Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - OSCR

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. “Risk Factors” in this Annual Report on Form 10-K. The forward-looking statements in this Annual Report on Form 10-K are based upon information available to us as of the date of this Annual Report on Form 10-K, and while we believe such information forms a reasonable basis for such statements, such information may be limited or incomplete, and our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all potentially available relevant information. These statements are inherently uncertain and investors are cautioned not to unduly rely upon these statements.

You should read this Annual Report on Form 10-K, the documents that we reference in this Annual Report on Form 10-K, and the documents that we have filed as exhibits to this Annual Report on Form 10-K, with the understanding that our actual future results, levels of activity, performance, and achievements may be materially different from what we expect. We qualify all of our forward-looking statements by these cautionary statements. These forward-looking statements speak only as of the date of this Annual Report on Form 10-K. Except as required by applicable law, we do not plan to publicly update or revise any forward-looking statements contained in this Annual Report on Form 10-K, whether as a result of any new information, future events or otherwise.

Table of Contents

SUMMARY RISK FACTORS

Our business is subject to numerous risks and uncertainties, including those described in Part I, Item 1A. “Risk Factors” in this Annual Report on Form 10-K. You should carefully consider these risks and uncertainties when investing in our Class A common stock. The principal risks and uncertainties affecting our business include the following:

•Our ability to execute our strategy and manage our growth effectively (including our ability to successfully integrate strategic acquisitions);

•Our ability to retain and expand our member base;

•Our ability to accurately estimate our incurred medical expenses or overall market morbidity, or effectively manage our medical costs or related administrative costs;

•Unanticipated results of, or changes to, risk adjustment programs or our estimates thereof;

•Evolving federal or state laws or regulations (including any changes in the interpretation or enforcement of existing laws and regulations), including changes with respect to the Patient Protection and Affordable Care Act (“ACA”) and any regulations enacted thereunder, the expiration or potential renewal of the enhanced Advanced Premium Tax Credits (“eAPTCs”), the implementation of new program integrity rules, the potential funding of a cost-sharing reduction (“CSR”) program, or other government actions, such as the imposition of tariffs;

•Our ability to achieve or maintain profitability in the future;

•Our ability to arrange for the delivery of quality care and maintain good relations with brokers and the physicians, hospitals, and other providers within and outside our provider networks;

•Our ability to comply with ongoing, complex and evolving regulatory requirements, including capital reserve and surplus requirements and applicable performance standards;

•Changes or developments in the regulation of health insurance markets in the United States;

•Our, or any of our vendors’, ability to comply with laws, regulations, and standards related to the handling of information about individuals or applicable consumer protection laws, including as a result of our participation in government-sponsored programs;

•The ability of our health insurance and Health Maintenance Organization (“HMO”) subsidiaries (collectively, “Health Insurance Subsidiaries”) to make payments of dividends or distributions to us, including to fund our business strategy;

•Our ability to utilize quota share reinsurance to meet our capital and surplus requirements and protect against downside risk on medical claims;

•Adverse market conditions resulting in our investment portfolio suffering losses or reducing our ability to meet our financing needs;

•Unfavorable or otherwise costly outcomes of lawsuits, audits, investigations, and other third party claims that may arise from the extensive laws and regulations to which we are subject;

•Incurrence of data security breaches of our or our partners’ information and technology systems;

•Heightened competition in the markets in which we participate;

•Our ability to attract and retain qualified personnel;

•Uncertainties associated with our utilization of certain artificial intelligence (“AI”) and machine learning models;

•Our ability to detect and prevent material weaknesses or significant control deficiencies in our internal controls over financial reporting or other failure to maintain an effective system of internal controls; and

•Adverse publicity or other adverse consequences related to our dual class structure or “controlled company” status.

Before you invest in our Class A common stock, you should carefully consider all of the information in this Annual Report on Form 10-K, including matters set forth under the heading “Risk Factors.”

Table of Contents

PART I

Item 1. Business

OUR BUSINESS

Oscar is a leading healthcare technology company built around a full stack technology platform and a relentless focus on member experience. We offer health plans through the ACA serving individuals, families, and employees. We have been challenging the status quo in the healthcare system since our founding in 2012 and are dedicated to making a healthier life accessible and affordable for all. Our technology drives superior experiences, deep engagement, and high-value clinical care, earning us the trust of approximately 2.0 million effectuated members, as of December 31, 2025. Effectuated members are those who are actively enrolled in our plan and have either paid their premium or are within the grace period.

In addition to supporting our insurance business, our differentiated technology platform also powers both providers and payors through +Oscar. We offer Campaign Builder, an engagement and recommendation platform that leverages the wisdom from 13+ years of building the Oscar member experience. The platform leverages data and AI to identify high value opportunities for engagement and to deliver personalized interactions to improve care with real time reporting and analytics to measure key outcomes and insights.

In 2025, we also acquired early-stage businesses with capabilities to help us power Individual Coverage Health Reimbursement Arrangements (“ICHRA”) and further diversify the Company. These assets include Lucie, Inc. (f/k/a INSXCloud, Inc.), a direct enrollment technology platform; IHC Specialty Benefits, Inc., an individual market brokerage; and Healthinsurance.org, LLC, a consumer education website.

Our Offerings

Oscar’s innovative technology-enabled model - made up of Oscar’s insurance business, +Oscar platform, and brokerage services, and enrollment platform - is uniquely positioned to meet the rising expectations of individuals, families, brokers, employers and employees, as well as +Oscar clients.

Oscar's Insurance Business

Oscar's health plans are offered in the individual market. The individual market primarily consists of policies purchased by individuals and families through health insurance marketplaces, established by the ACA and operated by the federal government, as well as other marketplaces operated by individual states (collectively, “Health Insurance Marketplaces”). Individuals and families may also purchase policies in the individual market off-exchange. Employees whose employers have chosen to offer an ICHRA are also able to purchase Oscar’s health plans. Most ICHRA plans are purchased by employees off-exchange, although they may also be purchased through the Health Insurance Marketplaces.

We offer health plans in the individual market under the five metal plan categories defined by the ACA: Catastrophic, Bronze, Silver, Gold, and Platinum. These plans differ based on the size of the monthly premium and the level of sharing of medical costs between Oscar and our members. Our products help remove financial barriers to high-value services, with a focus on leveraging affordable care, clinical strategies, and our innovative business model, which collectively empower and incentivize our members to have better control of their health.

Table of Contents

Our premium rates, along with specific rate changes, are required to be approved by applicable state and federal regulatory agencies in accordance with the ACA. Additionally, various federal and state laws have minimum Medical Loss Ratio (“MLR”) requirements. MLR is defined as provided in Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Components of our Results of Operations—Medical Loss Ratio”. Risk adjustment is defined as provided in Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Recent Developments, Trends and Other Key Factors Impacting Performance—Risk Adjustment”.

+Oscar Platform

Oscar’s success is built upon our superior member engagement and robust technology platform. Through the +Oscar platform, we deploy our technology to power others throughout the healthcare system. Campaign Builder, our engagement and recommendation platform for providers and payors, leverages predictive analytics to identify high value opportunities for engagement and to deliver personalized interactions with real time reporting and analytics to measure key outcomes and insights. As of December 31, 2025, +Oscar currently serves nearly 0.6 million client lives on its Campaign Builder platform, in addition to the approximately 2.0 million members enrolled in Oscar health insurance.

Brokerage Services and Enrollment Platform

Through Lucie, Inc., one of only 11 CMS-approved solutions, we provide brokers and consumers a marketplace to shop, buy, and enroll in individual medical and supplemental health products. IHC Specialty Benefits, Inc. offers individual medical and supplemental health products across carriers in all 50 states and allows us to offer consumers the supplemental health products they typically buy with health insurance. We also are a resource for consumers looking for health insurance through Healthinsurance.org. We believe these capabilities are important building blocks to support our ICHRA strategy and our long-term strategy to build the leading consumer health marketplace.

Our Provider Contracts and Network

Our health plans include access to a network of high-quality physicians and hospitals, as well as a Care Team that supports members from finding a doctor to navigating costs. We work with technology-forward, high brand-recognition health systems, including some of the largest health systems in the U.S.

While we generally have a standard set of terms that we propose for our provider contracting relationships, each health market in which we operate is unique, and therefore our negotiated contract terms are specific to each market and health provider. For instance, the fee structures for these contracts vary, and can include fee-for-service arrangements, value-based incentives and payment structures, or payments on a capitation basis.

Membership

Markets

For the 2025 policy year, we offered coverage for individuals and families in 18 states. We regularly evaluate our markets for strategic fit and enter or exit markets accordingly. We have expanded our offerings to 20 states for 2026.

Concentration

We generate the vast majority of our total revenue from health insurance policy premiums. Premiums are collected directly from the Centers for Medicare & Medicaid Services (“CMS”) as part of the advanced premium tax credits (“APTC”) program, as well as from our members. For the year ended December 31, 2025, 93% of premiums were earned directly from CMS and 7% were from our members.

Table of Contents

Disaggregated membership information as of December 31, 2025 and 2024 is presented in the tables below:

(1)Represents total membership for our co-branded partnership with Cigna. We did not renew the Cigna+Oscar Small Group arrangement after its initial term ended on December 31, 2024.

(2)Represents effectuated members. Effectuated members are those who are actively enrolled in one of our plans and whose required premium payments have either been made or are within the payment grace period. A member covered under more than one of our health plans counts as a single member for the purposes of this metric.

Seasonality

Our business is generally affected by the seasonal patterns of our member enrollment, medical expenses, and health plan mix shift and policy design. Special Enrollment Periods (“SEP”) or other market dynamics that drive enrollment and/or mix changes throughout the year may impact the per member levels of premiums, claims, and/or risk adjustment transfers.

SEP refers to a period outside the Open Enrollment Period (“OEP”) when an eligible person can enroll in a health plan or make changes to an existing health plan. A person is generally eligible to participate in a SEP if certain qualifying life events occur, such as losing certain health coverage, moving, getting married, having a baby, or adopting a child or resulting from regulatory requirements.

Table of Contents

Members

Our membership is measured as of a particular point in time. Membership may vary throughout the year due to disenrollments, SEP, and other market dynamics that are in effect. Such dynamics may include but are not limited to enhancements, extensions, reductions or eliminations of APTCs; other legislative or regulatory actions, such as recent Congressional and CMS initiatives to improve the integrity in the ACA eligibility and enrollment processes and pre-enrollment verification procedures; individuals disenrolling before they become effectuated members or the removal of members for non-payment or by CMS in accordance with fraud, waste and abuse laws and regulations; Medicaid redeterminations; or other factors that may cause the overall market to grow or decline.

Claims Incurred

Our medical expenses are impacted by seasonal effects on medical costs, as members pay their contractual portion of claims responsibility, meeting their deductibles and out-of-pocket maximums over the course of the policy year, which shift more costs to us in the second half of the year as we pay a higher proportion of covered claims costs. Our medical expenses are also impacted by the number of days and holidays in a given period. Our medical and pharmacy costs can also exhibit seasonality depending on selection effects or changes in the risk profile of our membership and the proportion of our membership that is new in the calendar year. The emergence of medical and pharmacy claims is influenced by the aforementioned drivers, and further mix shifts may continue to alter claims incurred patterns in future periods.

Reinsurance

We believe our reinsurance agreements help us achieve important goals for our business, including risk management and capital efficiency. In XOL reinsurance, the reinsurer agrees to assume all or a portion of the ceding company’s losses in excess of a specified amount. Under XOL reinsurance, the premium payable to the reinsurer is negotiated by the parties based on losses on an individual member in a given calendar year and their assessment of the amount of risk being ceded to the reinsurer. In the case of federal and state-run reinsurance programs, no reinsurance premiums are paid.

OUR DIFFERENTIATED TECHNOLOGY PLATFORM

Oscar’s technology stack is purpose-built to empower the modern consumer throughout different stages of life. Since inception, Oscar has been focused on building our technological infrastructure and end-to-end experience.

Our technology platform provides members with a simple and intuitive consumer experience that enables them to take control of their healthcare decisions. The Oscar member experience begins with trust and engagement, which we earn by providing our members with features to help them navigate the many disconnected elements of the healthcare ecosystem. Our technology is fueling advancement in member engagement and stakeholder satisfaction by focusing on:

•Powering personalized engagement to drive real-time information flow based on cultural preferences and individual health needs to reduce member friction and improve retention.

•Leveraging AI enabled member and provider service touch points to provide high quality, impactful services at scale, including chatbots to answer health, wellness and insurance plan questions.

•Improving navigation by making it easier for members to receive high-value clinical care through enhanced digital tools and process automation.

•Solving key pain points that unburden providers by reducing administrative tasks, deepening network relationships, and enabling better care delivery for our members (e.g., digitizing provider-member interactions and automating clinical and administrative workflows).

Table of Contents

It is the combination of all these factors—trust, engagement, and personalized insights—that enables us to help members find quality care that helps them live the lives they want to live at rates they can afford. Our ability to deliver a high-value product, in turn, engenders more trust, engagement, and ability on our part to provide personalized, data-driven insights. We refer to this virtuous cycle as our member engagement engine.

It gives us the power to quickly build software in response to the evolving member and market needs and drive efficiency within our teams by continuously automating areas of our claims processing workflow. Today, this platform provides the foundation for our personalized data insight and analysis as well as our critical cost savings structure. As a result, engagement with our technology platform and customer satisfaction remains high, relative to industry average.

Our platform is an increasingly powerful force driving the performance of Oscar's insurance business – fueling growth, engagement, and operational efficiencies. AI and machine learning technologies (“AI Technologies”) have the potential to further power what we can do. We have embedded AI Technologies across many aspects of our technology stack, including: (i) automation to drive efficiencies in our administrative functions, including virtual care and claims processing, (ii) member personalization, to improve the quality of touchpoints members have with the healthcare ecosystem; and (iii) digital self-service and member-facing agent capabilities to facilitate care and improve the member experience.

OUR STRATEGIC FOCUS

Our long-term vision is to build the consumer marketplace of the future and lead the individual market. We built our strategy around several core trends in healthcare, including rising consumer and employer healthcare costs, consumerization, digitization, and the shift towards personalization. Over time, we have been observing the overall healthcare system move towards these trends, which not only validates our strategy, but provides us with a first mover advantage. We are now a scaled health insurer with approximately 2.0 million effectuated members as of December 31, 2025. We offer an exceptional member experience, high member engagement, innovative products and our own technology stack that we have built from end to end.

We continue to believe ICHRA will disrupt employer group coverage and expand individual insurance beyond the traditional ACA market. Our goal is to position Oscar as the preferred carrier for employees enrolling in health insurance through an ICHRA program. Employers can now offer defined contributions to their employees to access Oscar’s suite of products in the markets where Oscar offers health plans. We are partnering with a variety of ICHRA platforms to transition small-, mid- and large-sized employers to the individual market where their employees can choose an Oscar product that meets their individual needs. The businesses that we purchased in 2025, including Lucie, Inc. and IHC Specialty Benefits, Inc., provide important building blocks to support our ICHRA strategy and long-term vision to build the leading consumer health marketplace.

Our strategic priorities include: building an individual consumer health marketplace that prioritizes choice, quality, and affordability; driving accelerated market growth through expansion and local market excellence; running a great company with market-leading, sustainable, scalable operations; and continually investing in our superior consumer experience and bringing product innovation to the individual market.

Table of Contents

HUMAN CAPITAL RESOURCES

As of December 31, 2025, we had approximately 2,305 employees.

At Oscar, we are powered by people from varied and broad backgrounds, experiences, and industries. We foster a culture in which our employees share a common connection to our mission: they are passionate about making a frustrating healthcare system easier, more human, and better for everyone. These principles drive our core values:

1.What we do is a big deal. We’re solving problems that change and save lives.

2.Powered by people. Members above all. Developing and growing others is what raises the bar.

3.No genius without grit. Be relentless. Be scrappy. Trying and failing beats not trying and changing nothing.

4.Seek the truth. But never assume you’ve found it. Be scientific.

5.Inspire and provoke. Develop and display leadership at all levels. Fight to be the best.

6.Be transparent. Give and ask for direct feedback. Be grateful for and excited by the help of others.

7.Make it right. Admit your mistakes. Then learn from them. Never build alone.

Talent Recruitment and Retention

As a mission-driven company, we prioritize attracting and retaining qualified personnel who share our mission to make a healthier life affordable and accessible to all.

We compete to hire and retain highly talented individuals from all backgrounds, and we offer our employees compensation packages designed to be competitive and aligned with market best practices. We believe our compensation philosophy and practice, which is rooted in data and benchmarked to a cohort of peer and broader industry companies, is transparent, systematic, and equitable.

Health and Wellbeing

At Oscar, we believe that making a healthier life affordable and accessible to all begins with our own workforce, and we continually seek opportunities to optimize our employee offerings including events, activities, benefits, perks, and community support. Lastly, we recognize that individuals may need to take time away from work for various reasons, so we offer paid time off and leave packages to all full-time employees. This includes wellness days, parental leave, and sabbatical leaves for more tenured employees.

Building Community

We believe that having a varied and broad employee base empowers our community, drives better business outcomes, and ultimately allows us to better serve our members.

Table of Contents

Internally, we aim to promote a transparent, systematic approach to our human capital frameworks and operations. Specifically, with respect to compensation, all of our compensation decisions are rooted in benchmarking data and creating parity within like roles and we further reward employees based on performance, where it is warranted, in compliance with applicable federal and other laws and regulations. Our employees are able to view their total compensation package, including their salary band and leveling, which helps employees understand their pay and encourages proactive conversation between managers and employees. In 2025, we had nine ERGs which are open to all employees and focused on building community and awareness based on the values that are shared within those groups.

COMPETITION

We operate in a highly competitive environment in an industry subject to significant and ongoing changes, including business and hospital system consolidations, new strategic alliances, market pressures, scientific and technological advances in medical care and therapeutics, as well as regulatory and legislative challenges and reform both at the federal and state levels. This reform includes, but is not limited to, the federal and state healthcare reform legislation described under “—Government Regulation.” In addition, changes to the political environment may drive additional shifts in the competitive landscape.

We compete directly and through independent intermediaries to enroll new and retain existing members, as we currently derive substantially all of our revenue from direct policy premiums. We believe that our principal competitive features affecting our ability to retain and increase membership include the range and prices of health plans offered, breadth and quality of provider network, comprehensiveness of coverage, benefits and wellness programs, quality of service, and member experience, responsiveness to member needs, market presence, financial stability, and reputation.

As attracting new members depends in part on our ability to provide access to competitive provider networks, we compete in establishing such provider networks.

The relative importance of each of the competitive factors mentioned in the above paragraphs and the identity of our principal competitors for members and providers varies by market and geography. Our principal competitors in the individual market primarily consist of plans offered by national carriers, regional carriers, Medicaid-focused insurers offering Health Insurance Marketplaces products, and local Blue Cross plans.

SALES AND MARKETING

Our marketing and sales initiatives focus on member growth through three primary avenues: acquiring members through brokers, acquiring members directly through Health Insurance Marketplaces, and acquiring members directly through our digital platform. As a part of our ICHRA initiatives, we also partner with ICHRA platform companies to enroll employees in Oscar plans through their platforms.

The vast majority of our membership is acquired through the broker channel, and brokers typically use an EDE platform to enroll the members in plans offered on the Health Insurance Marketplace. Our digital engagement platform, a key element of our retention strategy, is used by brokers and consumers.

Enterprise marketing and sales strategies also include brand awareness campaigns, account-based marketing, business development initiatives, member communications that are focused on member acquisition, and member engagement. We also use the data generated in member support interactions to constantly refine and improve our marketing campaigns.

Table of Contents

INTELLECTUAL PROPERTY

We believe that our intellectual property rights are important to our business, and our commercial success depends, in part, on our ability to protect our core technologies, intellectual property and proprietary rights (such as source code, information, data, processes and other forms of information, know-how and technology). As of December 31, 2025, we exclusively owned four registered trademarks in the United States for our name and names used by our subsidiaries and have applied for five additional trademark registrations covering marks for parts of our business. In addition, we have registered domain names for websites that we use or may use in our business. As of December 31, 2025, we owned no issued patents or pending patent applications anywhere in the world, and therefore, we do not have patent protection for any of our proprietary technology, which includes our full stack technology platform, proprietary software, mobile application (“app”), or web portal. Copyright registrations, which have so far not been necessary, may be sought on an as-needed basis.

We seek to control access to and distribution of our proprietary information, including our algorithms, source and object code, designs, and business processes, through security measures and contractual arrangements. We seek to limit access to our confidential and proprietary information to a “need to know” basis and enter into confidentiality and nondisclosure agreements with our employees, consultants, members, vendors, and partners that may receive or otherwise have access to any confidential or proprietary information. We also obtain written invention assignment agreements from our employees and consultants that assign to us all right, interest, and title to inventions and work product developed during their employment or service engagement, respectively, with us. In the ordinary course of business, we provide our intellectual property to external third parties through licensing or restricted use agreements. For information on risks associated with our intellectual property rights, see Part I, Item 1A. “Risk Factors—Risks Related to our Business—Failure to secure, protect, or enforce our intellectual property rights could harm our business, results of operations, and financial condition.”

INFORMATION TECHNOLOGY

Our business is dependent on effective, resilient, and secure information systems that assist us in, among other things, monitoring utilization, and other cost factors, processing provider claims, providing data to our regulators, and implementing our data security measures.

As a result of such agreements, we have been able to reduce our administrative expenses over time, while improving the reliability of our information technology functions, and maintain targeted levels of service and operating performance. A segment of the infrastructure services is managed within our cloud platform, while other portions of the infrastructure services are managed externally by vendors. Our use of cloud service providers in particular is strategic, due to platform level redundancy in networking and computer hardware.

We have established a program of security measures intended to protect our computer systems from security breaches and malicious activity and have implemented controls designed to protect the confidentiality, integrity, and availability of data, including protected health information (“PHI”) and the systems that store and transmit such data. We have employed various technology and process-based methods, such as network isolation, intrusion detection systems, vulnerability assessments, penetration testing, use of threat intelligence, content filtering, endpoint security (including anti-malware and detection response capabilities), email security mechanisms, and access control mechanisms. We also use encryption techniques for data at rest and in transit.

Table of Contents

Our information systems and applications require continual maintenance, upgrading, and enhancement to meet our current and expected operational needs and regulatory requirements. We aim to regularly upgrade and expand our information systems’ capabilities. For information on risks associated with our information technology systems, see Part I, Item 1A. “Risk Factors—Risks Related to our Business—If we are unable to integrate and manage our information systems effectively, our operations could be disrupted” and”

GOVERNMENT REGULATION

General

Our operations are subject to comprehensive and detailed federal, state, and local laws and regulations throughout the jurisdictions in which we do business. These laws and regulations, which can vary significantly from jurisdiction to jurisdiction, restrict how we conduct our businesses and result in additional burdens and costs to us. Further, federal, state, and local laws and regulations are subject to amendments and changing interpretations in each jurisdiction. In addition, there are numerous proposed healthcare laws and regulations at the federal, state, and local levels. For information on risks associated with our regulatory framework, see Part I, Item 1A. “Risk Factors—Most Material Risks to Us—Any changes to the ACA and its regulations could materially and adversely affect our business, results of operations, and financial condition” and “Risk Factors—Risks Related to the Regulatory Framework that Governs Us.”

Supervisory agencies, including federal and state regulatory and enforcement authorities, have broad authority to:

•grant, suspend, deny, and revoke certificates of authority to transact insurance or licenses to operate as an agency or producer;

•regulate our products and services;

•regulate, limit, or suspend our ability to market and sell products, including the exclusion of our products from Health Insurance Marketplaces, and regulate any applicable commission structures;

•monitor our network of contracted providers to ensure we meet specific state and/or federal quality, adequacy, credentialing, availability and accessibility requirements on an ongoing basis and require regulatory assessment and approval annually as a condition of offering our products;

•approve premium rates;

•monitor our solvency and reserve adequacy;

•scrutinize our investment activities on the basis of quality, diversification, and other quantitative criteria;

•monitor adherence to EDE technical, operational, and monitoring requirements; and

•impose criminal, civil, or administrative monetary penalties, and other sanctions for non-compliance with regulatory requirements.

To carry out the above tasks, CMS, state insurance regulators and other agencies periodically examine our current and past business practices, financials, accounts and other books and records, operations and performance of our health plans, compliance with contracts, adherence to governing rules and regulations and the quality of care we provide to our members, including the quality, credentialing, availability and accessibility of contracted network providers. This information and these practices may be subject to routine surveys, mandatory data reporting and disclosure requirements, regular and special investigations and audits, and from time to time, we may receive subpoenas and other requests for information from government entities. The health insurance business also may be adversely impacted by court decisions that expand or invalidate the interpretations of existing statutes and regulations. It is uncertain whether we can recoup, through higher premiums or other measures, the increased costs caused by potential legislation, regulation, or court rulings.

Table of Contents

State Regulation of Insurance Companies and HMOs

Our Health Insurance Subsidiaries must obtain and maintain regulatory approvals to sell specific health plans in the jurisdictions in which they conduct business. The nature and extent of state regulation varies by jurisdiction, and state insurance regulators generally have broad administrative authority with respect to all aspects of the insurance business. The Model Audit Rule, where adopted by states, requires expanded governance practices, risk and solvency assessment reporting and the filing of periodic financial and operating reports. Most states have adopted these or similar measures to expand the scope of regulations relating to corporate governance and internal control activities of Health Insurance Entities. Some of our business activity is subject to other healthcare-related regulations and requirements, including utilization review, pharmacy service, or provider-related regulations and regulatory approval requirements.

In addition, we are regulated as an insurance holding company and are subject to the insurance holding company laws of the states in which our Health Insurance Subsidiaries are domiciled. Holding company laws and regulations generally require registration with applicable state departments of insurance and the filing of reports describing capital structure, ownership, financial condition, certain intercompany transactions, enterprise risks, corporate governance, and general business operations. In addition, state insurance holding company laws and regulations generally require notice or prior regulatory approval of certain transactions including acquisitions, material intercompany transfers of assets, and guarantees and other transactions between the regulated companies and their affiliates, including parent holding companies. These acts generally define “control” as the direct or indirect power to direct or cause the direction of the management and policies of a person and is presumed to exist if a person directly or indirectly owns or controls 10% or more of the voting securities of another person. Some state laws have different definitions or applications of this standard. Dispositions of control generally are also regulated under applicable state insurance holding company laws.

Most of our Health Insurance Subsidiaries are subject to requirements based on the National Association of Insurance Commissioners’ (“NAIC”) Risk-Based Capital For Health Organizations Model Act, with a few Health Insurance Subsidiaries subject to state-specific RBC requirements that are not based on, but function similarly to, the Model Act. These laws typically require increasing degrees of regulatory oversight and intervention if a company’s RBC declines below certain thresholds.”

Additionally, as a company that directly or indirectly controls insurers, we have an obligation to adopt a formal enterprise risk management (“ERM”) function and file enterprise risk reports on an annual basis. The ERM function and reports must address any activity, circumstance, event, or series of events involving the insurer that, if not remedied promptly, is likely to have a material adverse effect upon the financial condition or liquidity of the insurer, including anything that would cause the insurer’s RBC to fall below certain threshold levels or that would cause further transaction of business to be hazardous to policyholders or creditors, or the public.

Table of Contents

Ongoing Requirements and Changes to the ACA

The ACA significantly changed the United States healthcare system. While we anticipate continued changes with respect to the ACA, either through Congress, court challenges, executive actions, or administrative action, we expect the major portions of the ACA to remain in place and continue to significantly impact our business operations and results of operations, including pricing, minimum MLRs, administration of the risk adjustment program, and the geographies in which our products are available.

The ACA prohibits annual and lifetime limits on essential health benefits, member cost-sharing on specified preventive benefits, and pre-existing condition exclusions. The ACA allows individual states to choose to enact additional state-specific requirements that extend ACA mandates and some of the states where we operate have implemented higher MLR percentage requirements, lower tobacco user rating ratios, and different age curve variations. Changes to our business environment are likely to continue as elected officials at the national and state levels continue to enact, and both elected officials and candidates for election continue to propose significant modifications to existing laws and regulations. For information on risks associated with ACA and changes to ACA, see Part I, Item 1A. “Risk Factors—Most Material Risks to Us—Any changes to the ACA and its regulations could materially and adversely affect our business, results of operations, and financial condition.”

In general, the individual market risk pool that includes Health Insurance Marketplaces has changed significantly since its inception in 2014 and continues to exhibit risk volatility.

In addition, insurers have faced uncertainties related to federal government funding for various ACA programs. The ACA established significant subsidies to support the purchase of health insurance by individuals, in the form of APTCs, available through Health Insurance Marketplaces. APTCs are available to most individuals and families making between 100% and 400% of the federal poverty level (“FPL”). The eAPTCs expired at the end of 2025 and the pre-ARPA APTC structure has been reinstated. It is possible Congress may take action in 2026 to reinstate the eAPTC structure. For information on risks associated with the expiration and/or potential renewal of eAPTCs, see “Risk Factors—Most Material Risks to Us—Our success and ability to grow our business depend in part on retaining and expanding our member base. If we fail to add new members or retain current members, or manage our membership growth appropriately to meet our business objectives, our business, revenue, operating results, and financial condition could be harmed”, “—Failure to accurately estimate our incurred medical expenses or overall market morbidity, or effectively manage our medical costs or related administrative costs could negatively affect our financial position, results of operations, and cash flows” and “—Any changes to the ACA and its regulations could materially and adversely affect our business, results of operations, and financial condition.”

Further, implementation of the ACA brought with it significant oversight responsibilities by Health Insurance Entities that may result in increased governmental audits, increased assertions of alleged False Claims Act (“FCA”) liability, and an increased risk of other litigation.

Table of Contents

Federal regulatory agencies continue to modify regulations and guidance related to the ACA and Health Insurance Marketplaces more broadly. Some of the more significant ACA rules are described below:

•The minimum MLR threshold for the individual market, as defined by the U.S. Department of Health and Human Services (“HHS”), is 80%. Certain states require us to meet more restrictive MLR thresholds. These minimum MLR thresholds are based on definitions of an MLR calculation provided by HHS, or specific states, as applicable, and differ from our calculation of MLR based on premium revenue and benefit expense as reported in accordance with accounting principles generally accepted in the United States of America (“U.S. GAAP”). Definitions under applicable MLR regulations also impact insurers differently depending upon their organizational structure or tax status, which could result in a competitive advantage to some insurance providers that may not be available to us, resulting in an uneven playing field in the industry. Failure to meet the minimum MLR thresholds triggers an obligation to issue premium rebates to members.

•The ACA directed the HHS Secretary to develop a system that rates qualified health plans (“QHPs”), certified by the Health Insurance Marketplaces based on relative quality and price. As a QHP issuer, we must submit quality rating information in accordance with CMS guidelines as a condition of certification and participation in the Health Insurance Marketplaces. Our overall ratings, represented on a scale of 1.0 to 5.0 stars, are based on three categories: member experience, medical care, and plan administration.

•Federal regulations require premium rate increases to be reviewed for individual products above specified thresholds that may be adjusted from time to time and enrollees to be notified of the premium rate increase in advance. The regulations provide for state insurance regulators to conduct the reviews, except in cases where a state lacks the resources or authority to conduct the required rate reviews, in which cases HHS will conduct the reviews.

•Prior to the implementation of the ACA, Health Insurance Entities were permitted to use differential pricing based on factors such as health status, gender, and age. In addition, age rating under the ACA is limited to a 3:1 ratio for adults age 21 and older, and tobacco use rating is limited to a 1.5:1 ratio. States also may choose to enact more restrictive rules than the federal minimum standards.

•CMS administers an ACA risk adjustment program, which is a system designed to stabilize premiums across the market by redistributing funds from plans with relatively healthy members to plans with higher-risk members. Under the program, each plan is assigned a risk score based upon demographic information and current year claims information related to its members. Plans with lower than average risk scores relative to the estimated market average risk score, when applied to the statewide average premium, will have a risk adjustment payable into the pool. Inversely, plans with higher than average risk scores relative to the estimated market average risk score, when applied to the statewide average premium, will have a risk adjustment receivable from the pool. In addition, the CMS and the HHS Office of Inspector General (“HHS-OIG”) perform risk adjustment data valuation (“RADV”) audits of health insurance plans, sometimes years after the applicable payment year, to validate the coding practices of and supporting documentation maintained by healthcare providers, and such audits can result in retrospective adjustments to risk transfer payments.

•CMS has oversight of agents, brokers, and EDE entities, all of whom facilitate member enrollments in coverage in the Health Insurance Marketplaces. From time to time, CMS may issue regulations relating to administrative or operational requirements for these entities including but not limited to their licensure, program integrity requirements and processes to confirm eligibility of applicants. CMS has recently been increasingly focused on improving integrity in the eligibility and enrollment process and preventing unauthorized changes in consumer enrollments in the Health Insurance Marketplaces by agents and brokers, and we expect this focus to continue. During the second half of 2024, CMS enacted new measures to respond to increases in unauthorized changes in consumer enrollments by agents and brokers and to reduce consumer burdens related to unauthorized enrollments. While these measures are important to prevent unauthorized enrollments, they may also make it more difficult for individuals to complete valid enrollments in new plans, switch from one plan to another, or obtain APTCs. In addition, on June 25, 2025, CMS issued a rule that created stricter eligibility verification processes for APTCs, as

Table of Contents

well as other requirements related to ACA plan enrollment, including shorter OEPs and the suspension of certain SEPs (the “Program Integrity Rules”). On August 22, 2025, in connection with City of Columbus vs. Kennedy, in which the plaintiffs alleged certain provisions of the Program Integrity Rules are contrary to law, a federal district court in Maryland issued a nationwide stay on several provisions of the Program Integrity Rules pending a final ruling on the merits of the case. The stayed provisions were not in effect during the 2026 OEP. Many of the stayed provisions would have otherwise impacted enrollment processes and APTC eligibility during the 2026 OEP. For example, the court stayed the application of a $5 monthly premium to enrollees in $0 premium plans who do not actively reenroll during open enrollment. Provisions of the Program Integrity Rules unaffected by the stay became effective on August 25, 2025. Furthermore, on July 4, 2025, the President signed into law the One Big Beautiful Bill Act (the “OBBBA”) which, among other relevant matters, limits the eligibility of APTCs for certain populations, and requires additional verification procedures to confirm member eligibility for APTCs.

Medicaid redeterminations began on April 1, 2023 and CMS announced an SEP that began March 31, 2023 and ended November 30, 2024 to facilitate enrollment in the ACA by individuals who lost Medicaid coverage under the redetermination process. Our understanding is that in 2024 most states substantially completed the unwinding-related renewals for beneficiaries enrolled in Medicaid or the Children's Health Insurance Program (“CHIP”). We believe these Medicaid redeterminations contributed to increases in our membership in 2024; however, we do not believe that we experienced significant growth in our membership from the Medicaid redetermination process in 2025. We believe that members who have enrolled in the ACA through the Medicaid redetermination process have increased the overall morbidity of the Health Insurance Marketplaces.

The Notice of Benefit and Payment Parameters (“NBPP”) final rule is issued annually and contains comprehensive updates to ACA regulations. The NBPP for policy year 2026 was released on January 13, 2025, and the NBPP for policy year 2027 was proposed on February 9, 2026. QHP issuers on the Federal Marketplace have historically been permitted to offer unlimited non-standard plans. State Based Marketplaces have discretion on whether to impose limits on non-standard plans and approaches vary. In the NBPP for policy year 2024, CMS imposed a limit of four non-standardized plan options on the federal marketplace and in the NBPP for policy year 2025, CMS limited the number of non-standard plan options that QHP issuers may offer on the federal ACA marketplace to two per product network type, per metal level (excluding catastrophic plans). The rule also created an exceptions process for plans offered beyond the limit of two non-standardized plans if they provide twenty five percent reduced cost-sharing for chronic and high-cost condition benefits. This exceptions process provides a limited opportunity for innovation for products designed to serve members with chronic and high-cost condition benefits.The NBPP for policy year 2027 proposes to repeal non-standard plan limits. The NBPP for policy year 2027 also proposes additional provisions that, if enacted, could significantly impact the Health Insurance Marketplace. For more information see “Part I, Item 1, “Business–Government Regulation–Ongoing Requirements and Changes to the ACA”, and Part I, Item 1A. “Risk Factors-Any changes to the ACA and its regulations could materially and adversely affect our business, results of operations, and financial condition.”

Privacy, Confidentiality and Data Standards Regulation

The Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (together, “HIPAA”) and the administrative simplification provisions of HIPAA impose a number of requirements on covered entities (including Health Insurance Entities group health plans, certain providers, and clearinghouses) and their business associates relating to the use, disclosure and safeguarding of PHI. These requirements include uniform standards of common electronic healthcare transactions and privacy and security regulations, and unique identifier rules for employers, health plans, and providers.

Federal consumer protection laws may also apply in some instances to our privacy and security practices related to personally identifiable information.

Table of Contents

On December 27, 2024, HHS, through its Office for Civil Rights (“OCR”), issued a proposed rule to improve cybersecurity and better protect the U.S. health care system from a growing number of cyberattacks. The proposed rule would modify the HIPAA Security Rule to require health plans and payers (Health Insurance Entities), and most health care providers, and their business associates, to strengthen cybersecurity protections for individuals’ PHI. This proposed rule is the latest step taken by OCR to address more frequent cyberattacks targeting the U.S. health care system, consistent with the HHS Healthcare and Public Health critical infrastructure sector Cybersecurity Performance Goals.

We maintain an internal HIPAA compliance program, which is designed to comply with HIPAA privacy and security regulations, adapt to new requirements if finalized, and have dedicated resources to monitor compliance with this program.

In addition, Health Insurance Marketplaces are required to adhere to privacy and security standards with respect to personally identifiable information and to impose privacy and security standards that are at least as protective as those the marketplaces must follow. These standards may differ from, and be more stringent than, HIPAA.

The use and disclosure of certain data that we collect or process about or from individuals are also regulated in some instances by other federal laws, including the Gramm-Leach-Bliley Act (“GLBA”), and state statutes implementing GLBA, in connection with insurance transactions in the states where we operate. Additionally, in response to the growing threat of cyber-attacks in the insurance industry, certain jurisdictions, including New York, have begun to consider new cybersecurity measures, including the adoption of cybersecurity regulations. A number of states have enacted the Insurance Data Security Model Law or similar laws, and we expect more states to follow.

There are also numerous state and federal laws and regulations related to the privacy and security of health information. Laws in all 50 states require businesses to provide notices to affected individuals whose personal information has been disclosed as a result of a data breach, and certain states require notifications for data breaches involving individually identifiable health information. Most states require holders of personal information to maintain safeguards and take certain actions in response to a data breach, such as maintaining reasonable security measures and providing prompt notification of the breach to affected individuals and the state’s attorney general. For further discussion, see Part I, Item 1A. “Risk Factors—Risks Related to the Regulatory Framework that Governs Us—”

Furthermore, states have begun enacting more comprehensive privacy laws and regulations addressing consumer rights to data protection or transparency that may affect our privacy and security practices. These regulations include federal regulation on data interoperability requiring member data to be made available to third parties unaffiliated with Oscar, as well as federal regulations requiring hospitals and insurers to publish negotiated prices for services as well as the most accurate out-of-pocket cost estimate possible based on an individual’s health plan for procedures, drugs, durable medical equipment, and other items or services.

In addition, certain of our businesses are also subject to the Payment Card Industry Data Security Standard (“PCI-DSS”), which is a multifaceted security standard that is designed to protect credit card account data as mandated by payment card industry entities. We rely on vendors to assist us with PCI-DSS matters and to maintain PCI-DSS compliance. Our business and operations are also subject to federal, state, and local consumer protection laws governing the use of email and telephone marketing.

Table of Contents

Fraud, Waste and Abuse Laws and the False Claims Act

Because we receive payments from federal governmental agencies, we may be subject to various laws commonly referred to as “fraud, waste, and abuse” laws, including the federal Anti-Kickback Statute, the Physician Self-Referral Law (“Stark Law”), and the FCA. Violations of these laws can also result in exclusion, debarment, temporary or permanent suspension from participation in government healthcare programs, the institution of corporate integrity agreements (“CIAs”), and/or other heightened monitoring of our operations. Liability under such statutes and regulations may arise if, among other things, we knew, or it is determined that we should have known, that information we provided to form the basis for a claim for government payment was false or fraudulent, or that we were out of compliance with program requirements considered material to the government’s payment decision. Companies who receive funds from federal and state governmental agencies are required to maintain compliance programs to detect and deter fraud, waste, and abuse. Although our compliance program is designed to meet all statutory and regulatory requirements, our policies and procedures are frequently under review and subject to updates, and our training and education programs continue to evolve.

Fraud, waste, and abuse prohibitions encompass a wide range of activities, including, but not limited to, kickbacks or other inducements for referral of members or for the coverage of products (such as prescription drugs) by a plan, billing for unnecessary medical services by a healthcare provider, payments made to excluded providers, improper enrollments or manipulative practices and improper marketing and beneficiary inducements. The regulations, contractual requirements, and policies applicable to participants in government healthcare programs are complex and subject to change. Health Insurance Entities, as well as health insurance agencies and EDE entities, are required to maintain compliance programs to prevent, detect, and remediate fraud, waste, and abuse, and are often the subject of fraud, waste, and abuse investigations and audits.

In addition to the FCA, under the federal Civil Monetary Penalties Law, the HHS-OIG has the authority to impose civil penalties against any person who, among other things, knowingly presents, or causes to be presented, certain false or otherwise improper claims. There also is FCA liability for knowingly or improperly avoiding repayment of an overpayment received from the government and/or failing to promptly report and return such overpayment. Qui tam actions can be brought by private individuals (for example, a “whistleblower,” such as a disgruntled current or former competitor, member, or employee) on behalf of the government alleging that a company has defrauded the government, and the FCA permits the private individual to share in any settlement of, or judgment entered in, the lawsuit. Qui tam actions have increased significantly in recent years, causing greater numbers of healthcare companies to have to defend a false claim action, pay substantial settlement amounts, and/or enter into a CIA and/or other heightened monitoring arrangements to avoid exclusion from government healthcare programs as a result of an investigation arising out of such action. See Part I, Item 1A. “Risk Factors—Risks Related to the Regulatory Framework that Governs Us—We are subject to extensive fraud, waste, and abuse laws that may require us to take remedial measures or give rise to lawsuits, audits, investigations and claims against us, the outcome of which may have a material adverse effect on our business, financial condition, cash flows, or results of operations.”

Further, analogous state laws and regulations, such as state anti-kickback and false claims laws, which may apply to sales or marketing arrangements and claims involving healthcare items or services reimbursed by non-governmental third-party payors, including private insurers, may be broader in scope than their federal equivalents; state insurance laws require Health Insurance Entities, as well as health insurance agencies and EDE entities, to comply with state regulations.

Table of Contents

Guaranty Fund Assessments

Under certain state insolvency or guaranty association laws, Health Insurance Entities can be assessed for amounts paid by guaranty funds for policyholder losses incurred when a Health Insurance Entity becomes insolvent. Most state insolvency or guaranty association laws currently provide for assessments based upon the amount of premiums received on insurance underwritten within such state (with a minimum amount payable even if no premium is received). Under many of these guaranty association laws, assessments are made or adjusted retrospectively. The amount and timing of any future assessments cannot be predicted with certainty; however, future assessments may occur.

Corporate Practice of Medicine and Fee-Splitting Laws

Oscar Medical Group, which consists of five physician-owned professional corporations, functions as a direct medical service provider and, as such, our arrangements with Oscar Medical Group are subject to additional laws and regulations. Some states have corporate practice of medicine laws prohibiting specific types of entities from practicing medicine or employing physicians to practice medicine. Moreover, some states prohibit certain entities from engaging in fee-splitting practices which involve sharing in the fees or revenues of a professional practice. These prohibitions may be statutory or regulatory, or may be imposed through judicial or regulatory interpretation. The laws, regulations and interpretations in certain states have been subject to limited judicial and regulatory interpretation and are subject to change. See Part I, Item 1A. “Risk Factors—Risks Related to Our Business—We make virtual healthcare services available to our members through Oscar Medical Group, in which we do not own any equity or voting interest, and our virtual care availability may be disrupted if our arrangements with providers like the Oscar Medical Group become subject to legal challenges.”

AVAILABLE INFORMATION

Our website is www.hioscar.com. Through the “Investor Relations” section of our website (ir.hioscar.com), we make available free of charge a variety of information for investors, including our annual report on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and any amendments to those reports, as soon as reasonably practicable after we electronically file that material with or furnish it to the Securities and Exchange Commission (“SEC”).

We announce material information to the public about us, our products and services, and other matters through a variety of means, including filings with the SEC, press releases, public conference calls, webcasts and the investor relations section of our website in order to achieve broad, non-exclusionary distribution of information to the public and to comply with our disclosure obligation under Regulation Fair Disclosure.

The information disclosed by the foregoing channels could be deemed to be material information. As such, we encourage investors, the media, and others to follow the channels listed above and to review the information disclosed through such channels.

Except as specifically indicated otherwise, the information found or available by hyperlink on our website or any other outlets we identify from time to time is not and shall not be deemed to be part of this or any other report we file with, or furnish to, the SEC.

Table of Contents

Item 1A. Risk Factors

Our business involves a high degree of risk. You should carefully consider the risks and uncertainties described below, together with all of the other information contained in or incorporated by reference in this Annual Report on Form 10-K, including our audited Consolidated Financial Statements and related notes, as well as our other filings with the SEC. The occurrence of any of the events described below could harm our business, operating results, financial condition, liquidity, or prospects, and could cause our actual results to differ materially from historical results and those expressed in forward-looking statements made by us in filings with the SEC, press releases, communications with investors, and oral statements. In any such event, the market price of our Class A common stock could decline, and you may lose all or part of your investment. Additional risks and uncertainties not presently known to us, or that we currently deem immaterial, may also impair our business.

Most Material Risks to Us

Our business, financial condition, and results of operations may be harmed if we fail to execute our strategy and manage our growth effectively.

Our strategy includes, without limitation, acquiring new members, retaining existing members, introducing new products and plans, expanding into new markets and lines of business, and monetizing our technology through our +Oscar platform.

We may from time to time expand our membership by entering into new markets, introducing new health plans in the markets in which we currently operate, or entering into new lines of business. As we take these steps, we may incur significant expenses prior to commencement of operations and the receipt of revenue in new markets or from new plans, including significant time and expense in obtaining the regulatory approvals and licenses necessary to grow our operations. In addition, there are requirements and standards that need to be met, including in some cases an annual recertification process, in order to participate on Health Insurance Marketplaces. Even if we are successful in obtaining a certificate of authority, regulators may not approve our proposed benefit designs, provider networks, or premium levels, or may require us to change them or otherwise operate in ways that harm our profitability.

In certain states, the applicable statutes mandate higher capital requirements for an initial seasoning period, which may be reduced at the regulator’s discretion. We may not be able to fund on a timely basis, or at all, the increased contribution and RBC requirements with our available cash resources, and may need to incur indebtedness or issue additional capital stock. In the event we need access to capital for such purposes, our ability to obtain such capital may be limited and may come at significant cost. Further, in light of market uncertainty, we have taken, and may in the future take, preemptive steps designed to prudently manage our membership and capital position.

Table of Contents

Further, we may experience delays in operational start dates as we enter new markets or decide to exit geographic markets or terminate insurance products, which we have done historically from time to time, which could not only result in financial harm, but also reputational harm to our brand. In addition, if competitors seek to retain market share by reducing prices, we may be forced to reduce our prices on similar plan offerings in order to remain competitive. A reduction in our plan pricing may not enable us to maintain our competitive position, and any such reduction could impact our financial condition or require a change in our operating strategies. As a result of these factors, entering new markets or introducing new health plans may decrease our profitability.

We may also from time to time enter into new lines of business in which we have no or limited direct prior experience, or expand the insurance products that we offer. For example, we are working with a variety of ICHRA platforms to transition small, mid-sized and large employers to the individual market where their employees can choose an Oscar product that meets their individual needs.

To offer our +Oscar platform administrative services, we may be required to obtain and maintain licenses and approvals in new and existing markets, including for third party administrative services, utilization review administrative services, pharmacy benefit administration, or preferred provider network administration services. We may not be able to obtain and maintain such licenses and approvals on our expected timetable or at all, or to otherwise expand our administrative service offerings.

We may also pursue opportunistic partnerships and acquisitions to allow us to provide better healthcare options for our members as well as to augment existing operations, and we may be in discussions with respect to one or more partnerships or acquisitions at any given time. For example, in May 2025, we purchased 100% of the equity interests in three businesses operating in the individual market: Lucie, Inc., a CMS approved EDE entity, IHC Specialty Benefits, Inc., an insurance agency that sells individual medical and supplemental health products, and Healthinsurance.org, LLC, which operates online lead generation domains providing educational content for consumers navigating health insurance and the ACA marketplace.

Pursuing our strategy requires significant capital expenditures, the allocation of valuable management and operational resources, and the hiring of additional personnel, and may strain our operations, and our financial and management controls and reporting systems and procedures. For example, we have experienced, and may in the future experience, challenges with respect to our operations, including with respect to our claims systems, and these difficulties could increase as our membership increases and as we expand into new markets or business lines. We also have experienced and may in the future experience attrition, which may further exacerbate these challenges. If we are unable to effectively execute our strategy and effectively manage our operations, systems and controls, our results of operations and financial condition could be materially and adversely affected.

Our success and ability to grow our business depend in part on retaining and expanding our member base. If we fail to add new members or retain current members, or manage our membership growth appropriately to meet our business objectives, our business, revenue, operating results, and financial condition could be harmed.

We currently derive substantially all of our revenue from direct policy premiums, which are primarily driven by the number of members covered by our health plans. As a result, the size of our member base is critical to our success. We have experienced significant member growth since we commenced operations; however, we may not be able to maintain this growth or manage our membership growth appropriately to meet our business objectives, and our member base could decrease rapidly or shrink over time.

Table of Contents

There are many factors that could negatively affect our ability to retain existing members and expand our member base, many of which are beyond our direct control, including if:

•we are unable to remain competitive on member experience, pricing, and insurance coverage options;

•we are unable to gain access to quality providers;

•we are unable to develop or maintain competitive provider networks, or maintain adequate networks that comply with regulatory requirements and standards;

•insurance brokers that we rely on to build our member base are unable to market our insurance products effectively;

•we fail to attract brokers to sell our insurance products or lose important broker relationships to our competitors or otherwise, including in circumstances where we require brokers to use different enrollment services vendors;

•the eAPTCs under the ARPA are not renewed after 2025, or are otherwise eliminated or reduced, or other APTCs or subsidies under the ACA are eliminated or reduced;

•the eAPTCs are renewed, in whole or in part, in 2026;

•regulatory or legislative actions are implemented that impact the ACA market, including (i) actions to improve the integrity in the ACA eligibility and enrollment process, such as the CMS Program Integrity Rules and the OBBBA and (ii) if the federal government funds a CSR program;

•we increase pricing as a result of changes or developments in the Health Insurance Marketplaces, including as a result of increased morbidity in the market;

•we exit markets, or otherwise reduce or limit the plan offerings we offer within markets, as a result of regulatory or market dynamics;

•our competitors or new market entrants successfully mimic our innovative product offerings or our full stack technology platform;

•we are unable to maintain licenses and approvals, or there are material modifications or restrictions on our ability to offer insurance in our current markets or to participate on Health Insurance Marketplaces, obtain licenses and approvals to offer insurance in new markets, or to otherwise expand our plan offerings in an economically sustainable manner;

•we fail to continue to offer differentiated and competitive products, or there are regulatory actions that limit the types of plans that can be offered, such as the NBPP;

•initiatives designed to improve member and provider experience, including the use of AI technologies or other new technologies, are unsuccessful or discontinued, whether as a result of actions by us, our competitors, regulators, or other third parties;

•as a result of changes in law or otherwise, our competitors participate in the individual market to a greater extent than they have previously;

•there is an initiation of a new SEP, termination of an existing SEP, or other unexpected healthcare market developments, including in response to legislative, regulatory or political developments and executive orders;

•our digital platform experiences technical or other problems or disruptions that frustrate the experience of members or providers or other third-party partners;

•we or our partners or other third parties with whom we collaborate sustain a cyber-attack or suffer privacy or data security breaches;

•we experience unfavorable shifts in perception of our digital platform or other member service channels;

•we suffer reputational harm to our brand resulting from negative publicity, whether accurate or inaccurate;

•our strategic partners terminate or fail to renew our current contracts or we fail to enter into contracts with new strategic partners;

•members are removed by CMS in accordance with fraud, waste and abuse laws and regulations; or

•our efforts to partner with ICHRA platforms to transition small, mid-sized and large employers to the individual market where their employees can choose an Oscar product are not successful, or take significantly more time than expected to be successful.

Table of Contents

For example, CMS is increasingly focused on improving integrity in the Health Insurance Marketplaces eligibility and enrollment process, and we expect this focus to continue. During the second half of 2024, CMS enacted new measures to respond to increases in unauthorized changes in consumer enrollments by agents and brokers and to reduce consumer burdens related to unauthorized enrollments, and these measures may make it more difficult for members to enroll in new plans or switch from one plan to another. In addition, on June 25, 2025, CMS issued the Program Integrity Rules which, among other things, created stricter eligibility verification processes for APTCs, as well as other requirements related to ACA plan enrollment, including shorter OEPs and the suspension of certain SEPs. For instance, certain provisions that went into effect in August 2025 include a pause in the SEP for individuals making below 150% of the FPL. In addition, starting in 2026 with respect to policy year 2027, the rules will change the annual OEP for all individual market coverage to run from November 1 through December 15 preceding the coverage year, instead of through January 15 of the coverage year. Many of the provisions of the Program Integrity Rules would have impacted enrollment processes and APTC eligibility in the 2026 OEP, except that a federal district court in Maryland stayed certain provisions of the rules in connection with City of Columbus v. Kennedy. The court found that the plaintiffs were likely to succeed on the merits with respect to their claims that certain provisions were contrary to law or arbitrary and capricious and therefore stayed these provisions pending the outcome of the litigation. The stayed provisions included stricter income eligibility verification processes for APTCs, such as provisions requiring more frequent reconciliation of APTC eligibility against tax returns, which would have impacted the number of individuals that qualified for APTCs. In addition, the court stayed the provision imposing a $5 monthly premium on enrollees in $0 premium plans who do not actively reenroll during open enrollment, which would have effectively prevented automatic re-enrollment in the 2026 OEP. The stayed provisions were not in effect during the 2026 OEP, but may be in effect for future OEPs.

We expect the Program Integrity Rules could result in a number of individuals in states where we operate losing eligibility for APTCs and could therefore reduce the number of individuals enrolled in the Health Insurance Marketplace. Although the provisions stayed by the court in City of Columbus v. Kennedy were not effective for the 2026 OEP, the provisions that have taken effect, and/or the uncertainty caused by the stayed provisions, may still impact participation in the Health Insurance Marketplaces during 2026. In addition, we are unable to predict with certainty the outcome of this litigation, but if the stayed provisions are reinstated in 2026, they are expected to impact enrollment processes and APTC eligibility during the 2027 and other future OEPs

The OBBBA enacted several provisions that may impact the number of enrollees in Health Insurance Marketplaces and, by extension, the size of our member population. These include ending the APTCs for individuals who enroll in plans via the SEP with income below 150% of the FPL, prohibiting automatic re-enrollment for tax year 2028, and eliminating APTC eligibility for some formerly covered individuals (such as refugees and other immigrant populations). While we expect these provisions to result in a reduction in the number of enrolled individuals in the Health Insurance Marketplace, we cannot predict with certainty the magnitude of the impact on our membership or our business.

The Program Integrity Rules, as well as the OBBBA, could have a material impact on the Health Insurance Marketplaces and could also have a material impact on our membership, business, revenue, operating results, and financial condition.

Even though the eAPTCs expired at the end of 2025, it is possible that they could be renewed, but the timing of such a decision, and the manner in which the eAPTCs could be renewed, is uncertain and could occur in 2026, which could cause potential disruption and uncertainty for the 2026 OEP. Our failure to effectively anticipate, implement, and manage the operational and regulatory complexities associated with the extension of eAPTCs could also result in a negative member experience and make it difficult to manage membership changes effectively, and negatively affect our reputation, financial condition, and results of operations. If the eAPTCs are renewed, it is possible that a SEP would be initiated which could alter member mix and enrollment levels (including by allowing individuals who enrolled with us during open enrollment to switch to a competitor’s plan), as well as shift consumer behavior. Because these changes would likely occur with limited advance notice and implementation guidance, we may be required to quickly modify our systems, pricing, enrollment processes, and customer support operations to accommodate new eligibility rules, or marketplace workflows. Accelerated timelines increase the risk of operational errors, system disruptions, and member service issues, including delayed or incorrect premium billing, or data reconciliation challenges with federal and state marketplaces. Additionally, sudden enrollment surges may strain our customer service capacity, technology infrastructure, and third-party vendor relationships, potentially reducing service quality. While we are actively planning for various legislative and regulatory outcomes, including full or partial renewal, and have analyzed several operational pathways to mitigate these risks, these efforts may not be sufficient to prevent adverse impacts on our operations and financial results if the APTCs are renewed in whole or in part in 2026, or are renewed on unfavorable terms.

Table of Contents

CMS announced the resumption of periodic data matching operations at least twice per calendar year to decrease the number of people simultaneously enrolled in Medicaid/CHIP and a subsidized ACA health plan. These initiatives include sharing lists of dually-enrolled individuals with states and state-based exchanges, and for those dually enrolled in Medicaid/CHIP and a federally-facilitated exchange plan, directly notifying them so they can rectify their enrollment status. These provisions may result in a reduction in the number of enrolled individuals in the Health Insurance Marketplace, but we cannot predict with certainty the magnitude of the impact on our membership, overall market morbidity, or our business.

Many of our competitors also have relationships with more providers and provider groups than we do, and can offer a larger network or obtain better unit cost economics. Our inability to overcome these challenges could impair our ability to attract new members and retain existing members, and could have a material adverse effect on our business, revenue, operating results, and financial condition. Additionally, if we are not able to grow our membership, we may be unable to attract additional partners to our +Oscar platform or maintain existing +Oscar partnerships, which could impact our ability to execute our growth strategy.

We set our premiums in advance of each policy year based on competitive factors in each market in which we participate as well as projections of our future expenses and of the future morbidity of the Health Insurance Marketplace.

Numerous factors impact our ability to accurately estimate and control our medical expenses, including if the underlying data used as the basis for our estimates is incomplete or doesn’t correctly represent the health of our members. Furthermore, many of these factors are not within our control, including, but not limited to the items set forth below. In addition, many of the factors listed below may also impact our ability to estimate the future morbidity of the Health Insurance Marketplace:

•changes in healthcare regulations and practices, including subregulatory guidance, regulations, or statutes that govern individual plans, or the Health Insurance Marketplaces;

•the impact on the morbidity of our members or the broader market member population from ongoing regulatory actions, including actions to improve the integrity in the ACA eligibility and enrollment process (such as the Program Integrity Rules and the OBBBA), the expiration of eAPTCs in 2025, or the potential extension of eAPTCs, in whole or in part, in 2026, if the federal government funds a CSR program, and Medicaid redeterminations;

•increases in the costs of healthcare facilities and services, medical devices and supplies, pharmaceutical products and ingredients, including due to the introduction and adoption of new or costly medical technologies and pharmaceuticals, the impact of legislative or regulatory actions, including the imposition of tariffs on certain pharmaceuticals or other foreign imports, or macroeconomic inflationary effects;

•the impact on the morbidity of our members or the broader market member population from any shrinkage in the Health Insurance Marketplaces that results from price increases by us or our competitors;

•changes in purchase discounts or pharmacy volume rebates received from drug manufacturers and wholesalers, or the guaranteed minimum discounts or rebates we agree to with the pharmacy benefit manager that negotiates and collects such discounts and rebates on our behalf;

•continued increases in broker fees due to the proportion of broker-acquired business continuing to increase in line with the macro trend in the Health Insurance Marketplaces of fewer members signing up directly on exchanges;

•the broader competitive landscape, including new membership resulting from other Health Insurance Entities exiting our markets, reducing or eliminating plan offerings in our markets, or changing their pricing strategies, initiation of new SEPs and general expansion of the individual health insurance market;

•lack of credible data in new regions or with respect to new plan offerings or newly enrolling member populations;

•changes in the utilization of prescription drugs, medical services or other covered items or services, including changes in member utilization patterns ahead of potential lapses in coverage due to regulatory change (such as the expiration of the eAPTCs);

•changes in our member demographic mix, the geographic concentration of our members, and the distribution of members among our plans;

Table of Contents

•increased incidences or acuity of high dollar claims related to catastrophic illnesses or medical conditions, including claims for which we may not have adequate reinsurance coverage;

•changes to, or reductions of, our utilization management functions, such as preauthorization of services, concurrent review or requirements for physician referrals;

•the occurrence of natural disasters, terrorism, public health emergencies, major epidemics and pandemics; and

•provider or broker fraud.

For example, on December 15, 2026, one of our competitors in Georgia, Kaiser Foundation Health Plan of Georgia, Inc. (“Kaiser”), entered into a consent order with the Georgia Office of the Commissioner of Insurance (the “Georgia Regulator”) to suppress all of Kaiser’s plans from the Georgia Health Insurance Marketplace, effective as of January 16, 2026 (the “Suppression Order”). Because we have the next-lowest priced plans in the Georgia Health Insurance Marketplace, if the Suppression Order had remained in place, we might have acquired a disproportionate number of members who enroll after open enrollment, during an SEP. SEP members have historically had a higher overall medical loss ratio than members who enroll during open enrollment. Because an increased share of SEP members was not reflected in our premium rate assumptions for policy year 2026, the medical expenses, net of risk adjustment, for this population could have developed unfavorably relative to our original pricing expectations, which could have had a material negative impact on our financial condition, results of operations, and cash flows. We successfully challenged the Suppression Order through an administrative hearing procedure before the Georgia Regulator and the Suppression Order was permanently stayed. Kaiser may seek to pursue a legal challenge to the administrative decision, and if Kaiser is successful, the Suppression Order could be reinstated. If this were to occur, we could petition the Georgia Regulator to take additional actions to address the impact of the Suppression Order. These actions could include a petition to suppress our plans or revise our policy rates, but such petitions may be denied. We have also prepared mitigation plans, if needed, but those efforts may not be successful.

Medicaid redeterminations began on April 1, 2023 and CMS announced an SEP that began March 31, 2023 and ended November 30, 2024 to facilitate enrollment in the ACA by individuals who lost Medicaid coverage under the redetermination process. Our understanding is that in 2024 most states substantially completed the unwinding-related renewals for beneficiaries enrolled in Medicaid or CHIP. We believe these Medicaid redeterminations have previously contributed to increases in our membership in 2024; however, we do not believe that we experienced significant growth in our membership from the Medicaid redetermination process in 2025. We believe that members who have enrolled in the ACA through the Medicaid redetermination process have increased the overall morbidity of the Health Insurance Marketplace. However, we cannot predict ACA plan enrollment patterns and the potential impact of recent and future enrollments on market morbidity, and the related impact on our underwriting margin, risk adjustment payables and MLR is therefore uncertain.

Further, our inability to estimate our claims liability may also affect our ability to take timely corrective actions, further exacerbating the extent of any adverse effect on our results.

Even though the eAPTCs expired at the end of 2025, it is possible that they could be renewed, but the timing of such a decision, and the manner in which the eAPTCs could be renewed, is uncertain and could occur in 2026, which could cause potential disruption and uncertainty for the 2026 OEP. If eAPTCs are renewed, in whole or in part, failure to effectively anticipate, implement, and manage the regulatory and operational complexities could negatively affect our financial condition and results of operations. There are a number of scenarios that regulators could implement, such as requiring plans to refile rates, attempting to reduce premiums on a uniform basis, or requiring us to rebate a portion of our premiums to members or the federal government. Any of these efforts would need to be implemented in a highly compressed timeline, could strain our operational resources and lead to delays, errors, or increased costs, and increase the risk of pricing inaccuracies, margin compression, and/or that premiums are insufficient to cover the cost of our members’ medical expenses. The overall market disruption caused by this uncertainty could also create an unstable operating environment, making it challenging to accurately forecast enrollment and manage our financial outlook. While we are actively planning for various legislative and regulatory outcomes, including full or partial renewal, and have analyzed several operational pathways to mitigate these risks, these efforts may not be sufficient to prevent adverse impacts on our operations and financial results if the eAPTCs are renewed in whole or in part in 2026, or are renewed on unfavorable terms.

Table of Contents

We also incur substantial administrative costs, particularly distribution costs, the costs of scaling and improving our operations, and the costs of hiring and retaining personnel. Furthermore, regulatory changes or developments may require us to change our existing practices with respect to broker commissions and could potentially result in a substantial increase in related costs or limit our ability to manage those costs in the future. Any such increase in costs could cause our actual results to differ, potentially materially, from our prior expectations. As a result of our market expansion, expansion of our plan offerings and growth of our membership, our anticipated medical expenses and administrative costs are subject to additional uncertainty.

If it is determined that our estimates are significantly different from actual results, our results of operations and financial position could be adversely affected.

The result of risk adjustment programs may impact our revenue, add operational complexity, and introduce additional uncertainties that may have a material adverse effect on our results of operations, financial condition, and cash flows.

We reassess the estimates of the risk adjustment settlements each reporting period and any resulting adjustments are made to premium revenue.

The data that we rely upon to calculate these estimates includes data received from independent third parties. In addition, the data may be incomplete, can vary considerably from period to period, requires considerable judgment in interpretation, lacks context and provides limited insight. Moreover, our estimates are subject to change due to factors outside of our control, such as changes in legislation and regulations (including the expiration of the eAPTCs and the CMS program integrity rules), regulatory enforcement, enrollment in government health plans, inflation, market size, market morbidity, the actions of our competitors, and other uncertainties. Consequently, our estimates of our health plans’ risk scores for any period, our estimates of the risk scores for the markets in which we participate, and any resulting change in our accrual of risk adjustment transfers related thereto, has had a negative impact in the past and could in the future have a material adverse effect on our results of operations, financial condition, and cash flows. For example, in the second and third quarters of 2025, the Company received third party reports indicating that the ACA average market risk scores (a measure of market morbidity) were significantly higher than the overall market expectation, which resulted in the Company significantly increasing its estimated risk adjustment transfer payable for such quarters. In the fourth quarter, the Company received third party reports indicating that overall market morbidity had stabilized, but that the Company had lower-than-anticipated relative risk scores, which resulted in the Company increasing its estimated risk adjustment transfer payable as of December 31, 2025. Furthermore, a significant change in our risk adjustment transfer estimates could require us to contribute additional capital to our Health Insurance Subsidiaries to meet statutory capital requirements.

If the risk adjustment data we submit are found to incorrectly overstate the health risk of our members, we may be required to refund funds previously received by us and/or be subject to penalties or sanctions, including potential liability under the FCA, which could be significant and would reduce our revenue in the year that repayment or settlement is required. Further, if the data we provide to CMS incorrectly understates the health risk of our members, we might be underpaid for the care that we must provide to our members, which could have a negative impact on our results of operations and financial condition.

Table of Contents

Any changes to the ACA and its regulations could materially and adversely affect our business, results of operations, and financial condition.

For each of the years ended December 31, 2025 and 2024, approximately 98% of our revenue was derived from sales of health plans subject to regulation under the ACA, primarily comprised of policies directly purchased by individuals and families. Consequently, changes to, or repeal of, portions or the entirety of the ACA and its regulations, as well as judicial interpretations in response to legal and other constitutional challenges, could materially and adversely affect our business and financial position, results of operations, or cash flows. Even if the ACA is not amended or repealed, elected and appointed officials could continue to propose changes and courts could render opinions impacting the ACA, which could materially and adversely affect our business, results of operations, and financial condition.

These fluctuations could have a significant adverse effect on our business and future operations, and our results of operations and financial condition. Such market and political dynamics may result in unanticipated changes in the composition and risk level of the Health Insurance Marketplaces’ risk pool, which could negatively impact our underwriting margins.

Historically, there have been significant efforts to repeal, or limit implementation of, certain provisions of the ACA. Such initiatives include repeal of the individual mandate effective in 2019, as well as easing of the regulatory restrictions placed on short-term limited duration insurance and association health plans, some or all of which may provide fewer benefits than the traditional ACA-mandated insurance benefits. The ACA has also been subject to multiple judicial challenges surrounding its constitutionality. The current presidential administration and/or Congress could bring possible changes in federal regulations governing Health Insurance Marketplaces. For instance, in connection with the Congressional debate regarding the extension of the eAPTCs, there have been numerous proposals put forward which include additional structural changes to the ACA and/or program integrity provisions.

Furthermore, on January 15, 2026, the Trump administration announced “The Great Healthcare Plan,” which calls on Congress to act on a number of healthcare proposals, including shifting federal funds away from the eAPTCs previously sent to insurers, and providing them instead directly to eligible individuals; funding a CSR program; “plain English” standards for rate and coverage information; and increased transparency regarding certain financial metrics and claims denial rates. The plan currently exists as a broad framework, and does not yet include detailed legislative text or specific implementation mechanisms. If certain of these proposals were to be implemented, there could be a significant restructuring of the funding mechanisms of the ACA, which could lead to fluctuations in participation in the Health Insurance Marketplaces from individuals seeking insurance coverage, possible non-renewal of existing policies, and/or increased administrative complexity and costs. In addition, if Congress enacts a CSR program, as a result of the rating methodology and benchmark dynamics in the ACA, Silver plan premiums may decrease, which could result in lower APTCs and therefore higher net premiums for members purchasing Bronze or Gold plans. As a result, these members may face increased out-of-pocket premium costs compared to current levels, significantly limiting access to affordable coverage options. Reduced affordability could lead to lower enrollment across ACA plans, adversely affecting membership levels. Reductions in membership levels in the Health Insurance Marketplace could lead to higher market morbidity and therefore impact the risk adjustment program and MLR.

In addition, on February 9, 2026, HHS released the proposed NBPP for policy year 2027. The NBPP is a rulemaking proposal, and it is unknown whether the provisions proposed in the NBPP ultimately will be adopted, either in whole or in part, or what changes to the proposed provisions may ultimately be adopted in the final NBPP. However, the NBPP includes a number of proposed provisions that, if adopted, could significantly impact the Health Insurance Marketplace. For instance, certain of the proposed provisions could provide greater flexibility with respect to plan designs, but given the uncertainty around the final terms of the rule and the short timeline for implementation once finalized, we may or may not be able to take advantage of that flexibility, and in the event that our competitors are able to take advantage of that flexibility and we are not, this could put us at a competitive disadvantage. Certain aspects of the proposed provisions could also lead to new

Table of Contents

entrants entering the market, or otherwise create market instability. Furthermore, certain aspects of the proposed provisions could, among other things, impact member enrollment levels in the Health Insurance Marketplaces, including as a result of enhanced enrollment and eligibility requirements or reduction in the perceived value of plans due to an increase in member cost shares. Reductions in membership levels in the Health Insurance Marketplaces could lead to higher market morbidity and therefore impact the Company’s risk adjustment position and the Company’s MLR. In addition, once the NBPP rules are finalized, due to the short implementation period anticipated for these rules, we may fail to effectively anticipate, implement, or manage the regulatory and operational complexities involved in preparing for and adhering to the new standards. For more information, see Part I, Item 1, “Business–Government Regulation–Ongoing Requirements and Changes to the ACA”, and Part I, Item 1A. “Risk Factors-Most Material Risks to Us-Our success and ability to grow our business depend in part on retaining and expanding our member base. If we fail to add new members or retain current members, or manage our membership growth appropriately to meet our business objectives, our business, revenue, operating results, and financial condition could be harmed,” and “Risk Factors–Most Material Risks to Us–”

Because we rely on the Health Insurance Marketplaces, any significant changes to the ACA, or other changes in state or federal healthcare law and regulation, could materially and adversely impact our business, financial condition, and results of operations.

Table of Contents

We have a history of losses, and we may not achieve or maintain profitability in the future.

The year ended December 31, 2024 was the first time since our inception in 2012 that we achieved profitability on either a consolidated net income or Adjusted EBITDA basis. As of December 31, 2025 and December 31, 2024, we had an accumulated deficit of $3,294.4 million and $2,851.3 million, respectively. We have also taken actions to drive improved performance in our MLR and administrative expense ratio including exiting underperforming markets and optimizing our plan design portfolio to create greater balance towards profitable products. If our investments are not successful longer-term, our business and financial position may be harmed.

We may not succeed in increasing our revenue or managing our medical or administrative costs on the timeline that we expect or in amounts sufficient to reduce our net loss and ultimately become profitable again. Moreover, if our revenue declines, we may not be able to reduce costs in a timely manner because many of our costs are fixed, at least in the short-term. Accordingly, despite our best efforts to do so, we may not achieve or maintain profitability, and we may incur further significant losses in the future.

Risks Related to the Regulatory Framework that Governs Us

Our business activities are subject to ongoing, complex, and evolving regulatory obligations, and to continued regulatory review, which result in significant additional expense and the diversion of our management’s time and efforts. If we fail to comply with regulatory requirements, or are unable to meet performance standards applicable to our business, our operations could be disrupted or we may become subject to significant penalties.

We operate in a highly regulated industry and we must comply with numerous and complex state and federal laws and regulations to operate our business, including requirements to maintain or renew our regulatory approvals or obtain new regulatory approvals to operate as a Health Insurance Entity, health insurance agency or EDE entity.

Most states have adopted these or similar measures to expand the scope of regulations relating to corporate governance and internal control activities of Health Insurance Entities. We are also required to notify, or obtain approval from, federal and/or state regulatory authorities prior to taking various actions as a business, including making changes to our network, service offerings, and the coverage of our health plans, as well as prior to entering into relationships with certain vendors and health organizations. Delays in obtaining or failure to obtain or maintain these approvals could reduce our revenue or increase our costs. Existing or future laws and rules could also require or lead us to take other actions such as changing our business practices, and could increase our liability.

Table of Contents

The ACA implemented certain requirements for insurers, including a minimum MLR provision that requires insurers to pay rebates to consumers when insurers do not meet or exceed specified annual MLR thresholds, and anti-discrimination protections on the basis of race, color, national origin, sex, age, and disability, which may impact the manner in which Health Insurance Entities receiving any form of federal financial assistance design and implement their benefit packages. Additionally, there are numerous steps federal and state regulators require for continued implementation of the ACA including the annual federal updates to implementing market regulations via the NBPP. For example, we are required to monitor our network of contracted providers to ensure we meet specific state and/or federal quality, credentialing, availability, and accessibility requirements on an ongoing basis. Certain of the ACA requirements also govern the conduct of agents, brokers, and EDE entities, including standards related to consumer disclosures, privacy and security of personally identifiable information, consent and recordkeeping, marketing and communications, nondiscrimination, operational readiness, and compliance with CMS enrollment, eligibility, and reconciliation processes.

Healthcare accreditation entities, such as the National Committee for Quality Assurance (“NCQA”), evaluate health plans based on various criteria, including effectiveness of care and member satisfaction. If we fail to achieve and maintain accreditation from agencies, such as NCQA, we could lose the ability to offer our health plans on Health Insurance Marketplaces, or in certain jurisdictions, which would materially and adversely affect our results of operations, financial position, and cash flows. In addition, certain federal and state programs applicable to agents, brokers, and EDE entities require ongoing registration, certification, training, testing, and compliance with applicable CMS and state standards, and failure to maintain such status could limit or prevent our agency or EDE entity from operating.

In addition, in each of the markets in which we operate, we are regulated by the relevant insurance and/or health and/or human services, or other government departments that oversee the activities of insurance and/or healthcare organizations providing or arranging to provide services to Health Insurance Marketplaces’ enrollees or other beneficiaries. In October 2020, HHS issued a health transparency regulation which went into effect in July 2022 (the “Health Plan Transparency Rule”). The Health Plan Transparency Rule requires monthly disclosures of, among other things, detailed pricing information regarding our negotiated rates for all covered items and services with in-network providers and historical payments to, and billed charges from, out-of-network providers. Additional disclosures under the Health Plan Transparency Rule went into effect in 2023 (personalized out-of-pocket cost information and negotiated rates for specified healthcare items and services) and were expanded in 2024 (all items and services). Many states have enacted separate legislation addressing balance billing or surprise medical bills. These laws and regulations vary in their approach, resulting in different impacts on the healthcare system as a whole.

Table of Contents

Our subsidiaries must also comply with numerous statutes and regulations governing the sale, marketing, and/or administration of insurance. For example, the Mental Health Parity and Addiction Equity Act requires health insurance plans to cover mental health and substance use disorder treatments no more restrictively than medical/surgical care, meaning similar copays, deductibles, visit limits, and authorization rules. Given the complex nature of insurance regulation, we have in the past, and may in the future, misinterpret or misapply new laws and regulations, which could result in operational costs or financial impacts, as well as fines and penalties. Any such failures could also negatively impact our ability to service our existing +Oscar platform arrangements and enter into new arrangements.

Our business is within the public and private sectors of the U.S. health insurance system, which are evolving quickly and subject to a changing regulatory environment, and our future financial performance will depend in part on growth in the market for private health insurance, as well as our ability to adapt to regulatory developments.

The healthcare regulatory landscape can change unpredictably and rapidly due to changes in political party legislative majorities or executive branch administrations at the state or federal level in the United States and could, among other things:

•require us to restructure our relationships with providers within our network;

•require us to contract with additional providers at unfavorable terms;

•require us to cover certain forms of care provided by out-of-network providers at rates or levels indicated by rule or statute;

•require us to implement changes to our healthcare services and types of coverage, including the offering of standardized plans in addition to or in lieu of non-standardized benefit plan offerings, or prevent us from innovating and implementing technology solutions;

•require us to provide healthcare coverage to a higher risk population without the opportunity to adjust our premiums;

•require us to change our telehealth delivery methods and payment models;

•require us to implement costly processes and compliance infrastructure;

•require us to make changes that restrict revenue and enrollment growth;

•increase our sales, marketing, and administrative costs, including costs attributable to broker commissions;

•impose additional capital and surplus requirements, which may require us to incur additional indebtedness, sell capital stock, or access other sources of funding;

•make it more difficult to obtain regulatory approvals to operate our business or maintain existing regulatory approvals;

•prevent or delay us from entering into new service areas or product lines; and

•increase or change our liability to members in the event of malpractice by our contracted providers.

Changes and developments in the health insurance system in the United States and the states in which we operate could also reduce demand for our services and harm our business. For example, certain elected officials have introduced proposals for some form of a single public or quasi-public agency that organizes healthcare financing, but under which healthcare delivery would remain private, and certain states have proposed, and in some cases passed, legislation creating a public option for individual and small group plans.

As the regulatory and legislative environments within which we operate are evolving, we may not be able to ensure timely compliance with such changes, or we may not effectively or correctly operationalize such changes, due to limited resources.

Table of Contents

Furthermore, we may face challenges prioritizing the allocation of resources between implementing systems responsive to new legislative or regulatory requirements and focusing on growth-related operations.

As part of our normal operations, we collect, receive, use, maintain, handle, transmit, process, and retain, which collectively in this risk factor we refer to as “Process” or “Processing,” personal, medical, sensitive and other confidential information about individuals. We also depend on a number of third party vendors in relation to the operation of our business, a number of which process data on our behalf. We and our vendors are subject to various federal and state laws, regulations, rules, and industry standards and other requirements including those that apply generally to the handling of information about individuals, and those that are specific to certain industries, sectors, contexts, or locations. These laws and regulations include, among others, HIPAA, the CCPA/CPRA and similar comprehensive state privacy rules. These requirements, and their application, interpretation and amendment are constantly evolving and developing.

HIPAA imposes privacy, security and breach notification obligations on “covered entities,” including certain healthcare providers, health plans and healthcare clearinghouses, and their respective “business associates,” that Process individually identifiable health information for or on behalf of a covered entity, as well as their covered subcontractors with respect to safeguarding the privacy, security and transmission of individually identifiable health information. In order to comply with HIPAA’s requirements, we must maintain adequate privacy and security measures, which require significant investments in resources and ongoing attention.

A non-permitted use or disclosure of PHI is presumed to be a breach under HIPAA unless the covered entity establishes that there is a low probability the information has been compromised consistent with requirements enumerated in HIPAA. To the extent we are considered a business associate, we are also required to notify covered entity customers in the event of a PHI breach, and we could be contractually obligated to bear significant costs associated with breach notifications, remediation, and other financial and operational impacts of the breach. Ongoing review and oversight of these measures involves significant time, effort, and expense.

HIPAA also authorizes state Attorneys General to file suit on behalf of their residents. Courts may award damages, costs and attorneys’ fees related to violations of HIPAA in such cases. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for violations of HIPAA, its standards have been used as the basis for duty of care in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI.

The CCPA also provides for civil penalties for violations, as well as a private right of action for data breaches that may increase data breach litigation. The CPRA imposed additional obligations on companies covered by the legislation and significantly modified the CCPA, including by expanding consumers’ rights with respect to certain sensitive personal information. The CPRA also created a new state agency that is vested with the authority to implement and enforce the CCPA and the CPRA. Compliance with the CCPA and the CPRA may require us to modify our data collection or processing practices and policies and to incur substantial costs and expenses and may increase our potential

Table of Contents

exposure to regulatory enforcement and/or litigation. The CCPA and CPRA contain exemptions to which our business is subject, such as for medical information governed by the California Confidentiality of Medical Information Act, and for PHI collected by a covered entity or business associate governed by the privacy, security, and breach notification rule established pursuant to HIPAA; however, information we hold about individual residents of California that is not subject to such exceptions (or another applicable exception) would be subject to the CCPA and CPRA, such as workforce personal data. It also includes processing using website monitoring tools and third-party digital marketing services.

For example, laws similar to the CCPA and CPRA have passed in over a dozen states, including the Oregon Consumer Privacy Law which took effect on July 1, 2024, and the Minnesota Consumer Data Privacy Act which took effect on July 31, 2025, not all of which exempt Health Insurance Entities. Additional laws have been proposed in other states and at the federal level, reflecting a trend toward more stringent privacy legislation in the United States. Such legislation may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment of resources in compliance programs, impact strategies and the availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. Further, in order to comply with the varying state laws around data breaches, we must maintain adequate security measures, which require significant investments in resources and ongoing attention.

We are also subject to other laws, regulations and industry standards that govern our business practices, including the Telephone Consumer Protection Act (“TCPA”), which restricts the use of automated tools and technologies to communicate with wireless telephone subscribers or communications services consumers generally, the CAN-SPAM Act, which regulates the transmission of marketing emails, and the PCI-DSS, which is a multifaceted security standard that is designed to protect credit card account data as mandated by PCI-DSS entities. We may become subject to claims that we have violated these laws and standards, based on our or our vendors’ past, present, or future Processing business practices, and these claims, whether or not they have merit, could expose us to substantial statutory damages or costly settlements, which could have a material and adverse impact on our business and reputation, subject us to fines and/or require us to change our business practices.

The regulatory framework governing the Processing of certain information, particularly financial and other personal information, is rapidly evolving and is likely to continue to be subject to uncertainty and varying interpretations, including in the context of AI where regulators are applying existing frameworks to new technology and innovation. It is possible that these laws, regulations and standards may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our services and platform capabilities. We may face challenges in addressing current and evolving requirements and making necessary changes to our policies and practices, and may incur significant costs and expenses in our effort to do so. Any failure or perceived failure by us, or any third parties with which we do business, to comply with our posted privacy policies, changing consumer expectations, evolving laws, rules and regulations, industry standards, or contractual obligations to which we or such third parties are or may become subject, may result in actions or other claims against us by governmental entities or private actors, the expenditure of substantial costs, time and other resources or the incurrence of significant fines, penalties or other liabilities. If any of these events were to occur, our reputation, business, financial condition and results of operations could be materially adversely affected.

, IHC Specialty Benefits, Inc., and Healthinsurance.org, LLC, we may become subject to an increasingly complex array of data privacy and security laws and regulations, further increasing our cost of compliance and doing business, as well as clients’ expectations for privacy and security, which are relevant to our ability to compete in this market. Differing laws in each jurisdiction in which we do business and changes to existing laws and regulations may also impair our ability to offer our existing or planned features, products and services and increase our cost of doing business.

Table of Contents

We are subject to extensive fraud, waste, and abuse laws that may require us to take remedial measures or give rise to lawsuits, audits, investigations and claims against us, the outcome of which may have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Because we receive payments from federal governmental agencies, we are subject to various laws commonly referred to as “fraud, waste, and abuse” laws, including the federal Anti-Kickback Statute, the federal Stark Law, and the FCA. Liability under such statutes and regulations may arise, among other things, if we knew, or it is determined that we should have known, that information we provided to form the basis for a claim for government payment was false or fraudulent, or that we were out of compliance with program requirements considered material to the government’s payment decision.

In addition, CMS is increasingly focusing on allegedly fraudulent behavior by brokers. Our failure to take appropriate measures to refer cases of fraud, waste and abuse to the relevant authorities when we are required to do so may subject us to corrective actions, including regulatory enforcement, fines and penalties, adverse publicity and other effects that could materially harm our business. On February 9, 2026, we received a subpoena from the Congressional Committee on the Judiciary requesting certain documents in connection with their examination of potential APTC fraud in the Health Insurance Marketplace.

These audits could result in significant adjustments in payments made to our health plans, which could adversely affect our financial condition and results of operations. If we fail to report and correct errors discovered through our own auditing procedures or during a RADV or RAC audit, or otherwise fail to comply with applicable laws and regulations, we could be subject to fines, civil penalties or other sanctions which could have a material adverse effect on our ability to participate in these programs, and on our financial condition, cash flows and results of operations. On November 24, 2020, CMS issued a final rule that amends the RADV program by: (i) revising the methodology for error rate calculations beginning with the 2019 benefit year; and (ii) changing the way CMS applies RADV results to risk adjustment transfers beginning with the 2020 benefit year. According to CMS, these changes are designed to give insurers more stability and predictability with respect to the RADV program and promote fairness in how Health Insurance Entities receive adjustments. On June 12, 2025, CMS initiated the payment year 2019 Medicare Advantage RADV audits and expects to begin issuing payment year 2019 audit findings in mid-calendar year 2027. In addition, CMS will not apply an adjustment factor, known as a Fee-For-Service Adjuster, in RADV audits to account for potential differences in diagnostic coding between the Medicare Advantage program and Medicare fee-for-service program. The future impact of these changes remains unclear, and CMS and HHS-OIG policies and procedures for conducting RADV audits remain subject to change.

Table of Contents

The regulations, contractual requirements, and policies applicable to participants in government healthcare programs are complex and subject to change. Health Insurance Entities, as well as health insurance agencies and EDE entities, are required to maintain compliance programs to prevent, detect, and remediate fraud, waste, and abuse, and are often the subject of fraud, waste, and abuse investigations and audits. Moreover, many of the laws, rules, and regulations in this area have not been well-interpreted by applicable regulatory agencies or the courts. Additionally, the significant increase in actions brought under the FCA’s “whistleblower” or “qui tam” provisions, which allow private individuals to bring actions on behalf of the government, has caused greater numbers of healthcare companies to have to defend a false claim action, pay fines, or agree to enter into a CIA to avoid being excluded from Medicare and other state and federal healthcare programs as a result of an investigation arising out of such action. Health plans and providers often seek to resolve these types of allegations through settlement for significant and material amounts, even when they do not acknowledge or admit liability, to avoid the uncertainty of treble damages that may be awarded in litigation proceedings. Such settlements often contain additional compliance and reporting requirements as part of a consent decree or settlement agreement, including, for example, CIAs, deferred prosecution agreements, or non-prosecution agreements. If we are subject to liability under qui tam or other actions or settlements, our business, financial condition, cash flows, or results of operations could be adversely affected.

We anticipate continued scrutiny by the HHS-OIG and the DOJ in the areas of fraud, waste, and abuse, including the use of telehealth and telemedicine-based treatment, and we may be subject to audits, reviews and investigations of our telehealth coverage and payment practices and arrangements by government agencies.

Changes in laws, regulations or rules relating to taxes or tariffs could adversely affect us.

On July 4, 2025, the OBBBA was signed into law. In addition to the changes to the ACA discussed above, OBBBA included business tax provisions such as the reinstatement of rules related to the deductibility of research and experimental (“R&E”) expenditures and the reinstatement of bonus depreciation deductions for qualified property and modifications to EBITDA-based business interest expense limitations. Pursuant to the OBBBA’s transition rules, the Company elected to expense all unamortized, domestic R&E costs previously capitalized between 2022 and 2024. As the Company maintains a valuation allowance against its net deferred tax assets, including NOLs, this election resulted in no change to tax expense for the year ended December 31, 2025.

The Trump administration has indicated that tariffs may be imposed on a variety of products relevant to our business, including certain pharmaceutical products and ingredients and medical devices and supplies imported into the United States. Any such tariffs could result in higher costs for medical providers and facilities, higher pharmaceutical prices, higher costs of medical devices, and shortages of certain medicines and medical supplies. Shortages in medicines and supplies may also impact the health of our members, which in turn may result in higher medical costs. The substantial uncertainty regarding the potential imposition and implementation of tariffs could adversely impact our ability to accurately estimate and manage medical costs and expenses and adversely affect our results of operations and financial position.

Other changes in tax laws and the corporate tax rate, premium tax rate, or government spending cuts, could have significant impacts on our business, results of operations, financial condition and liquidity.

Table of Contents

Risks Related to our Business

If we are unable to arrange for the delivery of quality care, and maintain good relations with the physicians, hospitals, and other providers within and outside our provider networks, or if we are unable to enter into cost-effective contracts with such providers, or if we lose any of our limited number of in-network providers, our profitability could be adversely affected.

Our arrangements with healthcare providers generally may be terminated or not renewed by either party without cause upon prior written notice. Healthcare providers within our provider networks may not properly manage the costs of services, maintain financial solvency or avoid disputes with other providers or their federal and state regulators. Any of these events could have a material adverse effect on the provision of services to our members and our operations.

In any particular market or geography, physicians and other healthcare providers could refuse to contract, demand higher payments, demand favorable contract terms, initiate claims disputes (which disputes could become more voluminous as providers use AI to identify potential issues), or take other actions that could result in higher medical costs or difficulty in meeting regulatory or accreditation requirements, among other things. In some markets and geographies, certain healthcare providers, particularly hospitals, physician/hospital organizations, or multi-specialty physician groups, may have significant positions or near monopolies that could result in diminished bargaining power on our part during contract negotiations. Any such impacts might require us to incur costs to change our operations, place us at a competitive disadvantage, or materially and adversely affect our ability to market affordable products or to be profitable in those areas.

Providers may be unable or unwilling to pay liabilities owed to us under value-based care arrangements. Providers may also be unable or unwilling to pay claims they have incurred with third party providers in connection with referral services provided to our members. Depending on state law, we may be held liable for such unpaid referral claims even though the delegated provider has contractually assumed such risk, or we may opt to pay such claims even when we have no obligation to do so due to competitive pressures. Such liabilities incurred or losses suffered as a result of provider insolvency or other circumstances could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

In addition, from time to time, we are, and may in the future continue to be, subject to class action or other lawsuits by healthcare providers with respect to claims payment procedures, including the rate at which claims were reimbursed, reimbursement policies, network participation, or breach of contract allegations or similar matters, and such claims could increase as providers begin to use AI to identify claims disputes. Regardless of whether any such lawsuits brought against us are successful or have merit, they will be time-consuming and costly, and could have an adverse impact on our reputation. As a result, under such circumstances, we may be unable to operate our business effectively.

Table of Contents

Some providers that render services to our members are not contracted with our Health Insurance Subsidiaries. This allows us to work more closely with high quality healthcare systems that engage with us using our technology. That approach, however, makes it possible that our members will receive emergency services, or other services which we are required to cover by law or by the terms of our health plans, from providers who are not contracted with our Health Insurance Subsidiaries. In some states, and under federal law for our business subject to the No Surprises Act, the amount of compensation and/or process to dispute out-of-network reimbursement amounts is defined by law or regulation. Reimbursement for these out-of-network costs can be significant. The uncertainty of the amount to pay to such providers and the possibility of subsequent adjustment of the payment could materially and adversely affect our business, financial condition, cash flows, or results of operations.

We generally manage our provider contracts on a state-by-state basis, entering into separate contracts in each state with local affiliates of a particular provider, such that no one local provider contract receives a majority of our allowed medical costs for services rendered to our members. When aggregating the payments we make to each provider through its local affiliates, AdventHealth, HCA Healthcare, and Baptist Health South Florida accounted for a total of approximately 9%, 8% and 7%, respectively, of total allowable medical costs for the year ended December 31, 2025. Advent Health, HCA Healthcare, and University of Miami Hospital & Medical Group accounted for approximately 10%, 8% and 7%, respectively, of total allowable medical costs for the year ended December 31, 2024. We believe that a majority of our revenue will continue to be derived from direct policy premiums obtained from members who receive services from a concentrated number of providers. These providers may terminate or seek to terminate their contracts with us in the future. The sudden loss of any of our providers or the renegotiation of related provider contracts could adversely impact our reputation or the breadth of access and perceived quality of our provider networks, which could result in a loss of a membership that adversely affects our revenue and operating results.

Any such structure would require regulatory approval, and if regulators were to deny our requests, our ability to implement our business strategy or fund our operations would be harmed.

Table of Contents

We utilize quota share reinsurance to meet regulatory capital and surplus requirements and protect against downside risk on medical claims.

Our reinsurers are entitled to a portion of our premiums, but also share financial responsibility for healthcare costs incurred by our members. Our decisions on claims payments are binding on the reinsurer with the exception of any payments by us that are not required to be made under the member’s policy.

The amount of business ceded under our reinsurance arrangements can vary significantly from year to year. Because reinsurers are entitled to a portion of our premiums under our quota share reinsurance arrangements, changes in the amount of premiums ceded under these arrangements may directly impact our net premium and/or net income estimates.

If our reinsurers consistently and successfully dispute our obligations to make a claim payment under a given policy, if we cannot renegotiate renewals of our quota share reinsurance arrangements on acceptable terms, if reinsurers terminate their arrangements with us, if we are unable to enter into reinsurance arrangements with other reinsurers, or if our reinsurance arrangements are not approved by any of our regulators (or if our regulators take a different view, whether prospectively or retroactively, with respect to the capital treatment of our reinsurance agreements), we may need to raise additional capital to comply with applicable regulatory requirements, which could be costly. If we are not able to comply with our funding requirements, we would have to enter into a corrective action plan or cease operations in jurisdictions where we could not comply with such requirements. Termination of our reinsurance arrangements would also increase our exposure to volatility in medical claims. As a result, termination of our reinsurance arrangements through one or more of these scenarios could harm our business, results of operations, and financial condition.

While our financial reporting is based on U.S. GAAP, our ability to receive capital reserve credit for a particular state Health Insurance Subsidiary for our reinsurance agreements is determined by Statutory Accounting Principles, which are dependent upon state-specific laws and regulations, as interpreted and applied by state insurance regulators. In some states we are required to seek approval in advance of entering into reinsurance agreements; in others we are not, which means that we may learn of regulators’ concerns after the effective date of certain reinsurance agreements. From time to time, we include state-specific provisions in, or subsequently make state-specific amendments to, our reinsurance agreements to reflect capital reserve credit requirements imposed by particular state regulators, or may need to book additional reserves or liabilities to our Health Insurance Entity statutory financial statements to address regulatory requirements or standards. The net economic effect of such provisions, amendments or actions may not be commercially favorable, and in some instances we have chosen, and may in the future choose, not to enter into certain types of reinsurance agreements, not to seek statutory reserve credit under certain agreements, or to terminate existing agreements rather than include provisions or make amendments required by a particular state in order to receive statutory reserve credit. As described above, any such decision or action would result in an increase in required capital in our Health Insurance Subsidiaries, which may be material.

Reinsurance does not relieve us of liability as an insurer. If a reinsurer fails to meet its obligations under the reinsurance contract or if the liabilities exceed any applicable loss limit, we remain responsible for covering the claims on the reinsured policies. Additionally, our exposure under reinsurance arrangements may at times be disproportionately concentrated with a single reinsurer. Although we regularly evaluate the financial condition of reinsurers to minimize exposure to significant losses from reinsurer insolvencies, reinsurers may become financially unsound. If a reinsurer fails to meet its obligations or becomes financially unsound, we may have to cover the claims on such reinsured policies, which may be material.

Table of Contents

Adverse market conditions may result in our investment portfolio suffering losses or reduce our ability to meet our financing needs, which could materially and adversely affect our results of operations or liquidity.

The principal sources of our cash receipts are premiums, administrative fees, investment income, proceeds from borrowings and proceeds from the issuance of capital stock.

As a result, we may experience a reduction in value or loss of our investments, which could have a materially adverse effect on our results of operations, liquidity, and financial condition.

In addition, during periods of increased volatility, adverse securities and credit markets, including those due to rising interest rates, may exert downward pressure on the availability of liquidity and credit capacity for certain issuers. Similarly, our access to funds may be impaired if regulatory authorities or rating agencies take negative actions against us. If one or a combination of these factors were to occur, our internal sources of liquidity may prove to be insufficient and, in such case, we may not be able to successfully obtain additional financing on favorable terms, or at all.

From time to time, we may become involved in costly and time-consuming litigation and regulatory audits and actions, which require significant attention from our management.

From time to time, we are a defendant in lawsuits and the subject of regulatory actions, and are subject to audits, reviews, assessments and investigations relating to our business, including, without limitation, claims by members alleging failure to provide coverage or to pay for or authorize payment for healthcare, claims related to non-payment or insufficient payments for services by providers, including for alleged failure to properly pay in-network and out-of-network claims, claims under U.S. securities laws, claims related to breach of contract, employment related claims, claims of trademark and other intellectual property infringement or misappropriation, claims alleging bad faith or unfair business practices, challenges to the manner in which the Company processes claims, claims relating to sales, marketing and other business practices, inquiries regarding our submission of risk adjustment data, audits related to our compliance with network adequacy requirements, or compliance with Health Insurance Marketplace participation agreements or EDE standards, examinations relating to mental health parity compliance, enforcement actions by state regulatory bodies alleging non-compliance with state law, financial and market conduct examinations by state regulatory bodies, and claims related to the imposition of new taxes, including, but not limited to, claims that may have retroactive application.

We also may receive subpoenas and other requests for information from various federal and state agencies, regulatory authorities, state Attorneys General, committees, subcommittees, and members of the U.S. Congress and other state, federal, and international governmental authorities.

An unfavorable outcome could have a material adverse impact on our business and financial position, results of operations, and/or cash flows, and may affect our reputation and brand. Insurance may not cover such claims, may not provide sufficient payments to cover all of the costs to resolve one or more such claims, and may result in our having to pay significant fines, judgments, or settlements, which, if uninsured, or if the fines, judgments, and settlements exceed insured levels, could adversely affect our results of operations and cash flows, thereby harming our business.

Table of Contents

The regulations and contractual requirements applicable to us and other market participants are complex and subject to change, making it necessary for us to invest significant resources in complying with our regulatory and contractual requirements. Ongoing vigorous legal enforcement and the highly technical regulatory scheme mean that our compliance efforts in this area will continue to require significant resources, and we may not always be successful in ensuring appropriate compliance by our employees, consultants, or vendors, for whose compliance or lack thereof we may be held responsible and liable. Regulatory audits, investigations, and reviews could result in significant or material changes to our business practices, including increased capital requirements, and also could result in significant or material premium refunds, fines, penalties, civil liabilities, criminal liabilities, or other sanctions, including marketing and enrollment sanctions, suspension or exclusion from participation in government programs, imposition of heightened monitoring by our federal or state regulators, and suspension or loss of licensure if we are determined to be in violation of applicable laws or regulations. Any of these audits, reviews, or investigations could have a material adverse effect on our financial position, results of operations, or business, or could result in significant liabilities and negative publicity for the Company.

We own and manage some of these IT Systems but also rely on third parties for a range of IT Systems and related products and services, including but not limited to cloud computing services.

Hackers and data thieves are increasingly sophisticated and operating large-scale and complex automated attacks. Our IT Systems and Confidential Information are subject to a growing number of risks from hackers and other adversaries that threaten the confidentiality, integrity and availability of our IT Systems and Confidential Information; threat actors may be able to penetrate our IT Systems and misappropriate our Confidential Information or that of third parties, create system disruptions, or cause damage, security issues, or shutdowns. These threats are from diverse threat actors, such as state-sponsored organizations, opportunistic hackers and hacktivists, and from diverse attack vectors, such as social engineering/phishing, malware (including ransomware), malfeasance by insiders, human or technological error, viruses, worms, and as a result of malicious code embedded in open-source software or other vulnerabilities in commercial software that is integrated into our (or our suppliers’ or service providers’) IT Systems, products or services. Further, we may experience cyber-attacks and other security incidents that remain undetected for an extended period. As cyber threats continue to evolve, we may be required to expend additional resources to further enhance our information security measures, develop additional protocols and/or investigate and remediate any information security vulnerabilities.

Table of Contents

Our IT Systems, Confidential Information and facilities are also subject to compromise from internal threats such as accidental or improper action by employees, including malicious insiders, or by vendors, counterparties, and other third parties with otherwise legitimate access to our systems. In the past, we have experienced, and third-party service providers who process information on our behalf have experienced, and disclosed to applicable regulatory authorities, data breaches resulting in disclosure of Confidential Information. Although none of these data breaches have resulted in any material financial loss or penalty to date, future data breaches could require us to expend significant resources to remediate any damage, interrupt our operations and damage our reputation, subject us to state or federal agency review and could also result in regulatory enforcement actions, material fines and penalties, litigation or other actions which could have a material adverse effect on our business, reputation and results of operations, financial position, and cash flows. Additionally, our third-party service providers who process information on our behalf may cause security breaches for which we are potentially liable.

Moreover, we face the ongoing challenge of managing access controls in a complex environment. The process of enhancing our protective measures can itself create a risk of systems disruptions and security issues. Given the breadth of our operations, including through our +Oscar technology platform, and the increasing sophistication of cyber-attacks, a particular incident could occur and persist for an extended period of time before being detected. The extent of a particular cyber-attack and the steps that we may need to take to investigate the attack may take a significant amount of time and resources before such an investigation could be completed and full and reliable information about the incident is known. During such time, the extent of any harm or how best to remediate it might not be known, which could further increase the risks, costs, and consequences of a data security incident.

In addition, our IT Systems must be routinely updated, patched, and upgraded to protect against known vulnerabilities. The volume of new software vulnerabilities has increased substantially, as has the importance of patches and other remedial measures. In addition to remediating newly identified vulnerabilities, previously identified vulnerabilities must also be updated. We are at risk that cyber-attackers exploit these known vulnerabilities before they have been addressed. The complexity of our IT Systems, the increased frequency at which vendors are issuing security patches to their products, our need to test patches, and, in some instances, coordinate with third-parties before they can be deployed, all could further increase our risks.

As part of our normal operations, we and our partners and other third parties with whom we collaborate routinely collect, process, store, and transmit large amounts of Confidential Information, including PHI, subject to HIPAA and other federal and state laws and regulations, relating to our business and third parties, including our members, providers, and vendors. Any or all of the foregoing could materially harm our business, operating results, and financial condition. The CCPA, in particular, includes a private right of action for California consumers whose CCPA-covered personal information is impacted by a data security incident resulting from a company’s failure to maintain reasonable security procedures and, hence, may result in civil litigation in the event of a data breach impacting such information. Although we maintain insurance covering certain security and privacy damages and claim expenses, we may not carry insurance or maintain coverage sufficient to compensate for all liability and, in any event, insurance coverage would not address the reputational damage that could result from a security incident or any regulatory actions or litigation that may result. Applicable insurance may not be available to us in the future on economically reasonable terms or at all.

PCI-DSS contains compliance guidelines with regard to our security surrounding the physical and electronic storage, processing and transmission of cardholder data. If we or our service providers are unable to comply with the security standards established by banks and the payment card industry, we may be subject to fines, restrictions and expulsion from card acceptance programs, which could materially and adversely affect our business.

Table of Contents

We are subject to risks associated with our geographic concentration.

The states in which we operate that have the largest concentrations of revenues as of December 31, 2025 include Florida, Texas and Georgia. Due to the geographic concentration of our business, we are exposed to heightened risks of potential losses resulting from unfavorable changes in the regulatory environment for healthcare, increased competition, and other regional factors in these states. The occurrence of any of these factors could result in increased utilization or medical costs in these states or any other geographic area where our membership becomes concentrated in the future, and could therefore have a disproportionately adverse effect on our operating results. States experiencing such events may enact laws and regulations that require us to cover healthcare costs for members for which we would not typically be responsible, such as requiring us to relax prior authorization requirements, remove prescription drug refill limitations, and cover out-of-network care. In addition, as a result of our geographic concentration, we face heightened exposure to the other risk factors described herein to the extent such risk factors disproportionately materialize in or impact the regions in which our operations are concentrated.

We are subject to risks associated with outsourcing services and functions to third parties.

We contract with third-party vendors and service providers who help us administer our products and plans, as well as vendors who provide services to help with our internal administrative functions. For example, Oscar delegates pharmacy claims and network management to a pharmacy benefit manager, CVS/Caremark. CVS/Caremark negotiates with drug manufacturers, wholesalers and pharmacies the prices for pharmaceuticals used by our members, including related purchase discounts and volume rebates, and directly makes payments for the pharmaceuticals and collects related rebates on our behalf. We in turn negotiate amounts we pay directly to CVS/Caremark for the pharmaceuticals, as well as minimum guaranteed rebates that CVS/Caremark pays directly to us. We also contract with Optum to provide us with access to its network of behavioral health providers and manage behavioral health benefits for us. Vendors with whom we contract may not honor the terms of their agreements with us or perform their contractual obligations to our satisfaction or we may not be able to renew our existing contracts or enter into new contracts on a timely basis or under favorable terms, any of which could negatively impact our ability to service our members profitably in the future.

Some of these third-parties have direct access to our systems in order to provide their services to us and operate the majority of our communications, network, and computer hardware and software. Our operations depend on protecting the virtual cloud infrastructure hosted in AWS and GCP by maintaining its configuration, architecture, and interconnection specifications, as well as the information stored in these cloud platforms and which third-party internet service providers transmit.

Table of Contents

Our arrangements with third-party vendors and service providers may make our operations vulnerable if those third parties, either directly or through their subcontractors, fail to satisfy their obligations to us, including their obligations to maintain and protect the security and confidentiality of our information and data, or the information and data relating to our members or customers. We are also at risk of a data security incident involving a vendor or third party, which could result in a breakdown of such third party’s data protection processes or cyber-attackers gaining access to our infrastructure through the third party. To the extent that a vendor or third party suffers a data security incident that compromises its operations, we could incur significant costs and possible service interruption. For example, one of our vendors in the past experienced a data security incident which required us to devote significant time and resources towards assessing the impact on our operations and member data and to secure alternative vendor relationships, even though the incident was ultimately determined not to directly result in a breach of our members’ data. In addition, we may have disagreements with our third-party vendors or service providers regarding relative responsibilities for any such failures or incidents under applicable business associate agreements or other applicable outsourcing agreements. Any contractual remedies and/or indemnification obligations we may have for vendor or service provider failures or incidents may not be adequate to fully compensate us for any losses suffered as a result of any vendor’s failure to satisfy its obligations to us or under applicable law.

Violations of, or noncompliance with, laws and/or regulations governing our business or noncompliance with contract terms by third-party vendors and service providers could increase our exposure to liability to our members, providers, or other third parties, or could result in sanctions and/or fines from the regulators that oversee our business. In turn, this could increase the costs associated with the operation of our business or have an adverse impact on our business and reputation. Moreover, if these vendor and service provider relationships are terminated for any reason, we may not be able to find alternative partners in a timely manner or on acceptable financial terms, and may incur significant costs and/or experience significant disruption to our operations in connection with any such vendor or service provider transition. As a result, we may not be able to meet the full demands of our members or customers and, in turn, our business, financial condition, and results of operations may be harmed, and we could be subject to regulatory sanctions and fines and penalties. This could result in substantial costs or other operational or financial problems that could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Our success depends upon the continued service of Mark T. Schlosser and Mr. Kushner, the “Co-Founders”), the other members of our senior management team, highly-specialized technology and insurance experts, and key technical employees, as well as other highly qualified personnel. We also depend upon our continuing ability to identify, hire, develop, motivate, retain, and integrate additional highly skilled personnel to support our growth. If we are unable to attract and retain qualified personnel, our business and prospects may be adversely affected.

Our Chief Executive Officer, each of our Co-Founders, other members of our senior management team, specialized technology and insurance experts, key technical personnel, and other employees could terminate their relationship with us at any time. The loss of key personnel might significantly delay or prevent the achievement of our strategic business objectives and could harm our business. In addition, much of our essential technology and infrastructure are custom-made for our business by our personnel. The loss of key technology personnel, including members of management, as well as our engineering and product development personnel, could disrupt our operations and harm our business. We also rely on a number of highly-specialized insurance experts, the loss of any one of whom could also have a disproportionate impact on our business. We face significant competition for personnel across all areas of our business, and we may not be able to replace key personnel in a timely manner or at all.

Table of Contents

Our compensation arrangements, such as our equity award programs, may not always be successful in attracting new employees and retaining, motivating and incentivizing our existing employees. Job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. Fluctuations in the price of our Class A common stock may make it more difficult or costly to use equity compensation to hire new employees and to retain, motivate, and incentivize existing employees. Additionally, if and when the stock options or other equity awards are substantially vested, employees under such equity arrangements may be more likely to leave, particularly when the underlying shares have appreciated.

To attract and retain top talent, we will need to continue to offer competitive compensation and benefits packages, including equity compensation. We may also need to increase our employee compensation levels in response to competitor actions.

If we are unable to integrate and manage our information systems effectively, our operations could be disrupted.

The information gathered and processed by our information systems assists us in, among other things, generating forecasts used for strategic decisions and pricing, monitoring utilization and other cost factors, processing provider claims, detecting fraud, and providing data to our regulators. Our healthcare providers also depend upon our information systems for membership verifications, claims status, and other information. Our information systems and applications require continual maintenance, upgrading, and enhancement to meet our current and expected operational needs and regulatory requirements. If we underestimate the need to expand or experience difficulties with the transition to or from information systems or do not appropriately plan, integrate, maintain, enhance, or expand our information systems, we could suffer, among other things, operational disruptions, loss of existing members and difficulty in attracting new members, regulatory enforcement, and increases in administrative expenses. In addition, if our providers, brokers and members do not utilize the technology we deploy to them, we may not be able to efficiently and cost-effectively operate our business. Our ability to integrate and manage our information systems may also be impaired as the result of events outside our control, including acts of nature, such as earthquakes or fires, or acts of terrorism. Also, we may from time to time obtain significant portions of our systems-related or other services or facilities from independent third parties, which may make our operations vulnerable if such third parties discontinue such services or fail to perform adequately.

Our continued success is dependent on our systems, applications, and software continuing to operate and to meet the changing needs of our members and users. We rely on our technology and engineering staff and vendors to successfully implement changes to, and maintain, our systems and services in an efficient and secure manner. Like all information systems and technology, our website and online app may contain material errors, failures, vulnerabilities, or bugs, particularly when new features or capabilities are released, any of which could lead to interruptions, delays, or website or online app shutdowns, or could cause loss of critical data, or the unauthorized disclosure, access, acquisition, alteration or use of personal or other Confidential Information.

A significant impact on the performance, reliability, security, and availability of our systems, software, or services may harm our reputation and brand, impair our ability to operate, retain existing members, or attract new members, and expose us to legal claims and regulatory action, each of which could have a material adverse impact on our financial condition, results of operations, and growth prospects.

Table of Contents

We may face risks associated with our utilization of certain AI and machine learning models.

We are making, and plan to make in the future, investments in adopting AI Technologies across our business and across our technology stack. For example, in 2025, we launched Oswell, a personal AI agent designed to provide our members with on-demand support and doctors with data to improve care paths. As with many technological innovations, there are significant risks involved in developing, maintaining and deploying AI Technologies and our usage of, or investments in, AI Technologies may not always enhance our products or services or be beneficial to our business, including our efficiency or profitability.

There is a risk that AI Technologies could produce inaccurate or misleading content or other discriminatory or unexpected results or behaviors, such as hallucinatory behavior that can generate irrelevant, nonsensical, or factually incorrect results, all of which could harm our reputation, business, or relationships with our members. An unfavorable outcome could have a material adverse impact on our business and financial position, results of operations, and/or cash flows, and may affect our reputation and brand. New regulations and changes to existing regulations, and their interpretation and implementation, could impede our use of AI Technologies by limiting the way we use, or requiring us to change the way we use, AI Technologies and/or creating additional costs associated with compliance.

Our ability to continue to leverage AI Technologies is dependent on access to specific third-party software and infrastructure provided by a handful of vendors with leading AI Technologies. We cannot control the availability or pricing of third-party software and infrastructure, and if the models we currently use in connection with our AI Technologies become incompatible with our applications or unavailable for use, or if the providers of such models unfavorably change the terms on which their AI Technologies are offered or terminate their relationship with us, we could be required to expend time and resources to either find replacement vendors and/or to mitigate the impact to our business, and our business could be harmed.

For example, disruptions in public and private infrastructure resulting from such events could increase our operating costs and ability to provide services to our members. Additionally, as a result of these events, the premiums and fees we charge may not be sufficient to cover our medical and administrative costs, deferred medical care could be sought in future periods at potentially higher acuity levels, we could experience reduced demand for our services, and our workforce could be impacted, resulting in reduced capacity to handle demand for care.

For example, natural disasters, such as a major hurricane affecting Florida, Georgia, or Texas, could have a significant impact on the health of a large number of our covered members.

All of these conditions, and others, could have a significant impact on the health of the population of widespread areas. If one of the states in which we operate were to experience a large-scale natural disaster, a significant terrorist attack, or some other large-scale event affecting the health of a large number of our members,

Table of Contents

our covered medical expenses in that state would rise, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations. Government enactment of emergency powers in response to these public health crises could also disrupt our business operations, including by restricting pharmaceuticals or other supplies, and could increase the risk of shortages of necessary items or labor.

Even after a public health crisis has subsided, we may experience materially adverse impacts to our business as a result of its global economic impact. While the potential economic impact and the duration of any public health crisis may be difficult to assess or predict, such impact may have a material adverse effect on our business, results of operations, and financial condition.

We may not be able to utilize our net operating loss carryforwards (“NOLs”), to offset future taxable income for U.S. federal and state income tax purposes, which could adversely affect our cash flows.

As of December 31, 2025, we had federal income tax NOLs of $2.6 billion and state NOLs of $1.4 billion, which are currently subject to a full valuation allowance. The NOLs are available to offset our future taxable income, if any, prior to consideration of annual limitations that may be imposed under Section 382 of the U.S. Internal Revenue Code of 1986, as amended (the “Code”) or otherwise. State NOLs begin to expire in 2035.

We may be unable to use our NOLs if we do not generate sufficient positive earnings. We regularly assess potential NOL limitations under Section 382, and determined that an ownership change occurred in 2016; however, the corresponding limitation amount did not impact the ultimate pre-change NOL available for use. Another ownership change could limit our ability to utilize our NOLs existing at the time of the ownership change. To the extent we are not able to offset future taxable income with our NOLs, our cash flows may be adversely affected. Future regulatory changes could also limit our ability to utilize our NOLs.

Our limited operating history in an evolving industry makes it difficult to evaluate our current business performance, implementation of our business model, and our future prospects.

Due to this limited operating history and the rapid growth we have experienced since we began operations, there is greater uncertainty in estimating our operating results, and our historical results may not be indicative of, or comparable to, our future results. In addition, we have limited data to validate key aspects of our business model, including our growth strategy. For example, our efforts to partner with ICHRA platforms to transition small, mid- and large-sized employers to the individual market where their employees can choose an Oscar product may not be successful, take significantly more time than expected to be successful and/or incur significant or unexpected expense. Furthermore, we are a relatively new entrant in the third party services market and in the past have experienced challenges in developing this area of our business. We are unable to predict if we will always be able to effectively and consistently service our current +Oscar arrangements and any future +Oscar arrangements, which risk may increase over time as we enter into more material +Oscar arrangements. In addition, though we recently acquired new business lines, through our purchase of Lucie, Inc. and IHC Specialty Benefits, Inc., there is no guarantee that we will be able to effectively scale or achieve our strategic objectives with respect to those businesses. The data we collect may not provide useful measures for evaluating our business model. Moreover, partnerships, joint ventures or business lines we enter into in the future may not perform as well as historical expectations. Our inability to adequately assess our performance and growth could have a material adverse effect on our brand, reputation, business, financial condition, and results of operations.

If we experience material weaknesses or significant control deficiencies in the future, or otherwise fail to maintain effective internal control over financial reporting, our ability to comply with applicable laws and regulations and accurately and timely report our financial results, and our access to the capital markets, could be adversely affected.

We are a public reporting company subject to the rules and regulations established by the SEC and the New York Stock Exchange (“NYSE”). These rules and regulations require, among other things, that we establish and periodically evaluate procedures with respect to our internal control over financial reporting.

Table of Contents

In addition, as a public company, we are required to document and test our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act so that our management can certify as to the effectiveness of our internal control over financial reporting. Section 404(a) of the Sarbanes-Oxley Act, or Section 404(a), requires that management assess and report annually on the effectiveness of our internal control over financial reporting, and our independent registered public accounting firm issue an annual report that addresses the effectiveness of our internal control over financial reporting. Designing and maintaining adequate internal financial and accounting controls and procedures that enable us to produce accurate financial statements on a timely basis is a costly and time-consuming effort.

We have in the past identified, and may in the future identify, material weaknesses. If we cannot remediate future material weaknesses or significant deficiencies in a timely manner, or if we identify additional control deficiencies that individually or together constitute significant deficiencies or material weaknesses, our ability to accurately record, process, and report financial information and our ability to prepare financial statements within required time periods, could be adversely affected.

Additionally, ineffective internal control over financial reporting could expose us to an increased risk of financial reporting fraud and misappropriation of assets and subject us to potential delisting from the NYSE or to other regulatory investigations and civil or criminal sanctions.

Significant delays in our receipt of direct policy premiums, including as a result of regulatory restrictions on policy cancellations and non-renewals, could have a material adverse effect on our business, operations, cash flows, or earnings.

We may not receive premiums in advance of or by the end of a given coverage period. Moreover, actions taken by state and federal governments could increase the likelihood of delay in our receipt of premiums. For example, in early responses to the COVID-19 pandemic, state insurance departments, including in states in which we operate, issued guidelines, recommendations, and moratoria around policy cancellations and non-renewals due to non-payment.

Payments from government payors may be delayed in the future, which, if extended for any significant period of time, could have a material adverse effect on our results of operations, financial condition, cash flows or liquidity. In addition, delays in obtaining, or failure to obtain or maintain, governmental approvals, or moratoria imposed by regulatory authorities, could adversely affect our revenues or membership, increase costs or adversely affect our ability to bring new products to market as forecasted.

We make virtual healthcare services available to our members through Oscar Medical Group, in which we do not own any equity or voting interest, and our virtual care availability may be disrupted if our arrangements with providers like the Oscar Medical Group become subject to legal challenges.

Statutes and regulations, including the interpretation and enforcement of such statutes and regulations, relating to the corporate practice of medicine, fee-splitting between physicians and referral sources, and similar issues, vary widely from state to state. Many of the laws, rules, and regulations with respect to corporate practice of medicine are ambiguous and have not been well-interpreted by applicable regulatory agencies or the courts. Moreover, changes can be made to existing laws, regulations, or interpretations, or new laws can be enacted or adopted, which could cause us to be out of compliance with these requirements.

Table of Contents

Our wholly owned subsidiary, Oscar Management Corporation, has management services agreements with five physician-owned professional corporations, known collectively as the Oscar Medical Group. We consolidate the professional corporations into our financial results because under applicable rules we have determined that we have a controlling financial interest in these corporations. This physician also serves as a consultant to Oscar Management Corporation. Under the terms of the management services agreements between Oscar Management Corporation and the Oscar Medical Group, the Oscar Medical Group retains sole responsibility for all medical decisions, as well as for hiring and managing physicians and other licensed healthcare providers, developing operating policies and procedures, and implementing professional standards and controls. Despite the management services agreements and other arrangements we have with Oscar Medical Group, regulatory authorities and other parties may assert that we are engaged in the prohibited corporate practice of medicine, that our arrangements with Oscar Medical Group constitute unlawful fee-splitting, or that other similar issues exist. If that were to occur, we could be subject to civil and/or criminal penalties, our agreements could be found legally invalid and unenforceable (in whole or in part), or we could be required to terminate or restructure our contractual arrangements, any of which could have a material adverse effect on our results of operations, financial position, or cash flows. State corporate practice of medicine and fee-splitting prohibitions may impose penalties on healthcare professionals for aiding in the improper rendering of professional services.

While we expect that our relationship with the Oscar Medical Group will continue, a material change in our relationship with the Oscar Medical Group, whether resulting from a dispute among the entities or the loss of these relationships or contracts with the Oscar Medical Group, may temporarily disrupt our ability to provide virtual healthcare services to our members and could harm our business.

Failure to secure, protect, or enforce our intellectual property rights could harm our business, results of operations, and financial condition.

However, there are steps that we have not yet taken to protect our intellectual property. For example, we do not have any patents, which limits our ability to deter patent infringement claims by competitors and other third parties who may hold or obtain patents.

Our existing intellectual property, and any intellectual property granted to us, or that we otherwise acquire in the future, may be contested, circumvented, or invalidated. Some license provisions that protect against unauthorized use, copying, decompiling, transfer, and disclosure of our technology may be unenforceable under the laws of certain jurisdictions and foreign countries, and the remedies for such events may not be sufficient to compensate for such breaches. We enter into confidentiality and invention assignment agreements with our employees and consultants, and enter into confidentiality agreements with our third-party providers and strategic partners. These agreements may be breached, and may not be effective in controlling access to, and use and distribution of, our platform and proprietary information. Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our offerings. Additionally, certain unauthorized use of our intellectual property may go undetected, or we may face legal or practical barriers to enforcing our legal rights even where unauthorized use is detected. If we are unable to prevent the unauthorized use or exploitation of our intellectual property, the value of our brand, content, and other intangible assets may be diminished, competitors may be able to more effectively mimic our service and methods of operations, the perception of our business and service to members, and potential members, may become confused, and our ability to attract customers may be adversely affected. Any inability or failure to protect our intellectual property could adversely impact our business, results of operations, and financial condition.

Table of Contents

We have registered, or applied to register, those trademarks that we believe are important to our business, but to date we have not filed patent applications to protect our innovations and proprietary technology. If in the future we decide to file patent applications to protect our innovations and proprietary technology, we do not know whether they would result in the issuance of a patent, or effective copyrights, in our content and proprietary coding, as applicable, or whether the examination process will require us to narrow any proposed patent claims. The applications we file may not result in issued patents, and if patents are issued as a result, they may not allow us to receive competitive advantages or effectively block competitors creating competing technology. In addition, given the costs, effort, and risks of obtaining patent protection, including the requirement to ultimately disclose the invention to the public, we continue to choose not to seek patent protection.

While software and other of our proprietary works may be protected under copyright law, we have not registered any copyrights in these works, and instead, we primarily rely on protecting our software as a trade secret and through contractual protections. In order to bring a copyright infringement lawsuit in the United States, the copyright must first be registered. Accordingly, the remedies and damages available to us for unauthorized use of our software or other proprietary works may be limited to those available in connection with trade secret misappropriation and breach of contract actions.

We currently hold various domain names relating to our brand, including HiOscar.com. We also engage a third-party vendor to monitor for fictitious sites that may purport to be us. Failure to protect our domain names could adversely affect our reputation and brand, and make it more difficult for users to find our website and our online app. We may be unable, without significant cost or at all, to prevent third parties from diverting traffic from our domain names or acquiring domain names that are similar to, infringe upon, or otherwise decrease the value of our trademarks and other proprietary rights.

We may be required to spend significant resources in order to monitor, protect, and defend our intellectual property rights. Litigation to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management, and could result in the impairment or loss of portions of our intellectual property. Our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights.

We may be unaware of the intellectual property rights that others may claim cover some or all of our technology or services. Because patent applications can take years to issue and are often afforded confidentiality for some period of time, there may currently be pending applications, unknown to us, that later result in issued patents that could cover one or more aspects of our technology and business. In addition, we may be required to license additional technology from third parties to develop and market new offerings or platform features, which may not be available on commercially reasonable terms, or at all, and could adversely affect our ability to compete or require us to rebrand or otherwise modify our offerings, which could further exhaust our resources. Furthermore, certain contracts with our business partners contain provisions whereby we indemnify, subject to certain limitations, the counterparty for damages suffered as a result of claims related to intellectual property infringement. Claims made under these provisions could be expensive to litigate and could result in significant payments. Even if we were to prevail in such a dispute, any litigation regarding our intellectual property could be costly and time-consuming and divert the attention of our management and key personnel from our business operations.

Table of Contents

Increased and differing focus, including from regulators, investors, employees, clients, competitors and other stakeholders on sustainability or ESG matters may result in increased costs (including but not limited to increased costs related to compliance and stakeholder engagement), impact our reputation, or otherwise affect our business performance. In addition, legal and regulatory actions and executive orders issued by the current U.S. presidential administration have targeted these areas. This divergence increases the risk that any commitment, position, target or other action or lack thereof with respect to ESG matters will be perceived negatively by at least some stakeholders and adversely impact our reputation and business.

It is possible that stakeholders may not be satisfied with our ESG practices or the speed of their adoption. At the same time, certain stakeholders might not be satisfied if we adopt ESG practices at all. Actual or perceived shortcomings with respect to our ESG practices and reporting could negatively impact our business. We could also incur additional costs and require additional resources to monitor, report, and comply with various ESG practices and current or emerging regulatory requirements, including with respect to climate change and sustainability. For example, we operate in various jurisdictions in the U.S. that have adopted or proposed laws related to sustainability and climate change reporting to which we could eventually become subject. Other state legislatures have adopted or proposed conflicting rules that scrutinize the consideration of ESG factors in business practices. We are currently assessing the potential impacts of the adopted or proposed laws, as well as other sustainability and climate-related disclosure obligations and evolving legal and regulatory requirements, to which we may be subject. Further, enhanced sustainability and climate-related disclosure requirements could lead to reputational or other harm to our relationships with regulators, employees, customers, investors or other stakeholders.

Such ratings are used by some investors to inform their investment and voting decisions. In addition, many investors have created their own proprietary ratings that inform their investment and voting decisions.

Our acquisition and ownership of a health insurance agency and an enhanced direct enrollment platform exposes us to risks that could adversely affect our business, financial condition, results of operations, and cash flows.

Table of Contents

We recently acquired IHC Specialty Benefits, Inc., an insurance agency that sells individual medical and supplemental health products. The agency business model differs in material respects from our core health insurance operations and subjects us to additional operational, regulatory, and financial risks. Any reduction in commission levels or termination of carrier agreements could materially and adversely affect the agency’s revenues. Health insurance agencies are also subject to extensive and evolving federal and state regulation unique to health insurance distribution. Noncompliance with these requirements—whether due to agency conduct, producer actions, or third-party vendors—could result in fines, penalties, enrollment suspensions, loss of licenses or certifications, corrective action plans, or reputational harm. The agency also faces the risk of claims alleging failure to properly advise clients, enroll members accurately, or comply with applicable marketing and disclosure requirements. Such claims may arise from misunderstandings regarding coverage, benefits, provider networks, or eligibility for subsidies or government programs. The agency is also subject to strict regulation as a fiduciary for any client premium funds or claims payments it may handle in the course of its business. While the agency maintains errors and omissions insurance, coverage may be insufficient, subject to exclusions, or unavailable on acceptable terms. Regulators, customers, or carrier partners may scrutinize product recommendations, disclosure practices regarding the relationship between us and the agency, marketing practices, and compensation arrangements. Any restrictions imposed to address such concerns could limit the agency’s growth or profitability. Furthermore, regulators, third-party carriers or other entities could bring claims with respect to antitrust law violations or breach of contract to the extent they believe that competitively sensitive information is inappropriately shared between IHC Specialty Benefits, Inc. and Lucie, Inc., on the one hand, and our Health Insurance Subsidiaries or other entities on the other hand. An unfavorable outcome could have a material adverse impact on our business and financial position, results of operations, and/or cash flows, and may affect our reputation and brand. Our ability to realize the anticipated benefits of the acquisition and successfully manage this new line of business depends on successfully managing these risks.

We also recently acquired Lucie, Inc., an approved EDE entity that facilitates consumer enrollment in health insurance coverage, including plans offered on the Health Insurance Marketplaces. The operation of an EDE platform differs significantly from our traditional health insurance operations and exposes us to increased regulatory oversight, operational complexity, and compliance obligations. For example, EDE platforms operate pursuant to approvals, technical requirements, and ongoing oversight by CMS and, in some cases, state regulators. These requirements govern platform functionality, consumer disclosures, data sharing, marketing practices, enrollment processes, and audit rights. Failure to comply with applicable federal or state rules, technical standards, or program guidance could result in corrective action plans, suspension or revocation of EDE approval, civil monetary penalties, reputational harm, or restrictions on our ability to enroll members through the platform. In addition, the EDE platform depends on real-time integration with HealthCare.gov (the Federally Facilitated Marketplace), applicable state-based exchanges, and other third-party systems to determine eligibility, subsidies, and enrollment status. System outages, interface changes, data transmission errors, or delays caused by government systems or third-party service providers could disrupt enrollment activity, impair the consumer experience, lead to inaccurate enrollments, or result in compliance violations. Errors in platform functionality, eligibility determinations, subsidy calculations, plan displays, or enrollment transmissions could also result in improper enrollments, coverage gaps, consumer complaints, or disputes regarding coverage or premiums. Such issues may expose us to regulatory scrutiny, contractual liability, errors and omissions claims, or increased member attrition, particularly if they occur during open enrollment periods when enrollment volumes are highest. Operating an EDE platform may create perceived or actual conflicts of interest, particularly where the platform presents our health plans alongside competing products. Regulators may scrutinize plan display algorithms, default options, and consumer decision-support tools to ensure compliance with marketing, non-discrimination, and anti-steering requirements. Any findings of noncompliance could result in enforcement actions or restrictions on platform operations. Finally, because the EDE platform serves as a primary consumer-facing enrollment channel, any widely publicized system failures, data incidents, compliance violations, or negative consumer experiences could harm our brand and reputation, reduce consumer trust, and adversely affect enrollment and retention across our broader health insurance business. Our ability to realize the anticipated benefits of the acquisition and successfully manage this new line of business depends on successfully managing these risks.

Risks Related to our Indebtedness

Restrictions imposed by our 2026 Revolving Credit Facility may materially limit our ability to operate our business and finance our future operations or capital needs.

Table of Contents

On February 6, 2026, we entered into a $475.0 million secured three-year revolving credit facility (the “2026 Revolving Credit Facility”), pursuant to that certain Credit Agreement, dated as of February 6, 2026, by and among the Company, as borrower, certain subsidiaries of the Company, as subsidiary guarantors, JPMorgan Chase Bank, N.A., as administrative agent, and the several lenders party thereto (the “2026 Credit Agreement”). The terms of our 2026 Credit Agreement for the 2026 Revolving Credit Facility may restrict us and our subsidiaries from engaging in specified types of transactions. These covenants, subject to certain limitations and exceptions, restrict our ability, and that of our subsidiaries, to, among other things:

•incur indebtedness;

•incur certain liens;

•enter into sale and lease-back transactions;

•make investments, loans, advances, guarantees and acquisitions;

•consolidate, merge or sell or otherwise dispose of assets;

•pay dividends or make other distributions on equity interests, or redeem, repurchase or retire equity interests;

•enter into transactions with affiliates;

•alter the business conducted by us and our subsidiaries; and

•change our or their fiscal year.

Pursuant to our 2026 Revolving Credit Facility, we are required to comply with certain financial covenants including (A) for each fiscal quarter, commencing with the fiscal quarter ending March 31, 2026 through the fiscal quarter ending December 31, 2026, (i) receiving specified levels of direct policy premiums for each fiscal quarter, (ii) maintaining a minimum liquidity plus undrawn commitments, as of the last day of any fiscal quarter, of at least $200.0 million, of which at least $100.0 million must be unrestricted cash and cash equivalents at the Company and the guarantors, (iii) maintaining a minimum consolidated adjusted EBITDA as of the last day of each quarter and (B) for each fiscal quarter commencing with the fiscal quarter ending March 31, 2027, through the maturity date or earlier termination date, (i) maintain a maximum total net leverage ratio of 3.50:1.00 and (ii) maintain a minimum fixed charge coverage ratio of 3.00:1.00.

A breach of any of these covenants, or any other covenant in the documents governing our 2026 Revolving Credit Facility, could result in a default or event of default under our 2026 Revolving Credit Facility. In addition, or in the alternative, the applicable lenders or agents could exercise their rights under the security documents entered into in connection with our 2026 Revolving Credit Facility.

If we were unable to repay or otherwise refinance these borrowings and loans when due, and the applicable lenders proceeded to exercise remedies against the collateral granted to them to secure that indebtedness, we may be forced into bankruptcy or liquidation. In the event the applicable lenders accelerate the repayment of any future borrowings, we may not have sufficient assets to repay that indebtedness.

Table of Contents

Our debt obligations contain restrictions that impact our business and expose us to risks that could materially adversely affect our liquidity and financial condition.

As of December 31, 2025, we had outstanding $35.0 million in aggregate principal amount of our convertible senior notes due 2031 (the “2031 Notes”) and $410 million aggregate principal amount of our convertible senior notes due 2030 (the “2030 Notes”). In addition, on February 6, 2026, we entered into the 2026 Revolving Credit Facility, pursuant to the 2026 Credit Agreement. We may incur additional indebtedness in the future, including borrowings under the 2026 Revolving Credit Facility. Such indebtedness, including borrowings, if any, under the 2026 Revolving Credit Facility or our other current indebtedness, could have significant effects on our business, such as:

•limiting our ability to borrow additional amounts to fund capital expenditures, acquisitions, debt service requirements, execution of our growth strategy and other purposes;

•limiting our ability to make investments, including acquisitions, loans and advances, and to sell, transfer or otherwise dispose of assets;

•requiring us to dedicate a substantial portion of our cash flow from operations to pay principal and interest on our borrowings, which would reduce availability of our cash flow to fund working capital, capital expenditures, acquisitions, execution of our growth strategy and other general corporate purposes;

•making us more vulnerable to adverse changes in general economic, industry and competitive conditions, in government regulation and in our business by limiting our ability to plan for and react to changing conditions;

•placing us at a competitive disadvantage compared with our competitors that have less debt; and

•exposing us to risks inherent in interest rate fluctuations, as a portion of our indebtedness (including amounts drawn under the 2026 Revolving Credit Facility) or any future indebtedness may be at variable rates of interest, which could result in higher interest expense and increased debt service obligations in the event of increases in interest rates.

If the assumptions underlying our cash flow projections are incorrect, we may not be able to generate sufficient cash flow from our operations to repay our existing or future indebtedness when it becomes due and to meet our other cash needs. If we are unable to generate such cash flow, we will be required to pursue one or more alternative strategies, such as selling assets, refinancing or restructuring our indebtedness or selling additional debt or equity securities. The 2026 Revolving Credit Facility, subject to certain conditions, limitations and exceptions, restricts our ability to refinance our indebtedness and incur additional indebtedness. Due to such restrictions or other factors, we may not be able to refinance our debt or sell additional debt or equity securities or our assets on favorable terms, if at all, and if we must sell our assets, it may negatively affect our business, financial condition and results of operations. In addition, we may be subject to prepayment penalties depending on when we repay our future indebtedness, which amounts could be material.

Table of Contents

We may be unable to raise the funds necessary to repurchase our outstanding Notes for cash following a fundamental change or on the optional repurchase dates, or to pay any cash amounts due upon conversion, and our other indebtedness may limit our ability to repurchase the Notes or pay cash upon their conversion.

Additionally, the purchasers of the Notes have the right to require us to repurchase their Notes in cash, if certain conditions described in the applicable indenture are met. Furthermore, upon conversion, we have in the past satisfied, and will in the future satisfy, part or all of our conversion obligations in cash unless we, or in the case of the 2031 Notes, the Initial Purchasers of the 2031 Notes, elect to settle conversions solely in shares of our Class A common stock. We may not have enough available cash or be able to obtain financing at the time we are required to repurchase the Notes or pay any cash amounts due upon conversion. In addition, applicable law, regulatory authorities and the agreements governing our other indebtedness may restrict our ability to repurchase the Notes or pay any cash amounts due upon conversion. We may not have sufficient funds to satisfy all amounts due under the other indebtedness and the applicable Notes.

Risks Related to Ownership of Our Class A Common Stock

The dual class structure of our common stock, while in effect, will have the effect of concentrating voting control with Thrive Capital and our Co-Founders, which will limit the ability of our other investors to influence corporate matters, including the election of directors and the approval of any change of control transaction.

Our Class B common stock has 20 votes per share, and our Class A common stock has one vote per share. Thrive Capital and Joshua Kushner (as the sole managing member of the Thrive General Partners), in particular, beneficially own 14.5% of our outstanding capital stock and hold 67.9% of the voting power of our outstanding capital stock as of December 31, 2025. All outstanding shares of Class B common stock will automatically convert into shares of Class A common stock on a one-for-one basis on March 2, 2028, if not earlier converted as specified in our amended and restated certificate of incorporation (the “Amended Charter”).

Table of Contents

Because of the 20-to-one voting ratio between our Class B common stock and Class A common stock, the holders of Class B common stock, in particular Thrive Capital and Joshua Kushner (as the sole managing member of the Thrive General Partners), collectively control over a majority of the combined voting power of all of our Class A common stock and Class B common stock and therefore will continue to be able to control all matters submitted to our stockholders for approval until a significant portion of such shares of outstanding Class B common stock have been converted to shares of Class A common stock. This concentrated control limits or precludes the ability of our other investors to influence corporate matters. In addition, this concentrated control may also prevent or discourage unsolicited acquisition proposals or offers for our capital stock that our other stockholders may feel is in their best interest. This control may also adversely affect the market price of our Class A common stock.

Because Thrive Capital and our Co-Founders’ interests may differ from those of our other stockholders, actions that Thrive Capital and our Co-Founders take with respect to us, as significant stockholders, may not be favorable to our other stockholders, including holders of our Class A common stock.

Thrive Capital and its affiliates engage in a broad spectrum of activities. In the ordinary course of its business activities, Thrive Capital and its affiliates may engage in activities where their interests conflict with our interests or those of our other stockholders. In addition, Thrive Capital may have an interest in us pursuing acquisitions, divestitures and other transactions that, in its judgment, could enhance its investment in us, even though such transactions might involve risks to you.

Future transfers by holders of Class B common stock will generally result in those shares converting to Class A common stock, subject to limited exceptions. As among the individual holders of Class B common stock, the conversion of Class B common stock to Class A common stock will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who retain their shares in the long term (and decreasing the relative voting power of those holders of Class B common stock who transfer their shares). In addition, under the terms of the Amended Charter, the Class B common stock will automatically convert to Class A common stock on March 2, 2028, unless earlier converted as specified in the Amended Charter.

We cannot predict whether our dual class structure will result in a lower or more volatile market price of our Class A common stock, in adverse publicity, or in other adverse consequences. Certain index providers have implemented, and may in the future determine to implement, restrictions on including companies with multiple share class structures in certain of their indices. For example, from July 2017 to April 2023, S&P Dow Jones excluded companies with multiple share classes from the S&P Composite 1500. If we are ineligible for inclusion in certain indices on account of our dual class structure, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track those indices may not invest in our Class A common stock. These policies are relatively new and it is unclear what effect, if any, they will have on the valuations of publicly-traded companies excluded from such indices, but it is possible that they may depress valuations, as compared to similar companies that are included. Given the sustained flow of investment funds into passive strategies that seek to track certain indices, exclusion from certain stock indices would likely preclude investment by many of these funds and could make our Class A common stock less attractive to other investors. As a result, the market price of our Class A common stock could be adversely affected.

We are a “controlled company” within the meaning of the rules of NYSE and, as a result, we may rely on exemptions from certain corporate governance requirements and, if we chose to do so, you will not have the same protections afforded to stockholders of companies that are not exempt from such requirements.

Under these rules, a listed company of which more than 50% of the voting power is held by an individual, group or another company is a “controlled company” and may elect not to comply with certain corporate governance requirements, including:

Table of Contents

•the requirement that a majority of the board of directors consist of independent directors;

•the requirement that our nominating and corporate governance committee be composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities;

•the requirement that our compensation committee be composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities; and

•the requirement for an annual performance evaluation of our nominating and corporate governance and compensation committees.

We currently are not relying on any of the NYSE controlled company exemptions.

Future sales and issuances of our Class A common stock or rights to purchase our Class A common stock, including pursuant to our equity incentive plans, or other equity securities or securities convertible into our Class A common stock, could result in additional dilution of the percentage ownership of our stockholders and could cause the stock price of our Class A common stock to decline.

We have filed registration statements with the SEC on Form S-8 to register shares of our Class A common stock issued or reserved for issuance under our 2012 Stock Plan, 2021 Incentive Award Plan, 2022 Employment Inducement Incentive Award Plan, and Employee Stock Purchase Plan and expect to file additional registration statements on Form S-8 in the future. In addition, upon conversion of the Notes, we may elect to settle conversions entirely in shares of our Class A common stock. Moreover, pursuant to the terms of the Investment Agreement governing the 2031 Notes, the Initial Purchasers of the 2031 Notes have the right to require us to settle conversions entirely in shares of our Class A common stock. From time to time in the future, we may also issue additional shares of our Class A common stock, Class B common stock or securities convertible into Class A common stock pursuant to a variety of transactions, including acquisitions. The issuance by us of additional shares of our Class A common stock or securities convertible into our Class A common stock would dilute the ownership of our existing stockholders.

In addition, the sale of substantial amounts of shares of our Class A common stock in the public market, or the perception that such sales could occur, could harm the prevailing market price of shares of our Class A common stock. All of the shares of Class A common stock sold in our IPO are freely tradable without restriction or further registration under the Securities Act, except that any shares held by our affiliates, as that term is defined under Rule 144 of the Securities Act, may be sold only in compliance with certain limitations. The market price of our shares of Class A common stock could drop significantly if the holders of such restricted shares sell them or are perceived by the market as intending to sell them. These factors could also make it more difficult for us to raise additional funds through future offerings of our shares of Class A common stock or other securities.

We do not intend to pay dividends on our Class A common stock for the foreseeable future.

We currently intend to retain all available funds and any future earnings to fund the development and growth of our business. As a result, we do not anticipate declaring or paying any cash dividends on our Class A common stock in the foreseeable future. Any decision to declare and pay dividends in the future will be made at the discretion of our board of directors, subject to applicable laws, and will depend on, among other things, our business prospects, results of operations, financial condition, cash requirements and availability, industry trends, and other factors that our board of directors may deem relevant. Any such decision also will be subject to compliance with contractual restrictions and covenants in the agreements governing our current indebtedness. In addition, our ability to pay dividends in the future depends on the earnings and distributions of funds from our subsidiaries. Moreover, we may incur additional indebtedness, the terms of which may further restrict or prevent us from paying dividends on our Class A common stock. As a result, you may have to sell some or all of your Class A common stock after price appreciation in order to generate cash flow from your investment, which you may not be able to do. Our inability or decision not to pay dividends could also adversely affect the market price of our Class A common stock.

Table of Contents

We may issue shares of preferred stock in the future, which could make it difficult for another company to acquire us or could otherwise adversely affect holders of our Class A common stock, which could depress the price of our Class A common stock.

Our Amended Charter authorizes us to issue one or more series of preferred stock. Our board of directors will have the authority to determine the powers, designations, preferences, and relative, participating, optional or other special rights, and the qualifications, limitations, or restrictions thereof, of the shares of preferred stock and to fix the number of shares constituting any series, without any further vote or action by our stockholders. Our preferred stock could be issued with voting, liquidation, dividend, and other rights superior to the rights of our Class A common stock. The potential issuance of preferred stock may delay or prevent a change in control of us, discouraging bids for our Class A common stock at a premium to the market price, and may materially and adversely affect the market price, and the voting, and other rights of the holders of our Class A common stock.

Anti-takeover provisions in our governing documents and under Delaware law could make an acquisition of the Company more difficult, limit attempts by our stockholders to replace or remove our current management, and depress the market price of our Class A common stock.

Among others, our Amended Charter and Amended Bylaws include the following provisions:

•a dual class structure that provides our holders of Class B common stock with the ability to control the outcome of matters requiring stockholder approval;

•limitations on convening special stockholder meetings, which could make it difficult for our stockholders to adopt desired governance changes;

•advance notice procedures, which apply for stockholders to nominate candidates for election as directors or to bring matters before an annual meeting of stockholders;

•a prohibition on stockholder action by written consent, which means that our stockholders will only be able to take action at a meeting of stockholders;

•a forum selection clause, which means certain litigation can only be brought in Delaware;

•no authorization of cumulative voting, which limits the ability of minority stockholders to elect director candidates;

•certain amendments to our certificate of incorporation will require the approval of two-thirds of the then outstanding voting power of our capital stock, voting as a single class;

•amendments to our Amended Bylaws by our stockholders will require the approval of two-thirds of the then outstanding voting power of our capital stock, voting as a single class;

•the authorization of undesignated or “blank check” preferred stock, the terms of which may be established and shares of which may be issued without further action by our stockholders and which may be used to create a “poison pill”;

•newly created directorships are filled by a majority of directors then in office; and

•the approval of two-thirds of the then outstanding voting power of our capital stock, voting as a single class, is required to remove a director.

These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management. As a Delaware corporation, we are also subject to provisions of Delaware law, including Section 203 of the Delaware General Corporation Law (the “DGCL”), which prevents interested stockholders, such as certain stockholders holding more than 15% of our outstanding common stock from engaging in certain business combinations for a period of 3 years following the time that such stockholder became an interested stockholder, unless (i) prior to the time such stockholder became an interested stockholder, the board approved the transaction that resulted in such stockholder becoming an interested stockholder, (ii) upon consummation of the transaction that resulted in such stockholder becoming an interested stockholder, the interested stockholder owned 85% of the voting stock of the Company outstanding at the time the transaction commenced (excluding certain shares) or (iii) following board approval, the business combination receives the approval of the holders of at least two-thirds of our outstanding common stock not owned by such interested stockholder.

The insurance laws in most states require regulatory review and approval of a change in control of our domestic insurers. “Control” generally means the possession, direct or indirect, of the power to direct, or cause the direction of, the

Table of Contents

management and policies of an insurer, whether through the ownership of voting securities, by contract, or otherwise. The state statutes usually presume that control exists if a person or company, directly or indirectly, owns, controls, or holds the power to vote ten percent (10%) or more of the voting securities of an insurer or a parent company, but some states may presume control at a lower percentage. This presumption can then be rebutted by showing that control does not exist. Accordingly, a change in control could trigger regulatory review and approval in one or more states in which we operate.

Any provision of our Amended Charter, Amended Bylaws, Delaware law, or applicable state insurance law that has the effect of delaying, preventing, or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our Class A common stock, and could also affect the price that some investors are willing to pay for our Class A common stock.

Our Amended Charter provides that the Court of Chancery of the State of Delaware is the sole and exclusive forum for substantially all disputes between us and our stockholders, and federal district courts are the sole and exclusive forum for Securities Act claims, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.

Our Amended Charter provides that, unless we consent to the selection of an alternative forum, the Court of Chancery of the State of Delaware is the sole and exclusive forum for: (a) any derivative action, suit, or proceeding brought on our behalf; (b) any action, suit, or proceeding asserting a claim of breach of fiduciary duty owed by any of our current or former directors, officers or other employees or stockholders to us or to our stockholders, creditors, or other constituents; (c) any action, suit, or proceeding asserting a claim arising pursuant to the DGCL, our Amended Charter or Amended Bylaws, or as to which the DGCL confers exclusive jurisdiction on the Court of Chancery of the State of Delaware; or (d) any action, suit, or proceeding asserting a claim governed by the internal affairs doctrine; provided that the exclusive forum provisions will not apply to suits brought to enforce any liability or duty created by the Exchange Act, or to any claim for which the federal courts have exclusive jurisdiction.

Our Amended Charter further provides that, unless we consent in writing to the selection of an alternative forum, the federal district courts are the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act. We note that investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder. Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder. The choice of forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our current or former directors, officers, or other employees or stockholders, which may discourage such lawsuits against us and our current or former directors, officers, and other employees or stockholders. Alternatively, if a court were to find the choice of forum provisions contained in our Amended Charter to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, financial condition, and results of operations.

Table of Contents

General Risk Factors

If our operating and financial performance in any given period does not meet the guidance that we provide to the public, the market price of our Class A common stock may decline.

We have historically provided public guidance on our expected operating and financial results for future periods, and may continue to do so in the future. If, in the future, our operating or financial results for a particular period do not meet any guidance we provide or the expectations of investment analysts, or if we reduce our guidance for future periods, the market price of our Class A common stock may decline.

Item 1B. Unresolved Staff Comments

None.

Item 1C. Cybersecurity

Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information, including PHI and the systems that store and transmit such data. Our cybersecurity risk management program includes a cybersecurity incident response plan.

We use the ISO 27001 and National Institute of Standards and Technology (“NIST”) 800-53 standards as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. This does not imply that we meet any particular technical standards, specifications or requirements.

Our cybersecurity risk management program is integrated into our overall ERM program, and shares common methodologies, reporting channels and governance processes that apply across the ERM program to other legal, compliance, strategic, operational, and financial risk areas.

Our cybersecurity risk management program includes:

•risk assessments designed to help identify material risks from cybersecurity threats to our critical systems and information;

•a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security processes, and (3) our response to cybersecurity incidents;

•the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls, and conduct tabletop exercises to validate our cybersecurity incident response processes;

•the use of various technology and process-based methods, such as network isolation, intrusion detection systems, vulnerability assessments, penetration testing, use of threat intelligence, content filtering, endpoint security (including anti-malware and detection response capabilities), email security mechanisms, and access control mechanisms;

•cybersecurity awareness training of our employees, including incident response personnel and senior management;

•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and

•a third-party risk management and diligence process for key vendors and service providers based on our assessment of their criticality to our operations and respective risk profile.

Table of Contents

While we have implemented processes to maintain our cybersecurity risk management program, there can be no assurance that our program, including our controls, procedures and processes, will be fully complied with or that it will be fully effective in protecting the confidentiality, integrity and availability of our critical systems and information.

We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Part I, Item 1A. “Risk Factors—Risks Related to our Business—If we or our partners or other third parties with whom we collaborate fail to protect confidential information and/or sustain a data security incident, we could suffer increased costs, material financial penalties, exposure to significant liability, adverse regulatory consequences, and reputational harm, which would materially adversely affect our business, results of operations, and financial condition.”

Cybersecurity Governance

Our board of directors (“Board”) considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the “Committee”) oversight of cybersecurity risks. The Committee oversees management of our cybersecurity risks, including reviewing and discussing with management our major cybersecurity risk exposures and the steps management has taken to monitor and control such exposures.

Management provides quarterly reports on our cybersecurity risks to the Committee. The Committee reports to the full Board regarding its activities, including those related to cybersecurity. Our management team, including our Chief Technology Officer and Chief Information Security Officer (“CISO”), is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our Chief Technology Officer, the Company’s Co-Founder and former CEO, has extensive experience in computer science and technology, including as a visiting scholar at Stanford University. This experience has enhanced his expertise in cybersecurity governance and risk management. Our CISO is a Certified Information Systems Security Professional and his experience includes over 20 years of working in the cybersecurity field in various industries, including data analytics, identity verification software, and financial services industries, and over 15 years leading teams and programs.

Our management team takes steps to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from the Health Information Sharing and Analysis Center and other governmental, public or private sources; and alerts and reports produced by security tools deployed in the information technology environment.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
HTH	an hour ago
HASI	an hour ago
OSCR	an hour ago
HCSG	an hour ago
MTH	an hour ago
MORN	an hour ago
DOV	an hour ago
PLD	an hour ago
CPS	an hour ago
EQR	an hour ago
VRTX	an hour ago
JPM	an hour ago
NEE	an hour ago
WY	an hour ago
HR	an hour ago
AON	an hour ago
ROKU	an hour ago
KMI	an hour ago
FROG	an hour ago
VRT	an hour ago
EXAS	an hour ago
UBER	an hour ago
AMGN	an hour ago
TRUP	an hour ago
NTGR	an hour ago
INSP	an hour ago
LEA	2 hours ago
AAP	2 hours ago
LSCC	2 hours ago
NWL	2 hours ago
TRIP	2 hours ago
OM	2 hours ago
WAB	2 hours ago
TEX	2 hours ago
RHI	2 hours ago
GPI	3 hours ago
HBAN	3 hours ago
FCX	3 hours ago
AGCO	3 hours ago
PII	3 hours ago
CHRW	3 hours ago
CSL	3 hours ago
WEX	3 hours ago
ATMU	4 hours ago
MHO	4 hours ago
ITW	4 hours ago
SXT	4 hours ago
AXTA	4 hours ago
TROW	5 hours ago
DCH	5 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - OSCR

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - OSCR

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing