our offerings are preferable to other solutions available to their organizations, including generic LLMs, software created using natural language prompts and generative AI (referred to as vibe coding) and other emerging technologies. If we are unable to continue developing and integrating advanced AI functionality into the Dynatrace platform in a way that meets customer expectations or competitive benchmarking, our market position and growth prospects could be adversely affected. For a description of additional risks related to AI, please see the risk below entitled, “Our use of new and evolving technologies, including AI in our offerings and business, may present risks and challenges that can impact our business, including by posing cybersecurity, operational, and other risks to our confidential and/or proprietary information, including personal information, and as a result we may be exposed to reputational harm and liability” along with AI-related references in other risks discussed in this section.

Further, to the extent that one of our competitors establishes or strengthens a cooperative relationship with, or acquires one or more software APM, data analytics, compliance, or network visibility vendors, it could adversely affect our ability to compete. We may also face competition from companies entering our market, which has a relatively low barrier to entry in some segments, including large technology companies that could expand their platforms or acquire one of our competitors. For example, Cisco acquired Splunk in 2024 and Palo Alto Networks acquired Chronosphere in 2026.

Many existing and potential competitors enjoy substantial competitive advantages, such as:

•greater brand recognition, longer operating histories, and greater familiarity with some of our target customers;

•longer-term and more extensive relationships with existing and potential customers, and access to larger customer bases, which often provide incumbency advantages;

•broader global distribution and presence;

•larger sales and marketing budgets and resources;

•the ability to integrate or bundle competitive offerings with other products, offerings and services;

•lower labor and development costs;

•greater resources to make acquisitions;

•larger and more mature IP portfolios; and

•substantially greater financial, technical, management and other resources.

Additionally, in certain circumstances, and particularly among large technology companies that have complex and large software application and IT infrastructure environments, customers may elect to build in-house solutions to address their observability and related needs.

These competitive pressures in our markets or our failure to compete effectively may result in fewer customers, price reductions, fewer orders, reduced revenue and gross profit, and loss of market share. Any failure to meet and address these factors could materially and adversely affect our business, operating results, and financial condition.

If we fail to innovate and do not continue to develop and effectively market solutions that anticipate and respond to the needs of our customers, our business, operating results, and financial condition may suffer.

Moreover, many of our customers operate in industries characterized by changing technologies and business models, which require them to develop and manage increasingly complex software application and IT infrastructure environments.

Table of Contents

In addition, the process of developing new technology is complex and uncertain, and if we fail to accurately predict customers’ changing needs and emerging technological trends, our business could be harmed. We believe that we must continue to dedicate significant resources to our research and development efforts, including significant resources to developing new solutions and solution enhancements before knowing whether the market will accept them. We plan to continue evolving our AI capabilities to drive differentiation, with a continued focus on agentic AI capabilities and functionalities that can act autonomously to make decisions and take actions without human intervention.

Our new solutions and solution enhancements could fail to attain sufficient market acceptance for many reasons, including:

•delays in developing and releasing new solutions or enhancements to the market;

•failures to accurately predict market or customer demands, priorities, and practices, including other technologies utilized by customers in their environments and competitors and partners that they prefer to work with;

•the introduction or anticipated introduction of competing products by existing and emerging competitors;

•the inability to execute our go-to-market strategy effectively, which depends on our sales and marketing teams and our partners to sell solutions for new markets and product categories;

•delays or failures to provide updates to customers to maintain compatibility between Dynatrace and the various applications and platforms being used in the customers’ applications and multicloud environments;

•defects, errors, or failures in the design or performance of our new solutions or solution enhancements;

•the perceived value of our solutions or enhancements relative to their cost; and

•negative publicity about the performance or effectiveness of our solutions.

Any acquisition of this type could be unsuccessful for a variety of reasons, require significant management attention, disrupt our business, dilute stockholder value, and adversely affect our results of operations. For a description of some of the risks related to potential acquisitions, please see the risk below entitled “We may acquire other businesses, products, or technologies in the future which could require significant management attention, disrupt our business or result in operating difficulties, dilute stockholder value, and adversely affect our results of operations.”

To the extent that we are not able to continue to execute on our business model to timely and effectively develop, license, or acquire and market applications to address these challenges and attain market acceptance, our business, operating results, and financial condition will be adversely affected.

Further, we may make changes to our solutions that our customers do not value or find useful. We may also discontinue certain features, begin to charge for certain features that are currently free, or increase fees for any of our features or usage of our solutions. If our new solutions, enhancements, or pricing strategies do not achieve adequate acceptance in the market, our competitive position will be impaired, our revenue may decline or grow more slowly than expected and the negative impact on our operating results may be particularly acute, and we may not receive a return on our investment in the upfront research and development, sales and marketing, and other expenses that we incur in connection with new solutions or solution enhancements.

If we are unable to acquire new customers or retain and expand our relationships with existing customers, our future revenues and operating results will be harmed.

To continue to grow our business, we need to attract new customers and increase deployment, usage, and consumption of our solutions by existing customers. Our success in attracting new customers and expanding our relationships with existing customers depends on numerous factors, including our ability to:

•offer a compelling, AI-driven, end-to-end platform that combines broad and deep observability and continuous runtime application security to support IT operations, development, security, business, and executive teams;

•design and execute our sales and marketing strategy;

•effectively identify, attract, onboard, train, develop, motivate, and retain new sales, marketing, professional services, and support personnel in the markets we pursue;

•develop or expand relationships with technology partners, systems integrators, resellers, online marketplaces, and other partners, including strategic alliances and cloud-focused partnerships with GSIs, including Accenture, Atos, Deloitte, DXC, and Kyndryl, and hyperscalers such as AWS, GCP, Azure, and others, some of which may also compete with us;

•expand into new geographies and markets, including the business intelligence and data analytics market;

•deploy our platform and solutions for new customers; and

•provide quality customer support and professional services.

Table of Contents

Our customers have no obligation to renew their agreements, and our customers may decide not to renew these agreements with a similar contract period, or at the same prices and terms. Although our customer retention rate has historically been strong, some of our customers have elected not to renew their agreements with us, and it is difficult to accurately predict long-term customer retention, churn and expansion rates. If our customers do not renew their agreements, or renew on less favorable terms, our business, financial condition, and operating results may be adversely affected.

Our ability to increase sales to existing customers depends on several factors, including their experience with implementing and using our platform and the existing solutions they have implemented, their ability to integrate our solutions with existing technologies, and our pricing models, including our DPS licensing model. A failure to increase sales to existing customers could adversely affect our business, operating results, and financial condition.

Failure to effectively expand our sales and marketing capabilities could harm our ability to execute on our business plan, increase our customer base, and achieve broader market acceptance of our applications.

Our ability to increase our customer base and achieve broader market acceptance of our solutions will depend to a significant extent on the ability of our sales and marketing organizations to work together to drive our sales pipeline and cultivate customer and partner relationships to drive revenue growth. The increasing adoption of generic LLMs and AI‑driven assistants may also impact how customers access, interpret, and derive value from Dynatrace, which could affect how we market, sell, and position our solutions. We have invested in and plan to continue expanding our sales and marketing organizations, both in the United States and internationally. We also plan to dedicate significant resources to sales and marketing programs, including lead generation activities and brand awareness campaigns, such as our industry events, webinars, and user events with an increased investment in digital or online activities. If we are unable to effectively identify, hire, onboard, train, develop, motivate, and retain talented sales personnel or marketing personnel or if our new sales personnel or marketing personnel, online investments are unable to achieve desired productivity levels in a reasonable period of time, or if we do not create an effective strategy for our personnel to execute, our ability to increase our customer base and achieve broader market acceptance of our offerings could be harmed.

If we are unable to maintain successful relationships with our partners, or if our partners fail to perform, our ability to market, sell, and distribute our applications and services will be limited, and our business, operating results, and financial condition could be harmed.

In addition to our sales force, we rely on partners, including our strategic partners, to increase our sales and distribution of our software and services. We also have independent software vendor partners whose integrations may increase the breadth of the ecosystem in which our solutions can operate, and the size of the market that our solutions can address. We also have partnerships with GSIs and hyperscalers on which many of our customers depend, and through which our customers may be able to procure and deploy our solutions. We are dependent on these partner relationships to contribute to enabling our sales growth. We expect that our future growth will be increasingly dependent on the success of our partners and our partner relationships, and if those partnerships do not provide such benefits, our ability to grow our business will be harmed. If we are unable to scale our partner relationships effectively, or if our partners are unable to serve our customers effectively, we may need to expand our services organization, which could adversely affect our results of operations.

Our agreements with our partners are generally non-exclusive, meaning our partners may offer products from several different companies to their customers or have their products or technologies also interoperate with products and technologies of other companies, including products that compete with our offerings. Moreover, some of our partners also compete with us, and if our partners do not effectively market and sell our offerings, choose to use greater efforts to market and sell their own products or those of our competitors or fail to meet the needs of our customers, our ability to grow our business and sell our offerings will be harmed. If our solutions fail to interoperate effectively with the hyperscalers’ products, or if our partnerships with one or more of these hyperscalers are not successful or are terminated, our ability to sell additional products or offerings to these customers and our ability to grow our business will be harmed. Furthermore, our partners may cease marketing our offerings with limited or no notice and with little or no penalty, and new partners could require extensive training and may take several months or more to achieve productivity. The loss of a substantial number of our partners, our possible inability to replace them or our failure to recruit additional partners could harm our results of operations. Our partner structure could also subject us to lawsuits or reputational harm if, for example, a partner misrepresents the functionality of our offerings to customers or violates applicable laws or our corporate policies.

Table of Contents

If our platform and solutions do not effectively interoperate with our customers’ existing or future IT infrastructures, installations of our solutions could be delayed or canceled, which would harm our business.

Our success depends on the interoperability of our platform and solutions with third-party operating systems, applications, cloud platforms, data, and devices that we have not developed and do not control. Any third-party changes that degrade the functionality of our platform or solutions or give preferential treatment to competitive software could adversely affect the adoption and usage of our platform. We may not be successful in adapting our platform or solutions to operate effectively with these systems, applications, cloud platforms, data, or devices. If it is difficult for our customers to access and use our platform or solutions, or if our platform or solutions cannot connect a broadening range of systems, applications, cloud platforms, data, and devices, then our customer growth and retention may be harmed, and our business and operating results could be adversely affected.

Multicloud deployments utilize multiple third-party platforms and technologies, and these technologies are updated to new versions at a rapid pace. As a result, we deliver frequent updates to our solutions designed to maintain compatibility and support for our customers’ changing technology environments and ensure our solutions’ ability to continue to monitor customers’ applications. If our solutions fail to work with any one or more of these technologies or applications, or if our customers fail to install the most recent updates and versions of our solutions that we offer, our solutions will be unable to continuously monitor our customers’ critical business applications.

We have formed alliances with many technology and cloud platform providers to provide updates to our solutions to maintain compatibility. We work with technology and cloud platform providers to understand and align updates to their product roadmaps and engage in early access and other programs to ensure compatibility of our solutions with the technology vendor’s generally available release. If our relations with our technology partners degrades or ceases we may be unable to deliver these updates, or if our customers fail to install the most recent updates and versions of our solutions that we offer, then our customers’ ability to benefit from our solution may decrease significantly and, in some instances, may require the customer to de-install our solution due to the incompatibility of our solution with the customer’s applications.

If the prices we charge for our solutions and services are unacceptable to our customers, our operating results will be harmed.

If this were to occur, it is possible that we would have to change our pricing model or reduce our prices, which could harm our revenue, gross margin, and operating results. Pricing decisions may also impact the mix of adoption among our licensing and subscription models, and negatively impact our overall revenue. Moreover, large global accounts, which we expect will account for a large portion of our business in the future, may demand substantial price concessions. If we are, for any reason, required to reduce our prices, our revenue, gross margin, profitability, financial position, and cash flow may be adversely affected.

We believe the Dynatrace brand is integral to our future success and if we fail to cost-effectively maintain and enhance awareness of our company, our business and competitive position may be harmed.

We believe that maintaining and enhancing the Dynatrace brand and increasing market awareness of our company and our solutions are critical to achieving broad market knowledge of our existing and future solutions. Increasing awareness is important to attract and retain customers, partners, and employees, particularly as we continue to introduce new capabilities and enhancements and expand internationally. In addition, independent industry analysts, such as Gartner and Forrester, often provide reviews of our solutions, as well as those of our competitors, and perception of our solutions in the marketplace may be significantly influenced by these reviews. We have no control over what these or other industry analysts report, and because industry analysts may influence current and potential customers, our brand could be harmed if they do not provide a positive review of our solutions or view us as a market leader. In addition, the increasing adoption of generic LLMs and AI‑driven assistants may influence how customers discover, recognize, and attribute value to brands across the observability and security market segments.

The successful promotion of the Dynatrace brand and the market’s awareness of our solutions and platform will depend largely upon our ability to continue to offer and market enterprise-grade observability and related solutions, share our thought leadership, and continue to differentiate our solutions successfully from those of our competitors. We have invested, and expect to continue to invest, substantial resources to promote and maintain our brand and generate sales leads, both in the United States and internationally, but there is no guarantee that our awareness strategies will enhance the recognition of our brand or lead to increased sales. If our efforts to promote and maintain our brand are not cost effective or successful, our operating results and our ability to attract and retain customers, partners, and employees may be adversely affected. In addition, even if our brand recognition and customer loyalty increase, this may not result in increased sales of our solutions or higher revenue.

Table of Contents

Our sales cycles can be long, unpredictable and vary seasonally, which can cause significant variation in the number and size of transactions that close in a particular quarter.

Many of our customers are large enterprises, whose purchasing decisions, budget cycles and constraints, and evaluation processes are unpredictable and out of our control. During recessionary times, or when there is volatility or uncertainty in the global economy or in the economies of the countries in which we operate, our sales cycles may be elongated and our customers’ purchasing decisions may be delayed or cancelled. These deals come with a higher degree of variability, longer sales cycles, greater uncertainty of completing the sale, and specially negotiated terms. The length of our sales cycle, from initial evaluation to payment for our subscriptions, can range from several months to over a year and can vary substantially from customer to customer. Our sales efforts involve significant investment of resources in field sales, partner development, marketing, and educating our customers about the use, technical capabilities, and benefits of our platform and services. Customers often undertake a prolonged evaluation process, which frequently involves not only our platform, but also those of other companies or the consideration of internally developed alternatives, including those using open source software. Some of our customers initially deploy our platform on a limited basis, with no guarantee that they will deploy our platform widely enough across their organization to justify our substantial pre-sales investment. As a result, it is difficult to predict exactly when, or even if, we will make a sale to a potential customer or if we can increase sales to our existing customers.

We have experienced seasonal and end-of-quarter concentration of our transactions and variations in the number and size of transactions that close in a particular quarter, which impacts our ability to grow revenue over the long term and plan and manage cash flows and other aspects of our business and cost structure. Our transactions vary by quarter, with the third and fourth fiscal quarters typically being our largest. In addition, within each quarter, a significant portion of our transactions occur in the last two weeks of that quarter. Large individual sales may also occur in quarters subsequent to those we anticipate, which may make it difficult to forecast our expected sales cycle. If expectations for our business turn out to be inaccurate, our revenue growth may be adversely affected over time and we may not be able to adjust our cost structure on a timely basis and our cash flows and results of operations may suffer.

Our quarterly and annual operating results may be adversely affected due to a variety of factors, which could make our future results difficult to predict.

Our annual and quarterly revenue and operating results have fluctuated significantly in the past and may vary significantly in the future due to a variety of factors, many of which are outside of our control. Our financial results in any one quarter may not be meaningful and should not be relied upon as indicative of future performance. If our revenues, earnings, or operating results fall below the expectations of investors or securities analysts in a particular quarter, or below any guidance that we may provide, the price of our common stock could decline. We may not be able to accurately predict our future billings, revenues, earnings, or operating results. Some of the important factors that may cause our operating results to fluctuate from quarter to quarter or year to year include:

•fluctuations in the demand for our solutions, the timing of purchases by our customers, and the length of the sales cycles, particularly for larger purchases;

•fluctuations in the rate of utilization by customers of the cloud to manage their business needs, or a slowdown in the migration of enterprise systems to the cloud;

•the impact of recessionary pressures or uncertainties in the global economy, or in the economies of the countries in which we operate, on our customers’ purchasing decisions and the length of our sales cycles;

•our ability to attract new customers and retain existing customers;

•our ability to expand into new geographies and markets, including the application security and log management markets;

•the budgeting cycles and internal purchasing priorities of our customers;

•changes in go-to-market strategy, customer renewal rates, churn, and our ability to cross-sell additional solutions to our existing customers and our ability to up-sell additional quantities of previously purchased offerings to existing customers;

•the seasonal buying patterns of our customers;

•the payment terms and contract term length associated with our product sales and their effect on our billings and free cash flow;

•changes in customer requirements or market needs;

•the emergence of significant privacy, data protection, systems and application security or other threats, regulations, or requirements applicable to the use of enterprise systems or cloud-based systems that we are not prepared to meet or that require additional investment by us;

•changes in the demand and growth rate of the markets for observability, application security, analytics, and AI-enabled solutions;

Table of Contents

•our ability to anticipate or respond to changes in the competitive landscape, or improvements in the functionality of competing solutions that reduce or eliminate one or more of our competitive advantages;

•our ability to timely develop, introduce, and gain market acceptance for new solutions and product enhancements;

•our ability to adapt and update our offerings and solutions on an ongoing and timely basis in order to maintain compatibility and efficacy with the frequently changing and expanding variety of software and systems that our offerings are designed to monitor;

•our ability to maintain and expand our relationships with strategic technology partners that own, operate, and offer the major platforms on which applications operate, with which we must interoperate and remain compatible, and from which we must obtain certifications and endorsements in order to maintain credibility and momentum in the market;

•our ability to control costs, including our operating expenses;

•our ability to efficiently complete and integrate any acquisitions or business combinations that we may undertake in the future;

•general economic, industry, and market conditions, both domestically and in our foreign markets, including regional or geopolitical conflicts, potential changes in the U.S. and foreign laws and regulations on international trade (e.g., export controls, import tariffs and trade agreements), or other disruptions to commerce;

•the U.S. federal government cancelling, consolidating, or not awarding contracts to us or our customers or suppliers;

•the emergence of new technologies or trends in the marketplace, or a change in the trends that are important to our strategy and the value of our platform in the marketplace;

•foreign currency exchange rate fluctuations;

•the timing of revenue recognition for our customer transactions, and the effect of the mix of subscriptions and services on the timing of revenue recognition;

•extraordinary expenses, such as litigation or other dispute-related settlement payments; and

•future accounting pronouncements or changes in our accounting policies.

This variability and unpredictability could result in our failure to meet our business plan or the expectations of securities analysts or investors for any period. In addition, a significant percentage of our operating expenses are fixed in nature in the short term and based on forecasted revenue trends. Accordingly, in the event of revenue shortfalls, we are generally unable to mitigate the negative impact on margins in the short term.

Our ability to succeed depends on the experience and expertise of our senior management team. If we are unable to attract, retain, and motivate our leadership team, our business, operating results, and prospects may be harmed.

Our ability to succeed depends in significant part on the experience and expertise of our senior management team. From time to time, there may be changes in our senior management team resulting from the hiring or departure of executives. In the last three years, we hired a new Chief People Officer, Chief Customer Officer, Chief Revenue Officer, Chief Marketing Officer, and various new sales and marketing leaders in their organizations, among other leadership changes.

Our employment agreements with members of our senior management team do not require them to remain employed with us for any specified period. The loss of a member of senior management team could disrupt our operations and negatively impact employee morale and our culture. After their termination, such person could go to work for one of our competitors after the expiration of any applicable non-compete period, and the restrictions on non-competition may in any case be difficult to enforce depending on the circumstances. The loss of members of our senior management team, particularly if closely grouped, could disrupt our operations, negatively impact employee morale and our culture, and adversely affect our ability to formulate and execute our business plan and thus, our business, operating results, and prospects could be adversely affected. If we fail to develop effective succession plans for our senior management team, and to identify, recruit, onboard, train and integrate strategic hires, our business, operating results, and financial condition could be adversely affected.

Table of Contents

We rely on highly skilled personnel and if we are unable to attract, retain, or motivate substantial numbers of qualified personnel or expand and train our personnel, we may not be able to grow effectively.

Our success largely depends on the talents and efforts of key technical, sales, and marketing employees and our future success depends on our continuing ability to efficiently and effectively identify, hire, onboard, train, develop, motivate, and retain highly skilled personnel for all areas of our organization. Our continued ability to compete and grow effectively depends on our ability to attract substantial numbers of qualified new employees and to retain and motivate our existing employees.

We may acquire other businesses, products, or technologies in the future which could require significant management attention, disrupt our business or result in operating difficulties, dilute stockholder value, and adversely affect our results of operations.

Our growth depends upon our ability to enhance our existing offerings and our ability to introduce new offerings on a timely basis. We intend to continue to address the need to develop new offerings and enhance existing offerings both through internal research and development, and also through the acquisition of other companies, product lines, technologies, and personnel. In the last two years, we acquired Metis, DevCycle, and Bindplane. We expect to continue to consider and evaluate a wide array of potential acquisitions as part of our overall business strategy, including, but not limited to, acquisitions of certain businesses, technologies, services, products, and other assets and revenue streams. At any given time, we may be engaged in discussions or negotiations with respect to one or more acquisitions, any of which could, individually or in the aggregate, be material to our financial condition and results of operations. There can be no assurance that we will be successful in identifying, negotiating, and consummating favorable acquisition opportunities, and we may not be able to complete such acquisitions on favorable terms. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, securities analysts, and investors, and could be disruptive to our operations.

Acquisitions may involve additional significant challenges, uncertainties, and risks, including, but not limited to:

•challenges, difficulties, or increased costs associated with integrating new employees, systems, technologies, and business cultures;

•failure of the acquisition to advance our business strategy and failure to achieve the acquisition’s anticipated benefits or synergies;

•disruption of our ongoing operations, diversion of our management’s attention, and increased costs and expenses associated with pursuing acquisition opportunities;

•inadequate data security, cybersecurity, and operational and IT compliance and resilience;

•failure to identify, or our underestimation of, commitments, liabilities, deficiencies, and other risks associated with acquired businesses or assets;

•inconsistency between the business models of our company and the acquired company, and potential exposure to new or increased regulatory oversight and uncertain or evolving legal, regulatory, and compliance requirements;

•the potential loss of key management, other employees, or customers of the acquired business;

•potential reputational risks that could arise from transactions with, or investments in, companies involved in new or developing businesses or markets, which may be subject to uncertain or evolving legal, regulatory, and compliance requirements;

•potential impairment of goodwill or other acquisition-related intangible assets; and

•the potential for acquisitions to result in dilutive issuances of our equity securities or significant additional debt.

The integration process for an acquired business may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquired business, including accounting charges. We may have to pay cash, incur debt, or issue equity securities to pay for any such acquisitions, each of which could adversely affect our financial condition or the value of our common stock. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our stockholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.

Acquisitions may also heighten many of the risks described in this “Risk Factors” section. Acquisitions are inherently risky, may not be successful, and may harm our business, results of operations, and financial condition.

Table of Contents

Any failure to offer high-quality customer support and professional services may adversely affect our relationships with our customers and our financial results.

We typically bundle customer support with arrangements for our solutions and offer professional services for implementation and training. In deploying and using our platform and solutions, our customers may require the assistance of our services teams to resolve complex technical and operational issues. Increased customer demand for support, without corresponding revenue, could increase costs and adversely affect our operating results. We may also be unable to respond quickly enough to accommodate short-term increases in customer demand for support. If we fail to meet our service level commitments, which relate to uptime or response times, or if we suffer extended periods of unavailability for our solutions, we may be contractually obligated to provide these customers with service credits or we could face contract terminations and be required to provide refunds of prepaid unused fees. Our sales are highly dependent on our reputation and on positive recommendations from our existing customers.

We believe that our corporate culture has contributed to our success, and if we cannot successfully maintain our culture as we grow, we could lose the innovation, creativity, and teamwork fostered by our culture.

We believe that a critical component to our success has been a focus on maintaining an entrepreneurial and innovative corporate culture. We believe our culture has contributed significantly to our abilities to innovate and develop new technologies and attract and retain employees. We have spent substantial time and resources in building our team while maintaining this corporate culture. The addition of new employees from different business backgrounds in different geographic locations, and the significant number of employees who work either on a hybrid or remote basis may make it difficult for us to maintain our corporate culture. If our culture is negatively affected, our ability to support our growth and innovation may diminish.

Our sales to government entities are subject to a number of challenges and risks.

We sell our solutions to U.S. federal and state and foreign governmental agency customers, often through our distributors and resellers, and we may increase sales to government entities in the future. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Contracts and subcontracts with government agency customers are subject to procurement laws and regulations relating to the award, administration, and performance of those contracts. We may be subject to audit or investigations relating to our sales to government entities, and any violations could result in various civil and criminal penalties and administrative sanctions, including termination of contracts, refunds of fees received, forfeiture of profits, suspension of payments, fines, and suspension or debarment from future government business including business with governmental agencies across the country involved. Government entities may have statutory, contractual, or other legal rights to terminate contracts with our distributors and resellers for convenience, non-appropriation, or due to a default. Any of these risks relating to our sales to governmental entities could adversely impact our future sales and operating results.

Risks Related to AI, IT, IP, and Data Security and Privacy

Our use of new and evolving technologies, including AI in our offerings and business, may present risks and challenges that can impact our business, including by posing cybersecurity, operational, and other risks to our confidential and/or proprietary information, including personal information, and as a result we may be exposed to reputational harm and liability.

Our company has significant experience with the use and integration of AI and we have incorporated it within our offerings for several years. We use AI technologies as a core component of the products and services we offer to customers, and for internal purposes to support our operations and performance. The operations of third parties upon which we rely also use AI. AI is rapidly evolving and developing, and our use of AI involves a broad range of risks and challenges that could negatively impact our business, including cybersecurity, data privacy, IT, IP, regulatory, legal, operational, competitive, and reputational. While we continue to invest in AI solutions and we believe that AI-related capabilities will be increasingly important to the value that the Dynatrace platform provides to our customers and to the efficiency of our operations, there can be no assurance that we will realize the desired or anticipated benefits from our AI investments.

Table of Contents

AI technologies and solutions, including agentic and generative AI tools, may have bias, produce inaccurate, misleading, harmful, or incomplete data, content, analyses, and recommendations, or other discriminatory, hallucinatory, or unexpected results, inferences, or behaviors. As we integrate more agentic AI workflows into our platform, the actions that are taken or suggested by AI-powered agents performing without human oversight could be incorrect or unintended, resulting in negative impacts for both our company and our customers. If our use of AI were to draw controversy, it could harm our reputation and could give rise to legal or regulatory action.

While we focus on using AI in a responsible, ethical, and legal manner, our use of AI and the impact of laws, regulations, and ethical considerations for AI generally, and as they apply to our customers, are evolving rapidly and becoming increasingly complex. We expect to see increasing government and supranational regulation related to AI use and ethics, which may also significantly increase the burden and cost of research, development and compliance in this area. A growing number of legislators and regulators are adopting laws and regulations and have focused enforcement efforts on the adoption of AI and use of such technologies in compliance with ethical standards and societal expectations. These developments may increase our compliance burden and costs in connection with use of AI and lead to legal liability if we fail to meet evolving legal standards or if use of such technologies results in harms or other causes of action we did not predict. For example, the European Union (“EU”) adopted the Artificial Intelligence Act (the “AI Act”) on August 1, 2024, with significant components of the AI Act continuing to come into effect in the near future. As currently enacted, the AI Act, which may be amended as part of the EU’s Digital Omnibus, imposes significant obligations on providers and deployers of high-risk AI systems, and encourages providers and deployers of AI systems to account for EU ethical principles in their development and use of these systems. The scope of requirements depends on judicial interpretations and forthcoming legislative amendments, and non-compliance can lead to significant fines.

In the United States, new AI-related laws and rulemakings are underway or being proposed at the federal, state, and local levels. Over the past year, states have advanced, and in some cases passed, dozens of laws focusing on AI governance and regulation, including on deployment of AI in healthcare settings. At the federal level, the Trump Administration has endorsed a federal moratorium on the enforcement of state AI laws, including through a December 11, 2025 executive order on “Ensuring a National Policy Framework for Artificial Intelligence.” So far, these efforts have not been successful at curtailing state action on AI regulation, contributing to a complicated legislative patchwork, which may be litigated in state and federal courts.

The rapid evolution of AI will require the application of significant resources to design, develop, test and maintain our products and services to help ensure that AI is implemented in accordance with applicable law and regulation and in a socially responsible manner and to minimize any real or perceived unintended harmful impacts.

We rely on third-party vendors for both our customer facing AI capabilities and AI-enabled internal tools. These vendors may not meet existing or rapidly evolving regulatory or industry standards and best practices, including with respect to privacy and data security.

Bad actors around the world use increasingly sophisticated methods, including the use of AI, to engage in fraud, scams, targeted attacks (such as model poisoning or data poisoning), and other illegal activities involving the theft and misuse of data, personal information, confidential information and IP. Our development, use, and deployment of AI may also result in misinformation or an erosion of shared understanding, increased inequality, environmental harms, and other adverse effects.

IP ownership and license rights related to AI technologies have not been fully addressed by U.S. courts or other federal, state or international laws or regulations, and our use of certain AI technology could also give rise to risks of third party claims of infringement, misappropriation, or violation of IP rights.

As AI technology is evolving rapidly, it is not possible to predict all of the operational, technological, and legal risks that may arise related to the use of AI. For a description of additional risks related to AI, please see the AI-related references in other risks discussed in this section.

Table of Contents

Security breaches, computer malware, computer hacking attacks, and other security incidents or compromises could harm our business, reputation, brand, and operating results.

The consequences of a security breach, incident, or compromise may be more severe if customers have chosen to configure our platform to collect and store confidential, personal, sensitive, or proprietary information. As such, our risks are also affected by how our customers obtain consent or provide transparency to the individuals whose data is provided by the customer to Dynatrace. If our customers fail to comply with applicable law or fail to provide adequate notice or to obtain consent, we could be exposed to a risk of loss, litigation, or regulatory action, and possible liability, some or all of which may not be covered by insurance, and our ability to operate our business may be impaired.

If an actual or perceived security incident, breach, or compromise occurs, the market perception of the effectiveness of our security controls could be harmed, our brand and reputation could be damaged, we could lose customers, and we could suffer financial exposure due to such events or in connection with remediation efforts, investigation costs, regulatory fines, including fines assessed under the European General Data Protection Regulation (“EU GDPR”) or other privacy laws, private lawsuits, and costs associated with changed security controls, system architecture, or system protection measures.

We have administrative, technical, and physical security measures in place, as well as policies and procedures in place to contractually require third parties to whom we transfer data to implement and maintain appropriate security measures. We also proactively employ multiple methods at different layers of our systems to defend against intrusion and attack and to protect our data. In addition, geopolitical tensions have contributed to an increase in the number, severity, and sophistication of state sponsored attacks, which are also increasingly leveraging AI technologies. We may therefore experience security breaches, incidents, or compromises that may remain undetected for extended periods of time. Vendors’ or suppliers’ software or systems may be susceptible or vulnerable to breaches and attacks, which could compromise our systems. A vendor or other supply chain-related breach or compromise could spread to our own systems or affect our operations or financial systems in material ways that we cannot yet anticipate. Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our privacy and data security obligations.

Table of Contents

A majority of our employees have the ability to work either partially or fully remote and we also engage service providers who work remotely. Certain security systems in homes or other remote workplaces may be less secure than those used in our offices, which may subject us to increased security risks, including cybersecurity-related events, and expose us to risks of data or financial loss and associated disruptions to our business operations. We may also be exposed to risks associated with the locations of remote workers, including exposure to compromised Internet infrastructure. If we are unable to effectively manage the cybersecurity and other risks of remote work, our business could be harmed or otherwise negatively impacted.

Because data security is a critical competitive factor in our industry, we make statements in our privacy policies, our online product documentation, and in our marketing materials describing the security of our platform, including descriptions of certain security measures we employ or security features embedded within our offerings. In addition, our customer contracts include commitments related to security measures and data protection. Should any of these statements be untrue, become untrue, or be perceived to be untrue, even if through circumstances beyond our reasonable control, or if any of these security measures or features prove to be ineffective or are perceived to be ineffective, we may face claims (including claims of unfair or deceptive trade practices or breach of regulations, including EU GDPR) brought by the U.S. Federal Trade Commission, state, local, or foreign regulators (e.g., a European Union-based data protection authority) or private litigants, and breach of contract.

In addition, we cannot be certain that sufficient insurance will continue to be available to us on commercially acceptable terms in the future. Any large, successful claim that exceeds our insurance coverage or any changes in insurance availability and requirements could have a material adverse impact on our financial condition and reputation.

Interruptions or disruptions with the delivery of our SaaS solutions, or third-party cloud-based systems that we depend on in our operations, may adversely affect our business, operating results, and financial condition.

Our business and continued growth depends on the ability of our customers to access our platform and solutions, particularly our cloud-based solutions, at any time and within an acceptable amount of time. In addition, our ability to access certain third-party SaaS solutions is important to our operations and the delivery of our customer support and professional services, as well as our sales operations.

We have experienced disruptions, outages, or performance problems in the past causing some of our services to be unavailable for a limited period of time. While none of these occurrences have been material to our business, future events could be more impactful. As AI technologies are increasingly used and deployed, infrastructure capacity requirements (including network capacity and computing power and energy requirements) may increase and agentic systems may act faster and at greater scale, which could lead to an increase in service interruptions that we experience. We utilize a multi-tenant structure, meaning that generally, our customers are hosted on a shared platform. As such, any interruption in service could affect a significant number of our customers. In some instances, we or our third-party service providers may not be able to identify the cause or causes of these performance problems within an acceptable period of time. It may become increasingly difficult to maintain and improve the performance of our SaaS solutions as they become more complex. If our SaaS solutions are unavailable or degraded or if our customers are unable to access features of our SaaS solutions within a reasonable amount of time or at all, our business would be adversely affected. In addition, if any of the third-party SaaS solutions that we use were to experience a significant or prolonged outage or security breach, our business could be adversely affected.

We currently host our Dynatrace solutions on cloud infrastructure hyperscaler providers, such as AWS, Azure and GCP. Our Dynatrace solutions reside on hardware operated by these providers. Our operations depend on protecting the virtual cloud infrastructure hosted by a hyperscaler by maintaining its configuration, architecture, features, and interconnection specifications, as well as the information stored in these virtual data centers and which third-party Internet service providers transmit. Although we have disaster recovery plans, including the use of multiple hyperscaler locations, any incident affecting a hyperscaler’s infrastructure that may be caused by fire, flood, severe storm, earthquake, or other natural disasters, actual or threatened public health emergencies, cyber-attacks, terrorist or other attacks, and other similar events beyond our control could negatively affect our platform and our ability to deliver our solutions to our customers. A prolonged hyperscaler service disruption affecting our SaaS platform for any of the foregoing reasons would negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers, or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the hyperscaler services we use.

Table of Contents

Hyperscalers have the right to terminate our agreements with them upon material uncured breach following prior written notice. If any of our hyperscaler service agreements are terminated, or there is a lapse of service, we would experience interruptions in access to our platform as well as significant delays and additional expense in arranging new facilities and services and/or re-architecting our solutions for deployment on a different cloud infrastructure, which would adversely affect our business, operating results, and financial condition.

Real or perceived errors, failures, defects, or vulnerabilities in our solutions could adversely affect our financial results and growth prospects.

Our solutions and underlying platform are complex, and in the past, we or our customers have discovered software errors, failures, defects, and vulnerabilities in our solutions after they have been released, including after new versions or updates are released. Our solutions and our platform are frequently deployed and used in large-scale computing environments with different operating systems, system management software and equipment and networking configurations, which have in the past, and may in the future, cause errors in, or failures of, our solutions or other aspects of the computing environment into which they are deployed. In addition, deployment of our solutions into complicated, large-scale computing environments have in the past exposed, and may, in the future, expose undetected errors, failures, defects, or vulnerabilities in our solutions. AI may not work as we had anticipated or it may produce unexpected results or outcomes. Despite testing by us, errors, failures, defects, or vulnerabilities may not be found in our solutions until they are released to our customers or thereafter. Real or perceived errors, failures, defects, or vulnerabilities in our solutions (in particular, any failure of our application security offering to perform as warranted) could result in, among other things, negative publicity and damage to our reputation, lower renewal rates, loss of or delay in market acceptance of our solutions, loss of competitive position, or claims by customers for losses sustained by them or expose us to breach of contract claims, regulatory fines, and related liabilities. If vulnerabilities in our solutions are exploited by adversaries, our customers could experience damages or losses for which our customers seek to hold us accountable. In the case of real or perceived errors, failures, defects, or vulnerabilities in our solutions giving rise to claims by customers, we may be required, or may choose, for regulatory, contractual, customer relations, or other reasons, to expend additional resources in order to help correct the problem.

Some companies in the markets in which we compete, including some of our competitors, own large numbers of patents, copyrights, trademarks, and trade secrets, which they may use to assert claims of infringement, misappropriation, or other violations of IP rights against us, our partners, our technology partners, or our customers. In addition, non-practicing entities are driving a growing number of patent lawsuits and demands.

They may also make such assertions against our customers or partners.

Any damages or royalty obligations we may become subject to, or any prohibition against our commercializing our solutions as a result of an adverse outcome could harm our business and operating results.

Table of Contents

Additionally, our agreements with customers and partners include indemnification provisions, under which we agree to indemnify them for losses suffered or incurred as a result of allegations of IP infringement and, in some cases, for damages caused by us to property or persons or other third-party allegations. Large indemnity payments could harm our business, operating results, and financial condition.

The success of our business depends on our ability to protect and enforce our proprietary rights, including our patents, trademarks, copyrights, trade secrets, and other IP rights, throughout the world. Despite our precautions, it may be possible for unauthorized third parties to copy our technology and use information that we regard as proprietary to create products, offerings, and services that compete with ours. In the past, we have been made aware of public postings of portions of our source code. Some license provisions protecting against unauthorized use, copying, transfer, reverse engineering, and disclosure of our technology may be unenforceable under the laws of certain jurisdictions and foreign countries. Further, the laws of some countries do not protect proprietary rights to the same extent as the laws of the United States, and in some countries, there may not be sufficient legal processes available to us, in a timely fashion or at all, to enable us to effectively protect our IP. In expanding our international activities, our exposure to unauthorized copying and use of our technology and proprietary information may increase. In addition, the use of other companies’ generative AI tools by our employees or contractors in a manner that violates our internal policies may compromise some of our proprietary or IP rights.

The process of obtaining patent protection is expensive and time consuming, and we may not be able to successfully prosecute patent applications at a reasonable cost or in a timely manner. We may choose not to seek patent protection for certain innovations and may choose not to pursue patent protection in certain jurisdictions. Furthermore, it is possible that our patent applications may not result in issued patents, that the scope of the claims in our issued patents will be insufficient or not have the coverage originally sought, that our issued patents will not provide us with any competitive advantages, or that our issued patents and other IP rights may be challenged by others or invalidated through administrative process or litigation. In addition, issuance of a patent does not guarantee that we have an absolute right to practice our patented technology, or that we have the right to exclude others from practicing our patented technology. As a result, we may not be able to obtain adequate patent protection or to enforce our issued patents effectively.

Despite our efforts to protect our proprietary technology and trade secrets, unauthorized parties may attempt to misappropriate, reverse engineer, or otherwise obtain and use them. The contractual provisions that we enter into with employees, consultants, partners, vendors, and customers may not prevent unauthorized use or disclosure of our proprietary technology or trade secrets and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or trade secrets.

We may be unable to determine the extent of any unauthorized use or infringement of our solutions, technologies, or IP rights.

Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results, financial condition, and cash flows.

Our use of open source technology could impose limitations on our ability to commercialize our solutions and platform.

We use open source software in our solutions and platform and expect to continue to use open source software in the future. Although we monitor our use of open source software to avoid subjecting our solutions and platform to conditions we do not intend, we may face allegations from others alleging ownership of, or seeking to enforce the terms of, an open source license, including by demanding release of the open source software, derivative works, or our proprietary source code that was developed using such software. These allegations could also result in litigation. The terms of many open source licenses have not been interpreted by U.S. courts. As a result, there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions. In such an event, we could be required to seek licenses from third parties to continue offering our

Table of Contents

solutions, to make our proprietary code generally available in source code form, to re-engineer our solutions, or to discontinue the sale of our solutions if re-engineering could not be accomplished on a timely basis, any of which could adversely affect our business, operating results, and financial condition.

As part of our strategy to broaden our target markets and accelerate adoption of our offerings, we contribute software program code to certain open source projects managed by organizations such as Microsoft, Google, and Cloud Native Computing Foundation. We also undertake our own open source initiatives to promote “open innovation” and “enterprise openness,” meaning that we make technologies available under open source licenses with the goal of exchanging insights and experience with other experts in the community, broadening the adoption of our platform by our customers, and providing our partners with the ability to leverage their own technologies through the Dynatrace platform. In some cases, we accept contributions of code from the community, our customers, and partners.

When we contribute to a third-party managed open source project, the copyrights, patent rights, and other proprietary rights in and to the technologies, including software program code, owned by us that we contribute to these projects are often licensed to the project managers and to all other contributing parties without material restriction on further use or distribution. If and to the extent that any of the technologies that we contribute, either alone or in combination with the technologies that may be contributed by others, practice any inventions that are claimed under our patents or patent applications, then we may be unable to enforce those claims or prevent others from practicing those inventions, regardless of whether such other persons also contributed to the open source project (even if we were to conclude that their use infringes our patents with competing offerings), unless any such third party asserts its patent rights against us. This limitation on our ability to assert our patent rights against others could harm our business and ability to compete. In addition, if we were to attempt to enforce our patent rights, we could suffer reputational injury among our customers and the open source community.

Any actual or perceived failure by us to comply with stringent and evolving privacy laws or regulatory requirements in one or multiple jurisdictions, privacy, and information security policies and/or contractual obligations could result in proceedings, actions, or penalties against us.

We are subject to U.S. federal, state, and international laws, regulations, and standards relating to the collection, use, disclosure, retention, security, transfer, and other processing of personal data. The legal and regulatory frameworks for privacy, data protection and security issues worldwide are rapidly evolving and as a result, implementation standards, potential fines, enforcement practices, and litigation risks are likely to remain uncertain for the foreseeable future.

•In the United States, state legislatures continue to propose and pass comprehensive privacy legislation, including data breach notification laws, personal data privacy laws, and consumer protection laws. The CCPA also provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. The CCPA has prompted a number of proposals for new federal and state-level privacy legislation, and in some states, efforts to pass comprehensive privacy laws have been successful. To date, numerous other states have enacted laws that impose privacy obligations that are similar to the CCPA and we also anticipate that more states will pass similar legislation.

•Plaintiffs’ attorneys have sent demand letters and initiated claims and class action lawsuits alleging that companies’ uses of online trackers, such as cookies and pixels, constitutes a violation of state wiretapping laws, primarily the California Invasion of Privacy Act. To date, companies have settled most of these claims, though a risk of costly legal proceedings now exists for business practices that are common. We have been subject to some of these actions and may become subject to additional such actions in the future.

•Outside of the United States, virtually every jurisdiction in which we operate has established its own privacy, data protection and/or data security legal framework with which we or our customers must comply, including, but not limited to, the EU and United Kingdom (“UK”).

▪In the EU and UK, data protection laws are stringent and continue to evolve, resulting in possible significant operational costs for internal compliance and risk to our business. The EU has adopted the EU GDPR, and the UK has incorporated the EU GDPR into its national laws (“UK GDPR”, together with EU GDPR referred to as GDPR) which imposes strict obligations on the processing of personal data. These requirements encompass: (i) providing information to individuals regarding data processing activities; (ii) ensuring a legal basis or condition applies to the processing of personal data and, where applicable, obtaining consent from individuals to whom the data processing

Table of Contents

relates; (iii) responding to data subject requests; (iv) imposing requirements to notify the competent national data protection authorities and data subjects of personal data breaches; (v) implementing safeguards in connection with the security and confidentiality of the personal data; (vi) accountability requirements; and (vii) taking certain measures when engaging third-party processors. Serious breaches of the GDPR may result in monetary penalties of up to €20 million (or £17.5 million in the UK) or 4% of worldwide annual revenue, whichever is greater, for violations. In addition to the GDPR, other European legislative proposals and current laws and regulations apply to cookies and similar tracking technologies, electronic communications, and marketing, with an increased focus on online behavioral advertising.

◦Many jurisdictions outside of Europe where we do business directly or through resellers today and may seek to expand our business in the future, are also considering or have enacted comprehensive data protection legislation, cybersecurity legislation, or both.

•We are subject to various data transfer rules related to our ability to transfer data from one country to another. For example, regulators and legislators in the U.S. are increasingly scrutinizing and restricting certain personal data transfers and transactions involving foreign countries. For example, the U.S. Department of Justice’s January 8, 2025 rule on “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons” prohibits data brokerage transactions involving certain sensitive personal data categories, including health data, genetic data, and biospecimens, to countries of concern, including China. The regulations also restrict certain investment agreements, employment agreements and vendor agreements involving such data and countries of concern, absent specified cybersecurity controls. Actual or alleged violations of these regulations may be punishable by criminal and/or civil sanctions and may result in exclusion from participation in federal and state programs.

•We are also subject to data localization laws in certain countries that may, for example, require personal information of citizens to be collected, stored, and modified only within that country. These and similar regulations may interfere with our intended business activities, inhibit our ability to expand into those markets, require modifications to our offerings or services, or prohibit us from continuing to offer services in those markets without significant additional costs.

The regulatory framework both in the United States and internationally governing the collection, processing, storage, use and sharing of certain information, particularly financial and other personal information, is rapidly evolving and is likely to continue to be subject to uncertainty and varying interpretations. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with laws in other jurisdictions or which our existing data management practices or the features of our services and platform capabilities. We therefore cannot yet fully determine the impact these or future laws, rules, regulations, and industry standards may have on our business or operations.

In addition to the laws and regulations to which we are subject regarding the collection, processing, storage, use, and sharing of certain information, our contracts with customers include specific obligations regarding the protection of confidentiality and the permitted uses of personally identifiable and other proprietary information. We also publicly post documentation regarding our practices concerning the collection, processing, use, and disclosure of data. Although we endeavor to comply with our published policies and documentation and the various laws and regulations that we are subject to, we may at times fail to do so or be alleged to have failed to do so. Any failure or perceived failure by us, or any third parties with which we do business, to comply with our posted privacy policies and product documentation or privacy laws or regulations, changing consumer expectations, evolving laws, rules, and regulations, industry standards, or contractual obligations to which we or such third parties are or may become subject, may result in actions or other claims against us by governmental entities or private actors, the expenditure of substantial costs, time and other resources or the imposition of significant fines, penalties or other liabilities, which could, individually or in the aggregate, materially and adversely affect our business, financial condition, and results of operations. In addition, any such action, particularly to the extent we were found to be guilty of violations or otherwise liable for damages, would damage our reputation and adversely affect our business, financial condition, and results of operations.

Additionally, our customers may be subject to differing privacy laws, rules, and legislation, which may mean that they require us to be bound by varying contractual requirements applicable to certain other jurisdictions. Adherence to such contractual requirements may impact our collection, use, processing, storage, sharing, and disclosure of various types of information, including financial information and other personal information, and may mean we become bound by, or voluntarily comply with, self-regulatory or other industry standards relating to these matters that may further change as laws, rules, and regulations evolve. Complying with these requirements and changing our policies and practices may be onerous and costly, and we may not be able to respond quickly or effectively to regulatory, legislative, and other developments. These changes may in turn impair our ability to offer our existing or planned features, products, and services and/or increase our cost of doing business. As we expand our customer base, these requirements may vary from customer to customer, further increasing the cost of compliance and doing business.

Table of Contents

Risks Related to Global Operations and Global Economic Conditions

We are subject to a number of risks associated with global sales and operations.

Revenue from customers located outside of the United States represented 54% of our total revenue for the fiscal year ended March 31, 2026. As of March 31, 2026, approximately 70% of our employees were located outside of the United States. As a result, our global sales and operations are subject to a number of risks and additional costs, including the following:

•increased expenses associated with international sales and operations, including establishing and maintaining office space and equipment for our international operations;

•fluctuations in exchange rates between the U.S. dollar and other currencies in the markets where we do business, and other controls, regulations, and orders that might restrict our ability to repatriate cash;

•volatility, uncertainties, and recessionary pressures in the global economy or in the economies of the countries in which we operate;

•difficulties in penetrating new markets due to existing competition or local lack of recognition of the Dynatrace brand;

•risks associated with trade restrictions and additional legal requirements, including the exportation of our technology or source code that is required in many of the countries in which we operate;

•greater risk of unexpected changes in regulatory rules, regulations and practices, tariffs and tax laws and treaties;

•compliance with U.S. and foreign import and export control and economic sanctions laws and regulations, including the Export Administration Regulations administered by the U.S. Department of Commerce’s Bureau of Industry and Security and the executive orders and laws implemented by the U.S. Department of the Treasury’s Office of Foreign Asset Controls;

•compliance with anti-bribery laws, including the U.S. Foreign Corrupt Practices Act (“FCPA”) and the U.K. Anti-Bribery Act, and a heightened risk of unfair or corrupt business practices in certain geographies, and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;

•compliance with privacy, data protection, and data security laws of many countries and jurisdictions, including the EU’s GDPR and the CCPA;

•limited or uncertain protection of IP rights in some countries and the risks and costs associated with monitoring and enforcing IP rights abroad;

•greater difficulty in enforcing contracts and managing collections in certain jurisdictions, as well as longer collection periods;

•management communication and integration problems resulting from cultural and geographic dispersion;

•difficulties hiring local staff, differing employer/employee relationships, and the potential need for country-specific benefits, programs, and systems;

•social, economic, and political instability, epidemics and pandemics, terrorist attacks, wars, geopolitical conflicts, disputes and security concerns in general; and

•potentially adverse tax consequences.

These and other factors could harm our ability to generate future global revenue and, consequently, materially impact our business, results of operations, and financial condition.

Continued uncertainty in the U.S. and global economies, particularly Europe, along with uncertain geopolitical conditions, could negatively affect sales of our offerings and services and could harm our operating results.

As a global company, our business is increasingly exposed to risks arising from adverse changes in U.S. and international economic conditions and geopolitical instability. Factors that could negatively affect the global economy include inflationary pressures and higher interest rates, volatile capital markets, financial and credit market disruptions, trade disputes and tariffs, political instability, natural disasters, epidemics, warfare (including the ongoing conflicts in Ukraine and the Middle East), terrorist activity, and other geopolitical events.

Economic uncertainty or instability in the U.S. or abroad could lead to a slowdown or recession, or the perception that such conditions may occur, and could result in reduced spending on technology. During periods of economic or political uncertainty, our current and prospective customers may reduce or defer operating or IT expenditures, delay or cancel technology initiatives, or seek to lower costs through contract renegotiations or reduced renewal commitments.. As a result, we may experience longer sales cycles, reduced deal sizes, lower pricing, decreased subscription renewals, and lower revenue, which could adversely affect our business, operating results, and financial condition.

Table of Contents

Macroeconomic volatility may also affect our business indirectly through disruptions to financial markets and government operations. For example, any future U.S. federal government shutdowns, prolonged continuing resolutions, disputes over the federal debt ceiling, a U.S. sovereign default, or changes in governmental laws, regulations or policies (including the imposition of additional tariffs or taxes on U.S.-based service providers) could increase uncertainty and volatility in global markets and adversely affect customer spending decisions, capital availability, and foreign exchange rates.

We continue to invest in and operate across international markets, which exposes us to additional risks. Deterioration of economic or geopolitical conditions in regions where we conduct business, particularly Europe, where we maintain a significant portion of our research and development operations, could lead to delays or cancellations of customer orders, operational disruptions, or reduced growth opportunities. Increased geopolitical tensions, trade policy uncertainty, or the expansion or persistence of armed conflict could also heighten cybersecurity risks, disrupt our customers’ or partners’ operations, impair collections of accounts receivable, or delay payments from resellers and other partners.

Although we do not have material operations in Ukraine or the Middle East, instability in those or other regions may limit our ability to sell or export our platform in affected markets and contribute to broader economic or geopolitical instability.

We may face exposure to foreign currency exchange rate fluctuations.

We have transacted in foreign currencies and expect to transact in foreign currencies in the future. In addition, we maintain assets and liabilities that are denominated in currencies other than the functional operating currencies of our global entities. Accordingly, changes in the value of foreign currencies relative to the U.S. dollar will affect our revenue and operating results due to transactional and translational remeasurement that is reflected in our earnings. As a result of such foreign currency exchange rate fluctuations, which have been prevalent over recent periods, it could be more difficult to detect underlying trends in our business and results of operations. In addition, to the extent that fluctuations in currency exchange rates cause our results of operations to differ from our expectations or the expectations of our investors, the trading price of our common stock could be adversely affected. We do not currently maintain a program to hedge transactional exposures in foreign currencies. However, in the future, we may use derivative instruments, such as foreign currency forward and option contracts, to hedge certain exposures to fluctuations in foreign currency exchange rates. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.

Risks Related to Legal, Tax, Regulatory, and Accounting Matters

Our business is subject to a wide range of laws and regulations and our failure to comply with those laws and regulations could harm our business, operating results, and financial condition.

Our business is subject to regulation by various U.S. federal, state, local, and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, AI, privacy, cybersecurity and data protection laws, anti-bribery laws, sanctions, trade controls, public procurement regulations and guidelines, federal securities laws, and tax laws and regulations. In certain foreign jurisdictions, these regulatory requirements may be more stringent than those in the United States. In addition, as we expand our business into new jurisdictions, as we serve customers in certain regulated industries, and as these laws and regulations are subject to change over time, we must continue to monitor and dedicate resources to ensure continued compliance. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, operating results, and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, operating results, and financial condition.

Table of Contents

Tax matters, including changes in tax laws, rules, regulations, and treaties, could impact our effective tax rate and our results of operations.

We operate in approximately 40 countries around the world and, as a multinational corporation, we are subject to income and non-income taxes, including payroll, sales, use, value-added, net worth, property, and goods and services taxes, in both the United States and various non-U.S. jurisdictions.

Our effective tax rate has fluctuated in the past and is likely to fluctuate in the future. Our effective tax rate is affected by the allocation of revenues and expenses to different jurisdictions and the timing of recognizing revenues and expenses. In addition, in the ordinary course of our global business, there are many intercompany transactions and calculations where the ultimate tax determination is uncertain.

The amount of taxes that we pay is subject to our interpretation of applicable tax laws in the jurisdictions in which we file and changes to tax laws. Significant judgment is required in determining our worldwide provision for income taxes and other tax liabilities, and in determining the realizability of tax attributes such as foreign tax credits and domestic deferred tax assets. In addition, changes to our corporate or tax structure may impact our tax attributes and liabilities. For example, during the year ended March 31, 2025, we completed the IP Transfer, an intra-entity asset transfer of the global economic rights of our IP to Switzerland which resulted in the recognition of a tax benefit and related deferred tax asset of $320.9 million (as discussed in Note 9 to our consolidated financial statements and the “Management’s Discussion and Analysis” section of this Annual Report). From time to time, we are subject to regular tax audits, examinations, and reviews in the ordinary course of business.

We do not collect sales and use, value added, and similar taxes in all jurisdictions in which we have sales, based on our belief that such taxes are not applicable in certain of those jurisdictions. Sales and use, value added, and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties, and interest, and we may be required to collect such taxes in the future. Such tax assessments, penalties, and interest or future requirements may adversely affect our results of operations.

Tax laws, rules, and regulations are constantly under review by persons involved in the legislative process and by tax authorities. Changes to tax laws (which may have retroactive application) could adversely affect us or holders of our common stock. In recent years, many changes have been made to applicable tax laws and changes are likely to continue to occur in the future.

The “One Big Beautiful Bill Act” (the “OBBBA”), enacted in 2025, contains a broad range of tax reform provisions including immediate expensing of domestic research and development expenditures, the reinstatement of 100% bonus depreciation, and modifications to the international tax framework. The OBBBA has multiple effective dates, with certain provisions effective in fiscal 2026 and other provisions effective in subsequent years. The OBBBA did not have a material impact on our company in fiscal 2026. We do not anticipate the provisions effective in future years will have a material impact. We will continue to monitor ongoing developments and guidance and evaluate any potential impact on future periods.

Many countries have enacted or are in the process of enacting laws based on the Pillar Two proposal relating to a 15% global minimum tax issued by the Organization for Economic Cooperation and Development (“OECD”). These provisions did not have a material impact on our company in fiscal 2026. On January 5, 2026, the OECD released administrative guidance on a “side-by-side” system that would exempt U.S. parented multinational businesses from certain provisions of Pillar Two, effective for fiscal years beginning on or after January 1, 2026. We will continue to monitor ongoing developments and guidance and evaluate any potential impact on future periods.

Table of Contents

We are subject to governmental export and import controls and economic sanctions laws that could impair our ability to compete in international markets and subject us to liability if we are not in compliance with applicable laws.

Our solutions are subject to export and import control and economic sanctions laws and regulations, including the U.S. Export Administration Regulations administered by the U.S. Commerce Department’s Bureau of Industry and Security and the economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control. Obtaining the necessary authorizations, including any required license for a particular sale, may be time consuming, is not guaranteed and may result in the delay or loss of sales opportunities.

Various countries regulate the import of encryption technology. Changes in the encryption or other technology incorporated into our solutions or in applicable export or import laws and regulations may delay the introduction and sale of our solutions in international markets, prevent customers from deploying our solutions or, in some cases, prevent the export or import of our solutions to certain countries, regions, governments, or persons altogether.

Recently, due in part to the geopolitical landscape and national security concerns, some countries in which Dynatrace operates have increasingly restricted trade. Changes in sanctions, export, or import laws and regulations, in the enforcement or scope of existing laws and regulations, or in the countries, regions, governments, persons, or technologies targeted by such laws and regulations, could also result in decreased use of our solutions or in our ability to sell our solutions in certain countries.

Even though we take precautions to prevent our solutions from being provided to restricted countries or persons, our solutions could be provided to those targets by our resellers or customers despite such precautions, and our customers may choose to host their systems including the Dynatrace platform using a hosting vendor that is a restricted person. The decreased use of our solutions or limitation on our ability to export or sell our solutions could adversely affect our business, while violations of these export and import control and economic sanctions laws and regulations could have negative consequences for us and our personnel, including government investigations, administrative fines, civil and criminal penalties, denial of export privileges, suspension or debarment from government contracts for a time, incarceration, and reputational harm.

We are subject to the FCPA, the U.K.

As we increase our sales and operations outside of the United States and increase our use of third parties, such as partners, resellers, agents and other intermediaries, our risks under these laws increases. Although we take steps to ensure compliance by adopting policies and conducting training, we cannot guarantee that our employees, partners, resellers, agents, or other intermediaries will not engage in prohibited conduct that could render us responsible under these laws. Non-compliance with these laws could subject us to investigations, penalties, settlements, prosecution, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, suspension and/or debarment from government contracts for a time, the loss of export privileges, reputational harm, adverse media coverage, and other collateral consequences. Any investigations, actions and/or sanctions could have a material negative impact on our business, financial condition, and results of operations.

Our revenue recognition policy and other factors may distort our financial results in any given period and make them difficult to predict.

We recognize revenue when our customer obtains control of goods or services in an amount that reflects the consideration that we expect to receive in exchange for those goods or services. Our subscription revenue consists of (i) SaaS agreements, (ii) term-based licenses, and (iii) maintenance and support agreements, which are recognized ratably over the contract term. A significant increase or decline in our subscription contracts in any one quarter may not be fully reflected in the results for that quarter, but will affect our revenue in future quarters.

Furthermore, the presentation of our financial results requires us to make estimates and assumptions that may affect revenue recognition. In some instances, we could reasonably use different estimates and assumptions, and changes in estimates are likely to occur from period to period.

Given the foregoing factors, our actual results could differ significantly from our estimates, comparing our revenue and operating results on a period-to-period basis may not be meaningful, and our past results may not be indicative of our future performance.

Table of Contents

Changes in existing financial accounting standards or practices may harm our operating results.

Changes in existing accounting rules or practices, new accounting pronouncements, or varying interpretations of current accounting pronouncements or practice could harm our operating results or result in changes to the manner in which we conduct our business. Further, such changes could potentially affect our reporting of transactions completed and reported before such changes are effective.

U.S. Generally Accepted Accounting Principles (“GAAP”) are subject to interpretation by the Financial Accounting Standards Board (“FASB”), the SEC, and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or a change in these interpretations could have a significant effect on our reported financial results and could affect the reporting of transactions completed before the announcement of a change.

Because we recognize revenue from our SaaS subscriptions and term licenses over the subscription or license term, downturns or upturns in new sales and renewals may not be immediately reflected in our operating results and may be difficult to discern.

For customers who purchase a subscription to our Dynatrace platform, whether they purchase a SaaS subscription, or a term license, we generally recognize revenue ratably over the term of their subscription. Thus, substantially all of the revenue that we report in each quarter from the Dynatrace platform is derived from the recognition of revenue relating to contracts entered into during previous quarters. For the three months ended March 31, 2026, revenue recognized from deferred revenue at the beginning of the period was $409.9 million. Consequently, a decline in new or renewed customer contracts in any single quarter may have a small impact on our revenue for that quarter. However, such a decline will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales and market acceptance of our solutions, and potential changes in our rate of renewals, may not be fully reflected in our results of operations until future periods. In addition, a significant majority of our costs are expensed as incurred, while revenue is recognized over the life of the agreement with our customer. As a result, increased growth in the number of our customers could continue to result in our recognition of more costs than revenue in the earlier periods of the terms of our agreements.

We have access to a Credit Facility (as defined in the “Management’s Discussion and Analysis” section of this Annual Report) in the aggregate amount of $400.0 million. The actual amounts of our debt servicing payments vary based on the amounts of indebtedness outstanding, the applicable interest accrual periods, and the applicable interest rates and fee margins, which vary based on prescribed formulas.

If we are unable to generate sufficient cash flow or otherwise to obtain the funds necessary to make required payments under our Credit Facility, or if we fail to comply with the various covenants and other requirements of our set forth in the Credit Facility, we could default under our Credit Facility. We cannot be certain that our future operating results will be sufficient to ensure compliance with the covenants in our Credit Facility or to remedy any defaults under our Credit Facility. In the event of any default and related acceleration, we may not have or be able to obtain sufficient funds to make any accelerated payments. Any such default could have a material adverse effect on our liquidity, financial condition, and results of operations.

Risks Related to Our Common Stock

We are and may continue to be subject to shareholder activism, proxy contests, and pressure for strategic alternatives that could disrupt our business and divert management resources.

We are and may continue to be subject to shareholder activism seeking to influence our strategic direction, board composition, capital allocation, or operations. Furthermore, the perception that we are vulnerable to activist campaigns or a potential acquisition could make it more difficult to attract and retain key employees or

Table of Contents

board members, negotiate favorable terms with vendors and partners, or execute long-term strategic initiatives. Even if we are successful in responding to or defending against activist proposals or an activist campaign, the distraction and costs associated with these activities could materially adversely affect our business and financial performance.

The trading price of our common stock has fluctuated substantially and will likely continue to be volatile, ranging from an intraday low of $17.05 to an intraday high of $80.13 between our initial public offering in 2019 through May 19, 2026. Factors that could cause fluctuations in the trading price of our common stock include the following:

•announcements of new products, offerings or technologies (including those that are AI-related), commercial relationships, acquisitions, or other events by us or our competitors;

•changes in how customers perceive the benefits of our platform;

•shifts in the mix of billings and revenue attributable to SaaS subscriptions, licenses and services from quarter to quarter;

•departures of our Chief Executive Officer, Chief Financial Officer, other executive officers, senior management or other key personnel;

•price and volume fluctuations in the overall stock market from time to time;

•fluctuations in the trading volume of our shares or the size of our public float;

•sales of large blocks of our common stock;

•actual or anticipated changes or fluctuations in our operating results;

•whether our operating results meet the expectations of securities analysts or investors;

•changes in actual or future expectations of investors or securities analysts;

•litigation, data breaches, or security incidents involving us, our industry or both;

•regulatory developments in the United States, foreign countries or both, including changes to tariffs or trade agreements;

•general economic conditions and trends; and

•major catastrophic events in our domestic and foreign markets.

The trading price of our common stock might also decline in reaction to events that affect other companies in our industry even if these events do not directly affect us. In the past, following periods of volatility in the trading price of a company’s securities, securities class action litigation has often been brought against that company.

If our internal controls over financial reporting or our disclosure controls and procedures are not effective, we may not be able to accurately report our financial results, prevent fraud or file our periodic reports in a timely manner, which may cause investors to lose confidence in our reported financial information and may lead to a decline in our stock price.

As a public company, we are required to maintain internal control over financial reporting and disclosure controls and procedures. Section 404 of the Sarbanes-Oxley Act requires that we evaluate and determine the effectiveness of our internal control over financial reporting and provide a management report on our internal control over financial reporting. Our testing, or the subsequent testing by our independent registered public accounting firm, may reveal deficiencies in our internal control over financial reporting that are deemed to be material weaknesses. If we are not able to comply with the requirements of Section 404 of the Sarbanes-Oxley Act in a timely manner, or if we or our accounting firm identify deficiencies in our internal control over financial reporting that are deemed to be material weaknesses, the market price of our stock would likely decline and we could be subject to lawsuits, sanctions, or investigations by regulatory authorities, including SEC enforcement actions, and we could be required to restate our financial results, any of which would require additional financial and management resources.

If material weaknesses in our internal control over financial reporting are discovered or occur in the future, our consolidated financial statements may contain material misstatements and we could be required to restate our financial results, which could materially and adversely affect our business, results of operations, and financial condition, restrict our ability to access the capital markets, require us to expend significant resources to correct the material weakness, subject us to fines, penalties or judgments, harm our reputation, or otherwise cause a decline in investor confidence.

Table of Contents

Sales of substantial amounts of our common stock in the public markets, or the perception that such sales could occur, could reduce the market price of our common stock.

Sales of a substantial number of shares of our common stock in the public market, or the perception that such sales could occur, could adversely affect the market price of our common stock and may make it more difficult for our stockholders or us to sell our stock at a time and price deemed appropriate. Substantial sales, or the perception that such sales may occur, could make it more difficult for our stockholders or us to sell shares of our common stock in the public market in the future.

Our issuance of additional capital stock in connection with financings, acquisitions, investments, our stock incentive plans, or otherwise will dilute all other stockholders.

We may issue additional capital stock in the future that will result in dilution to all other stockholders. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in complementary companies, products, offerings or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our common stock to decline.

We cannot guarantee that our share repurchase program will be fully consummated or will enhance long-term stockholder value, and share repurchases could increase the volatility of the trading price of our common stock and diminish our cash reserves.

On February 9, 2026, we announced a new share repurchase program under which we are authorized to purchase up to $1 billion of our common stock from time to time on the open market or through privately negotiated transactions, including, without limitation, through Rule 10b5-1 trading plans, any other legally permissible means, or any combination of the foregoing. Our new share repurchase program has no time limit and does not obligate us to acquire any specific dollar amount or to acquire any specific number of shares on any particular timetable or at all. The number of shares to be repurchased will depend on market conditions and other factors. Repurchases under the program are expected to be funded from a combination of existing cash balances and future cash flow. There can be no assurance that we will repurchase shares at favorable prices. Further, our share repurchases could affect the trading price of our common stock, increase its volatility, reduce our cash reserves, and may be suspended, modified, or terminated at any time, without prior notice, which may result in a lower market valuation of our common stock.

We do not intend to pay dividends on our common stock and, consequently, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.

We have never declared or paid any dividends on our common stock, and we do not anticipate paying any cash dividends in the foreseeable future. As a result, you may only receive a return on your investment in our common stock if the market price of our common stock increases. Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

Our charter and bylaws contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors who are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include:

•a classified board of directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our board of directors;

•directors may only be removed for cause, and subject to the affirmative vote of the holders of 66 2/3% or more of our outstanding shares of capital stock then entitled to vote at a meeting of our stockholders called for that purpose;

•the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;

•allowing only our board of directors to fill vacancies on our board of directors, which prevents stockholders from being able to fill vacancies on our board of directors;

•a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders;

•the requirement that a special meeting of stockholders may be called only by our board of directors, the chair of our board of directors, our Chief Executive Officer or our president (in the absence of a Chief Executive Officer), which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors;

Table of Contents

•the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our charter relating to the management of our business (including our classified board structure) or certain provisions of our bylaws, which may inhibit the ability of an acquirer to effect such amendments to facilitate an unsolicited takeover attempt;

•the ability of our board of directors to amend the bylaws, which may allow our board of directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend the bylaws to facilitate an unsolicited takeover attempt;

•advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us; and

•a prohibition of cumulative voting in the election of our board of directors, which would otherwise allow less than a majority of stockholders to elect director candidates.

Our charter also contains a provision that provides us with protections similar to Section 203 of the Delaware General Corporation Law, and prevents us from engaging in a business combination, such as a merger, with an interested stockholder (i.e., a person or group who acquires at least 15% of our voting stock) for a period of three years from the date such person became an interested stockholder, unless (with certain exceptions) the business combination or the transaction in which the person became an interested stockholder is approved in a prescribed manner.

We may issue preferred stock, the terms of which could adversely affect the voting power or value of our common stock.

Our charter authorizes us to issue, without the approval of our stockholders, one or more classes or series of preferred stock having such designations, preferences, limitations and relative rights, including preferences over our common stock respecting dividends and distributions, as our board of directors may determine. The terms of one or more classes or series of preferred stock could adversely impact the voting power or value of our common stock. For example, we might grant holders of preferred stock the right to elect some number of our directors in all events or on the happening of specified events or the right to veto specified transactions. Similarly, the repurchase or redemption rights or liquidation preferences we might assign to holders of preferred stock could affect the residual value of our common stock.

Pursuant to our bylaws, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware will be the sole and exclusive forum for state law claims for (1) any derivative action or proceeding brought on our behalf; (2) any action asserting a claim of, or a claim based on, a breach of a fiduciary duty owed by any of our directors, officers, or other employees to us or our stockholders; (3) any action asserting a claim pursuant to any provision of the Delaware General Corporation Law, our certificate of incorporation or our bylaws; (4) any action to interpret, apply, enforce, or determine the validity of our certificate of incorporation or bylaws; or (5) any action asserting a claim governed by the internal affairs doctrine (collectively, the “Delaware Forum Provision”). The Delaware Forum Provision does not apply to any causes of action arising under the Securities Act of 1933, as amended (the “Securities Act”), or the Exchange Act. Our bylaws further provide that, unless we consent in writing to the selection of an alternative forum, the U.S. federal district courts will be the sole and exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act (the “Federal Forum Provision”). In addition, our bylaws provide that any person or entity purchasing or otherwise acquiring any interest in shares of our common stock is deemed to have notice of and consented to the foregoing provisions; provided, however, that stockholders cannot and will not be deemed to have waived our compliance with the federal securities laws and the rules and regulations thereunder.

The Delaware Forum Provision and the Federal Forum Provision may impose additional litigation costs on stockholders in pursuing the claims identified above. Additionally, the Delaware Forum Provision and the Federal Forum Provision in our bylaws may limit our stockholders’ ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees, which may discourage the filing of lawsuits against us and our directors, officers, and employees, even though an action, if successful, might benefit our stockholders. In addition, while the Delaware Supreme Court and other state courts have upheld the validity of federal forum selection provisions purporting to require claims under the Securities Act be brought in federal court, there is uncertainty as to whether courts in other states will enforce our Federal Forum Provision. If the Federal Forum Provision is found to be unenforceable in an action, we may incur additional costs associated with resolving such an action. The Federal Forum Provision may also impose additional litigation costs on stockholders who assert that the provision is not enforceable or invalid. The Court of Chancery of the State of Delaware or the U.S. federal district courts may also reach different judgments or results than would other courts, including courts where a stockholder considering an action may be located or would otherwise choose to bring the action, and such judgments may be more or less favorable to us than our stockholders.

Table of Contents

General Risk Factors

Catastrophic events could materially interrupt or disrupt our business and others with which we conduct business.

Catastrophic events, such as natural disasters (e.g., fire, flood, severe storm, earthquake and other weather events), pandemics (such as COVID-19), epidemics, outbreaks of an infectious disease, or acts of war or terrorism, could interrupt or disrupt our business and our customers, partners, and suppliers, including hyperscaler providers which host Dynatrace solutions on their cloud infrastructure. For a description of some of the risks related to interruption or disruption of our services, please see the risk above entitled, “Interruptions or disruptions with the delivery of our SaaS solutions, or third party cloud-based systems that we depend on in our operations, may adversely affect our business, operating results, and financial condition.”

The impact to our business from any catastrophic event depends on many different factors that cannot be accurately predicted, such as its duration and scope and the interruption, disruption, or instability caused by the event. Catastrophic events may also have the effect of heightening many of the other risks described in this “Risk Factors” section.

Climate change risks, regulatory compliance, and evolving stakeholder expectations may have a long-term negative impact on our business.

The long-term effects of climate change on the global economy and the technology industry in particular are unclear.

In addition, changes in U.S. federal and state legislation and regulation and the laws, rules, and regulations of other countries where we have operations related to climate change could result in increased capital expenditures to comply with these new requirements. Numerous treaties, laws, and regulations have been enacted or proposed in an effort to regulate climate change, including regulations aimed at limiting greenhouse gas emissions and the implementation of “green” building codes. These laws and regulations may result in increased operating costs across various levels of our supply chain, which could cause us to increase costs to satisfy service obligations to our customers. Evolving stakeholder expectations related to climate change and any failure to navigate such expectations successfully may also result in increased costs, reputational harm, loss of customers, regulatory or investment engagement, or other adverse impacts on our business.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

ITEM 1C. CYBERSECURITY

We have dedicated substantial resources to prevent and manage cybersecurity risk. We have administrative, technical, and physical security measures in place, as well as policies and procedures to require third parties to whom we transfer data to implement and maintain appropriate security measures. We proactively employ multiple methods at different layers of our systems which are designed to defend against intrusions and attacks and protect our data. We also consider the threats and challenges that we and other companies face as cybersecurity attacks grow in frequency and complexity.

In general, security incidents, breaches, and compromises have increased in sophistication and have become more prevalent across industries and may occur on our systems; on the systems of third parties that we use to host our solutions or SaaS solutions that we use in the operation of our business; on the systems or libraries of third parties that we use to develop our products; or on third-party hosting platforms on which our customers host their systems. AI is rapidly altering the cybersecurity risk landscape by enabling adversaries to move faster while at the same time widening the attack surface. In addition, geopolitical tensions have contributed to an increase in the number, severity, and sophistication of state sponsored attacks, which are also increasingly leveraging AI technologies. To date, we do not believe we have experienced any cybersecurity incidents that have materially affected or are reasonably likely to

Table of Contents

materially affect our business strategy, results of operations, or financial condition. See the “Risk Factors” section of this Annual Report for more information on material cybersecurity risks that we face.

We are deploying AI capabilities both for internal corporate purposes and within our product platform and services. AI introduces new risk vectors, creates an expanding attack surface, and has become a target and a tool for threat actors. The cybersecurity risks associated with AI are incorporated, to the extent possible, into our overall risk management framework and strategy. However, the rapid evolution of AI, coupled with the increased use of such technologies by bad actors, could result in our inability to anticipate or implement adequate measures to prevent the successful use of these technologies in attacks.

Risk Management and Strategy

Cybersecurity risk management is integrated within our enterprise risk management (“ERM”) program, which identifies, prioritizes as to likelihood and magnitude, and continuously monitors the various short-term and long-term risks that Dynatrace faces and how they are being addressed. In developing our cybersecurity risk management program, we are informed by industry benchmarks and standards, including the cybersecurity framework created by the National Institute of Standards and Technology (“NIST”). We also have various security-related certifications and authorizations, including ISO 27001, SOC 2 Type II, FedRAMP and StateRAMP.

We have an Information Security Office that is responsible for preventing, assessing, detecting, mitigating, and remediating cybersecurity risks. The Information Security Office, which is led by our Chief Information Security Officer (“CISO”), works cross-functionally with different business and corporate functions, as all Dynatrace employees are considered critical to our company’s security. Our Information Security Office also partners with external organizations to maintain and enhance our cybersecurity systems and processes. Our Board of Directors and two of its committees are also involved in the oversight of our cybersecurity risk management. We discuss our CISO and the Board in more detail in the “Governance” section below.

Risk assessment and management - Our corporate and product security professionals assist in managing cybersecurity systems and in preventing, detecting, assessing, and resolving cybersecurity incidents. We build cybersecurity principles into our product development and system design, we have internal and external penetration testers who test our product platform and corporate systems, and we have a bug bounty program that can incentivize external security researchers who help us identify and fix bugs and vulnerabilities before they are exploited. Our internal audit team and our company’s independent auditors periodically assess the effectiveness of certain of our cybersecurity-related controls. From time to time, we also engage external consultants and advisors to perform independent security testing and assessments and to assist with aspects of our cybersecurity program. As part of our processes, we require applicable internal approvals for changes to security-critical aspects of our product platform and services. As cybersecurity incidents become more sophisticated due in part to the use of AI technologies, we continue to monitor the evolving threat landscape and evaluate new tools and other protective measures to enhance our ability to manage threats and risks relevant to our business and operations.

Third-party risk management - We assess the cyber risk of potential third-party service vendors, partners, and other service providers. We evaluate third parties before onboarding and periodically afterwards or if we detect a significant change in their cyber risk rating. We also perform security assessments on third-party code libraries before internal use. We categorize third parties in tiers based on the services that they provide to our company, the information and data that they have access to, and our overall assessment of the significance and risk of their operations to Dynatrace. We focus more detailed reviews and more frequent assessments on third parties that are in our highest tier.

Incident response planning - We have an incident response plan that sets forth a structured process and approach for how we assess, respond to, recover from, and remediate cybersecurity incidents. As part of our incident response processes, we maintain disaster recovery plans and we prepare for any required external disclosures or reporting related to cybersecurity incidents. We review and test our incident response plan from time to time through tabletop exercises and other scenario planning to enhance management and Board preparedness in the event of a potential cybersecurity incident and to identify areas of continuous improvement. We believe that our planning and related processes, reviews, and testing help minimize the potential impacts to our company from cybersecurity incidents and help us recover from them as quickly as possible.

Training and education - We require employees and contractors to complete data protection and security awareness training in connection with onboarding and annually thereafter. These trainings cover a wide range of topics, including, but not limited to, ransomware, impersonation attacks, data handling and privacy, fraud, phishing, and identity theft. We conduct phishing simulation tests during the year to educate, train, and assess our employees’ ability to identify malicious emails and employees who do not follow our protocol are provided with additional follow-up training. From time to time, we also require supplemental training depending on an individual’s role or job responsibilities. Our CISO also periodically presents on cybersecurity matters at company-wide meetings and with individual business and corporate functions.

Table of Contents

Governance

Board oversight – Our Board of Directors, as a whole and through its committees, has responsibility for the oversight of our risk management. The Board is responsible to satisfy itself that the risk management processes designed and implemented by management are adequate and functioning as designed.

The Board has a standalone Cybersecurity Committee that is responsible for managing oversight of our cybersecurity-related investments, programs, plans, controls, and policies. The Cybersecurity Committee also provides feedback on cybersecurity-related matters, including, but not limited to, strategies, objectives, capabilities, initiatives, and policies. The Cybersecurity Committee meets during the year with the CISO and other members of our executive leadership team. In between meetings, the CISO periodically provides the Cybersecurity Committee with a written report on cybersecurity matters.

The Board’s Audit Committee oversees our ERM program, which includes cybersecurity risk management as a focus area. The full Board also receives periodic reports from management on the ERM program.

The Chairs of the Cybersecurity Committee and the Audit Committee periodically update the full Board on specific committee-level topics and discussions. This enables the Board and its committees to coordinate the risk oversight role, particularly with respect to risk interrelationships.

From time to time, the CISO and other members of our executive leadership team discuss cybersecurity-related matters with the full Board at its scheduled meetings. Outside of scheduled meetings, management also periodically notifies or updates the Cybersecurity Committee or the Board, as appropriate, regarding certain types of cybersecurity incidents and matters.

Management’s role – Management is responsible for assessing and managing our material cybersecurity risks, practices and policies on a day-to-day basis.

Our CISO, who reports to the Chief Financial Officer, leads the Information Security Office and our cybersecurity program. Our CISO has worked in IT and cybersecurity roles for more than three decades and has led our program since 2018. As part of his role, our CISO is responsible for communicating and coordinating cybersecurity-related matters with the Board and the Cybersecurity Committee (as discussed above) and our executive leadership team. For example, our CISO collaborates with the Chief Technology Officer and the Chief Legal Officer on cybersecurity measures throughout the organization and the CISO works with the Chief Product Officer in connection with the introduction or updating of security features for the Dynatrace platform and our services.

The Information Security Office is comprised of professionals who collectively have significant experience in a wide range of cybersecurity matters, including threat assessment and detection, incident response and secure software development, and risk management. The Information Security Office works with Dynatrace’s other business and corporate functions and keeps the CISO informed and updated regarding key cybersecurity-related matters in accordance with our internal reporting processes.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
DT	an hour ago
VIIQ	an hour ago
FLEX	an hour ago
ENS	2 hours ago
VFC	6 hours ago
IMVT	11 hours ago
ROIV	11 hours ago
HAE	12 hours ago
AREC	23 hours ago
CETI	1 day ago
EDUC	1 day, 1 hour ago
CSWC	1 day, 1 hour ago
EXP	1 day, 1 hour ago
NXT	1 day, 1 hour ago
JHX	1 day, 2 hours ago
DRVN	1 day, 2 hours ago
DOCS	1 day, 2 hours ago
KCRD	1 day, 9 hours ago
UAA	1 day, 9 hours ago
IHT	1 day, 10 hours ago
FATN	2 days, 2 hours ago
LVPA	2 days, 4 hours ago
RBC	5 days, 3 hours ago
AIXN	5 days, 3 hours ago
BOOT	6 days, 1 hour ago
RMTG	6 days, 1 hour ago
OZSC	6 days, 1 hour ago
PBH	6 days, 2 hours ago
NTCT	6 days, 2 hours ago
HWKN	1 week ago
RPDL	1 week ago
GAIN	1 week, 1 day ago
EA	1 week, 2 days ago
ITOX	1 week, 2 days ago
GRAF	1 week, 2 days ago
CVLT	1 week, 2 days ago
WYGC	1 week, 5 days ago
DXC	1 week, 5 days ago
MCK	1 week, 6 days ago
NVEC	2 weeks ago
PMHS	2 weeks ago
SAR	2 weeks, 1 day ago
AFJK	2 weeks, 2 days ago
APUS	2 weeks, 2 days ago
CMBMF	2 weeks, 5 days ago
GRDX	2 weeks, 5 days ago
BMPA	2 weeks, 5 days ago
GNE	2 weeks, 5 days ago
CELU	2 weeks, 6 days ago
NTRB	3 weeks ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - DT

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - DT

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing