Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - EGHT

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. RISK FACTORS

Our operations and financial results are subject to various risks and uncertainties. You should consider carefully the risks and uncertainties described below, together with all of the other information in this report. If any of the following risks or other risks actually occur, our business, financial condition, results of operations, and future prospects could be materially harmed, and the price of our common stock could decline. Our business could also be materially and adversely affected by risks and uncertainties that are not presently known to us or that we currently believe are not material. Unless otherwise indicated, references to our business being harmed in these risk factors will include harm to our results of operations, financial condition, reputation, and future prospects.

Risk Factors Table of Contents

Risk Factors Summary

Our business is subject to a number of risks that may adversely affect our business, financial condition, results of operations, and cash flows. These risks are discussed more fully below and include, but are not limited to:

Risks Related to our Business and Industry

•Our history of losses and anticipated continued losses.

•Unpredictability of our future operating results.

•Reductions in either spending or collections may result in reductions in revenue.

•Future increases in our customer churn.

•Dependence on new customer acquisition and retention and upsell to existing customers.

•Intense competition in our industry.

•Failure to manage and grow our indirect sales channels.

•Complexity and length of enterprise customer sales cycle.

•Dependence on new product and services to maintain and grow our business.

•Difficulty attracting and retaining key management, technical and sales personnel.

•We may not realize all of the anticipated benefits of our acquisition of Fuze, Inc.

•Potential past and future liabilities related to federal, state, local and international taxes, fees, surcharges and levees.

•We may incur impairments to goodwill, intangible assets or long-lived assets.

Risks Related to our Products and Operations

•Service outages due to software vulnerabilities or failures of physical infrastructure.

•Scalability of our cloud software services to meet existing and new customer demand.

•Risks related to international expansion, including the Russia and Ukraine war.

•Risks related to current and future acquisitions.

•Our ability to maintain compatibility with third-party applications and mobile platforms.

•Reliance on third-parties to provide network services and connectivity.

•Reliance on third-party vendors for IP phones and certain software endpoints.

•Difficulty executing local number porting requests.

Risks Related to Regulatory Matters

•Risks related to cybersecurity breaches and malicious acts.

•Liabilities related to credit card transaction processing services.

•Failure to comply with data privacy and protection laws.

•Services must comply with industry standards and government regulations.

Risks Related to Intellectual Property

•Infringement of third-party proprietary technology.

•Inability to protect our proprietary technology.

•Inability to use third-party or open-source software.

Risks Related to our Debt, our Stock, and our Charter

•Cash flow may be insufficient to service or pay down our substantial debt.

•Inability to raise necessary funds in the future.

•Conditional conversion features of our debt could adversely affect our financial condition.

•Change in accounting standards, including for our debt, may cause adverse financial reporting fluctuations and affect our reported operating results.

•The current instability in the banking system could adversely impact our operations.

•Future sales of common stock or equity-linked securities.

•Certain provisions in our charter may discourage takeover attempts.

General Risk Factors

•Risks related to the ongoing impact of the COVID-19 pandemic.

•Secure financing on favorable terms.

•Risks related to natural disasters, war, terrorist attacks, global pandemics, and other unforeseen events.

Risks Related to our Business and Industry

We have a history of losses, have incurred significant negative cash flows in the past, and anticipate continuing losses in the future. As such, we may not be able to achieve or maintain profitability in the future.

We expect to continue to incur operating losses in the near future as we continue to invest in our business. During our fiscal year ending March 31, 2025, we intend to continue to invest in sales and marketing and research and development, among other areas of our business, to compete more successfully for the business of companies that are transitioning to cloud communications and otherwise position ourselves to take advantage of long-term revenue-generating opportunities.

The investments we have made in fiscal 2024 and beyond may not generate the returns that we anticipate, which could adversely impact our financial condition and make it more difficult for us to grow revenue and/or achieve profitability in the time period that we expect, or not at all. In order to achieve profitability, we will need to manage our cost structure more efficiently and not incur significant liabilities, while continuing to grow our revenue. Given our history of fluctuating revenue and operating losses, we cannot be certain that we will be able to achieve or maintain operating profitability in the future.

As a result, we may fail to meet or exceed the expectations of market analysts or investors, which could negatively impact our stock price.

Our historical operating results have fluctuated and are expected to continue to fluctuate in the future. A decline in our operating results could cause our stock price to fall. These include, but are not limited to:

•changes in the markets we compete in, including reductions in market growth or consolidation among competitors, channel partners, or customers;

•changes in customer demand, including cancellations, subscription downgrades, or substitution of our lower-priced, less feature-full products for our higher-priced, more feature-full products;

•changes in the competitive dynamics in our markets, including competitors increasing compensation payable to channel partners or increasing discounts or credits issued to customers;

•lengthy sales cycles;

•changes in regulatory requirements or lengthy regulatory approval cycles;

•new product introductions by us or our competitors;

•unpredictability of usage-based revenue products that do not involve long-term subscription commitments;

•the mix of our customer base, sales channels, and services sold;

•the number of additional customers, on a net basis;

•the amount and timing of costs associated with recruiting, training, and integrating new employees;

•the retention of our senior management and other key employees, their ability to execute on our business plan and the loss of services of senior management or other key employees, whether in the past or in the future;

•unforeseen costs and expenses related to the expansion of our business, operations, and infrastructure;

•our dependency on third-party vendors of hardware, software, and services that we resell to our customers, including the effects of supplier price increases which we are unable to pass along to our customers;

•our ability to execute our operating plans successfully, including back-office system optimizations and increases in execution speed while also reducing costs and optimizing our operating margin;

•continued compliance with industry standards and regulatory requirements;

•decline in usage related to increases in return to office;

•material security breaches or service interruptions due to cyberattacks or infrastructure failures or unavailability; and

•introduction and adoption of our cloud software solutions in markets outside of the United States.

In addition, changes in regulations, accounting principles, and our interpretation of these and judgments used in applying them, could have a material effect on our results of operations. We also need to revise our business processes, systems, and controls, which require significant management attention and may negatively affect our financial reporting obligations. If any of these events were to occur, the price of our common stock would likely decline significantly.

Any reduction in our spending may not achieve the desired result or may result in a reduction in revenue.

Our increased emphasis on profitability and cash flow generation may not be successful. We intend to reduce our total costs as a percentage of revenue, primarily impacting our sales and marketing expenses. We have experienced a reduction in revenue recently, which may have resulted from our cost reduction initiatives.

Churn in our customer base adversely impacts our revenue and requires us to spend money to retain existing customers and to capture replacement customers. If we experience increases in customer churn in the future, our revenue growth will be adversely impacted and our customer retention costs will increase.

Because of churn in our customer base, we must acquire new customers and sell additional 8x8 products and services to our existing customers on an ongoing basis to maintain our existing level of revenue. As a result, sales and marketing expenditures are an ongoing requirement of our business. Our ability to maintain and grow our revenue is adversely impacted by the rate at which our customers cancel or downgrade services. Churn reduces our revenue growth rate, and if our churn rate increases, we must acquire even more new customers and/or sell more products and services to existing customers, to maintain and grow our revenue. We incur significant costs to acquire new customers, and those costs are a meaningful component in driving our net profitability. Churn may also prevent us from increasing the price of our services in the future, as well as limit our ability to sell additional 8x8 products and services to our existing customers and we may need to renew certain customers at a lower rate, of which each case would adversely impact our revenue in the future. Therefore, if we are unsuccessful in managing our existing customer churn and/or our customer churn rate increases in the future our revenue growth would decrease and our revenue may decline, causing our net loss to increase.

Additionally, challenges in international expansion, including navigating diverse regulatory landscapes and adapting to local market conditions, may influence our ability to maintain or grow our customer base in certain regions. Pricing, competitive products, and migration of our customers from Fuze or other legacy products all can contribute to churn.

Our success hinges on our ability to acquire new customers and retain and sell additional services to our existing customers.

We define a “customer” as the legal entity or entities to which we provide services pursuant to a single contractual arrangement.

If our sales and marketing efforts are not effective in identifying and qualifying prospective new customers, demonstrating the quality, value, features and capabilities of our solutions, especially XCaaS, to those prospects and promoting our brand generally, we may not be able to acquire new customers at the rate necessary to achieve our revenue targets. We must also continue to design, develop, offer and sell services with quality, cost, features and capabilities that compare favorably to those offered by our competitors. As our target markets mature, or as competitors introduce lower cost and/or more differentiated products or services that compete or are perceived to compete with ours, we may be unable to attract new customers, on favorable terms, or at all, which could have an adverse effect on our revenue.

In addition to acquiring new customers, we generate new revenue by selling our existing customers additional quantities of subscribed services, or subscriptions to new or upgraded services. Particularly in the case of large enterprises, we often have opportunities to expand the sale of our services within an organization after we have completed an initial sale to one part of the organization (for example, a business unit, division or department, or personnel based in a particular country or region) and the organization has qualified us as a vendor. We invest in efforts to educate and train users on the features and capabilities of our services so that they can become advocates within their organizations and encourage increased adoption of our solutions. However, if existing users within an organization are dissatisfied with any aspect of our cloud services, or the technical support, training or other professional services we provide, we may face challenges in up-selling or increasing our penetration of the organization.

Intense competition for new customers and retention of existing customers (including pricing pressure) in the markets in which we compete may prevent us from increasing or sustaining our revenue growth, or achieving and maintaining profitability, which could materially harm our business.

The cloud communications industry is competitive and rapidly evolving. We expect the industry to be increasingly competitive in the future due to a number of factors including, but not limited to, the entry into the market of new competitors or the consolidation of existing competitors. Because we offer multiple services from a single platform, we compete with businesses in several overlapping industries, including voice, video meetings, chat, team messaging, contact center and enterprise-class application program interface solutions.

, Genesys Telecommunications Laboratories, Inc., Zoom Video Communications, Inc., Vonage Holdings Corp.(acquired by Ericsson), Five9, Inc., NICE inContact, Inc., Talkdesk, Inc., and Twilio Inc., among others, as well as from legacy on-premises communications equipment providers, such as Avaya, Inc., Cisco Systems, Inc., and Mitel Networks Corp.

We also face competition from Internet and cloud service companies such as Alphabet Inc. (Google Voice and Google Meet), Amazon Inc., and Microsoft Corporation. Some of these competitors have developed software solutions for their respective communications and/or collaboration silos, such as Microsoft, which is investing significantly in its Microsoft Teams unified communication and collaboration product. Any of these companies could launch a new cloud-based business communications service, expand its existing offerings to compete with features of our services, or enter into a strategic partnership with, or complete an acquisition of, one or more of our cloud communications competitors.

Many of our current and potential competitors have greater resources and brand awareness and a larger base of customers than we have. As a result, these competitors may have greater marketing credibility. They also may adopt more aggressive pricing policies and devote greater resources to the development, promotion, and sale of their products and services. Our competitors may also offer bundled service arrangements that present a more differentiated or better integrated product and services to customers. Increased competition could require us to lower our prices, reduce our sales revenue, increase our gross losses or cause us to lose market share. Announcements or expectations as to the introduction of new products and technologies by our competitors or us could cause customers to defer purchases of our existing products and services, which also could have a material adverse effect on our business, financial condition, or operating results.

Given the significant price competition in the markets for our services, we may be at a disadvantage compared with those competitors who have substantially greater resources than us or may otherwise be better positioned to withstand an extended period of downward pricing pressure. The harm to our business may be magnified if we are unable to adjust our expenses to compensate for such shortfall, or if we determine that we need to increase our marketing and sales efforts in order to attract new customers and retain existing customers.

Failure to grow and manage our network of indirect sales channels partners could materially and adversely impact our revenue in the future.

Our future business success, particularly to attract and support larger customers and expand into international markets, depends on our indirect sales channels. We typically contract directly with the end customer and use these channel partners to identify, qualify and manage prospects throughout the sales cycle, although we also have arrangements with partners who purchase our services for resale to their own customers. As our business with master- and sub-agent partners has increased, we have seen our commission payments to these partners become an increasing portion of our sales and marketing expenses. Our future success depends upon our ability to develop and maintain successful relationships with these business partners, many of whom also market and sell services of our competitors, and our ability to increase the portion of sales opportunities they refer to us. To do so, we must continue to offer services that have quality, price, features, and other elements that compare favorably to those of competing services, ensure our partners are adequately trained and knowledgeable about our services, and provide sufficient incentives for these partners to sell our services in preference to those of our competitors while maintaining a cost-effective agency structure. If we are unable to persuade our existing business partners to increase their sales of our services or to build successful partnerships with new organizations, or if our channel partners are unsuccessful in their marketing and sales efforts, we may not be able to grow our business and increase our revenue at the rate we predict, or at all, and our business may be materially adversely affected.

As we increase sales to enterprise customers, our sales process has become more complex and resource-intensive, our average sales cycle has become longer, and the difficulty in predicting when sales will be completed has increased.

Our sales cycle, which is the time between initial contact with a potential customer and the ultimate sale to that customer, is often lengthy and unpredictable for larger enterprise customers. Therefore, they typically spend significant time and resources evaluating our solutions before they purchase from us. Similarly, we typically spend more time and effort determining their requirements and educating these customers about the benefits and uses of our solutions. Enterprise customers also tend to demand more customizations, integrations, and additional features than smaller customers. As a result, we may be required to divert more sales and engineering resources to a smaller number of large transactions than we have in the past, which means that we will have less personnel available to support other sectors, or we will need to hire additional personnel, which would increase our operating expenses.

It is often difficult for us to forecast when a potential enterprise sale will close, the size of the customer's initial service order, and the period over which the implementation will occur, any of which may impact the amount of revenue we recognize or the timing of revenue recognition. Enterprise customers may delay their purchases from one quarter to another as they assess their budget constraints, negotiate early contract terminations with their existing providers, or wait for us to develop new features. Any delay in closing, or failure to close, a large enterprise sales opportunity in a particular quarter or year could significantly harm our projected growth rates and cause the amount of new sales we book to vary significantly from quarter to quarter. We also may have to delay revenue recognition on some of these transactions until the customer's technical or implementation requirements have been met.

The market for cloud software solutions is subject to rapid technological change, and we depend on new product and service introductions in order to maintain and grow our business.

We operate in an emerging market that is characterized by rapid changes in customer requirements, frequent introductions of new and enhanced products and services, and continuing and rapid technological advancement. To compete successfully in this emerging market, we must continue to design, develop, manufacture, and sell highly scalable new and enhanced cloud software solutions products and services that provide higher levels of performance and reliability at lower cost. If we are unable to develop new products and services that address our customers' needs, to deliver our cloud software solution applications in one seamless integrated service offering that addresses our customers' needs, or to enhance and improve our products and services in a timely manner, we may not be able to achieve or maintain adequate market acceptance of our services.

If new technologies emerge that are able to deliver communications and collaboration solution services at lower prices, more efficiently, more conveniently, or more securely, such technologies could adversely impact our ability to compete.

We may have difficulty attracting or retaining senior management and other personnel with the industry experience and technical skills necessary to support our desired growth.

Companies in the cloud communications industry compete aggressively for top talent in all areas of business, but particularly in senior management, sales and marketing, professional services, and engineering, where employees with industry experience, technical knowledge and specialized skill sets are particularly valued. In response to a competitive hiring environment, some of

our competitors are responding by increasing employee compensation, paying more on average than we pay for the same position or offering more attractive equity compensation. Any such disparity in compensation could make us less attractive to candidates as a potential employer, which in turn may make it more difficult for us to hire and retain qualified employees, including senior executives. Training an individual who lacks prior cloud communications experience to be successful in a sales or technical role can take months or even years.

If an employee of 8x8 leaves to work for a competitor, not only are we impacted by the loss of the individual resource, but we also face the risk that the individual will share our trade secrets with the competitor in violation of his or her contractual and legal obligations to us. Our competitors have in the past and may in the future target their hiring efforts on a particular department, and if we lose a group of employees to a competitor over a short time period, our day-to-day operations may be impaired.

In addition, we may need to issue equity at increased levels, now and in the future, to attract and retain key employees and executives, including weighting a greater percentage of our employees' total compensation in the form of equity as opposed to cash, which will have the adverse effect of increasing dilution for our stockholders.

We may not realize all of the anticipated benefits of the acquisition of Fuze, Inc.

The success of our acquisition of Fuze, Inc. ("Fuze") will depend, in part, on our ability to realize the anticipated growth opportunities and synergies from combining the businesses of our company and Fuze. Our ability to realize these anticipated benefits, and the timing of this realization, depend upon a number of factors and future events, many of which we and Fuze, individually or collectively, cannot control. These factors and events include:

•our ability to successfully and timely integrate Fuze’s business and operations with ours;

•obtaining and maintaining intellectual property rights relating to Fuze technology;

•porting Fuze customers onto our 8x8 platform;

•the retention of Fuze’s customers; and

•minimizing the diversion of management’s attention from ongoing business concerns.

We cannot assure you that any of the foregoing factors will not have an adverse effect on our business, financial condition, and prospects. Acquisitions involve risks, including inaccurate assessment of undisclosed, contingent, or other liabilities or problems. Following the completion of the acquisition, the surviving corporation possesses not only all of the assets, but also all of the liabilities, of Fuze. We have experienced unexpected liabilities as a result of our Fuze acquisition. It is possible that undisclosed, contingent, or other liabilities or problems may arise in the future of which we were previously unaware. These undisclosed liabilities could have an adverse effect on our business, financial condition, and prospects.

Taxing authorities have asserted, or could in the future assert, that we should have collected or in the future should collect sales and use, value added, or similar taxes, including on similar services for which our competitors may not be subject to the same obligations. As a result, we could be subject to liability with respect to past or future sales, which have and could adversely affect our business.

The applicability of state and local taxes, fees, surcharges or similar taxes to our services is complex, ambiguous, and subject to interpretation and change. In the United States, for example, we collect state and local taxes, fees, and surcharges based on our understanding of the applicable laws in the relevant jurisdiction. The taxing authorities may challenge our interpretation of the laws and may assess additional taxes, penalties, and interests, which could have adverse effects on the results of operations and, to the extent we pass these through to our customers, demand for our services. Additionally, the applicability of sales and use, value added, or similar taxes may differ between services such as unified communication, voice, video, contact center, and platform communications so that the obligations to collect taxes from customers may vary between services and between companies such that we may be obligated to collect taxes at a higher rate that other services from our competitors, thereby impacting customer demand for our services. We currently file more than 1,500 state and local tax returns monthly. Periodically, we have received inquiries from state and municipal taxing agencies with respect to the remittance of state or local taxes, fees, or surcharges. Currently, several jurisdictions are conducting audits of 8x8; in the event our positions are unsuccessful, we may be subject to tax payments, interest, and penalties in excess of those that we have accrued for. As of March 31, 2024, we have paid or accrued for state or local taxes, fees, and surcharges that we believe are required to be remitted.

Our ability to use our net operating losses or research tax credits to offset future taxable income is subject to certain limitations.

As of March 31, 2024, we had federal net operating loss, or NOL, carryforwards of $1,118.7 million, of which $335.5 million are related to years prior to fiscal 2019 and begin to expire in 2034. The remaining $783.2 million carry forward indefinitely, but can only be used to apply up to 80% of the Company's taxable income for a given tax year. The federal income tax credit carryforwards will

expire at various dates between the calendar years 2035 and 2044, while the California income tax credits will carry forward indefinitely. A Section 382 ownership change generally occurs if one or more stockholders or groups of stockholders who own at least 5% of the stock increase their ownership by more than 50 percentage points over their lowest ownership percentage within a rolling three-year period. Similar rules may apply under state tax laws.

We may incur impairments to goodwill, intangible assets, or long-lived assets which could negatively impact our operating results and financial condition.

The Company has a substantial amount of goodwill, intangible assets and long-lived assets on its consolidated balance sheet. The Company performs an annual test for indications of goodwill, intangible assets and long-lived assets impairment and more often if indicators of impairment exist. The impairment evaluation requires significant judgment and estimates by management, and unfavorable changes in these assumptions or other factors could result in future impairment charges and have a significant adverse impact on the Company’s reported earnings. Such factors include macroeconomic conditions in equity and credit markets, broader industry and market considerations, cost factors including material and labor cost, and the operating and financial performance of the Company. Additionally, a decline in the market valuation of the Company’s common shares, whether related to the Company or overall market conditions, could adversely impact the assumptions used to perform the evaluation of its goodwill, indefinite-lived intangible assets and long-lived assets.

In connection with partially ceasing use of the Company’s Headquarters and an international office space, the Company recorded impairment charges of $9.9 million and $1.1 million, respectively, as the carrying amount of the right-of-use assets related to the leases exceeded its fair value based on the Company’s estimate of future discounted cash flows related to the leased facility. During fiscal 2024, the non-cash charge of $11.0 million was recorded as an impairment of long-lived assets on the consolidated statements of operations and consisted of an $11.0 million impairment of operating lease right-of-use assets. See Note 6, Leases, in the Notes to Consolidated Financial Statements contained in Part II, Item 8 of this Annual Report.

Risks Related to our Products and Operations

If our platform or services experience significant or repeated disruptions, outages, or failures due to defects, bugs, vulnerabilities, or similar software problems, or if we fail to determine the cause of any disruption or failure and correct it promptly, we could lose customers, become subject to service performance or warranty claims, or incur significant costs, reducing our revenue and adversely affecting our operating results.

Our software and network infrastructure configurations have contained, and may now or in the future contain, undetected errors, bugs, or vulnerabilities, including those introduced by artificial intelligence-powered features. Such weaknesses could be exploited by hackers. These vulnerabilities include but are not limited to risks from ransomware, sophisticated nation-state attacks, and emerging malware threats. We continuously monitor these threats and update our defenses in response. Such weaknesses have also been the cause of, and may in the future cause, temporary service outages or other disruptions for some customers, potentially leading to significant financial and reputational damage. Our cybersecurity response plan includes incident response teams and system updates to mitigate these risks. Some errors in our software code may not be discovered until after the code has been released. Any errors, bugs, or vulnerabilities discovered in our code after release could result in damage to our reputation, loss of customers, loss of revenue, or liability for service credits or damages, any of which could adversely affect our business and financial results. We implement bug fixes and upgrades as part of our regularly scheduled system maintenance, which may lead to system downtime. The costs associated with any material defects or errors in our software or other performance problems may be substantial and could materially adversely affect our operating results.

Our physical infrastructure is concentrated in a few facilities (i.e., data centers and public cloud providers), and any failure in our physical infrastructure or service outages could lead to significant costs and/or disruptions and could reduce our revenue, harm our business reputation and have a material adverse effect on our financial results.

Our leased network and data centers, as well as public cloud infrastructure, are subject to various points of failure. These incidents have led to recent service interruptions and may continue to do so. These incidents could result in further service interruptions for our customers as well as equipment damage, significantly impacting our operational capability and customer satisfaction. Our infrastructure is consolidated into a few large data center facilities distributed globally across different regions. Any failure or downtime in one of our data center facilities could affect a significant percentage of our customers. The total destruction, closure, or severe impairment of any of our data center facilities could result in significant downtime of our services and the loss of customer data. Because our ability to attract and retain customers depends on our ability to provide customers with highly reliable service, even minor interruptions in our service could harm our reputation. Additionally, in connection with the expansion or consolidation of our existing data center facilities from time to time, there is an increased risk that service interruptions may occur as a result of server relocation or other unforeseen construction-related issues.

The harm to our reputation is difficult to assess but has resulted and may result in the future in customer attrition. We have taken and continue to take steps to improve our infrastructure to prevent service interruptions, including upgrading our electrical and mechanical infrastructure. However, service interruptions continue to be a significant risk for us and could have a material adverse impact on our business.

Any future service interruptions could:

•cause our customers to seek service credits or damages for losses incurred;

•require us to replace existing equipment or add redundant facilities;

•affect our reputation as a reliable provider of communications services;

•cause existing customers to cancel or elect to not renew their contracts; or

•make it more difficult for us to attract new customers.

We may be required to transfer our servers to new data center facilities or public cloud load to a different public cloud provider in the event that we are unable to renew our agreement or leases on acceptable terms, or at all, or the owners of the facilities decide to close their facilities, and we may incur significant costs and possible service interruption in connection with doing so. In addition, any financial difficulties, such as bankruptcy or foreclosure, faced by our third-party data center operators, or any of the service providers with which we or they contract, may have negative effects on our business, the nature and extent of which are difficult to predict. If our data centers or our public cloud providers are unable to keep up with our increasing needs for capacity, our ability to grow our business could be materially and adversely impacted.

To the extent we increase our customer base and as our customers gain more experience with our services, the number of users and transactions managed by our services, the amount of data transferred, processed, and stored by us, the number of locations where our service is being accessed, and the volume of communications managed by our services have in some cases, and may in the future, expand rapidly. In addition, the reliance on and integration with artificial intelligence technologies and third-party services may increase operational complexities and dependencies, so we may need scale and modernize our internal business systems and our services organization, including customer support, sales operations, billing services, and regulatory, privacy and cybersecurity compliance, to serve our growing customer base. These issues could adversely impact our reputation and brand and reduce the attractiveness of our cloud software solutions to customers, resulting in decreased sales to new customers, lower renewal rates by existing customers, and the issuance of service credits, or requested refunds, which could hurt our revenue growth and our reputation.

Because our long-term growth strategy involves continued expansion outside the United States, our business will be susceptible to risks associated with international operations.

An important component of our growth strategy involves the further expansion of our operations and customer base internationally. We have formed subsidiaries outside the United States, including a subsidiary in Romania that contributes significantly to our research and development efforts. The risks and challenges associated with sales and other operations outside the United States are different in

some ways from those associated with our operations in the United States, and we have a limited history addressing those risks and meeting those challenges. Our current international operations and future initiatives, including Southeast Asia, will involve a variety of risks, including:

•localization of our services, including translation into foreign languages and associated expenses;

•regulation of our services as traditional telecommunications services, requiring us to obtain authorizations or licenses to operate in foreign jurisdictions, or alternatively preventing us from selling our full suite of services, or any services at all, in such jurisdictions;

•changes in a specific country's or region's regulatory requirements, taxes, trade policies, tariffs, sanctions, trade laws, or political, or economic condition;

•increased competition from regional and global cloud communications competitors in the various geographic markets in which we compete, where such markets may have different sales cycles, selling processes, and feature requirements, and may involve high levels of competition from local vendors that could require aggressive pricing strategies and adaptations to local market demands, which may limit our ability to compete effectively in different regions globally;

•more stringent regulations relating to data security and the unauthorized use of, access to, and transfer of, commercial and personal information, particularly in the EU, and potentially conflicting privacy regulations that could complicate data management and compliance;

•differing labor regulations, especially in the EU and Latin America, where labor laws are generally more advantageous to employees as compared to those in the United States, including deemed hourly wage and overtime regulations in these locations;

•challenges inherent in efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs;

•difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems, which could delay or impede our ability to effectively launch our operations or scale them efficiently;

•increased travel, real estate, infrastructure, and legal compliance costs associated with international operations;

•different pricing environments, longer sales cycles, longer accounts receivable payment cycles, and other collection difficulties;

•currency exchange rate fluctuations and the resulting effect on our revenue and expenses, and the cost and risk of entering into hedging transactions if we chose to do so in the future;

•limitations on our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries;

•laws and business practices favoring local competitors or general preferences for local vendors;

•limited or insufficient intellectual property protection;

•political instability or terrorist activities, including the impact of geopolitical tensions in regions like Eastern Europe, the Middle East, and Asia, which could affect market stability and operations, or impact our employees located in those regions;

•a military conflict with China and/or Russia or other geopolitical conflicts between nation-states, that will likely involve cyberattacks on critical infrastructure, including, but not limited to, global data centers, power grids, and communication companies;

•exposure to liabilities under anti-corruption and anti-money laundering laws, including the United States Foreign Corrupt Practices Act, the United Kingdom Bribery Act 2010, trade and export laws such as those enforced by the Office of Foreign Assets Control (OFAC) of the United States Department of the Treasury, and similar laws and regulations in other jurisdictions;

•continuing uncertainty regarding social, political, immigration, and tax and trade policies in the United States and abroad, including as a result of the United Kingdom's withdrawal from the EU;

•regional travel restrictions, business closures, government actions and other restrictions in connection with the geopolitical instabilities or pandemics; and

•adverse tax burdens and foreign exchange controls that could make it difficult to repatriate earnings and cash.

We have limited experience in operating our business internationally, which increases the risk that any potential future expansion efforts that we may undertake will not be successful. We expect to invest substantial time and resources to expand our international operations. If we are unable to do this successfully and in a timely manner, our business and operating results could be materially adversely affected.

The ongoing conflict between Russia and Ukraine has led to and is expected to continue to lead to disruption, instability, and volatility in global markets and industries. Our business, including our operations in Romania, could be negatively impacted by such conflict. We have a significant engineering and operations presence in Romania, which borders Ukraine, and any expansion of the conflict between Russia and Ukraine to the countries surrounding Ukraine, including Romania, would negatively impact us and our employees in Romania. The United States government and other governments in jurisdictions in which we operate have imposed severe sanctions and export controls against Russia and Russian interests and threatened additional sanctions and controls. The impact of these measures, as well as potential responses to them by Russia, or by escalated tensions in the Middle East, particularly the ongoing conflict between Israel and Hamas and Israel and Iran that pose a particular

risk given our partnerships with operations in Israel that may be adversely affected by those conflicts, could adversely affect our business, supply chain, partners, or customers, particularly if the impact were to cause a geographic expansion of the conflict between Russia and Ukraine to surrounding countries or intensify disruptions in the Middle East.

We face risks related to acquisitions now and in the future that may divert our management's attention, result in dilution to our stockholders, and consume resources that are necessary to sustain and grow our existing business.

Although we have acquired several companies and business units in recent years, including Fuze, we have limited experience with purchasing and integrating other businesses. We may not be able to identify suitable acquisition candidates in the future or negotiate and complete acquisitions on favorable terms.

If appropriate opportunities present themselves, we may decide to acquire such companies or their products, technologies or assets. Acquisitions involve numerous risks, and there is no guarantee that we will ultimately strengthen our competitive position or achieve other benefits expected from the transaction. Among other risks we may encounter in connection with acquisitions:

•we may experience difficulty and delays in integrating the products, technology platform, operations, systems and personnel of the acquired business with our own, particularly if the acquired business is outside of our core competencies;

•we may not be able to manage the acquired business or the integration process effectively, which may limit our ability to realize the financial and strategic benefits we expected from the transaction;

•the acquisition and integration may divert management’s attention from our day-to-day operations and disrupt the ordinary functioning of our ongoing business;

•we may have difficulty establishing and maintaining appropriate governance, reporting relationships, policies, controls, and procedures for the acquired business, particularly if it is based in a country or region where we did not previously operate;

•any failure to successfully manage the integration process may also adversely impact relationships with our employees, suppliers, customers, and business partners, or those of the acquired business, and may result in increased churn or the loss of key customers, business partners or employees for our business or those of the acquired business;

•we may become subject to new or more stringent regulatory compliance obligations and costs by virtue of the acquisition, including risks related to international acquisitions that may operate in new jurisdictions or geographic areas where we may have no or limited experience;

•we may become subject to litigation, investigations, proceedings, fines or penalties arising from or relating to the transaction or the acquired business, and any resulting liabilities may exceed our forecasts;

•we may acquire businesses with different revenue models, customer concentration risks, and contractual relationships;

•we may assume long-term contractual obligations, commitments or liabilities (for example, those relating to leased facilities), which could adversely impact our efforts to achieve and maintain profitability and impair our cash flow;

•we may not successfully evaluate or utilize the acquired technology and accurately forecast the financial impact of an acquisition transaction, including accounting charges;

•the acquisition may create a drag on our overall revenue growth rate, which could lead analysts and investors to reduce their valuation of our company;

•we may be exposed to existing cyber risks not identified prior to an acquisition that could impact our core operations until mitigated; and

•if an acquired business’s cybersecurity controls are materially weaker than ours, we may be exposed to existing cyber risks not identified prior to an acquisition that could impact our core operations until mitigated.

The sale of equity to finance any such acquisitions could result in dilution to our stockholders. If we incur more debt, it would result in increased fixed obligations and could also subject us to covenants or other restrictions that would impede our ability to flexibly operate our business.

As a result of these potential problems and risks, among others, businesses that we may acquire or invest in may not produce the revenue, competitive advantages, or business synergies that we anticipate, and the results and effects of any such acquisition may not be favorable enough to justify the amount of consideration we pay or the other investments we make in the acquired business.

If we do not or cannot maintain the compatibility of our communications and collaboration software with third-party applications and mobile platforms that our customers use in their businesses, our revenue could decline.

The functionality and popularity of our cloud software solutions depends, in part, on our ability to integrate our services with third-party applications and platforms, including enterprise resource planning, customer relations management, human capital management, workforce management, and other proprietary application suites. Such changes could functionally limit or terminate our customers’ ability to use these third-party applications and platforms in conjunction with our services, which could negatively impact our offerings and harm our business. If we fail to integrate our software with new third-party back-end enterprise applications and platforms used by our customers, we may not be able to offer the functionality that our customers need, which would negatively impact our ability to generate revenue and adversely impact our business.

Our services also allow our customers to use and manage our cloud software solutions on smartphones, tablets, and other mobile devices. As new smart devices and operating systems are released, we may encounter difficulties supporting these devices and services, and we may need to devote significant resources to the creation, support, and maintenance of our mobile applications. In addition, if we experience difficulties in the future integrating our mobile applications into smartphones, tablets, or other mobile devices or with certain communication platforms, such as Microsoft Teams, or if problems arise with our relationships with providers of mobile operating systems, such as those of Apple Inc. or Alphabet Inc., our future growth and our results of operations could suffer.

To provide our services, we rely on third parties for our network service and connectivity, and any disruption or deterioration in the quality of these services or the increase in the costs we incur from these third parties could adversely affect our business, results of operations, and financial condition.

We use the infrastructure of third-party network service providers, such as Equinix, Inc. and CenturyLink, Inc., and public cloud providers, including Amazon Web Services, Inc. and Oracle Corporation, to provide our cloud services over their networks rather than deploying our own network connectivity. These decisions have resulted in lower capital and operating costs for our business in the short-term but have reduced our operating flexibility and ability to make timely service changes. If any of these network service providers cease operations or otherwise terminate the services that we depend on or become unwilling to supply cost-effective services to us in the future, the delay in switching our technology to another network service provider, if available, and qualifying this new service provider could have a material adverse effect on our business, financial condition, or operating results. In addition, the rates we pay to our network service providers and other intermediaries may also change more rapidly than the change in pricing we charge our customers, which may reduce our profitability and increase the retail price of our service. Furthermore, increased cybersecurity threats to infrastructure or heightened geopolitical tensions in regions where these third parties operate could exacerbate these risks, potentially leading to further operational disruptions and financial losses.

We rely on third-party vendors for IP phones and software endpoints required to utilize our service. We currently do not have long-term supply contracts with any of these vendors. As a result, most of these third-party vendors are not obligated to provide products or services to us for any specific period, in any specific quantities, or at any specific price, except as may be provided in a particular purchase order. The inability of these third-party vendors to deliver IP phones of acceptable quality and in a timely manner, particularly the sole source vendors, could adversely affect our operating results or cause them to fluctuate more than anticipated. Additionally, some of our products and services may require specialized or high-performance component parts that may not be available in quantities or in time frames that meet our requirements.

Difficulty executing local number porting requests could negatively impact our business.

In order to port telephone numbers, we rely on third party telecommunications carriers to complete the process. Often, number ports take longer than the specified timeframes. For many potential customers, the ability to quickly port their existing telephone numbers into our service in a timely fashion is a very important consideration. To the extent that we cannot quickly port telephone numbers in, our ability to acquire new customers may be negatively impacted. To the extent that we cannot quickly port telephone numbers out when a customer leaves our service to go to another provider, we could be subject to regulatory enforcement action.

Risks Related to Regulatory Matters

Cyber intrusions, breaches of our networks or systems or those of our service and cloud storage providers, and other malicious acts could adversely impact our business.

Individuals or entities have attempted, and will attempt, to penetrate our network security, and that of our platform, and try to cause harm to our business operations, including by misappropriating our proprietary information or that of our customers, employees and business partners or causing interruptions of our products and platform. In particular, cyberattacks and other malicious internet-based activity continue to increase in frequency and in magnitude both generally and specifically against us and other cloud-service providers. For example, during the second quarter of fiscal 2023, in real time, we detected an unauthorized third party in our network as well as the malware they deployed to establish persistent access. We responded quickly, including with the assistance of third party digital forensics experts, and implemented measures to identify and remove the intruder and malware from our network and secure our data before any potential ransomware could be deployed. We subsequently learned during the third quarter of fiscal 2023, in December 2022, that the unauthorized third party possessed approximately a terabyte of our confidential information from several back-office servers. The unauthorized third party made a ransom demand for the return of our confidential information, which we did not pay. We continue to implement new technological measures to prevent, detect, and contain such intrusions as well as build and strengthen ongoing employee awareness, education and training, but we cannot guarantee we will be able to prevent, detect or contain all future cyber intrusions, nor can we guarantee that our backup systems, regular data backups, security protocols, denial or disruption of service (DDoS) mitigation, and other procedures that are currently in place, or may be in place in the future, will be adequate to prevent significant damage, system failure, or data loss.

Inherent in our provision of services are the storage, processing, and transmission of our customers' data, which may include confidential and sensitive information and that confidential or sensitive information may be stored or transmitted by means not designed for confidential or sensitive information, such as the processing or storing of protected health information or payment card information in free-form text fields provided for other purposes. This exposes us to significant cybersecurity risks, including data breaches and unauthorized data access, which could compromise customer trust and subject us to financial and legal penalties. Customers may use our services to store, process, and transmit a wide variety of confidential and sensitive information, such as credit card, bank account, and other financial information, proprietary information, trade secrets, or other data that may be protected by sector-specific laws and regulations, like intellectual property laws, laws addressing the protection of personally identifiable information (or personal data in the EU), as well as the Federal Communications Commission’s, or the FCC’s, customer proprietary network information, or CPNI, rules. We also face the risk of changes in cybersecurity laws and regulations which could impose additional compliance costs or challenges. Additionally, we closely monitor legislative developments to swiftly adapt our practices, ensuring ongoing compliance and protection against emerging threats. We may be targets of cyber threats and security breaches, given the nature of the information that we store, process, and transmit and the fact that we provide communications services to a broad range of businesses. To the extent that state-sponsored incidents of cybersecurity breaches increase due to geopolitical tensions, this risk may continue to increase.

In addition, we use third-party vendors, which in some cases have access to our data and our customers' data. Despite the implementation of security measures by us or our vendors, our computing devices, infrastructure, or networks, or our vendors' computing devices, infrastructure, or networks may be vulnerable to hackers, social engineering and phishing, ransomware, computer viruses, worms, other malicious software programs, or similar disruptive problems due to a security vulnerability in our or our vendors' infrastructure or network, or our vendors, customers, employees, business partners, consultants, or other internet users who attempt to invade our or our vendors' public and private computers, tablets, mobile devices, software, data networks, or voice networks. If there is a security vulnerability in our or our vendors' infrastructure or networks that is successfully targeted, we could face increased costs, liability claims, government investigations, fines, penalties or forfeitures, class action litigation, reduced revenue, or harm to our reputation or competitive position.

We could be liable for breaches of security on our website, fraudulent, improper or illegal activities by our users, or the failure of third-party vendors to deliver credit card transaction processing services, which could result in claims, increase the cost of operations or otherwise harm our business and reputation.

A fundamental requirement for operating an Internet-based, worldwide cloud software solution and electronically billing our customers is the secure transmission of confidential information and media over public networks. Although we have developed systems and processes that are designed to protect consumer information and prevent fraudulent credit card transactions and other security breaches, failure to mitigate such fraud or breaches may subject us to costly breach notification and other mitigation obligations, class action lawsuits, investigations, fines, forfeitures or penalties from governmental agencies that could adversely affect our operating results.

The law relating to the liability of providers of online payment services is currently unsettled and states may enact their own rules with which we may not comply. We rely on third-party providers to process and guarantee payments made by our subscribers up to certain limits, and we may be unable to prevent our customers from fraudulently receiving goods and services. Our liability risk will increase if a larger fraction of transactions affected using our cloud-based services involves fraudulent or disputed credit card transactions.

We may also experience losses due to subscriber fraud and theft of service. Subscribers have, in the past, obtained access to our service without paying for monthly service and international toll calls by unlawfully using our authorization codes or by submitting fraudulent credit card information. If our existing anti-fraud procedures are not adequate or effective, consumer fraud and theft of service could have a material adverse effect on our business, financial condition, and operating results.

Similarly, bad actors may use our products to promote their goals and encourage users to engage in improper or illegal activities. There have been instances where improper or illegal content may have been shared on our platform without our knowledge. As a service provider, and as a matter of policy, we do not monitor user meetings. Our terms of service prohibit such conduct. While to date we have not been subject to legal or administrative actions as a result of improper or illegal content, the laws in this area are currently in a state of flux and vary widely between jurisdictions. Accordingly, it may be possible that in the future, we and our competitors may be subject to legal actions along with the users who shared such content. In addition, regardless of any legal liability we may face, if there is an incident generating extensive negative publicity about the content shared on our platform, our business and reputation could be harmed.

Failure to comply with laws and contractual obligations related to data privacy and protection could have a material adverse effect on our business, financial condition and operating results.

We process many types of data, including personal data in the course of our business. As such, we are subject to the data privacy and protection laws and regulations adopted by federal, state and foreign governmental agencies, including the EU's GDPR, the UK’s Data Protection Act 2018, the CCPA/CPRA, and the Virginia Consumer Data Protection Act. Data privacy and protection is highly regulated in many jurisdictions and may become the subject of additional regulation in the future. For example, lawmakers and regulators worldwide are considering proposals that would require companies, like us, that encrypt users' data to ensure access to such data by law enforcement authorities. Privacy laws restrict our processing of personal information, provided to us by our customers as well as data we collect from our customers and employees. We strive to comply with all applicable laws, regulations, policies and legal obligations relating to privacy and data protection. However, if we fail to comply, we may be subject to fines, penalties and lawsuits, statutory damages at both the federal and state levels in the United States, substantial fines and penalties under the EU’s GDPR and the UK’s Data Protection Act 2018, and class action lawsuits, and our reputation may suffer. We may also be required to make modifications to our data practices that could have an adverse impact on our business, including increasing our operating costs, which may cause us to increase our prices, making our services less competitive.

Any failure, or perceived failure, by us to comply with federal, state, or international laws, including laws and regulations regulating privacy, data, or consumer protection, or to comply with our contractual obligations related to privacy, could result in proceedings or actions against us by governmental entities, contractual parties, or others, which could result in significant liability to us, as well as harm our reputation. Additionally, third parties on which we rely enter into contracts to protect and safeguard our customers' data. Should such parties violate these agreements or suffer a breach, we could be subject to proceedings or actions against us by governmental entities, contractual parties, or others, which could result in significant liability to us as well as harm to our reputation.

Our products and services must comply with industry standards, FCC regulations, state, local, country-specific, and international regulations, and changes may require us to modify existing services, potentially increase our costs or prices we charge customers, and otherwise harm our business.

The failure of our products and services to comply, or delays in compliance, with various existing and evolving standards could delay or interrupt our introduction of new products, subject us to fines or other imposed penalties, or harm our reputation, any of which would have a material adverse effect on our business, financial condition, or operating results.

Regulations to which we may be subject address the following matters, among others:

•license requirements that apply to providers of communications services in many jurisdictions;

•our obligation to contribute to various Universal Service Fund programs, including at the state level;

•monitoring on rural call completion rates;

•safeguarding and use of customer proprietary network information;

•rules concerning access requirements for users with disabilities;

•our obligation to offer 7-1-1 abbreviated dialing for access to relay services;

•compliance with the requirements of United States and foreign law enforcement agencies, including the Communications Assistance for Law Enforcement Act, and cooperation with local authorities in conducting wiretaps, pen traps and other surveillance activities;

•the ability to dial 9-1-1 (or corresponding numbers in regions outside the United States), auto-locate E-911 calls (or corresponding equivalents) when required, and access emergency services;

•the transmission of telephone numbers associated with calling parties between carriers and service providers like us;

•regulations governing outbound dialing, including the Telephone Consumer Protection Act;

•FCC and other regulators efforts to combat robo-calling and caller ID spoofing;

•compliance with data protection regulations such as the GDPR in Europe, which impose stringent requirements on data privacy and security;

•compliance with the Telecommunications (Security) Act 2021 in the UK, which imposes strict security requirements on telecom providers to protect the UK's telecoms network from cyber threats and vulnerabilities. Non-compliance with this act could result in significant penalties and affect our ability to operate in the UK; and

•adherence to environmental regulations concerning the disposal and recycling of electronic products and batteries, which are becoming increasingly relevant as we expand our hardware offerings.

Regulation of our services as telecommunications services may require us to obtain authorizations or licenses to operate in foreign jurisdictions and comply with legal requirements applicable to traditional telephony providers. This regulation may impact our ability to differentiate ourselves from incumbent service providers and imposes substantial compliance costs on us. In addition, the reform of federal and state Universal Service Fund programs and payment of regulatory and other fees in international markets could increase the cost of our service to our customers, diminishing or eliminating any pricing advantage we may have.

Risks Related to Intellectual Property

If we are found to be infringing on a third party's proprietary technology, our business could be disrupted.

If we are found to be infringing the intellectual property rights of any third-party in lawsuits or proceedings that may be asserted against us, we could be subject to monetary liabilities for such infringement, which could be material. We could also be required to refrain from using, manufacturing, or selling certain products or using certain processes, either of which could have a material adverse effect on our business and operating results. Our broad range of current and former technology, including IP telephony systems, digital and analog circuits, software, and semiconductors, increases the likelihood that third parties may claim infringement by us of their intellectual property rights. We have received and may continue to receive in the future, notices of claims of infringement, misappropriation, or misuse of other parties' proprietary rights. There can be no assurance that we will prevail in these discussions and actions or that other actions alleging infringement by us of third-party patents will not be asserted or prosecuted against us. Furthermore, lawsuits like these may require significant time and expense to defend, may divert management's attention away from other aspects of our operations and, upon resolution, may have a material adverse effect on our business, results of operations, financial condition, and cash flows.

Inability to protect our proprietary technology would disrupt our business.

We rely, in part, on patent, trademark, copyright, and trade secret law to protect our intellectual property in the United States and abroad. We seek to protect our software, documentation, and other written materials under trade secret and copyright law, which afford only limited protection. We currently have several United States patent applications pending. We cannot predict whether such pending patent applications will result in issued patents, and if they do, whether such patents will effectively protect our intellectual property. The intellectual property rights we obtain may not be sufficient to provide us with a competitive advantage, and could be challenged, invalidated, infringed, or misappropriated. To address these risks, we also rely on confidentiality agreements with our employees, consultants, and contractors; however, these agreements may be breached, may not be enforceable in every instance, and may not provide an adequate remedy if unauthorized use or disclosure of our information occurs.

Litigation may be necessary in the future to enforce our intellectual property rights, determine the validity and scope of our proprietary rights or the rights of others, or defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of management time and resources and could have a material adverse effect on our business, financial condition, and operating results. Any settlement or adverse determination in such litigation would also subject us to significant liability. Further, in some jurisdictions we may not be able to pursue litigation effectively due to barriers inherent in foreign legal systems or customs.

Our inability to use software licensed from third parties, or our use of open-source software under license terms that interfere with our proprietary rights, could disrupt our business.

Our technology platform incorporates software licensed from third parties, including some software, known as open-source software, which we use without charge. Although we monitor our use of open source software, the terms of many open source licenses to which we are subject have not been interpreted by United States or foreign courts, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to provide our platform to our customers. In the future, we could be required to seek licenses from third parties in order to continue offering our platform, which licenses may not be available on terms that are acceptable to us, or at all. Alternatively, we may need to re-engineer our platform or discontinue use of portions of the functionality provided by our platform. In addition, the terms of open-source software licenses may require us to provide software that we develop using such software to others on unfavorable license terms. This could potentially expose proprietary features of our platform to competitors, thereby eroding our competitive edge. Our inability to use third-party software could result in disruptions to our business, or delays in the development of future offerings or enhancements of existing offerings, which could impair our business.

Risks Related to our Debt, our Stock, and our Charter

We have a substantial amount of indebtedness, which could have important consequences to our business.

We have a substantial amount of indebtedness.

Our substantial indebtedness could have important consequences that could have a material adverse effect on our business, financial condition and results of operations, including the following:

•requiring us to comply with restrictive covenants in our senior secured debt facility, which limits the manner in which we conduct our business, and which obligations under the Credit Agreement are guaranteed by our wholly-owned subsidiaries. For example, our Credit Agreement contains a minimum adjusted cash Earnings Before Interest, Taxes, Depreciation and Amortization (EBITDA) financial covenant, a minimum liquidity covenant and a maximum secured leverage ratio financial covenant and contains affirmative and negative covenants customary for transactions of this type, including limitations with respect to indebtedness, liens, investments, dividends, disposition of assets, change in business, and transactions with affiliates;

•making it more difficult for us to satisfy our obligations with respect to our indebtedness;

•requiring us to dedicate a substantial portion of our cash flow from operations to debt service payments on our debt, which reduces the funds available for working capital, capital expenditures, acquisitions and other general corporate purposes;

•limiting our flexibility in planning for, or reacting to, changes in the industry in which we operate;

•placing us at a competitive disadvantage compared to any of our less-leveraged competitors;

•increasing our vulnerability to both general and industry-specific adverse economic conditions;

•potentially complicating our ability to refinance our debt under favorable conditions, or at all, which could further restrict our operational flexibility and increase our financing costs;

•increasing our vulnerability to fluctuations in interest rates, particularly for any variable-rate debt; and

•limiting our ability to obtain additional debt or equity financing to fund future working capital, capital expenditures, acquisitions or other general corporate requirements and increasing our cost of borrowing.

Servicing our debt, including the paying down of principal, requires the use of cash and liquidity of our clearing, cash management and custodial financial institutions, and we may not have sufficient cash flow from our business to pay down our debt.

As of March 31, 2024, we currently have approximately $201.9 million aggregate principal amount of the 2028 Notes and the $225.0 million Term Loan outstanding.

The volatility of the global economy, changes in the credit market conditions, and fluctuations in interest rates could further complicate our ability to refinance our debt. Our business may not continue to generate cash flow from operations in the future sufficient to service our debt, including paying off the principal when due, and make necessary capital expenditures. Our notes are currently significantly out of the money, and our stock price would

have to increase significantly for our notes to convert prior to maturity. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional equity capital on terms that may be onerous or highly dilutive. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at such time. We may also face heightened regulatory scrutiny or changes in financial regulation which could impact our refinancing options. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations.

We may not have the ability to raise the funds necessary to settle conversions of the new notes in cash or repurchase the new notes upon a fundamental change, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of the new notes.

Holders of the 2028 Notes have the right to require us to repurchase the 2028 Notes upon the occurrence of a fundamental change at a repurchase price equal to 100% of the principal amount of the 2028 Notes to be repurchased, plus accrued and unpaid interest, if any. In addition, upon conversion of the 2028 Notes, unless we elect to deliver solely shares of our common stock to settle such conversion (other than paying cash in lieu of delivering any fractional share), we will be required to make cash payments in respect of the 2028 Notes being converted. However, due to potential adverse market conditions or changes in the credit markets, we may not have enough available cash or be able to obtain financing at the time we are required to make repurchases of the new Notes surrendered therefor or the new Notes being converted. In addition, our ability to repurchase the 2028 Notes or to pay cash upon conversions of the 2028 Notes may be limited by law, by regulatory authority or by agreements governing our future indebtedness. If one or more holders elect to convert their notes, we may face increased financial pressure, especially if this occurs during a period of liquidity constraints within the broader financial system. The potential impact of a banking system failure could exacerbate our liquidity risks, as we rely on these institutions not only for operating cash but also for the facilitation of our debt service payments. Our failure to repurchase any of our Notes at a time when the repurchase is required by the applicable indenture or to pay any cash payable on future conversions of our Notes as required by the applicable indenture would constitute a default under such indenture. A default under an applicable indenture or the occurrence of the fundamental change may also lead to a default under agreements governing our future indebtedness. If the repayment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase our 2028 Notes or make cash payments upon conversions thereof.

The conditional conversion feature of our notes, if triggered, may adversely affect our financial condition and operating results.

In the event the conditional conversion feature of our notes is triggered, holders of our notes will be entitled to convert such notes at any time during specified periods at their option. If one or more holders elect to convert their notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligations through the payment of cash, which could adversely affect our liquidity. This could also place significant pressure on our cash reserves, particularly if market conditions or our operating results are not favorable at the time of conversion. In addition, even if holders of our notes do not elect to convert their notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of such notes as a current rather than long-term liability, which would result in a material reduction of our net working capital. This reclassification could severely impact our financial ratios and may affect our ability to meet financial obligations or secure new financing under favorable terms.

Changes in financial accounting standards or practices may cause adverse, unexpected financial reporting fluctuations and affect our reported operating results.

U.S. GAAP is subject to interpretation by the FASB, the Securities and Exchange Commission and various bodies formed to promulgate and interpret appropriate accounting principles. A change in accounting standards or practices can have a significant effect on our reported results. New accounting pronouncements and varying interpretations of accounting pronouncements have occurred and will occur in the future. Changes to existing rules or the questioning of current practices may lead to increased compliance costs and necessitate the engagement of additional financial and legal advisors or harm our reported financial results or the way we account for or conduct our business. Furthermore, such changes could affect our compliance with loan covenants or other financial obligations, potentially affecting our borrowing capacity or the perceptions of our financial stability by investors and creditors. Moreover, these changes could complicate our efforts to comply with covenants in our debt agreements or affect our compliance with regulatory requirements, further influencing our financial stability.

We maintain cash balances at financial institutions which may be in excess of the Federal Deposit Insurance Corporation insurance limit. Additionally, the broader implications of these bank failures could disrupt our ability to access other forms of liquidity, such as lines of credit, and might tighten credit conditions, affecting our ability to secure financing on favorable terms. Any failure of a depository institution to return any of our deposits, or

any other adverse conditions in the financial or credit markets affecting depository institutions, could impact access to our invested cash or cash equivalents and could adversely impact our operations, liquidity and operating results. This could also potentially increase our cost of capital and affect our investment decisions. The broader repercussions of such banking failures may include increased market volatility, reduced consumer confidence, and tightened credit conditions, which could further strain our operational funding and credit availability. These conditions might also influence our ability to maintain necessary liquidity reserves or to finance ongoing operations and strategic initiatives effectively.

Future sales of our common stock or equity-linked securities in the public market could lower the market price of our common stock.

In the future, we may sell additional shares of our common stock or equity-linked securities to raise capital. In addition, a substantial number of shares of our common stock is reserved for issuance upon the exercise of stock options, upon the vesting and settlement of restricted stock units and performance units, stock purchases in connection with our Employee Stock Purchase Plan, and upon conversion of our notes. We cannot predict the size of future issuances or the effect, if any, that they may have on the market price for our common stock. This uncertainty may lead to increased volatility in our share price as investors speculate on the timing and impact of these issuances. The issuance and sale of substantial amounts of common stock or equity-linked securities, or the perception that such issuances and sales may occur, could adversely affect the trading price of our notes and the market price of our common stock and impair our ability to raise capital through the sale of additional equity or equity-linked securities. Additionally, any dilutive effect of such issuances might decrease the earnings per share and ownership interests of existing shareholders, potentially leading to further downward pressure on our stock price.

Certain provisions in our charter documents and Delaware law could discourage takeover attempts.

Our restated certificate of incorporation and amended and restated by-laws contain provisions that could have the effect of delaying or preventing changes in control or changes in our management without the consent of our board of directors, including, among other things:

•no cumulative voting in the election of directors, which limits the ability of minority stockholders to elect director candidates;

•the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;

•the exclusive right of our board of directors to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our board of directors;

•a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders;

•the requirement that a special meeting of stockholders may be called only by a majority vote of our board of directors or by stockholders holdings share of our common stock representing in the aggregate a majority of votes then outstanding, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors;

•the ability of our board of directors, by majority vote, to amend our by-laws, which may allow our board of directors to take additional actions to prevent a hostile acquisition and inhibit the ability of an acquirer to amend our by-laws to facilitate a hostile acquisition; and

•advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders' meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer's own slate of directors or otherwise attempting to obtain control of us.

These provisions might result in our stock trading at a lower price due to perceptions of decreased acquisition potential.

We are also subject to certain anti-takeover provisions under the General Corporation Law of the State of Delaware (the "DGCL"). Under Section 203 of the DGCL, a corporation may not, in general, engage in a business combination with any holder of 15% or more of its capital stock unless the holder has held the stock for three years or (a) our board of directors approves the transaction prior to the stockholder acquiring the 15% ownership position, (b) upon consummation of the transaction that resulted in the stockholder acquiring the 15% ownership position, the stockholder owns at least 85% of the outstanding voting stock (excluding shares owned by directors or officers and shares owned by certain employee stock plans) or (c) the transaction is approved by the board of directors and by the stockholders at an annual or special meeting by a vote of 66 2/3% of the outstanding voting stock (excluding shares held or controlled by the interested stockholder).

General Risk Factors

Current and future variants of COVID-19 and any economic difficulty they trigger could significantly harm our business.

The global spread of COVID-19 and its variants has created significant volatility, uncertainty, and economic disruption in the recent past, particularly for small- and mid-sized businesses. Many of our existing and prospective customers have experienced or could experience economic hardship caused by current and future variants of COVID-19. This could reduce the demand for our cloud services, delay and lengthen sales cycles, increase customer churn, force us to lower the prices for our services and/or provide customers with service credits, and lead to slower growth or even a decline in our revenue, operating results, and cash flows. The ongoing impact of COVID-19 on future demand for our services depends on numerous evolving factors, including: the duration and extent of the global spread of current and future COVID-19 variants; governmental, business, and individual actions that have been and continue to be taken in response to the current and future COVID-19 variants in different countries globally; the rate of vaccinations globally and the efficacy of available vaccines on current and future variants of the virus; the effect on our customers and customer demand and their ability to pay for our services; disruptions to third-party data centers and Internet service providers; and any decline in the quality and/or availability of our services. It is important to note that the shifting landscape of remote versus in-person work models could significantly alter demand patterns for our offerings, including the possibility that as businesses return to in-person work, the demand for some of our products could decline.

The ongoing impact of COVID-19 on macroeconomic conditions has at some periods also impacted the functioning of financial and capital markets, foreign currency exchange rates, and interest rates. If we need to access the capital markets, we face the risk of market volatility which may severely limit our ability to raise capital and there can be no assurance that financing may be available on attractive terms, if at all.

We may not be able to secure financing on favorable terms, or at all, to meet our future capital needs.

We may need to pursue financing in the future to make expenditures or investments to support the growth of our business (whether through acquisitions or otherwise) and may require additional capital to pursue our business objectives, respond to new competitive pressures, service our debt, and pay extraordinary expenses such as litigation settlements or judgments or fund growth, including through acquisitions, among other potential uses. Additional funds, however, may not be available when we need them on terms that are acceptable to us, or at all. We also face certain risks in the event of a sustained deterioration of financial market liquidity, as well as in the event of sustained deterioration in the liquidity, or failure, of our clearing, cash management and custodial financial institutions. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to grow and support our business and to respond to business challenges could be significantly limited.

Natural disasters, war, terrorist attacks, global pandemics, or malicious conduct, among other unforeseen events, could adversely impact our operations, could degrade or impede our ability to offer services, and may negatively impact our financial condition, revenue, and costs going forward.

Our cloud communications services rely on uninterrupted connection to the Internet through data centers and networks. Any interruption or disruption to our network, or the third parties on which we rely, could adversely impact our ability to provide service. Our network could be disrupted by circumstances outside of our control, including natural disasters, acts of war, terrorist attacks, global pandemics or malicious acts, among other unforeseen events, including, but not limited to, cyberattacks. For example, our headquarters, global networks operations center, and one of our third-party data center facilities are located in the San Francisco Bay Area, a region known for seismic activity. Also, global pandemics, such as the one caused by COVID-19, may restrict travel by personnel, reduce the availability of materials required to maintain data centers that support our cloud communication services, and could require us or our partner data centers and Internet service providers to curtail operations in certain geographic regions. Such an event may also impede our customers' connections to our network, since these connections also occur over the Internet, and would be perceived by our customers as an interruption of our services, even though such interruption would be beyond our control. The prolonged nature of such disruptions could also strain our operational resilience, affect employee productivity, particularly in regions heavily impacted by these disruptions, and might force a reassessment of our current operational and disaster recovery plans. Increased operational costs and changes in consumer behavior due to such events could further result in long-term shifts in our market and operational strategy. Any of these events could have a material adverse impact on our business, causing us to incur significant expenses, lose substantial amounts of revenue, suffer damage to our reputation, and lose customers.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

CYBERSECURITY

8x8 recognizes the critical importance of cybersecurity in maintaining the integrity, confidentiality, and availability of its systems and data. As a leading provider of communication and collaboration solutions, 8x8 is committed to safeguarding its assets, including customer data, from evolving cybersecurity threats.

NIST Framework Adoption:

8x8's cybersecurity program is aligned with the National Institute of Standards and Technology, or NIST, cybersecurity framework, a widely recognized set of guidelines for managing and mitigating cybersecurity risks. By leveraging the National Institute of Standards and Technology framework, 8x8 has implemented a comprehensive and structured approach to identifying, protecting, detecting, responding to, and recovering from cybersecurity incidents.

Governance Structure:

At 8x8, cybersecurity is integral to the enterprise-wide risk management program. The Chief Information Security Officer, or CISO holds a pivotal role in overseeing the Company's cybersecurity initiatives. The Company's Chief Information Security Officer has served in various security leadership roles, including at a Fortune 500 technology company, and is a Certified Information System Security Professional, or CISSP, and a Licensed Private Investigator, and completed Harvard University's Cybersecurity Managing Risk in 2021. He also held a United States Top Secret / Sensitive Compartmentalized Information, or TS/SCI, security clearance when he advised the White House, Pentagon, National Security Agency, Central Intelligence Agency, and Federal Bureau of Investigation on classified projects. Reporting directly to the Chief Legal Officer, who in turn reports to the CEO, the Chief Information Security Officer is empowered to lead the Executive Risk Management Committee. Through this committee, critical cybersecurity issues are monitored, addressed, and escalated as necessary.

Furthermore, the Chief Information Security Officer provides regular updates and presentations directly to the Board of Directors on cybersecurity matters. This direct line of communication ensures that the Board remains informed and engaged in understanding and managing cybersecurity risks facing the Company.

To enhance oversight and governance in this area, 8x8's Board of Directors has established the Technology & Cybersecurity Committee. This committee focuses specifically on the Company's technology, products, and cybersecurity program, providing strategic guidance and oversight to ensure alignment with business objectives and industry standard practices.

Reporting and Communication:

Transparent reporting and communication are key components of 8x8's cybersecurity program. Incidents are promptly reported to the Chief Information Security Officer, who is responsible for escalating to relevant stakeholders, including executive leadership, the internal disclosure committee, and the Board of Directors, as required. Regular communication channels ensure that stakeholders are kept informed of the Company's cybersecurity posture and any emerging threats or incidents.

Determining Potential Impact and Materiality of Cybersecurity Incidents:

8x8 conducts thorough assessments to determine the potential impact and materiality of cybersecurity incidents. 8x8’s Chief Information Security Officer is a member of 8x8’s internal disclosure committee emphasizing the importance of cybersecurity as part of 8x8’s disclosure controls and procedures. By evaluating factors such as the nature of the incident, the extent of data exposure, and potential regulatory implications, the Company assesses the significance of cybersecurity events, which helps it take appropriate measures to mitigate risks, minimize impact and properly report any material cybersecurity incidents.

Incident Response Plan (IRP) Implementation:

8x8 has developed and implemented a comprehensive Incident Response Plan, or IRP, to effectively manage cybersecurity incidents. The Incident Response Plan outlines clear reporting and escalation processes, delineating roles and responsibilities for incident response team members. The plan is regularly reviewed, tested, and updated to facilitate its effectiveness in mitigating and responding to cybersecurity threats promptly.

Integration with Overall Risk Management Program:

The cybersecurity program at 8x8 is fully integrated with the Company's overall risk management program through our Chief Information Security Officer's participation in such governance structures as the executive risk management committee, data protection committee, and internal disclosure committee and the incorporation of security in the Company’s overall compliance and enterprise risk management programs. By aligning cybersecurity initiatives with 8x8’s broader enterprise risk management initiatives, 8x8 pursues a holistic approach to identifying, assessing, and mitigating risks across the organization.

Risk Assessment and Identification:

8x8 conducts regular risk assessments to identify and prioritize cybersecurity risks. Through measures such as vulnerability assessments, and penetration testing, the Company identifies potential vulnerabilities and takes proactive steps to address them. 8x8 has also implemented technical, administrative and legal controls to manage our risk from third party service providers, including implementation of a third-party vendor risk management platform. See the sections entitled "Risks Related to our Products and Operations" and "Risks Related to Regulatory Matters" in Part I, Item 1A "Risk Factors" for more information on our cybersecurity risks.

Training and Awareness:

8x8 invests in comprehensive training and awareness programs to educate employees about cybersecurity best practices and their roles in safeguarding company assets. By promoting a culture of cybersecurity awareness, 8x8 strengthens its overall security posture and reduces the risk of human error leading to cybersecurity incidents.

Engagement with Third Parties:

8x8 collaborates with third-party auditors, consultants, and participates in bug bounty programs to enhance its cybersecurity capabilities. External audits and assessments provide independent validation of the effectiveness of 8x8’s cybersecurity controls, while bug bounty programs leverage the collective expertise of the cybersecurity community to identify and address potential vulnerabilities.

Conclusion:

8x8 prioritizes cybersecurity as a fundamental aspect of its operations and is dedicated to maintaining a robust cybersecurity program aligned with industry practices and regulatory standards. Through strong governance, risk management, and continuous improvement efforts, 8x8 aims to protect its systems, data, and stakeholders from cybersecurity risks.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
NKE	1 day, 5 hours ago
OPTT	1 day, 5 hours ago
ANGO	1 day, 5 hours ago
CTAS	1 day, 7 hours ago
RPM	1 day, 7 hours ago
CNXA	2 days, 2 hours ago
LW	2 days, 7 hours ago
HUDA	3 days, 3 hours ago
AXR	3 days, 4 hours ago
CALM	3 days, 5 hours ago
BUKS	3 days, 5 hours ago
NRAC	4 days, 1 hour ago
RGP	4 days, 5 hours ago
SING	1 week ago
CSBR	1 week ago
DRI	1 week ago
SCHL	1 week ago
GNLN	1 week, 1 day ago
AIR	1 week, 1 day ago
ABTI	1 week, 2 days ago
SHMP	1 week, 2 days ago
BXXY	1 week, 2 days ago
ACRG	1 week, 3 days ago
CARV	1 week, 3 days ago
FOMC	1 week, 3 days ago
KRFG	1 week, 3 days ago
GHMP	1 week, 3 days ago
GWTI	1 week, 3 days ago
VEII	1 week, 3 days ago
ZEST	1 week, 4 days ago
KITL	1 week, 4 days ago
ADMT	1 week, 4 days ago
ATAK	1 week, 4 days ago
BOTY	1 week, 4 days ago
DPLS	1 week, 4 days ago
FDX	1 week, 4 days ago
ECIA	1 week, 4 days ago
ATXG	1 week, 4 days ago
CRMT	1 week, 4 days ago
ELRE	1 week, 4 days ago
CAG	2 weeks, 1 day ago
KALV	2 weeks, 1 day ago
PAYX	2 weeks, 1 day ago
MEI	2 weeks, 1 day ago
BCRD	2 weeks, 1 day ago
FMHS	2 weeks, 2 days ago
ASPA	2 weeks, 2 days ago
STEK	2 weeks, 2 days ago
LEAI	2 weeks, 4 days ago
AIDG	3 weeks ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - EGHT

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - EGHT

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing