Risk Factors - PATH

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors

Our operations and financial results are subject to various risks and uncertainties, including those described below. The reader should consider and read carefully all of the risks and uncertainties described below, together with all of the other information contained in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and the related notes. The risks described below are those which we believe are the material risks we face. The occurrence of any of the following risks or additional risks and uncertainties not presently known to us or that we currently believe to be immaterial could materially and adversely affect our business, financial condition, or results of operations. In such case, the trading price of our Class A common stock could decline.

Risks Related to Our Business, Products, Operations, and Industry

We have incurred net losses in the past, anticipate continuing to incur significant operating expenses in the future, and may not achieve or sustain consistent profitability.

Although we generated GAAP profitability in the fourth quarter of our fiscal year 2024, we incurred a net loss in the year ended January 31, 2024, have incurred net losses in the past, and may continue to incur net losses in the future. We expect to continue to incur significant operating expenses in the foreseeable future. This involves leveraging the investments made in our organization in prior years and continuing to implement initiatives designed to grow our business in a disciplined manner. These initiatives include increasing our overall customer base and expanding sales within our current customer base, continuing to penetrate international markets, investing in research and development to improve the capabilities of our platform (including AI capabilities), acquiring businesses, technology, talent, and related integration efforts, growing our distribution channels and channel partner ecosystem, deepening our user community, hiring additional employees and investing in our existing workforce, expanding our operations and infrastructures both domestically and internationally, and incurring expenses related to legal, accounting, and other administrative expenses aspects of operating as a public company.16Table of ContentsIn addition, we expect to continue to expend substantial financial and other resources on:•our technology infrastructure, including systems architecture, scalability, availability, performance, and security;•our sales and marketing organization to engage our existing and prospective customers, increase brand awareness, and drive adoption of our products;•product development, including investments in our product development team and the development of new products and new functionality for our platform as well as investments in further optimizing our existing products and infrastructure;•acquisitions or strategic investments;•our international operations and continued international expansion; and•general administration, including increased legal and accounting expenses associated with being a public company. In particular, we intend to continue to expend significant funds to further develop our platform. This includes introducing new functionalities and adapting and growing our inside sales team and enterprise sales force. These efforts are aimed at driving new customer adoption and expanding use cases and integrations.

We have entered into non-cancellable multi-year capacity commitments with certain third-party cloud providers for cloud infrastructure services. These commitments require us to pay for such capacity irrespective of actual usage. These efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenue sufficiently, or at all, to offset these higher expenses, and achieve, or once achieved, sustain profitability.

We may delay or re-evaluate these efforts due to any anticipated or actual adverse impact to our business as a result of, among other things, global economic and geopolitical uncertainties, rising levels of inflation, interest rates, pandemics, government shutdowns, regional conflicts, or other similar events or circumstances. In addition, growth of our revenue may slow, or revenue may decline for a number of reasons, including a decrease in our ability to attract and retain customers, a failure to increase our number of channel partners, an increase in competition, a decrease in growth of our overall market, a decrease in the term lengths of our contracts with customers, an inability to timely and cost-effectively introduce new products and services that are favorably received by customers and partners, and as a result of global economic conditions, such as rising inflation and interest rates, that could cause our customers to reduce their spending levels with us. A shortfall in revenue could lead to operating results being below expectations because we may not be able to quickly reduce our fixed operating expenses in response to short-term business changes. If we are unable to meet these risks and challenges as we encounter them, our business and operating results may be adversely affected.

These investments may not be successful on the timeline we anticipate, or at all, and may not result in revenue or ARR growth. For instance, we anticipate that our customers will continue to increase adoption of our SaaS products in future periods. We cannot predict how increased adoption of our SaaS products will change the buying patterns of our customers or impact our future revenue or ARR. If we are unable to maintain or increase our revenue or ARR at a rate sufficient to offset the expected increase in our costs, our business, financial condition, and results of operations will be harmed, and we may not be able to achieve or maintain profitability over the long-term. If we are unable to maintain or increase our ARR or revenue at a rate sufficient to offset the expected increase in our costs, our business, financial position, and results of operations will be harmed, and we may not be able to achieve or maintain profitability over the long term. Additionally, we have encountered, and may in the future encounter, risks and uncertainties frequently experienced by growing companies in rapidly changing industries, such as unforeseen operating expenses, difficulties, complications, delays, and other known or unknown factors that may result in losses in future periods. If

18

---

Table of Contents

our revenue or ARR growth does not meet our expectations in future periods, our business, financial condition, and results of operations may be harmed, and we may not achieve or maintain profitability in the future. If we are unable to sustain profitability, the value of our business and Class A common stock may significantly decrease.

We may not be able to successfully manage our growth. If we are not able to grow efficiently, we may not be able to reach or sustain consistent profitability, and our business, financial condition and results of operations could be harmed, which has in the past caused and could in the future cause our stock price to decline.

We have experienced and may continue to experience rapid growth and organizational changes. We generated revenue of $1,308.1 million and $1,058.6 million for fiscal years 2024 and 2023, respectively, representing a growth rate of 24%. We generated revenue of $892.3 million and $607.6 million, for the fiscal years 2022 and 2021, respectively, representing a growth rate of 47%. Our ARR was $1,463.7 million and $1,203.8 million at January 31, 2024 and 2023, respectively, representing a growth rate of 22%. Our ARR was $925.3 million and $580.5 million at January 31, 2022 and 2021, respectively, representing a growth rate of 59%. However, the revenue or ARR growth of any prior quarterly or annual fiscal period should not be relied upon as an indication of our future performance. You should not, however, rely on the ARR or revenue growth of any prior quarterly or annual fiscal period as an indication of our future performance. Even if our revenue and ARR continue to increase, our revenue and ARR growth rates may decline in the future as a result of a variety of factors, including the maturation of our business, increased competition, changes to technology, a decrease in the growth of our overall market, or our failure, for any reason, to continue to take advantage of growth opportunities. Even if our ARR and revenue continue to increase, we expect that our ARR and revenue growth rates will decline in the future as a result of a variety of factors, including the maturation of our business, increased competition, changes to technology, a decrease in the growth of our overall market, or our failure, for any reason, to continue to take advantage of growth opportunities. In addition, our past results may not be indicative of our future performance. In addition, these obligations may require us to change our business model. Overall growth of our business depends on a number of additional factors, including our ability to:

•price our products that we offer on our platform effectively so that we are able to attract new customers and expand sales to our existing customers;

•expand the functionality and use cases for the products we offer on our platform;

•maintain and expand the rates at which customers purchase and renew licenses to our platform;

•provide our customers with support that meets their needs;

•continue to introduce and sell our products to new markets;

•continue to develop new products and new functionality for our platform and successfully further optimize our existing products and infrastructure;

•successfully identify and acquire or invest in businesses, products, or technologies that we believe could complement or expand our platform; and

•increase awareness of our brand on a global basis and successfully compete with other companies.

We may not successfully accomplish any of these objectives, and as a result, it is difficult for us to forecast our future results of operations. If the assumptions that we use to plan our business are incorrect, or change in reaction to changes in our market, or if we are unable to maintain consistent revenue, ARR, or revenue or ARR growth, our stock price could be volatile, and it may be difficult to achieve and sustain profitability. If the assumptions that we use to plan our business are incorrect or change in reaction to changes in our market, or if we are unable to maintain consistent ARR, revenue, or ARR or revenue growth, our stock price could be volatile, and it may be difficult to achieve and maintain profitability.

Macroeconomic conditions, including volatile and weakened global economic conditions, and geopolitical tensions and conflicts, including changes to trade policies and regulations, present significant risks to us in several jurisdictions. Such conditions have in the past adversely affected and may in the future adversely affect our industry, business and results of operations.

We have sales, product, and engineering operations in many countries, and some of our business activities are concentrated in one or more geographic areas. Moreover, sales outside the U.S. accounted for 57% of our revenue for the fiscal year ended January 31, 2024. As a result, our operations and our financial results, including our ability to execute our business strategy, design, develop, or sell products, and the demand for our products, are at times adversely affected by a number of global and regional factors outside of our control.

Adverse changes in global or regional economic conditions periodically occur, including recession or slowing growth; changes or uncertainty in fiscal, monetary, or trade policy; higher interest rates; volatility in foreign exchange markets; tighter credit; inflation; lower capital expenditures by businesses, including on IT infrastructure; increases in unemployment; and lower consumer confidence and spending. Adverse changes in macroeconomic conditions can significantly harm demand for our products and make it more challenging to forecast our operating results and make business decisions, including prioritization of investments in our business. An economic downturn or increased uncertainty may also lead to increased credit and collectability risks, higher borrowing costs or reduced availability of the capital and credit markets, reduced liquidity, asset impairments, adverse impact on our partners or failures of counterparties including financial institutions and insurers. Trade policies and disputes at times result in

19

---

Table of Contents

increased tariffs, trade barriers, and other protectionist measures, which can make our products less competitive, reduce demand for our products, limit our ability to sell to certain customers, or impede or slow the movement of our products across borders. Increasing protectionism and economic nationalism may lead to further changes in trade policies and regulations, domestic sourcing initiatives, or other formal and informal measures that could make it more difficult to sell our products in, or restrict our access to, some markets. They can also result in declining consumer confidence and slowing economic growth or recession, and could cause our customers to reduce, cancel, or alter the timing of their purchases with us. Sustained geopolitical tensions could lead to political instability and economic uncertainty globally, long-term changes in global trade and technology supply chains, domestic sourcing initiatives, and the decoupling of global trade networks, which could make it more difficult to sell our products in, or restrict our access to, some markets and have a material adverse effect on our business and growth prospects. For example, these types of unfavorable conditions have in the past disrupted and could in the future, disrupt the timing and attendance of key industry events, which we rely upon in part to generate sales of our products. For example, these types of unfavorable conditions have in the past and could in the future disrupt the timing of and attendance at key industry events, which we rely upon in part to generate sales of our products. If those events are disrupted in the future, our marketing investments, sales pipeline, and the ability to attract new customers and generate sales of our products could be negatively and adversely affected. If those events are disrupted in the future, our marketing investments, sales pipeline, and ability to generate new customers and sales of our products could be negatively and adversely affected.

We can be adversely affected by other global and regional factors that periodically occur, including:

•inefficient infrastructure and other disruptions, such as supply chain interruptions, and large-scale outages, or unreliable provision of services from utilities, transportation, data hosting, or telecommunications providers;

•government restrictions on, or nationalization of, our operations in any country, or restrictions on our ability to repatriate earnings from or distribute compensations or other funds in a particular country;

•adverse changes relating to government grants, tax credits, or other government incentives, including more favorable incentives provided to competitors;

•differing employment practices and labor issues, including restricted access to talent;

•local business and cultural factors that differ from our current standards and practices;

•continuing uncertainty regarding social, political, immigration, tax, and trade policies in the U.S. and abroad;

•global tensions and conflict in areas where we have customers or employees, and in surrounding areas, such as the Russian military operation in Ukraine, Israel-Hamas conflict, past conflicts in Lebanon and the current conflict in the Red Sea, and rising tensions between China and Taiwan. Although our operations in Belarus, China, Israel, Ukraine, and Russia represent an immaterial portion of our business, individually and in the aggregate, such global and regional factors may have adversely impacted and could adversely impact our customers and employees; and

•fluctuations in the market value of our domestic and international investments and in the capital and credit markets, which can be negatively affected by liquidity, credit deterioration or losses, interest rate changes, financial results, political risk, sovereign risk, or other factors.

Further, these conditions have affected and may continue to affect the rate of IT spending, could adversely affect our customers' ability or willingness to attend our events or to purchase our products and services, could have delayed and may delay customer purchasing decisions, could have reduced and may reduce the value and duration of customer subscription contracts, and may adversely affect our customer attrition rates. All of these risks and conditions could materially adversely affect our future sales and operating results.

Our past results may not be indicative of our future performance. We expect fluctuations in our financial results, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors with respect to our results of operations, our stock price could decline.We expect fluctuations in our financial results, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors with respect to our results of operations, our stock price could decline.

Our results of operations have fluctuated in the past and are expected to fluctuate in the future due to a variety of factors, many of which are outside of our control. As a result, our past results may not be indicative of our future performance. As a result, our past results may not be indicative of our 26Table of Contentsfuture performance. In addition to the other risks described herein, factors that may affect our results of operations include the following:

•fluctuations in demand for or usage of our platform and products;

•fluctuations in our mix of revenue from licenses and service arrangements;

•our ability to attract new customers and retain our existing customers;

20

---

Table of Contents

•customer expansion rates and the pricing and quantity of licenses renewed;

•fluctuations in mix of revenue, cost of revenue, and gross margin from sales directly to end-customers and/or through channel partners including our strategic alliances;

•timing and amount of our investments to expand the capacity of our third-party cloud infrastructure providers;

•seasonality;

•the investment in new products and features relative to investments in our existing infrastructure and products;

•the timing of customer purchases;

•fluctuations or delays in purchasing decisions in anticipation of new products or enhancements by us or our competitors;

•changes in customers’ budgets and in the timing of their budget cycles and purchasing decisions;

•our ability to control costs, including our operating expenses;

•the amount and timing of payment for operating expenses, particularly sales and marketing expenses, including commissions, and research and development expenses;

•the amount and timing of non-cash expenses, including stock-based compensation, impairments of goodwill or other assets, and other non-cash charges;

•the amount and timing of costs associated with recruiting, training, and integrating new employees and retaining and motivating existing employees;

•the effects of acquisitions and their integration;

•general economic conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers participate;

•the impact of new accounting pronouncements;

•changes in regulatory or legal environments that may impact us, including by causing us to incur additional compliance obligations and expenses;

•changes in the competitive dynamics of our market, including consolidation among competitors or customers; and

•significant security breaches of, technical difficulties with, or interruptions to the delivery and use of our products and platform.

We derive our revenue from the sale of our software licenses for use of our proprietary software, maintenance and support for our licenses, right to access certain products that are hosted by us (i.e., SaaS), and professional services. Under ASC 606, Revenue from Contracts with Customers, we recognize revenue when a customer obtains control of promised goods or when services are rendered. The amount of revenue recognized reflects the consideration that we expect to receive in exchange for these goods or services. Licenses revenue (including the term license portion of Flex Offerings) is recognized when we transfer control of the respective license to the customer. Revenue from SaaS and revenue from maintenance and support are recognized ratably over time since control passes to our customers over the arrangement’s contractual period. Professional services revenue is recognized as services are rendered.

The presentation of our financial results requires us to make estimates and assumptions that may affect revenue recognition.Furthermore, the presentation of our financial results requires us to make estimates and assumptions that may affect revenue recognition. In some instances, we could reasonably use different estimates and assumptions, and changes in estimates may occur from period to period.

Given the foregoing factors, our actual results could differ significantly from our estimates. Comparing our revenue and operating results on a period-to-period basis may not be meaningful, and our past results may not be indicative of our future performance.

For more information on our revenue recognition policy, refer to Note 2, Summary of Significant Accounting Policies—Revenue Recognition, included in Part II, Item 8 of this Annual Report on Form 10-K.

21

---

Table of Contents

Any of these and other factors, or the cumulative effect of some of these factors, may cause our results of operations to vary significantly. If our quarterly or annual results of operations fall below the expectations of securities analysts or investors who follow our stock, the price of our Class A common stock could decline substantially, and we have faced and could in the future face lawsuits that are costly and may divert management’s attention, including securities class action suits and derivative actions. If our quarterly on annual results of operations fall below the expectations of investors and securities analysts who follow our stock, the price of our Class A common stock could decline substantially, and we could face lawsuits that are costly and may divert management’s attention, including securities class action suits.

We may not be able to successfully manage our growth and, if we are not able to grow efficiently, we may not be able to reach or maintain profitability, and our business, financial condition, and results of operations could be harmed.We may not be able to successfully manage our growth and, if we are not able to grow efficiently, our business, financial condition, and results of operations could be harmed.

We have experienced and may continue to experience rapid growth and organizational changes, which has placed and may continue to place significant demands on our management and our operational and financial resources. Actions we may decide to take in the future in our attempt to achieve or maintain profitability may not be successful in yielding our intended results and may not appropriately address either or both of the short-term and long-term strategy of our business. In addition, any patents issued from pending or future patent applications or licensed to us in the future may not be sufficiently broad to protect our proprietary technologies, may not provide us with competitive advantages, or may be successfully challenged by third parties. Implementation of a go forward plan and any other cost-saving initiatives, including possible future restructuring efforts, may be costly and disruptive to our business, the expected costs and charges may be greater than forecasted, and the estimated cost savings may be lower than forecasted.

Because we derive substantially all of our revenue from our UiPath Business Automation Platform, failure of this platform to satisfy customer demands could adversely affect our business, financial condition, results of operations, and growth prospects.

We derive and expect to continue to derive substantially all of our revenue from our UiPath Business Automation Platform. As such, market adoption of our automation platform is critical to our continued success. Demand for our platform may be affected by a number of factors, many of which are beyond our control, including continued market acceptance and integration of our platform into our customers’ operations; the continued volume, variety, and velocity of automations that are generated through use of our platform; timing of development, and release of new offerings by our competitors; technological change, including in the areas of AI and ML systems, and the rate of growth in our market. Demand for our automation platform may be affected by a number of factors, many of which are beyond our control, including continued market acceptance and integration of our platform into our customers’ operations, the continued volume, variety, and velocity of automated tasks that are generated through use of our platform, timing of development, and release of new offerings by our competitors, technological change, and the rate of growth in our market. Additionally, the utility of our platform and products relies in part on the ability of our customers to use our automation, AI and ML products in connection with other third-party software products that are important to our customers' businesses. Additionally, the utility of our automation platform and products relies in part on the ability of our customers to use our automation products in connection with other third-party software products that are important to our customer’s business. If these third-party software providers were to modify the terms of their licensing arrangements with our customers in a manner that would reduce the utility of our products, or increase the cost to use our products in connection with these third-party software products, then our customers may no longer choose to adopt our platform or continue to use our products. If we are unable to continue to meet the demands of our customers and the developer community, our business operations, financial results, and growth prospects will be materially and adversely affected.

In addition, as we expand our business, it is important that we continue to maintain a high level of customer service and satisfaction. If we are not able to continue to provide high levels of customer service, our reputation, as well as our business, financial condition, and results of operations could be harmed. In response to Wayfair, or otherwise, states or local governments may adopt, or begin to enforce, laws requiring us to calculate, collect, and remit taxes on sales in their jurisdictions. As usage of our platform capabilities grow, we will need to continue to devote additional resources to improving and maintaining our infrastructure and integrating with third-party applications.As usage of our platform capabilities grow, we will need to devote additional resources to improving and maintaining our infrastructure and integrating with third-party applications. In addition, we have needed and will continue to need to appropriately scale our internal business systems and our services organization, including customer support and professional services, to serve our growing customer base. In addition, we will need to appropriately scale our internal business systems and our services organization, including customer support and professional services, to serve our growing customer base. Failure of, or delay in, these continuing efforts could result in impaired system performance and reduced customer satisfaction, resulting in decreased sales to new customers, lower dollar-based net retention rates, the issuance of service credits, or requested refunds, which would hurt our revenue growth and our reputation. Any failure of or delay in these efforts could result in impaired system performance and reduced customer satisfaction, resulting in decreased sales to new customers, lower dollar-based net retention rates, the issuance of service credits, or requested refunds, which would hurt our revenue growth and our reputation. Even if we are successful in our expansion efforts, they will be expensive and complex, and require the dedication of significant management time and attention. We have faced and could continue to face inefficiencies or service disruptions as a result of our efforts to scale our internal infrastructure. We could also face inefficiencies or service disruptions as a result of our efforts to scale our internal infrastructure. We cannot be sure that the expansion of and improvements to our internal infrastructure will be effectively implemented on a timely basis, if at all, and such failures could harm our business, financial condition, and results of operations.

Our business depends on our existing customers renewing their licenses and purchasing additional licenses and products from us and our channel partners. Declines or significant delays in renewals or purchases of additional licenses and products by our customers could harm our future operating results.

Part of our growth strategy relies on our ability to deliver significant value in a short time to our customers, so that our customers will scale the use of our platform throughout their enterprise. Accordingly, our future success

22

---

Table of Contents

depends in part on our ability to exhibit this value and sell additional licenses and products to our existing customers, and our customers renewing their licenses with us and our channel partners when contract terms expire. Our license agreements primarily have annual terms, and some of our license agreements have multi-year terms. We generally do not sell standalone licenses with a term of less than one year. However, during the term of an annual contract or the last year of a multi-year contract, our customers may enter into an additional license agreement with a termination date that is coterminous with the anniversary date of such annual contract. Our customers have no obligation to renew their licenses for our products after the expiration of their license period. We provide some customers the opportunity to use our platform and products for free prior to purchasing a license. We provide some customers the opportunity to use our automation platform and products for free prior to purchasing a license. We also work with our customers to identify opportunities for follow-on sales to increase our footprint within their businesses.

In order for us to maintain or improve our results of operations, it is important that our customers renew or expand their licenses with us and our channel partners. We cannot accurately predict our renewals and dollar-based net retention rate given the diversity of our customer base in terms of size, industry, and geography. Our renewals and dollar-based net retention rate may decline or fluctuate as a result of a number of factors, many of which are outside our control, including the business strength or weakness of our customers; continuing or new delays in renewals due to economic conditions; customer usage, including the ability of our customers to quickly integrate our products into their businesses and continually find new uses for our products within their businesses; cloud automation deployment or adoption issues; customer satisfaction with our products and platform capabilities and customer support; the utility of our platform to cost-effectively integrate with third-party software products; our prices; the capabilities and prices of competing products; mergers and acquisitions affecting our customer base; consolidation of affiliates’ multiple paid business accounts into a single paid business account or loss of business accounts in their entirety; the effects of global economic conditions; reductions in our customers’ spending on software solutions or their spending levels generally; perceived security or data privacy risks from the use of our products; changes in regulatory regimes that affect our customers or our ability to sell our products, including changes to sanctions and export control regimes; or changes in the views of the industry and public with regard to our products and automation products generally, including as a result of increased automation, use of AI, and displacement of human workforces. Our renewals and dollar-based net retention rate may decline or fluctuate as a result of a number of factors, many of which are outside our control, including the business strength or weakness of our customers, customer usage, including the ability of our customers to quickly integrate our products into their businesses and continually find new uses for our products within their businesses, customer satisfaction with our products and platform capabilities and customer support, the utility of our platform to cost-effectively integrate with third-party software products, our prices, the capabilities and prices of competing products, mergers and acquisitions affecting our customer base, consolidation of affiliates’ multiple paid business accounts into a single paid business account or loss of business accounts in their entirety, the effects of global economic conditions, including the immediate and longer-term effects of Russia's military operations in Ukraine and the rapidly evolving global sanctions related thereto, or reductions in our customers’ spending on IT solutions or their spending levels generally, perceived security or data privacy risks from the use of our products, changes in regulatory regimes that effect our customers or our ability to sell our products, including changes to sanctions and export control regimes, or the views of the industry and public with regard to our products and RPA products generally, including as a result of increased automation and displacement of human workforces. These factors may also be exacerbated if, consistent with our growth strategy, our customer base continues to grow to encompass larger enterprises, which may also require more sophisticated and costly sales efforts. If our customers do not purchase additional licenses and products from us or our customers fail to renew their licenses, our revenue may decline and our business, financial condition, and results of operations may be harmed.

We continually review how best to market our platform to our customers and potential customers and how to organize, train, and deploy our sales teams for efficiency and effectiveness; however, if our efforts and the changes that we are trying to implement on an ongoing basis are not successful, it could adversely affect our platform adoption and our growth.

If we are unable to attract new customers, our business, financial condition, and results of operations will be adversely affected.

To increase our revenue, we must continue to attract new customers. Our success will depend to a substantial extent on the widespread adoption of our platform and products as an alternative to existing solutions, including as an alternative to traditional systems relying on manual tasks and processes. Many enterprises have invested substantial personnel and financial resources to integrate traditional human-driven processes into their business architecture and, therefore, may be reluctant or unwilling to migrate to an automation solution. Accordingly, the adoption of automation solutions may be slower than we anticipate. A large proportion of our target market still uses traditional systems relying on manual tasks and processes for the major part of their operations. This market may need further education on the value of automation solutions in general and our platform and products in particular, and on how to integrate them into current operations. A lack of education as to how our automation platform and solutions operate may cause potential customers to prefer more traditional methodologies or their limited, internally-developed automated processes, to be cautious about investing in our platform and products, or to have difficulty integrating our platform and products into their business architecture. A lack of education as to how our automation platform and products operate may cause potential customers to prefer more traditional methodologies or their limited, internally-developed automated processes, to be cautious about investing in our platform and products, or to have difficulty integrating our platform and products into their business architecture. If we are unable to educate potential customers and change the market’s readiness to accept our technology, we may experience slower than projected growth and our business, financial condition, and results of operations may be harmed. If we are unable to educate potential customers and change the market’s readiness to accept our technology, we may experience slower than projected growth.

In addition, as our market matures, our products evolve, and competitors introduce lower cost or differentiated products that are perceived to be alternatives to our platform and products, our ability to sell licenses for our products could be impaired.18Table of ContentsIn addition, as our market matures, our products evolve, and competitors introduce lower cost or differentiated products that are perceived to be alternatives to our platform and products, our ability to sell licenses for our products could be impaired. Further, as various forms of AI, including generative AI, become more widely adopted

23

---

Table of Contents

and acceptable, if customers were to feel that our technology was not developing apace, our business and growth prospects could be harmed. The rapid evolution of AI may require the application of resources to develop, test, and maintain our products and services so that they are ethically designed to minimize unintended, harmful impacts. Similarly, our license sales could be adversely affected if customers or users within these organizations perceive that features incorporated into competitive products reduce the need for our products, or if they prefer to purchase other products that are bundled with solutions offered by other companies that operate in adjacent markets and compete with our products. As a result of these and other factors, we may be unable to attract new customers, which may have an adverse effect on our business, financial condition, and results of operations.

The markets in which we participate are competitive and if we do not compete effectively our business, financial condition, and results of operations could be harmed.The markets in which we participate are competitive and, if we do not compete effectively, our business, financial condition, and results of operations could be harmed.

Our platform and products provide automation solutions that our customers can integrate throughout their businesses. Accordingly, we compete with RPA software providers and adjacent automation and integration platform companies in markets such as low-code, BPM, iPaaS, process mining, IDP, and test automation vendors, and with enterprise platform vendors that are acquiring, building, or investing in automation and AI functionality or partnering with automation and AI providers. We also compete with companies that provide and support the traditional systems relying on manual tasks and processes that our platform and products are designed to replace, including companies that facilitate outsourcing of such tasks and processes to lower cost workers. Our customers may also internally develop their own automated solutions to address tasks particular to their business.

The automation market is a fast-growing enterprise software market and is increasingly competitive. With the introduction of new technologies and market entrants, we expect that the competitive environment will remain intense going forward. For instance, as our market becomes increasingly driven by cloud-based solutions, native cloud providers may enter this market and provide competitive offerings at lower prices. Additionally, open source alternatives for automation that are offered at no cost may impact our ability to sell our products to certain customers who may prefer to rely on these tools. Additionally, open source alternatives for automation that are offered freely may impact our ability to sell our products to certain customers who may prefer to rely on these tools at no cost. Our competitors may be able to respond more quickly to new or expanding technology, such as newly emerging generative AI technologies, and devote more resources to product development than we can. Our competitors may be able to respond more quickly and 19Table of Contentseffectively than we can to new or changing opportunities, technologies, standards, and customer requirements. The speed of technological development may prove disruptive to some of our markets if we are unable to maintain the pace of innovation. Some of our actual and potential competitors have been acquired by other larger enterprises, have made or may make acquisitions, may enter into partnerships or other strategic relationships that may provide more comprehensive products than they individually had offered, or may achieve greater economies of scale than us. In addition, new entrants not currently considered to be competitors may enter the market through acquisitions, partnerships, or strategic relationships. As we look to market and sell our products and platform capabilities to potential customers with existing internal solutions, we must convince their internal stakeholders that our products and platform capabilities are superior to their current solutions. If we fail to do so, our business, financial condition, and results of operations may be harmed. If we fail to do so, our business, results of operation and financial condition may be harmed.

If we fail to continue to differentiate our platform and products from those offered by our competitors, our business, financial condition, and results of operations may be harmed.If we fail to continue to differentiate our platform and products from those offered by our competitors, then our business, results of operations, and financial condition may be harmed.

Our competitors vary in size and in the breadth and scope of the products offered. Many of our competitors and potential competitors have greater name recognition, longer operating histories, more established customer relationships, larger marketing budgets, and greater resources than we do. Many of our competitors and potential competitors have greater name recognition, longer operating histories, more established customer relationships and installed customer bases, larger marketing budgets, and greater resources than we do. Further, other potential competitors not currently offering competitive solutions may expand their product or service offerings to compete with our products and platform capabilities. For instance, a number of our potential competitors already have close, integrated relationships with our customers and potential customers for other service offerings. If any of these potential competitors were to provide an automation solution within their current service offerings as a single, integrated solution, our customers and potential customers may choose to adopt the integrated solution due to administrative ease or other factors that are outside our control. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources and product offerings in our addressable market. Our competitors may be able to respond more quickly and effectively than we can, to new or changing opportunities, technologies, standards, and customer requirements. Our competitors may be able to respond more quickly and 19Table of Contentseffectively than we can to new or changing opportunities, technologies, standards, and customer requirements. An existing competitor or new entrant could introduce new technology that reduces demand for our products and platform capabilities. In addition to product and technology competition, we face pricing competition. Some of our competitors offer their on-premises or SaaS solutions at a lower price, which has resulted in, and may continue to result in, pricing pressures.

24

---

Table of Contents

For all of these reasons, we may not be able to compete successfully against our current or future competitors, and this competition could result in the failure of our platform to continue to achieve or maintain market acceptance, which would harm our business, financial condition, and results of operations.

If we fail to retain and motivate members of our management team or other key employees or to integrate new team members, or fail to attract additional qualified personnel to support our operations, our business and future growth prospects could be harmed.If we fail to retain and motivate members of our management team or other key employees and integrate new team members and manage management transitions, or fail to attract additional qualified personnel to support our operations, our business and future growth prospects would be harmed.

On July 7, 2023, Daniel Dines notified our board of directors that he would resign from his position as our Co-CEO, effective as of January 31, 2024. Robert Enslin, then UiPath's Co-CEO, continued to serve in the Co-CEO role through January 31, 2024. As of February 1, 2024, Mr. Enslin assumed the role of our sole CEO. Mr. Dines assumed the newly-created role of Chief Innovation Officer, and continues to serve as the Executive Chairman of the board of directors. In his new capacity at UiPath as Chief Innovation Officer, Mr. Dines plans to drive our AI and technology initiatives.

Our success and future growth depend largely upon the continued services of our executive officers, particularly Daniel Dines, Chief Innovation Officer, co-founder, and Chairman, as well as our other key employees in the areas of research and development, and sales and marketing.Our success and future growth depend largely upon the continued services of our executive officers, particularly Daniel Dines, our Chief Executive Officer, Co-Founder, and Chairman, as well as our other key employees in the areas of research and development and sales and marketing. Additionally, many members of our management team have been with us for a short period of time. From time to time, there have been and may continue to be changes in our executive management team or other key employees resulting from the hiring or the departure of these personnel. Our executive officers and other key employees are employed on an at-will basis, which means that these personnel could terminate their employment with us at any time. The loss of one or more of our executive officers, or the failure by our executive team to effectively work with our employees and lead UiPath, could harm our business. Further, in fiscal year 2023 we streamlined our senior management structure. Any of these changes may not achieve our desired results. As we experience personnel turnover, we have experienced and may continue to experience some loss of internal knowledge from time to time. The streamlining of our senior management team could introduce additional risks with fewer executives tasked with leading our organization.

Because of the complexity of our products and platform capabilities, we also are dependent on the continued service of our existing software engineers and our ability to recruit qualified new engineers. Competition for these personnel is intense, especially for engineers experienced in designing and developing RPA, AI, and ML applications. Competition for these personnel is intense, especially for engineers experienced in designing and developing RPA, AI, and ML applications, and experienced sales professionals. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Potential candidates may not perceive our compensation package, including our equity awards, as favorably as employees hired in the past given the recent volatility in the price of our Class A common stock and in the public markets. In addition, our recruiting personnel, methodology, and approach has needed to be altered and may in the future need to be altered to address a changing candidate pool and profile. In addition, our recruiting personnel, methodology, and approach may need to be altered to address a changing candidate pool and profile. We may not be able to identify or implement such changes in a timely manner.

Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers have attempted and may in the future attempt to assert that these employees, or we, have breached their legal obligations, resulting in a diversion of our time and resources. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached their legal obligations, resulting in a diversion of our time and resources. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. As some of our employees' perception of our equity awards has declined, and may decline from time to time due to the lower price of our Class A common stock, if the Class A common stock continues to experience significant volatility, or volatility increases such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to recruit and retain key employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be harmed.

Changes in our management structure and in senior leadership could affect our business and financial results.

As of February 1, 2024, Robert Enslin succeeded Daniel Dines as our CEO, and Mr. Dines became our Chief Innovation Officer, both as previously announced. Senior leadership transitions can be difficult to manage and may cause disruptions to our operations. A leadership transition may also increase the likelihood of turnover amongst our employees and result in changes in our business strategy, which may create uncertainty, and negatively impact our ability to execute our business strategy quickly and effectively. Leadership transitions may also impact our relationships with our customers and other market participants, creating uncertainty among investors, employees, and others concerning our future direction and performance. In some cases, as noted below, litigation or other actions may be necessary to protect or enforce our trademarks, patents, and other intellectual property rights against infringement or misappropriation. Any significant disruption, uncertainty, or change in

25

---

Table of Contents

business strategy could adversely affect our business, financial condition, and operating results. Finally, our organizational structure is becoming more complex as we continue to scale our operational, financial, and management controls as well as our reporting systems and procedures. If we fail to manage our anticipated growth, company personnel transitions, and change in a manner that preserves the key aspects of our corporate culture, our employee retention may suffer, which could negatively affect our products, brand, and reputation. If we or our accounting firm identify deficiencies in our internal control over financial reporting that are deemed to be material weaknesses, it could harm our operating results, adversely affect our reputation, or result in inaccurate financial reporting.

A limited number of customers represent a substantial portion of our revenue and ARR. If we fail to retain these customers, our revenue and ARR could decline significantly.

We derive a substantial portion of our revenue and ARR from sales to our top 10% of customers. As a result, our revenue and ARR could fluctuate materially and could be materially and disproportionately impacted by the purchasing decisions of these customers or any other future large customer. As a result, our revenue and ARR could fluctuate materially and could be materially and disproportionately impacted by purchasing decisions of these customers or any other significant future customer. Any of our largest customers may decide to purchase less than they have in the past, may alter their purchasing patterns at any time with limited notice, or may decide not to continue to purchase our platform and products at all, any of which could cause our revenue and ARR to decline and adversely affect our financial condition and results of operations. Any of our significant customers may decide to purchase less than they have in the past, may alter their purchasing patterns at any time with limited notice, or may decide not to continue to license our platform and products at all, any of which could cause our revenue and ARR to decline and adversely affect our financial condition and results of operations. If we do not further diversify our customer base, we will continue to be susceptible to risks associated with customer concentration. If we do not 22Table of Contentsfurther diversify our customer base, we will continue to be susceptible to risks associated with customer concentration.

We rely on our channel partners, including our strategic alliances, to generate a substantial amount of our revenue, and if we fail to expand and manage our distribution channels or fulfill our future service obligations, our revenue could decline and our growth prospects could suffer.•We rely on our channel partners and our strategic alliances to generate a substantial amount of our revenue, and if we fail to expand and manage our distribution channels, or fulfill our future service obligations, our revenue could decline and our growth prospects could suffer.

Our success significantly depends upon maintaining and growing our relationships with a variety of channel partners, and we anticipate that we will continue to depend on these partners in order to grow our business. Our channel partners enable us to extend our local and global reach, in particular with smaller customers and in geographies where we have less direct sales presence. For fiscal years 2024, 2023, and 2022, we derived a substantial amount of our revenue from sales through channel partners, and we expect to continue to derive a substantial amount of our revenue from channel partners in future periods. For the fiscal years ended January 31, 2022 and 2021, we derived a substantial amount of our revenue from sales through channel partners, and we expect to continue to derive a substantial amount of our revenue from channel partners in future periods. Our agreements with our channel partners are generally non-exclusive and do not prohibit them from working with our competitors or offering competing products, and many of our channel partners may have more established relationships with our competitors. If our channel partners choose to place greater emphasis on products of their own or those offered by our competitors, do not effectively market and sell our products, or fail to meet the needs of our customers, then our ability to grow our business and sell our products may be adversely affected. In addition, the loss of one or more of our larger channel partners, who may cease marketing our products with limited or no notice, and our possible inability to replace them, could adversely affect our sales. Moreover, our ability to expand our distribution channels depends in part on our ability to educate our channel partners about our platform and products, which can be complex. Our failure to recruit additional channel partners, or any reduction or delay in their sales of our products or conflicts between channel sales and our direct sales and marketing activities may harm our business, financial condition, and results of operations. Even if we are successful, these relationships may not result in greater customer usage of our products or increased revenue. We also bear the risk that our channel partners will fail to comply with U.S. or international anti-corruption or anti-competition laws, in which case we might be fined or otherwise penalized as a result of the agency relationship with such partners.

In addition, the financial health of our channel partners and our continuing relationships with them are important to our success. Some of these channel partners may be unable to withstand adverse changes in economic conditions, which could result in insolvency and/or the inability of such distributors to obtain credit to finance purchases of our products and services, which could negatively impact our future financial performance. In addition, weakness in the end-user market could negatively affect the cash flows of our channel partners who could, in turn, delay paying their obligations to us, which would increase our credit risk exposure. Our business could be harmed if the financial condition of some of these channel partners substantially weakened and we were unable to timely secure replacement channel partners.

Further, we from time to time enter into strategic alliance arrangements wherein we sell our products and services to a partner. These strategic alliances may include investments we make to enable the partner to create or enhance their automation practice. If the strategic alliance partner is unable to successfully create or expand their automation practice, we may not realize the benefits we expect. If the strategic alliance partner is unable to successfully create or expand their RPA practice, we may not realize the benefits we expect.

These strategic alliances may also include non-cancelable commitments we make to these third-party alliance partners whereby we plan to leverage the partner’s products or services in arrangements with third-party customers.

26

---

Table of Contents

Should we be unable to deploy the partner’s products or services in arrangements with third-party customers, it may materially and adversely impact our gross margins, profitability, and financial results in any given period. Further, these strategic alliances are a vector for potential growth and expansion for us and these alliances may not be successful and/or as profitable as we project. Further, these strategic alliances are a new vector for potential growth and expansion for us and these alliances may not be successful and/or as profitable as we project.

If we and our channel partners fail to provide sufficient high-quality consulting, training, support, and maintenance resources to enable our customers to realize significant business value from our platform, we may see a decrease in customer adoption of our platform.

Our customers sometimes request consulting and training to assist them in integrating our platform into their business, and rely on our customer support personnel to resolve issues and realize the full benefits that our platform provides. As a result, an increase in the number of customers is likely to increase demand for consulting, training, support, and maintenance related to our products. Given that our customer base and products continue to grow, we will need to provide our customers with more consulting, training, support, and maintenance to enable them to realize significant business value from our platform. We rely on our ecosystem of partners that build, train, and certify skills on our technology, as well as deploy our technology on behalf of their customers. We have been increasing our channel partner and customer enablement through our UiPath Academy and other training initiatives designed to create an ecosystem of people that are skilled in the use and integration of our platform in business operations. However, if we and our channel partners are unable to provide sufficient high-quality consulting, training, integration, and maintenance resources, our customers may not effectively integrate our automation platform into their business or realize sufficient business value from our products to justify follow-on sales, which could impact our future financial performance. Additionally, if our channel partners fail to perform or if any of our channel partners suffer reputational or brand harm, our customers may choose to not rely on our channel partners for consulting, training, integration, and maintenance resources. Additionally, if our channel partners fail to perform or if the brand for any of our channel partners is harmed, our customers may not choose to rely on our channel partners for consulting, training, integration, and maintenance resources as well. Further, some of our customers are industry leaders, and our contracts with them receive significant public attention. If we or our channel partners encounter problems in helping these customers implement our platform or if there is negative publicity regarding these engagements (even if unrelated to our services or products) our reputation could be harmed and our future financial performance could be negatively impacted. Finally, the investments required to meet the increased demand for our consulting services could strain our ability to deliver our consulting engagements at desired levels of profitability, thereby impacting our overall profitability and financial results.

If we are not able to introduce and release new features or services successfully and to make enhancements to our platform or products, particularly with respect to developing AI technologies, our business and results of operations could be adversely affected. If we cannot address such uncertainties and successfully develop new features, enhance our software, or otherwise overcome technological challenges and competing technologies, our business and results of operations could be adversely affected.

Our ability to attract new customers and increase revenue from existing customers depends in part on our ability to enhance and improve our platform and to introduce new features and services. To grow our business and remain competitive, we must continue to enhance our platform with features that reflect the constantly evolving nature of automation and AI technology and our customers’ evolving needs. For instance, with the development of next-generation solutions that utilize new and advanced features, including AI and ML, we may be required to commit significant resources to developing new products, enhancements and developments. Other companies may incorporate AI into their products more quickly or more successfully than us, which could impair our ability to compete effectively and adversely affect our financial results. The success of new products, enhancements, and developments depends on several factors including, but not limited to: our anticipation of market changes and demands for product features, successful product design and timely release of new functionality, sufficient customer demand, and cost effectiveness of our product development efforts. The success of new products, enhancements, and developments depends on several factors including, but not limited to: our anticipation of market changes and demands for product features, including successful product design and timely product introduction and conclusion, sufficient customer demand, cost effectiveness in our product development efforts, and the proliferation of new technologies that are able to deliver competitive products and services at lower prices, more efficiently, more conveniently, or more securely. In addition, because our platform is designed to operate with a variety of third-party systems, applications, data, and devices, we will need to continuously modify and enhance our platform to keep pace with changes in such systems. In addition, because our platform is designed to operate with a variety of systems, applications, data, and devices, we will need to continuously modify and enhance our platform to keep pace with changes in such systems. We may not be successful in developing these modifications and enhancements. Furthermore, the addition of features and solutions to our platform will increase our research and development expenses. Any new features that we develop may not be introduced in a timely or cost-effective manner or may not achieve the market acceptance necessary to generate sufficient revenue to justify the related expenses. It is difficult to predict customer adoption of new features. Such uncertainty limits our ability to forecast our future results of operations and subjects us to a number of challenges, including our ability to plan for and model future growth. In addition, significant delays between announcement and general availability of new functionality could adversely affect our business. If we cannot address such uncertainties and successfully develop new features, enhance our software, or otherwise overcome technological challenges and competing technologies, our business and results of operations could be adversely affected.

27

---

Table of Contents

We also offer professional services including consulting and training and must continually adapt to assist our customers in deploying our platform in accordance with their specific automation strategies. If we cannot introduce new services or enhance our existing services to keep pace with changes in our customers’ deployment strategies, we may not be able to attract new customers, retain existing customers, and expand their use of our software or secure renewal contracts, which are important for the future of our business.

Risks associated with the use of AI (including ML and large language models) in our platforms may result in reputational harm or liability.

AI is enabled by or integrated into parts of our technology platform and remains a significant and growing element of our business. As with many developing technologies, AI presents risks and challenges that could affect its further development, adoption, use, and therefore, our business. AI algorithms and models may be flawed. Our AI-related efforts, particularly those related to generative AI, or the datasets that we use in training our systems, subject us to risks related to harmful or illegal content, accuracy, bias, intellectual property infringement or misappropriation, defamation, data privacy, cybersecurity, sanctions, and export controls, among others. Third-party AI capabilities that can be integrated with our platform, including generative AI, could also produce false or "hallucinatory" inferences about customer data, enterprises, other information, or subject matter. The use of generative AI processes at scale is relatively new, and may lead to challenges, concerns, and risks that are significant, or that we may not be able to predict, especially if our use of these technologies in our products and services were to become more important to us over time. If the recommendations, forecasts, or analyses that AI applications assist in producing are deficient or inaccurate, we could be subject to competitive harm, potential legal liability, including under existing and future legislation or regulations, including in the U.S. and the EU. The rapid evolution of AI may also require additional resources to develop, test, and maintain our platforms and products to help ensure that AI is implemented appropriately in order to minimize unintended or harmful impact, which may be costly, and may not produce the benefits and results that we expect.

Some AI scenarios may present ethical issues, and the enablement or integration of AI into our platform may subject us to new or heightened legal, regulatory, ethical, or other challenges, as this is an area of rapid development. We take into consideration these challenges when designing our technologies and implementing our business practices. For example, our platform includes data governance tools and other tools, which are intended to regulate and limit user access. In addition, we have developed internal responsible AI guidelines. However, we have no assurance that these tools or guidelines, nor their implementation, will be sufficient to protect us against evolving AI-related risks. As a result, if we face any claims or litigation relating to our use of AI, including its purported, or real impact to, human rights, data privacy, employment, or other societal issues, we may experience brand or reputational harm, as well as regulatory or legal scrutiny, which could have a material adverse effect on our operations, and business outlook.

We are subject to numerous risks associated with the evolving market for products with AI capabilities.

The markets and use cases for products with AI capabilities have been rapidly evolving, are difficult to predict, and may impact demand for our products. The significant investments we have made to develop products and software to address what we believe will be increasing demand for AI capabilities may be insufficient, and we face significant hurdles, including whether demand will materialize, whether third-party developers will develop the software to utilize the AI capabilities of our products, and whether we will be successful in developing products that can compete with offerings by established competitors.

Our use of AI technology may subject us to reputational, financial, legal, or regulatory risks. As we continue to incorporate AI technology into our products and services, any failures to address concerns relating to the responsible use of the evolving AI technology in our products and services may cause harm to our reputation or result in financial liability, and as such, may increase our costs to address or mitigate such risks and issues. Any disruption as a result of cyber-attacks or similar issues, or any limitation on the capacity of our third-party hosting services, could impede our ability to onboard new customers or expand the usage of our existing customers or otherwise adversely affect our business, which could adversely affect our financial condition and results of operations. AI technology may create ethical issues, generate defective algorithms, and present other risks that create challenges with respect to its adoption. In addition, evolving rules, regulations, and industry standards governing AI may require us to expend significant resources to modify, maintain, or align our business practices or products, to comply with U.S. and non-U.S. rules and regulations, the nature of which cannot be determined at this time. Several jurisdictions around the globe, including the EU and certain U.S. states, have already proposed or enacted laws governing AI. U.S. federal agencies are likely to release AI regulations in the near future in light of the Biden administration's October 30, 2023 Executive Order on AI. The regulatory environment surrounding the impact of the implementation

28

---

Table of Contents

of AI on our products and services may adversely affect our ability to produce and export products, and as a result, may cause harm to our reputation and result in financial liability.

We offer free trials and a free tier of our platform to drive awareness of our products, and encourage use and adoption. If these marketing strategies fail to lead to customers purchasing paid licenses, our ability to grow our revenue will be adversely affected.

To encourage awareness, use, and adoption of our platform and products, we offer a community edition and enterprise trial version of our software, each of which provides free, online access to certain of our products.To encourage awareness, use, familiarity, and adoption of our platform and products, we offer a community edition and enterprise trial version of our software, each of which provides free, online access to certain of our products. This “try-before-you-buy” strategy may not be successful in driving developer education regarding or leading customers to purchase our products. Many users of our free tier may not lead to others within their organization purchasing and deploying our platform and products. To the extent that users do not become, or we are unable to successfully attract, paying customers, we will not realize the intended benefits of these marketing strategies and our ability to grow our revenue will be adversely affected.

We target enterprise customers, and sales to these customers involve risks that may not be present or that are present to a lesser extent with sales to smaller entities.24Table of ContentsWe target enterprise customers, and sales to these customers involve risks that may not be present or that are present to a lesser extent with sales to smaller entities.

Our enterprise sales force focuses on sales to large enterprise, organizational, and government agency customers. As of January 31, 2024, we had 2,054 customers with ARR of $100 thousand or more and 288 customers with ARR of $1 million or more, which accounted for approximately 86% and 52% of our revenue, respectively, for the period then ended. As of January 31, 2023, we had 1,785 customers with ARR of $100 thousand or more and 229 customers with ARR of $1 million or more, which accounted for approximately 81% and 43% of our revenue, respectively, for the period then ended. See the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Performance Metric” for a description of ARR. Sales to large customers involve risks that may not be present or that are present to a lesser extent with sales to smaller entities, such as longer sales cycles, more complex customer requirements (and higher contractual risk as a result), substantial upfront sales costs, less favorable terms, and less predictability in completing some of our sales. For example, enterprise customers may require considerable time to evaluate and test our solution and those of our competitors prior to making a purchase decision and placing an order. A number of factors influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our automation platform and products, the discretionary nature of purchasing and budget cycles, and the competitive nature of evaluation and purchasing approval processes. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, may vary significantly from customer to customer, with sales to large enterprises typically taking longer to complete and requiring greater organizational resources. Moreover, large enterprise customers often begin to deploy our products on a limited basis, but nevertheless demand configuration, integration services, and pricing negotiations, which increase our upfront investment in the sales effort with no guarantee that these customers will deploy our products widely enough across their organization to justify our substantial upfront investment.

Real or perceived errors, failures, or bugs in our platform and products could adversely affect our business, financial condition, results of operations, and growth prospects.

Our platform and products are complex and use novel technology. Undetected errors, failures, or bugs have occurred in our platform and products in the past and may occur in the future. Our platform and products are used throughout our customers’ business environments and with different operating systems, system management software, applications, devices, databases, servers, storage, middleware, custom and third-party applications and equipment, and networking configurations, which may cause errors or failures in the business environment into which our platform and products are deployed. This diversity of applications increases the likelihood of errors or failures in those business environments. Despite testing by us, real or perceived errors, failures, or bugs may not be found until our customers use our platform and products. Such failures or bugs can cause reputational damage, and in some cases can affect our revenue due to the impact of service level commitments that we offer to our customers, as described below.

Our platform and products also empower our customers to develop their own use cases for our automation platform and products. We cannot guarantee that these user-developed automations will be effective or that they do not include errors, failures, or bugs that then may be attributed, correctly or not, to our underlying technologies. For instance, our customers may use our products in a manner in which they were not intended and that could cause our platform or products to be implicated in any resulting errors or failures. Real or perceived errors, failures, or

29

---

Table of Contents

bugs in our platform and products could result in negative publicity, loss of or delay in market acceptance of our platform and products, regulatory investigations and enforcement actions, harm to our brand, weakening of our competitive position, claims by customers for losses sustained by them, or failure to meet the stated service level commitments in our customer agreements. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend significant additional resources in order to help correct the problem. Any errors, failures, or bugs in our platform or products could also impair our ability to attract new customers, retain existing customers, or expand their use of our software, which would adversely affect our business, financial condition, and results of operations.

Incorrect or improper implementation or use of our platform and products could result in customer dissatisfaction and harm our business, financial condition, results of operations, and growth prospects.

Our automation platform and products and related services are designed to be deployed in a wide variety of technology environments, including in large-scale, complex technology environments across a wide range of use cases. We believe our future success will depend, at least in part, on our ability and the ability of our channel partners to support such deployments. We believe our future success will depend, at least in part, on our ability and the ability of our channel 25Table of Contentspartners to support such deployments. Implementations of our platform may be technically complicated and it may not be easy to maximize the value of our platform without proper implementation and training. If our customers are unable to implement our platform successfully or in a timely manner, or if our customers perceive that the implementation of our platform is too complex or time-consuming, customer perceptions of us and our software may be impaired, our reputation and brand may suffer, and customers may choose not to renew their licenses or increase their purchases of our related services. If our customers are unable to implement our platform successfully, or in a timely manner, or if our customers perceive that the implementation of our platform is too complex or time consuming, customer perceptions of our company and our software may be impaired, our reputation and brand may suffer, and customers may choose not to renew their licenses or increase their purchases of our related services.

We regularly train our customers and channel partners in the proper use of, and the variety of benefits that can be derived from, our automation platform and products to maximize their potential. We and our channel partners often work with our customers to achieve successful implementations, particularly for large, complex deployments. Our failure or the failure of our channel partners to train customers on how to efficiently and effectively deploy and use our platform and products, or our failure or the failure of our channel partners to provide effective support or professional services to our customers, whether actual or perceived, may result in negative publicity or legal actions against us. Also, as we continue to expand our customer base, any actual or perceived failure by us or our channel partners to properly provide these services will likely result in lost opportunities for follow-on sales of our related services.

We rely upon third-party providers of cloud-based infrastructure to host our cloud-based products. Any disruption in the operations of these third-party providers, limitations on capacity, or interference with our use could adversely affect our business, financial condition, and results of operations.

Our continued growth depends in part on the ability of our existing and potential customers to continue to adopt and utilize our cloud-based products in conjunction with our platform. We outsource substantially all of the infrastructure relating to our cloud-based products to third-party hosting services. Customers of our cloud-based products expect to be able to access these products at any time, without material interruption or degradation of performance. Our cloud-based products depend on virtual cloud infrastructure hosted by third-party hosting services. UiPath protects these services by maintaining the configuration, architecture, features, and interconnection specifications, as well as the information stored in these virtual data centers, which is transmitted by third-party internet service providers. Any disruption as a result of cyberattacks or similar issues, or any limitation on the capacity of our third-party hosting services, could impede our ability to onboard new customers or expand the usage of our existing customers, or otherwise adversely affect our business, which could adversely affect our financial condition and results of operations. Due to the fact that we rely on third-party providers of cloud-based infrastructure to host our cloud-based products, it may become increasingly difficult to maintain and improve their performance, especially during peak usage times and as our cloud capabilities become more complex and our user traffic increases, because we do not control the infrastructure supporting these services. In addition, any incident affecting our third-party hosting services’ infrastructure that may be caused by cyberattacks, natural disasters, fire, flood, severe storm, earthquake, power loss, telecommunications failures, outbreaks of contagious diseases, military actions, terrorist or other attacks, and other similar events beyond our control could negatively affect our cloud-based products. If our cloud-based products are unavailable, or if our users are unable to access our cloud-based products within a reasonable amount of time or at all, we may experience a loss of customers, loss or delay of market acceptance of our platform and products, delays in payment to us by customers, harm to our reputation and brand, legal claims against us, and the diversion of our resources. If our cloud-based products are unavailable or if our users are unable to access our cloud-based products within a reasonable amount of time or at all, we may experience a loss of customers, lost or delayed market acceptance of our platform and products, delays in payment to us by customers, injury to our reputation and brand, legal claims against us, and the diversion of our resources. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the third-party hosting services we use.

30

---

Table of Contents

In the event that our service agreements with our third-party hosting services are terminated, or there is a lapse of service, elimination of services or features that we utilize, interruption of internet service provider connectivity, or damage to such facilities, we could experience interruptions in access to our cloud-based products as well as significant delays and additional expense in arranging or creating new facilities and services, and/or re-architecting our cloud-based products for deployment on a different cloud infrastructure service provider, which could adversely affect our business, financial condition, and results of operations.

Seasonality may cause fluctuations in our sales and results of operations.

Historically, we have experienced seasonality in new and renewal customer bookings, as typically we enter into a higher percentage of license agreements with new customers and renewals with existing customers in the fourth quarter of our fiscal year. We believe that this seasonality results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers. While we believe that this seasonality has affected and will continue to affect our quarterly or annual results, we expect that this seasonality will become more pronounced as we continue to target larger enterprise customers and as our rapid growth begins to slow. While we believe that this seasonality has affected and will continue to affect our quarterly or annual results, our rapid growth has largely masked seasonal trends to date. Seasonal fluctuations in our sales means that our revenue may not be consistent from period to period. Accordingly, our quarterly or annual results should not be expected to be predictive of any future period. Accordingly, you should not expect our quarterly or annual results to be predictive of any future period.

Our key performance metric, ARR, and certain other operational data in this report are subject to assumptions and limitations and may not provide an accurate indication of our future or expected results.Our key operating metric, ARR, and certain other operational data in this report are subject to assumptions and limitations and may not provide an accurate indication of our future or expected results.

ARR is based on numerous assumptions and limitations, is calculated using our internal data that has not been independently verified by third parties, and may not provide an accurate indication of our future or expected results. We define ARR as annualized invoiced amounts per solution SKU from subscription licenses and maintenance and support obligations assuming no increases or reductions in customers' subscriptions. We define ARR as annualized invoiced amounts per solution SKU from subscription licenses and maintenance obligations assuming no increases or reductions in their subscriptions. ARR does not include the costs we may incur to obtain such subscription licenses or provide such maintenance and support, and does not include invoiced amounts associated with perpetual licenses or professional services. ARR does not include the costs we may incur to obtain such subscription licenses or provide such maintenance, and does not include invoiced amounts reported as perpetual licenses or professional services revenue in our consolidated statements of operations. ARR is not a forecast of future revenue and does not reflect any actual or anticipated reductions in invoiced value due to contract non-renewals or service cancellations other than for certain reserves, such as those for credit losses or disputed amounts. ARR is not a forecast of revenue and does not reflect any actual or anticipated reductions in invoiced value due to contract non-renewals or service cancellations other than for specific bad debt or disputed amounts. As a result, ARR and our other operational data may not reflect our actual performance, and investors should consider these metrics in light of the assumptions used in calculating such metrics and limitations as a result thereof. In addition, investors should not place undue reliance on these metrics as an indicator of our future or expected results. Moreover, these metrics may differ from similarly titled metrics presented by other companies and may not be comparable to such other metrics. See the sections titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Performance Metric” for additional information regarding our ARR.

We may require additional capital to support the growth of our business, and this capital may not be available on acceptable terms, if at all.

We have funded our operations since inception primarily through customer payments and net proceeds from sales of equity securities. We cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations, our planned investments, or the growth of our business. Following our IPO, we focused on growing our business to take advantage of our market opportunities. While growth remains important, we are also focused on the path to profitability. Our planned investments to drive growth may require us to engage in equity or debt financings to secure additional funds. Additional financing may not be available on terms favorable to us, if at all. The effects of the disruptions to and volatility in the credit and financial markets in the U.S. and worldwide from geopolitical and macroeconomic events could limit our access to financing and increase our costs of borrowing.

If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, financial condition, and results of operations. If we incur debt, the debt holders would have rights senior to holders of Class A common stock to make claims on our assets, and the terms of any future debt could restrict our operations, including our ability to pay dividends on our Class A common stock. Furthermore, if we issue additional equity securities, stockholders will experience dilution, and the new equity securities could have rights senior to those of our Class A common stock. Because our decision to issue securities in the future will depend on numerous considerations, including factors beyond our control, we cannot predict or estimate the amount, timing, or nature of any future issuances of debt or equity securities. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our Class A common stock and diluting their interests.

31

---

Table of Contents

If we fail to maintain and enhance our brand, our ability to expand our customer base will be impaired and our business, financial condition, and results of operations may suffer.

We believe that maintenance and enhancement of UiPath brand is important to support the marketing and sale of our existing and future products to new customers and expand sales of our platform and products to existing customers.We believe that maintaining and enhancing the UiPath brand is important to support the marketing and sale of our existing and future products to new customers and expand sales of our platform and products to existing customers. We also believe that the importance of brand recognition will increase as competition in our market increases. Successful maintenance and enhancement of our brand will depend largely on the effectiveness of our marketing efforts, our ability to provide reliable products that continue to meet the needs of our customers at competitive prices, our ability to maintain our customers’ trust, our ability to show that our products improve efficiency for our customers while improving engagement and satisfaction of their employees, our ability to continue to develop new functionality and use cases, our ability to successfully differentiate our products and platform capabilities from competitive products, and our ability to adequately obtain and protect our trademarks and trade names. Successfully maintaining and enhancing our brand will depend largely on the effectiveness of our marketing efforts, our ability to provide reliable products that continue to meet the needs of our customers at competitive prices, our ability to maintain our customers’ trust, our ability to show that our products improve efficiency for our customers while improving engagement and satisfaction of their employees, our ability to continue to develop new functionality and use cases, our ability to successfully differentiate our products and platform 28Table of Contentscapabilities from competitive products and our ability to adequately obtain and protect our trademarks and trade names. Our brand promotion activities may not generate customer awareness or yield increased revenue, and even if they do, any increased revenue may not offset the expenses we incur in building our brand.

Our ability to maintain and enhance our brand may also be subject to factors that are outside of our control. For instance, media stories regarding the potential effects on employment of automation and technologies that replace traditional, human-driven systems are commonplace. Unfavorable publicity regarding the impact automation may have on unemployment could harm our brand and reputation, even if unrelated to our products. Such negative publicity could also reduce the potential demand and size of the market for our products and decrease our revenue.

We may not be able to protect all of our registered or unregistered trademarks or trade names relevant to our brand, and our rights may be challenged, infringed, circumvented, declared generic, lapsed, or determined to be infringing on or dilutive of other marks. If we are unable to protect our rights in these trademarks and trade names, third parties may file for registration of trademarks similar or identical to our trademarks, thereby impeding our ability to build brand identity and possibly leading to market confusion. If we fail to successfully promote and maintain our brand, our business, financial condition, and results of operations may suffer.

If we cannot maintain our corporate culture as we grow, our success and our business and competitive position may be harmed.If we cannot maintain our company culture as we grow, our success and our business and competitive position may be harmed.

We believe our culture has been a key contributor to our success to date and that the critical nature of the technology that we develop promotes a sense of greater purpose and fulfillment in our employees. We have developed a culture in which our employees adhere to our core tenets of being humble, bold, immersed, and fast. As we continue to hire more employees to keep pace with our growth, it may become more difficult for us to find employees that exhibit these values or to instill them in our new employees. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel, which is critical to our growth, and our ability to effectively focus on and pursue our corporate objectives. As we grow and develop our corporate infrastructure, we may find it difficult to maintain these important aspects of our culture. As we grow and develop the infrastructure of a public company, we may find it difficult to maintain these important aspects of our culture. If we fail to maintain our company culture, our business and competitive position may be harmed.

Indemnity provisions in various agreements to which we are party potentially expose us to substantial liability for infringement, misappropriation, or other violation of intellectual property rights, data protection, and other losses.

Our agreements with our customers and other third parties may include indemnification provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of infringement, misappropriation, or other violation of intellectual property rights, data protection, damages caused by us to property or persons, or other liabilities relating to or arising from our software, services, or platform, our acts or omissions under such agreements, or other contractual obligations. Some of these indemnity agreements provide for uncapped liability and some indemnity provisions survive termination or expiration of the applicable agreement. Large indemnity payments could harm our business, financial condition, and results of operations. Although we attempt to contractually limit our liability with respect to such indemnity obligations, we are not always successful and may still incur substantial liability related to them, and we may be required to cease use of certain functions of our platform or products as a result of any such claims. Any dispute with a customer or other third-party with respect to such obligations could have adverse effects on our relationship with such customer or other third-party and other existing or prospective customers, reduce demand for our products and services, and adversely affect our business, financial condition, and results of operations. Any dispute with a customer or other third party with respect to such obligations could have adverse effects on our relationship with such customer or other third party and other existing or prospective customers, reduce demand for our products and services, and adversely affect our business, financial conditions, and results of operations. In addition, although we carry general liability and cybersecurity insurance, our insurance may not be adequate to indemnify us for all liability that may be imposed or otherwise

32

---

Table of Contents

protect us from liabilities or damages with respect to claims alleging compromises of customer data, and any such coverage may not continue to be available to us on acceptable terms or at all.

We have in the past engaged, and may in the future engage, in acquisition and investment activities, which could divert the attention of management, disrupt our business, dilute stockholder value, and adversely affect our results of operations and financial condition.

As part of our business strategy, we continually evaluate opportunities to acquire or invest in businesses, products, or technologies that we believe could complement or expand our products and solutions, enhance our technical capabilities, or otherwise offer growth opportunities. For example, in March 2021, we acquired Cloud Elements, Inc., a provider of a leading API integration platform for SaaS application providers and the digital enterprise. In July 2022, we acquired Re:infer, an NLP company for unstructured documents and communications. In the future, we may be unable to identify suitable acquisition candidates and, even if we do, we may not be able to complete desired acquisitions on favorable terms, if at all. If we are unable to complete acquisitions, we may not be able to strengthen our competitive position or achieve our goals. Future acquisitions and investments may result in unforeseen operating difficulties and expenditures, including disruption of our ongoing operations, diversion of management attention, and increased expenses and liabilities. An acquisition may also negatively affect our financial results because it may:

•require us to incur charges or assume substantial debt;

•cause adverse tax consequences or unfavorable accounting treatment;

•expose us to claims and disputes by third parties, including intellectual property and privacy claims and disputes;

•not generate sufficient financial return to offset additional costs and expenses related to the acquisition;

•cause us to incur liabilities for activities of the acquired company before the acquisition;

•cause us to record impairment charges associated with goodwill or acquired intangible assets; and

•cause other unforeseen operating difficulties and expenditures.

Moreover, to pay for an acquisition or investment, we would have to use cash, incur debt and/or issue equity securities, each of which may affect our financial condition or the value of our Class A common stock and (in the case of equity financing) could result in dilution to our stockholders.

In addition, a failure to successfully integrate the operations, personnel, or technologies of an acquired business could impact our ability to realize the full benefits of such an acquisition. Our limited experience acquiring companies increases these risks. If we are unable to achieve the anticipated strategic benefits of an acquisition, or if the integration, or the anticipated financial and strategic benefits, including any anticipated cost savings, revenue opportunities, or operational synergies, of such an acquisition are not realized as rapidly as or to the extent anticipated by us, our business, financial condition, and results of operations, could suffer.The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements.

Our aspirations and disclosures related to ESG matters expose us to risks that could adversely affect our reputation and performance.

We have issued baseline ESG impact reports, and are in the process of determining emissions baselines and plan to set corporate goals. Our reports and statements reflect our current plans and aspirations and are not guarantees that we will be able to achieve them. Our failure to accomplish or accurately track and report on these goals on a timely basis, or at all, could adversely affect our reputation, financial performance, and growth, and expose us to increased scrutiny from the investment community as well as enforcement authorities. Because patent applications can take years to issue and are often afforded confidentiality for some period of time there may currently be pending applications, unknown to us, that later result in issued patents that could cover our current or future technologies or products.

Standards for tracking and reporting ESG (including sustainability, climate and human capital) matters continue to evolve. Our selection of voluntary disclosure frameworks and standards, and the interpretation or application of those frameworks and standards, may change from time to time or differ from those of others. This may result in a lack of consistent comparative data from period to period or between UiPath and other companies in the same industry. In addition, our processes and controls may not comply with evolving standards for identifying, measuring, and reporting ESG metrics, including ESG-related disclosures that may be required of public companies by the SEC and other regulatory agencies to which we may be subject, including newly-adopted SEC climate-

33

---

Table of Contents

related disclosure requirements and the EU's CSRD which is still subject to member country adoption; such standards may change over time, which could result in significant revisions to our current goals, reported progress in achieving such goals, or ability to achieve such goals in the future.

If our ESG practices do not meet evolving investor, customer, or other stakeholder expectations and standards, our reputation, our ability to attract or retain employees, and our attractiveness as an investment, business partner, acquirer, or service provider could be negatively impacted. Further, our failure or perceived failure to pursue or fulfill our goals and objectives, or to satisfy various reporting standards on a timely basis, or at all could have similar negative impacts or expose us to government enforcement actions and private litigation.

We have undertaken, and may in the future undertake, internal restructuring activities that could result in disruptions to our business or otherwise materially harm our results of operations or financial condition.

From time to time, we have undertaken and may continue to undertake internal restructuring activities in an effort to better align our resources with our business strategy. For example, we initiated a restructuring plan in June 2022 that resulted in a reduction in our global workforce by approximately 5%, aimed at simplifying our go-to-market approach to improve market segmentation, increase sales productivity, and provide best-in-class customer experience and outcomes. In November 2022, our board of directors approved further restructuring actions to reduce our global workforce across functions by an additional 6%. The aforementioned workforce restructuring actions were completed during the second quarter of fiscal year 2024. We incur substantial costs to implement restructuring plans, and our restructuring activities may subject us to reputational risks and litigation risks and expenses. There can be no assurance that any restructuring activities that we have undertaken or undertake in the future will achieve the cost savings, operating efficiencies, or other benefits that we may initially expect. In addition, restructuring activities may result in loss of institutional knowledge and expertise, attrition beyond our intended reduction in force, or a negative impact on employee morale and productivity or our ability to attract highly skilled employees. In addition, any patents issued from pending or future patent applications or licensed to us in the future may not be sufficiently broad to protect our proprietary technologies, may not provide us with competitive advantages, or may be successfully challenged by third parties. Internal restructurings can also require a significant amount of time and focus from management and other employees, which may divert attention from commercial operations. If any internal restructuring activities we have undertaken or undertake in the future fail to achieve some or all of the expected benefits, our business, financial condition, and results of operations could be materially and adversely affected.

Any future litigation against us could be costly and time-consuming to defend.

We are subject and may in the future become subject to legal proceedings and claims that arise in the ordinary course of business, such as claims brought by our customers in connection with commercial disputes or employment claims made by our current or former employees.We are, and may in the future become, subject to legal proceedings and claims that arise in the ordinary course of business, such as claims brought by our customers in connection with commercial disputes or employment claims made by our current or former employees. In addition, we have been sued by potential class action plaintiffs and have been sued in several potential derivative actions in connection therewith. Litigation might result in substantial costs and may divert management’s attention and resources, which might seriously harm our business, financial condition, and results of operations. Insurance might not cover such claims, might not provide sufficient payments to cover all the costs to resolve one or more such claims, and might not continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, potentially harming our business, financial condition, and results of operations.

Risks Related to Data Privacy and Cybersecurity

We are subject to stringent and evolving U.S. and foreign laws, regulations, and rules, contractual obligations, industry standards, policies, and other obligations related to data privacy and security. Our actual or perceived failure to comply with such obligations could lead to adverse business consequences, including regulatory investigations or actions; litigation (including class claims) and mass arbitration demands; fines and penalties; business disruptions; reputational harm; loss of revenue or profits; and loss of customers or sales. Our actual or perceived failure to comply with such obligations could lead to regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss of revenue or profits; loss of customers or sales; and other adverse business consequences.

In the ordinary course of business, we collect, receive, access, generate, transfer, store, disclose, share, make accessible, protect, secure, dispose of, and use (collectively, process) personal data and other sensitive information, including proprietary and confidential business data, trade secrets, intellectual property, financial information, geolocation information, social security numbers, government-issued identification information, and sensitive third-party data about employees, contractors, customers, suppliers, and others (collectively, sensitive information).In the ordinary course of business, we collect, receive, access, generate, transfer, store, disclose, share, make accessible, protect, secure, dispose of, use, share and otherwise process personal data and other sensitive information, including proprietary and confidential business data, trade secrets, intellectual property, sensitive third- 30Table of Contentsparty data about employees, contractors, customers, suppliers, and others. Our data processing activities subject us to numerous data privacy and security obligations, such as

34

---

Table of Contents

various laws, codes, regulations, industry standards, external and internal privacy and security policies, contracts, and other obligations.

In the U.S., federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, and consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., wiretapping laws). For example, HIPAA, as amended by the HITECH, imposes specific requirements relating to the privacy, security, and transmission of individually identifiable protected health information.

In the past few years, numerous U.S. states—including California, Virginia, Colorado, Connecticut, and Utah—have enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data. As applicable, such rights may include the right to access, correct, or delete certain personal data, and to opt-out of certain data processing activities, such as targeted advertising, profiling, and automated decision-making. The exercise of these rights may impact our business and our ability to provide products and services. Certain states also impose stricter requirements for processing certain personal data, including sensitive information, such as conducting data privacy impact assessments. These state laws allow for statutory fines for non-compliance. For example, the CCPA, as amended by the California Privacy Rights Act of 2020 (CPRA) (collectively CCPA), applies to personal data of consumers, business representatives, and employees who are California residents, and requires businesses to provide specific disclosure in privacy notices and honor requests of such individuals to exercise certain privacy rights. The CCPA provides for fines of up to $7,500 per intentional violation and allows private litigants affected by certain data breaches to recover significant statutory damages. Similar laws are being considered in several other states, as well as at the federal and local levels, and we expect more states to pass similar laws in the future. These developments further complicate our compliance efforts, and increase legal risk and compliance costs for us, the third parties upon whom we rely, and our customers.

Additionally, under various privacy laws and other obligations, we may be required to obtain certain consents to process personal data. For example, some of our data processing practices may be challenged under wiretapping laws, if we obtain consumer information from third parties through various methods, including chatbot and session replay providers, or via third-party marketing pixels. These practices may be subject to increased challenges by class action plaintiffs. Our inability or failure to obtain consent for these practices could result in adverse consequences, including class action litigation and mass arbitration demands. In the EEA, the Collective Redress Directive (effective June 2023) will allow collective actions to be brought by a representative body against businesses if they breach legislation intended to protect EU consumers, including for data protection matters.

Outside the U.S., an increasing number of laws, regulations, and industry standards apply to data privacy and security. The EU GDPR, the U.K. GDPR (collectively, "GDPR"), Brazil’s LGPD, India's Digital Personal Data Protection Act, and China’s PIPL impose strict requirements for processing personal data. For example, under the GDPR, companies may face temporary or definitive bans on data processing; fines of up to 20 million euros under the EU GDPR, 17.5 million pounds sterling under the U.K. GDPR or, in each case 4% of annual global revenue, whichever is greater; or private litigation related to processing of personal data brought by classes of data subjects or consumer protection organizations authorized by law to represent their interest. We may have to change our business practices to comply with such obligations. In Canada, the Personal Information Protection and Electronic Documents Act and various related provincial laws, as well as Canada's Anti-Spam Legislation, apply to our operations. As another example, the LGPD applies to our operations. The LGPD broadly regulates processing personal data of individuals in Brazil and imposes compliance obligations and penalties comparable to those of the EU GDPR. We also target customers in Asia, have operations Asia including in Japan, Singapore, India, and Hong Kong, and are subject to new and emerging data privacy regimes including China’s PIPL, Japan’s Act on the Protection of Personal Information, and Singapore’s Personal Data Protection Act. We also target customers in Asia and have operations in Japan, Singapore, India, Hong Kong, and Australia and are subject to new and emerging data privacy regimes in Asia, including China’s Personal Information Protection Law, Japan’s Act on the Protection of Personal Information, and Singapore’s Personal Data Protection Act. We are also subject to the EU DSA, which requires us to further change our products, policies, and procedures. These new regulations create additional reporting obligations and oblige us to enhance our content moderation practices, update our internal procedures to allow users to notify of illegal content, and create internal mechanisms to handle complaints. Failures to comply with the DSA obligations may result in fines up to 6% of global turnover. In addition, privacy advocates and industry groups have proposed, and may propose, standards with which we are legally or contractually bound to comply.

Our employees and personnel may use generative AI technologies to perform their work, and the disclosure and use of personal data in generative AI technologies is subject to various privacy laws and other privacy obligations. Governments have passed and are likely to pass additional laws regulating generative AI. Our use of

35

---

Table of Contents

this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. We also use AI/ML to assist us in making certain decisions, which is regulated by certain privacy laws. For example, certain privacy laws extend rights to consumers (such as the right to delete certain personal data) and regulate automated decision-making, which may be incompatible with our use of AI/ML. These obligations may make it harder for us to conduct our business using AI/ML, lead to regulatory fines or penalties, require us to change our business practices, retrain our AI/ML, or prevent, or limit our use of AI/ML. Furthermore, the FTC has required other companies to turn over (or disgorge) valuable insights or trainings generated through the use of AI/ML, where the FTC alleges those companies have violated privacy and consumer protection laws. If we cannot use AI/ML, or that use is restricted, our business may be less efficient, or we may be at a competitive disadvantage. Furthermore, in Europe, the proposed European Artificial Intelligence Regulation (EU AI Act), which has extraterritorial scope, will impose onerous obligations for providers and deployers of AI-related systems. Furthermore, in Europe, there is a proposed regulation related to artificial intelligence (“AI”) that, if adopted, could impose onerous obligations related to the use of AI-related systems.

Certain jurisdictions have enacted data localization laws and cross-border personal data transfer laws, which could make it more difficult to transfer information across jurisdictions (such as transferring or receiving personal data that originates in the EU or in other foreign jurisdictions). Existing mechanisms that facilitate cross-border personal data transfers may change or be invalidated. For example, absent appropriate safeguards or other circumstances, the EU GDPR generally restricts the transfer of personal data to countries outside of the EEA that the European Commission does not consider to provide an adequate level of data privacy and security, such as the U.S. The European Commission released a set of SCCs that are designed to be a valid mechanism to facilitate personal data transfers out of the EEA to these jurisdictions. Currently, these SCCs are a valid mechanism to transfer personal data outside of the EEA, but there exists some uncertainty regarding whether the SCCs will remain a valid mechanism. Additionally, the SCCs impose additional compliance burdens, such as conducting transfer impact assessments to determine whether additional security measures are necessary to protect the at-issue personal data.

In addition, Switzerland and the U.K. similarly restrict personal data transfers outside of those jurisdictions to countries such as the U.S. that do not provide an adequate level of personal data protection, and certain countries outside Europe (e.g. Brazil, China, Russia) have also passed or are considering laws requiring local data residency, or otherwise impeding the transfer of personal data across borders, any of which could increase the cost and complexity of doing business. Although there are currently various mechanisms that may be used to transfer personal data from the EEA, U.K., and Switzerland to the U.S. in compliance with law, such as the U.K.'s International Data Transfer Agreement / Addendum, the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework and the U.K. extensions thereto (which allows for transfers to relevant U.S.-based organizations who self-certify compliance and participate in the Framework), these mechanisms are subject to legal challenges, and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the U.S.

If we were unable to implement or maintain a valid compliance mechanism for cross-border data transfers, or if the requirements for a legally-compliant transfer are too onerous, we could face significant adverse consequences, including the interruption or degradation of our operations, the need to relocate part of or all of our business or data processing activities to other jurisdictions (such as the EEA) at significant expense, increased exposure to regulatory actions, substantial fines and penalties, and injunctions against processing or transferring personal data from the EEA or other foreign jurisdictions. The inability to import personal data to the U.S. could significantly and negatively impact our business operations, including by limiting our ability to collaborate with parties that are subject to such cross-border data transfer or localization laws, by or requiring us to increase our personal data processing capabilities and infrastructure in foreign jurisdictions at significant expense. Additionally, companies that transfer personal data out of the EEA and U.K. to other jurisdictions, particularly to the U.S., are subject to increased scrutiny from regulators, individual litigants, and activist groups. Some European regulators have ordered certain companies to suspend or permanently cease certain transfers out of the EEA for allegedly violating the GDPR's cross-border data transfer limitations.

In addition to data privacy and security laws, we are contractually subject to industry standards adopted by industry groups, and we may become subject to additional such obligations in the future.

Our obligations related to data privacy and security (and consumers' data privacy expectations) are quickly changing, becoming increasingly stringent, and creating uncertainty.

Our business model materially depends on our ability to process personal data, so we are particularly exposed to the risks associated with the rapidly changing legal landscape. For example, we may be at heightened

36

---

Table of Contents

risk of regulatory scrutiny, and any changes in the regulatory framework could require us to fundamentally change our business model. We may at times fail (or be perceived to have failed) in our efforts to comply with our data privacy and security obligations. Moreover, despite our efforts, our personnel or the third parties upon whom we rely may fail to comply with such obligations, which could negatively impact our business operations and compliance posture. Moreover, despite our efforts, our personnel or third parties upon whom we rely may fail to comply with such obligations, which could negatively impact our business operations and compliance posture. For example, any failure by a third-party processor to comply with applicable laws, regulations, or contractual obligations could result in adverse effects, including inability to or interruption in our ability to operate our business and proceedings against us by governmental entities or others. For example, any failure by a third-party processor to comply with applicable law, regulations, or contractual obligations could result in adverse effects, including inability to or interruption in our ability to operate our business and proceedings against us by governmental entities or others.

If we or the third parties upon whom we rely fail, or are perceived to have failed, to address or comply with data privacy and security obligations, we could face significant consequences, including, but not limited to: government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class action claims) and mass arbitration demands; additional reporting requirements and/or oversight; temporary or permanent bans on processing personal data; orders to destroy or not use personal data; and imprisonment of company officials., investigations, fines, penalties, audits, inspections, and similar); litigation (including class- related claims); additional reporting requirements and/or oversight; bans on processing personal data; orders to destroy or not use personal data; and imprisonment of company officials. In particular, plaintiffs have become increasingly more active in bringing privacy-related claims against companies, including class action claims and mass arbitration demands. Some of these claims allow for the recovery of statutory damages on a per violation basis, and if viable, carry the potential for monumental statutory damages, depending on the volume of data and the number of violations. Any of these events could have a material adverse effect on our reputation, business, or financial condition, including but not limited to: loss of customers; interruptions or stoppages in our business operations (including interruptions or stoppages of data collection needed to train our algorithms); inability to process personal data or to operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; or substantial changes to our business model or operations.

Additionally, we publish privacy policies, marketing materials and other statements, such statements regarding our compliance with certain certifications or self-regulatory principles, regarding data privacy and security. If these policies, material, or statements are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators, or other adverse consequences. Although we endeavor to comply with our privacy policies and other data protection obligations, we may at times fail to do so or may be perceived to have failed to do so. Moreover, despite our efforts, we may not be successful in achieving compliance if our employees, contractors, service providers, or vendors fail to comply with our published policies and documentation. Such failures could subject us to potential foreign, federal, state, and local action..

Claims that we have violated individuals’ privacy rights or failed to comply with privacy policies and other data protection obligations, even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business. We are also bound by contractual obligations related to data privacy and security (including related to industry standards), and our efforts to comply with such obligations may not be successful. For example, certain privacy laws, such as the GDPR and the CCPA, require our customers to impose specific contractual restrictions on their service providers. Additionally, some of our customer contracts require us to host personal data locally.

We have in the past received and may in the future receive inquiries from or be subject to investigations by data protection authorities regarding, among other things, our privacy, data protection, and information security practices.We have in the past and may in the future receive inquiries or be subject to investigations by international government entities regarding, among other things, our privacy, data protection, and information security practices. We have been subject to investigations by regulators in Romania and Turkey in connection with a security incident affecting our information technology systems in 2020; however, we have remediated the incident and notified all affected individuals and relevant data protection authorities as required under applicable privacy laws. Both investigations were recently finalized. The Turkish authority imposed a fine of approximated $4 thousand. The Romanian investigation resulted in the imposition of a 70 thousand Euro penalty in addition to various reporting and oversight obligations. The result of these investigations could impact our brand reputation, subject us to monetary remedies and costs, interrupt or require us to change our business practices, divert resources and the attention of management from our business, or subject us to other remedies that adversely affect our business.

If our information technology systems or data, or those of third parties upon which we rely, are or were compromised, we could experience adverse consequences resulting from such compromise, including but not limited to regulatory investigations or actions; litigation; fines and penalties; disruptions

37

---

Table of Contents

of our business operations; reputational harm; loss of revenue or profits; loss of customers or sales; and other adverse consequences.

In the ordinary course of our business, we and the third parties upon which we rely process proprietary, confidential, and sensitive information, including personal data, intellectual property, and trade secrets.In the ordinary course of our business, we may process proprietary, confidential, and sensitive data, including personal data (such as health-related data), intellectual property, and trade secrets. Cyberattacks, malicious internet-based activity, online and offline fraud, and other similar activities threaten the confidentiality, integrity, and availability of our sensitive information and information technology systems and those of the third parties upon which we rely. Such threats are prevalent and continue to rise, are increasingly difficult to detect, and come from a variety of sources, including traditional computer "hackers", threat actors, "hacktivists", organized criminal threat actors, personnel (such as employee theft or misuse), and sophisticated nation-state and nation-state supported actors. Some actors now engage and are expected to continue to engage in cyberattacks, including without limitation, nation-state actors for geopolitical reasons, in conjunction with military conflicts and defense activities. During times of geopolitical and other major conflicts, we, the third-party service providers upon which we rely, and our customers may be vulnerable to a heightened risk of these attacks, including retaliatory cyberattacks, that could materially disrupt our systems and operations, supply chain, and ability to produce, sell, and distribute our goods and services.

We and the third parties upon which we rely may be subject to a variety of evolving threats. These include but are not limited to; social-engineering attacks (including through deepfakes, which may be increasingly difficult to identify as fake, and phishing attacks), malicious code (such as viruses and worms), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks, credential stuffing attacks, credential harvesting, personnel misconduct or error, ransomware attacks, supply chain attacks, software bugs, server malfunctions, software or hardware failures, loss of data or other information technology assets, adware, telecommunications failures, attacks enhanced or facilitated by AI, and other similar threats. We and the third parties upon which we rely may be subject to a variety of evolving threats, including but not limited to social- engineering attacks (including through phishing attacks), malicious code (such as viruses and worms), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks (such as credential stuffing), personnel misconduct or error, ransomware attacks, supply-chain attacks, software bugs, server malfunctions, software or hardware failures, loss of data or other information technology assets, adware, telecommunications failures, and other similar threats. In particular, severe ransomware attacks have become increasingly prevalent and can lead to significant interruptions in our operations, ability to provide our products or services, loss of sensitive data and income, reputational harm, and diversion of resources. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, financial condition, and results of operations could be harmed. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments.

We are incorporated into the supply chain of a large number of companies worldwide and, as a result, if our solutions are compromised, a significant number or, in some instances, all of our customers, and their data could be simultaneously affected. The potential liability and associated consequences we could suffer as a result of such a large-scale event could be catastrophic, and result in irreparable harm. In addition, remote work has become more common, and has increased risks to our information technology systems and data, as more of our employees utilize network connections, computers, and devices outside of our premises or network, including working at home, while in transit, and in public locations. Future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities' systems and technologies. Future business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired, or integrated entities, and it may be difficult to integrate companies into our information technology environment and security program,

We rely on third-party service providers, sub-processors, and technologies to operate critical business systems to process sensitive information in a variety of contexts, including without limitation, third-party providers of cloud-based infrastructure, encryption and authentication technology, employee email, content delivery to customers, and other functions. Our ability to monitor these third parties’ information security practices is limited, and these third parties may not have adequate information security measures in place. Our ability to monitor these third parties’ information security practices is limited, and these third parties may not have 32Table of Contentsadequate information security measures in place. We may share or receive sensitive information with or from third parties. If our third-party service providers experience a security incident or other interruption, we could experience adverse consequences. While we may be entitled to damages if our third-party service providers fail to satisfy their privacy or security-related obligations to us, any award may be insufficient to cover our damages, or we may be unable to recover such award. In addition, supply chain attacks have increased in frequency and severity, and we cannot guarantee that third parties and infrastructure in our supply chain or our third-party partners' supply chains have not been compromised.

While we have implemented security measures designed to protect against security incidents, there can be no assurance that these measures will be effective. We take steps designed to detect, mitigate, and remediate vulnerabilities in our information systems (such as our hardware and/or software, including that of third parties upon which we rely). We may not, however, detect and remediate all such vulnerabilities including on a timely basis. Even if we have issued or otherwise made available patches or information to address vulnerabilities in our software applications, products, or services, our customers may be unwilling or unable to deploy such patches and use such

38

---

Table of Contents

information effectively and in a timely manner. Further, we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities, which could lead to such vulnerabilities being exploited and result in a security incident. Further, we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities.

Any of the previously identified or similar threats could cause a security incident or other interruption that could result in unauthorized, unlawful, or accidental acquisition, modification, destruction, loss, alteration, encryption, or disclosure of, or access to, our sensitive information or information technology systems, or those of the third parties upon which we rely. A security incident or other interruption could disrupt our ability (and that of third parties upon which we rely) to provide our platform.

We may expend significant resources or modify our business activities to try to protect against security incidents. Certain data privacy and security obligations may require us to implement and maintain specific security measures or industry-standard or reasonable security measures to protect our information technology systems and sensitive information. Applicable data privacy and security obligations may require us to notify relevant stakeholders, including affected individuals, customers, regulators, and investors, of security incidents. Such disclosures are costly, and the disclosures or the failure to comply with such requirements could lead to adverse consequences.

If we (or a third-party upon which we rely) experience a security incident, or are perceived to have experienced a security incident, we may experience adverse consequences, such as government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing sensitive information (including personal data); litigation (including class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; diversion of management attention; interruptions in our operations (including availability of data); financial loss; and other similar harms. For example, the investigation conducted by Romanian regulatory authorities in connection with our 2020 security incident resulted in the imposition of a 70 thousand Euro penalty in addition to various reporting and oversight obligations. Security incidents and attendant consequences may prevent customers from using or cause customers to stop using our platform and products, deter new customers from using our platform and products, and negatively impact our ability to grow and operate our business. Security incidents and attendant consequences may cause customers to stop using our platform and products, deter new customers from using our platform and products, and negatively impact our ability to grow and operate our business.

A security incident may cause us to breach customer contracts. A security breach may cause us to breach customer contracts. Our agreements with certain customers may require us to use industry-standard or reasonable measures to safeguard personal information. We also may be subject to laws that require us to use industry-standard or reasonable security measures to safeguard personal information. Our contracts may not contain limitations of liability, and even when they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our data privacy and security obligations. Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our data privacy and security obligations. A security breach could lead to claims by our customers or other relevant stakeholders that we have failed to comply with such legal or contractual obligations. A security breach could lead to 33Table of Contentsclaims by our customers or other relevant stakeholders that we have failed to comply with such legal or contractual obligations. As a result, we could be subject to legal action or our customers could end their relationships with us. There can be no assurance that the limitations of liability in our contracts would be enforceable or adequate or would otherwise protect us from liabilities or damages, and in some cases our customer agreements do not limit our remediation costs or liability with respect to data breaches.

In addition to experiencing a security incident, third parties may gather, collect, or infer sensitive information about us from public sources, data brokers, or other means that reveals competitively sensitive details about our organization and could be used to undermine our competitive advantage or market position. Further, sensitive information belonging to us or our customers could be leaked, disclosed, or revealed as a result of, or in connection with, our employees', personnel's, or vendors' use of generative AI technologies. Any sensitive information (including confidential, competitive, proprietary, or personal data) that we input into a third-party generative AI/ML model could be leaked or disclosed to others, including if sensitive information is used to train the third party's AI/ML model. Additionally, where an AI/ML model ingests personal data and makes connections using such data, those technologies may reveal other personal or sensitive information generated by the model.

Additionally, we face unique threats and vulnerabilities as a SaaS company, including, but not limited to, adverse consequences resulting from any vulnerabilities in our platform and products and customer misuse of our platform and products.ARR is based on numerous assumptions and limitations, is calculated using our internal data that have not been independently verified by third parties, and may not provide an accurate indication of our future or expected results. The reliability and continuous availability of our platform and products is critical to our success. However, software such as ours can contain errors, defects, security vulnerabilities, or software bugs that are difficult to detect and correct, particularly when such vulnerabilities are first introduced, or when new versions or enhancements of our platform or products are released. Additionally, even if we are able to develop a patch or other fix to address such vulnerabilities, such fix may be difficult to push out to our customers, or otherwise be delayed.

39

---

Table of Contents

Additionally, our business depends upon the appropriate and successful implementation of our platform and products by our customers. If our customers fail to use our platform or products according to our specifications, our customers may suffer a security incident on their own systems or other adverse consequences. Even if such an incident is unrelated to our security practices, it could result in us incurring significant economic and operational costs in investigating, remediating, and implementing additional measures to further protect our customers from their own vulnerabilities and could result in reputational harm.

Litigation resulting from security breaches may adversely affect our business. Unauthorized access to our platform, systems, networks, or physical facilities, or those of our vendors, could result in litigation with our customers or other relevant stakeholders. These proceedings could force us to spend money in defense or settlement, divert management’s time and attention, increase our costs of doing business, or adversely affect our reputation. We could be required to fundamentally change our business activities and practices or modify our products and/or platform capabilities in response to such litigation, which could have an adverse effect on our business. If a security breach were to occur and the confidentiality, integrity, or availability of personal data or sensitive information was disrupted, we could incur significant liability or our platform, systems, or networks may be perceived as less desirable, which could negatively affect our business and damage our reputation. If a security breach were to occur, and the confidentiality, integrity, or availability of personal information was disrupted, we could incur significant liability, or our platform, systems, or networks may be perceived as less desirable, which could negatively affect our business and damage our reputation.

We cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or to mitigate liabilities arising out of our privacy and security practices, that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims.

Risks Related to Regulatory Compliance and Governmental Matters

We are subject to anti-corruption, anti-bribery, anti-money laundering, and similar laws, and noncompliance with such laws can subject us to criminal or civil liability and harm our business, financial condition, and results of operations.

We are subject to the U.S. FCPA, U.S. domestic bribery laws, the U.K. Bribery Act, and other anti-corruption and anti-money laundering laws in the countries in which we conduct activities. Due to the international scope of our operations, we must comply with these laws in each jurisdiction where we operate. Additionally, many anti-bribery and anti-corruption laws, including the FCPA, have long-arm statutes that can expand the applicability of these laws to our operations worldwide. Accordingly, we must incur significant operational costs to support our ongoing compliance with anti-bribery and anti-corruption laws at all levels of our business. If we fail to comply with these laws we may be subject to significant penalties. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. As we increase our international sales and business and sales to the public sector, we may engage with business partners and third-party intermediaries to market our products and to obtain necessary permits, licenses, and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities.

While we have policies and procedures to address compliance with such laws, we cannot provide assurance that all of our employees and agents will not take actions in violation of our policies and applicable law for which we may be ultimately held responsible.While we have policies and procedures to address compliance with such laws, we cannot assure you that all of our employees and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.

Detecting, investigating, and resolving actual or alleged violations of anti-corruption laws can require a significant diversion of time, resources, and attention from senior management. In addition, noncompliance with anti-corruption, anti-bribery, or anti-money laundering laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, enforcement actions, fines, damages, other civil or criminal penalties or injunctions, suspension or debarment from contracting with certain persons, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas or investigations are launched or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, financial condition, and results of operations could be harmed. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, financial condition, and results of operations could be harmed. In addition, responding to any action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees. In addition, responding to any action will 34Table of Contentslikely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees.

40

---

Table of Contents

Sales to government entities and highly regulated organizations are subject to a number of challenges and risks.

We currently sell, and anticipate continuing to sell, to U.S. federal, state, and local, and foreign governmental agency customers, as well as to customers in highly regulated industries such as financial services and healthcare. Sales to such customers are subject to a number of challenges and risks. Selling to such customers can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. These current and prospective customers may also be required to comply with stringent regulations in connection with purchasing and implementing our platform and products, or particular regulations regarding third-party vendors that may be interpreted differently by different customers. In addition, regulatory agencies may impose requirements on third-party vendors generally, or our company in particular, that we may not be able to or may not choose to meet. In addition, government customers and customers in these highly regulated industries often have a right to conduct audits of our systems, products, and practices. In the event that one or more customers determine that some aspect of our business does not meet regulatory requirements, we may be limited in our ability to continue or expand our business. In addition, if our platform and products do not meet the standards of new or existing regulations, we may be in breach of our contracts with these customers, allowing them to terminate their agreements.

Government contracting requirements may also change and in doing so restrict our ability to sell into the government sector until we have attained the requisite approvals. Government demand and payment for our products are affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products.

These customers may also be subject to a rapidly evolving regulatory framework that may impact their ability to use our platform and products. Moreover, changes in the underlying statutory and regulatory conditions that affect these types of customers could harm our ability to efficiently provide them access to our platform and to grow or maintain our customer base. If we are unable to enhance our platform and products to keep pace with evolving requirements, or if new technologies emerge that are able to deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our platform, our business, financial condition, and results of operations could be adversely affected. If we are unable to enhance our platform and products to keep pace with evolving customer requirements, or if new technologies emerge that are able to deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our platform, our business, financial condition, and results of operations could be adversely affected.

Further, governmental and highly regulated entities may demand contract terms that differ from our standard arrangements and are less favorable than terms agreed with private sector customers, including preferential pricing or “most favored nation” terms and conditions or contract provisions that are otherwise time-consuming and expensive to satisfy. In the U.S., applicable federal contracting regulations change frequently, and the President may issue executive orders requiring federal contractors to adhere to new compliance requirements after a contract is signed. If we undertake to meet special standards or requirements and do not meet them, we could be subject to significant liability from our customers or regulators. Even if we do meet these special standards or requirements, the additional costs associated with providing our platform to government and highly regulated customers could harm our results of operations. In addition, engaging in sales activities to foreign governments introduces additional compliance risks specific to the FCPA, the U. In addition, engaging in sales activities to foreign governments introduces additional compliance risks specific to the FCPA, the United Kingdom Bribery Act, and other similar statutory requirements prohibiting bribery and corruption in the jurisdictions in which we operate. K. Bribery Act, and other similar statutory requirements prohibiting bribery and corruption in the jurisdictions in which we operate.

Such entities may have statutory, contractual, or other legal rights to terminate contracts with us or our partners for convenience or for other reasons. Any such termination may adversely affect our ability to contract with other government customers as well as our reputation, business, financial condition, and results of operations.

We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate the controls.

Our business activities are subject to Trade Controls which may prohibit or restrict the sale or supply of certain products, including encryption items and other technology, and services to certain governments, persons, entities, countries, and territories, including those that are the target of comprehensive sanctions.

While we have implemented controls designed to promote and achieve compliance with applicable Trade Controls, our platform and products may have been provided in the past and could in the future be provided in violation of such laws, despite the precautions we take.35Table of ContentsWhile we have implemented controls designed to promote and achieve compliance with applicable Trade Controls, our platform and products may have been provided in the past, and could in the future be provided in violation of, such laws, despite the precautions we take. Any failure to comply with applicable Trade Controls may materially affect us through reputational harm, as well as other negative consequences, including government investigations and penalties. Accordingly, we must incur significant operational costs to support our ongoing compliance with Trade Controls at all levels of our business.

41

---

Table of Contents

Also, various countries in addition to the U.S. have enacted Trade Controls that could limit our ability to distribute our platform and products, or could limit our customers’ ability to implement our platform and products in those countries. Changes in our platform or products or future changes in Trade Controls may create delays in the introduction of our platform and products in international markets or, in some cases, prevent the export or import of our platform and products to certain countries, governments, or persons altogether. Any change in Trade Controls could result in decreased use of our platform and products by, or decrease in our ability to export or sell our platform and products to, existing or potential customers. Any decreased use of our platform or products or limitation on our ability to export or sell our platform and products would adversely affect our business, financial condition, results of operations, and growth prospects.

For example, over time, the U.S. has imposed Trade Controls that restrict the export of U.S.-regulated products and technology in response to geopolitical actions. Specifically, in 2022, the U.S. significantly increased U.S. export controls on AI and advanced computing products. In 2023, the U.S. added to the restrictions in those areas. During this time, the U.S. has increasingly added Chinese companies to the prohibited lists. These and potential future restrictions could adversely affect our financial performance and result in reputational harm to us. The Russian military operation in Ukraine, initiated in 2022, resulted in the imposition of financial and other sanctions and Trade Controls against Russia and Belarus. (We had no exports to Russia and Belarus in fiscal year 2024). Such Trade Controls and any further restrictions that may be promulgated by relevant governmental authorities could adversely affect our business.

Risks Related to Our Intellectual Property

Any failure to obtain, maintain, protect, or enforce our intellectual property and proprietary rights could impair our ability to protect our proprietary technology and our brand.

Our success depends to a significant degree on our ability to obtain, maintain, protect, and enforce our intellectual property rights, including our proprietary technology, know-how, and our brand. We rely on a combination of trademarks, trade secret laws, patents, copyrights, service marks, contractual restrictions, and other intellectual property laws and confidentiality procedures to establish and protect our proprietary rights. However, the steps we take to obtain, maintain, protect, and enforce our intellectual property rights may be inadequate. We may not be able to protect our intellectual property rights if, for example, we are unable to enforce our rights against infringement or misappropriation, or if we do not detect unauthorized use of our intellectual property rights. If we fail to protect our intellectual property rights adequately, our competitors may gain access to our proprietary technology and develop and commercialize substantially identical products, services, or technologies, and our business, financial condition, results of operations, or growth prospects may be harmed.

In addition, defending our intellectual property rights may entail significant expense. Any patent, trademark, or other intellectual property rights that we have or may obtain may be challenged or circumvented by others or invalidated or held unenforceable through administrative processes, including re-examination, inter partes review, interference, and derivation proceedings and equivalent proceedings in foreign jurisdictions (e.g., opposition, invalidation, and cancellation proceedings), or litigation. Moreover, there can be no assurance that our pending patent applications will result in issued patents. Even if we continue to seek patent protection in the future, we may be unable to obtain or maintain patent protection for our technology. In addition, any patents issued from pending or future patent applications or licensed to us in the future may not be sufficiently broad to protect our proprietary technologies, may not provide us with competitive advantages, or may be successfully challenged by third parties. The U.S. Patent and Trademark Office and various foreign governmental patent and trademark agencies also require compliance with a number of procedural, documentary, fee payment, and other similar provisions during the patent and trademark application process and after a patent or trademark registration has issued. There are situations in which noncompliance can result in abandonment or lapse of the patent, patent application, or trademark filing, resulting in partial or complete loss of patent or trademark rights in the relevant jurisdiction. If this occurs, our competitors might be able to enter the market.

Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our precautions, it may be possible for unauthorized third parties to copy our brands, products, and platform capabilities, and use information that we regard as proprietary to create brands and products that compete with ours. Despite our precautions, it may be possible for unauthorized third parties to copy our 36Table of Contentsbrands, products and platform capabilities, and use information that we regard as proprietary to create brands and products that compete with ours. Effective patent, trademark, copyright, and trade secret protection may not be available to us or commercially feasible in every country in which our products are available. Further, intellectual property law, including statutory and case law, particularly in the U.S., is constantly developing, and any changes in the law could make it harder for us to enforce our rights. The value of our intellectual property could diminish if

42

---

Table of Contents

others assert rights in or ownership of our trademarks, patents, and other intellectual property rights, or adopt trademarks that are similar to our trademarks. We may be unable to successfully resolve these types of conflicts to our satisfaction. In some cases, as noted below, litigation or other actions may be necessary to protect or enforce our trademarks, patents, and other intellectual property rights against infringement or misappropriation. As we expand our international activities, our exposure to unauthorized copying and use of our products and platform capabilities and proprietary information will likely increase. Moreover, policing unauthorized use of our technologies, trade secrets, and intellectual property may be difficult, expensive, and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the U.S. and where mechanisms for enforcement of intellectual property rights may be weak or inadequate. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon, misappropriating, or otherwise violating our intellectual property rights. Any of the foregoing could adversely impact our business, financial condition, and results of operations.

We may become subject to intellectual property disputes, which are costly and may subject us to significant liability and increased costs of doing business.

We are from time to time subject to intellectual property disputes.We are from time-to-time subject to intellectual property disputes. Our success depends, in part, on our ability to develop and commercialize our products and services without infringing, misappropriating, or otherwise violating the intellectual property rights of third parties. However, we may not be aware that our products or services are infringing, misappropriating, or otherwise violating third-party intellectual property rights, and such third parties may bring claims alleging such infringement, misappropriation, or violation. As one example, there may be issued patents of which we are not aware, held by third parties that, if found to be valid and enforceable, could be alleged to be infringed by our current or future technologies or products. There also may be pending patent applications of which we are not aware that may result in issued patents, which could be alleged to be infringed by our current or future technologies or products. Because patent applications can take years to issue and are often afforded confidentiality for some period of time, there may currently be pending applications, unknown to us, that later result in issued patents that could cover our current or future technologies or products.

Lawsuits can be time-consuming and expensive to resolve and can divert management’s time and attention. The software industry in which we operate is characterized by the existence of a large number of patents, copyrights, trademarks, trade secrets, and other intellectual and proprietary rights. Companies in the software industry are often required to defend against litigation claims based on allegations of infringement, misappropriation, or other violations of intellectual property rights. Our technologies may not be able to withstand any third-party claims against their use. In addition, many companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and to defend claims that may be brought against them than we can. In a patent infringement claim against us, we may assert as a defense that we do not infringe the relevant patent claims, that the patent is invalid, or both. In a patent infringement claim against us, we may assert, as a defense, that we do not infringe the relevant patent claims, that the patent is invalid, or both. The strength of our defenses may depend on the patents asserted, the interpretation of these patents, or our ability to invalidate the asserted patents. However, we could be unsuccessful in advancing non-infringement and/or invalidity arguments in our defense. In the U.S., issued patents enjoy a presumption of validity, and the party challenging the validity of a patent claim must present clear and convincing evidence of invalidity, which is a high burden of proof. Conversely, the patent owner need only prove infringement by a preponderance of the evidence, which is a lower burden of proof. Competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have, which could prevent us from deterring patent infringement claims through our own patent portfolio,. Any litigation may also involve patent holding companies or other adverse patent owners that have no relevant product revenue, and therefore, our patents may provide little or no deterrence as we would not be able to assert them against such entities or individuals.

An adverse result in any infringement or misappropriation proceeding could subject us to significant damages, injunctions, and reputational harm. If a third party is able to obtain an injunction preventing us from accessing such third-party intellectual property rights, or if we cannot license or develop alternative technology for any infringing aspect of our business, we may be forced to limit or stop sales of our relevant products and platform capabilities or cease business activities related to such intellectual property. Although we carry general liability and intellectual property insurance, our insurance may not cover potential claims of this type or may not be adequate to indemnify us for all liability that may be imposed. We cannot predict the outcome of lawsuits and cannot ensure that the results of any such actions will not have an adverse effect on our business, financial condition, or results of

43

---

Table of Contents

operations. Any intellectual property litigation to which we might become a party, or for which we are required to provide indemnification, may require us to do one or more of the following:

•cease selling or using products or services that incorporate the intellectual property rights that we allegedly infringe, misappropriate, or violate;

•make substantial payments for legal fees, settlement payments, or other costs or damages;

•obtain a license, which may not be available on reasonable terms or at all, to sell or use the relevant technology;

•redesign the allegedly infringing products to avoid infringement, misappropriation, or violation, which could be costly, time-consuming, or impossible;

•rebrand our products and services and/or be prevented from selling some of our products or services if third parties successfully oppose or challenge our trademarks or successfully claim that we infringe, misappropriate, or otherwise violate their trademarks or other intellectual property rights; and

•limit the manner in which we use our brands, or prevent us from using our brands in particular jurisdictions.

Even if the claims do not result in litigation or are resolved in our favor, these claims and the time and resources necessary to resolve them could divert the resources of our management and harm our business, financial condition, and results of operations.Even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and harm our business and operating results. Moreover, there could be public announcements of the results of hearings, motions, or other interim proceedings or developments, and if securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our Class A common stock. The occurrence of infringement and misappropriation claims may grow as the market for our platform and products grows. Accordingly, our exposure to damages resulting from infringement claims could increase and this could further exhaust our financial and management resources. Any of the foregoing could adversely impact our business, financial condition, and results of operations.

We may become involved in lawsuits to protect or enforce our intellectual property, which could be expensive, time consuming, and unsuccessful.

Third parties, including our competitors, could be infringing, misappropriating, or otherwise violating our intellectual property rights, and we may be required to spend significant resources to monitor and protect those rights.Third parties, including our competitors, could be infringing, misappropriating, or otherwise violating our intellectual property rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management, and could result in the impairment or loss of portions of our intellectual property.

Further, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights, and if such defenses, counterclaims, or countersuits were successful, we could lose valuable intellectual property rights. An adverse determination of any litigation proceedings could put our intellectual property at risk of being invalidated or interpreted narrowly and could put our related patents, patent applications, and trademark filings at risk of being invalidated, not issued, or cancelled. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential or sensitive information could be compromised by disclosure in the event of litigation. In addition, during the course of litigation there could be public announcements of the results of hearings, motions, or other interim proceedings or developments. If securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our Class A common stock. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our products and platform capabilities, impair the functionality of our products and platform capabilities, delay introductions of new functionality, result in our substituting inferior or more costly technologies into our products, or injure our reputation. Any of the foregoing could adversely impact our business, financial condition, and results of operations.

If we are unable to protect the confidentiality of our trade secrets, our business and competitive position would be harmed.38Table of ContentsIf we are unable to protect the confidentiality of our trade secrets, our business and competitive position would be harmed.

We rely heavily on trade secrets and confidentiality agreements to protect our unpatented know-how, technology, and other proprietary information and to maintain our competitive position. However, trade secrets

44

---

Table of Contents

and know-how can be difficult to protect. We seek to protect these trade secrets and other proprietary technology, in part, by entering into non-disclosure and confidentiality agreements with parties who have access to them, such as our employees, consultants, and other third parties, including suppliers and other partners. However, we cannot guarantee that we have entered into such agreements with each party that has or may have had access to our proprietary information, know-how, and trade secrets. Moreover, no assurance can be given that these agreements will be effective in controlling access to, or distribution, use, misuse, misappropriation, reverse engineering, or disclosure of our proprietary information, know-how, and trade secrets. Moreover, no assurance can be given that these agreements will be effective in controlling access to, distribution, use, misuse, misappropriation, reverse engineering, or disclosure of our proprietary information, know-how, and trade secrets. Further, these agreements may not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products and platform capabilities. These agreements may be breached, and we may not have adequate remedies for any such breach. For example, past employees have sought to misappropriate source code relevant to certain of our products. While we have taken steps to enjoin misappropriation that we are aware of, such steps may not ultimately be successful and we may not be aware of all such misappropriation. Any of the foregoing could adversely impact our business, financial condition, and results of operations.

We may be subject to claims that our employees, consultants, or advisors have wrongfully used or disclosed alleged trade secrets of their current or former employers or claims asserting ownership of what we regard as our own intellectual property.

Many of our employees and consultants are currently or were previously employed at other companies in our field, including our competitors or potential competitors. Although we try to ensure that our employees and consultants do not use the proprietary information or know-how of others in their work for us, we may be subject to claims that we or these individuals have used or disclosed intellectual property, including trade secrets or other proprietary information, of any such individual’s current or former employer. Litigation may be necessary to defend against these claims. If we fail in defending any such claims, in addition to paying monetary damages, we may lose valuable intellectual property rights or personnel. Even if we are successful in defending against such claims, litigation could result in substantial costs and be a distraction to management.

In addition, while it is our policy to require our employees and contractors who may be involved in the conception or development of intellectual property to execute agreements assigning such intellectual property to us, we may be unsuccessful in executing such an agreement with each party who, in fact, conceives or develops intellectual property that we regard as our own. The assignment of intellectual property rights may not be self-executing, or the assignment agreements may be breached, and we may be forced to bring claims against third parties, or defend claims that they may bring against us, to determine the ownership of what we regard as our intellectual property. Any of the foregoing could adversely impact our business, financial condition, and results of operations.

We use open source software in our products, which could negatively affect our ability to sell our platform and products or subject us to litigation or other actions.We use open source software in our products, which could negatively affect our ability to sell our services or subject us to litigation or other actions.

We use open source software in our products and we expect to continue to incorporate open source software into our products in the future. Few of the licenses applicable to open source software have been interpreted by courts, and there is a risk that these licenses could be construed in a manner that could impose unanticipated conditions or restrictions on our ability to commercialize our products. Moreover, we cannot ensure that we have not incorporated additional open source software in our products in a manner that is inconsistent with the terms of the applicable licenses or our current policies and procedures. If we fail to comply with these licenses, we may be subject to certain requirements, including requirements that we offer our products that incorporate the open source software for no cost, that we make available source code for modifications or derivative works we create based upon, incorporating, or using the open source software, and that we license such modifications or derivative works under the terms of applicable open source licenses. In addition, although we employ open source software license screening measures, if we were to combine our proprietary software products with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software products. If an author or other third party that distributes such open source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the sale of our products that contained the open source software, and required to comply with onerous conditions or restrictions on these products, which could disrupt the distribution and sale of these products. If an author or other third party that distributes such open source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the sale of 39Table of Contentsour products that contained the open source software and required to comply with onerous conditions or restrictions on these products, which could disrupt the distribution and sale of these products.

From time to time, there have been claims challenging the ownership rights in open source software against companies that incorporate it into their products and the licensors of such open source software provide no

45

---

Table of Contents

warranties or indemnities with respect to such claims. As a result, we and our customers could be subject to lawsuits by parties claiming ownership of what we believe to be open source software. Litigation could be costly for us to defend, have a negative effect on our business, financial condition, and results of operations, or require us to devote additional research and development resources to change our products. Some open source projects have known vulnerabilities and architectural instabilities and are provided on an “as-is” basis, which, if not properly addressed, could negatively affect the performance of our product. If we inappropriately use or incorporate open source software subject to certain types of open source licenses that challenge the proprietary nature of our products, we may be required to re-engineer such products, discontinue the sale of such products, or take other remedial actions, any of which could adversely impact our business, financial condition, and results of operations.

If we cannot license rights to use technologies on reasonable terms, we may be unable to license rights that are critical to our business.

In the future we may identify additional third-party intellectual property that we may need to license in order to engage in our business, including to develop or commercialize new products or services. However, such licenses may not be available on acceptable terms or at all. The licensing or acquisition of third-party intellectual property rights is a competitive area, and more established companies may pursue strategies to license or acquire third-party intellectual property rights that we may consider attractive or necessary. The licensing or acquisition of third-party intellectual property rights is a competitive area, and several more established companies may pursue strategies to license or acquire third-party intellectual property rights that we may consider attractive or necessary. These more established companies may have a competitive advantage over us due to their size, capital resources, and greater development or commercialization capabilities. These established companies may have a competitive advantage over us due to their size, capital resources, and greater development or commercialization capabilities. In addition, companies that perceive us to be a competitor may be unwilling to assign or license rights to us. Even if such licenses were available, we might be required to pay the licensor substantial royalties based on sales of our products and services. Even if such licenses are available, we may be required to pay the licensor substantial royalties based on sales of our products and services. Such royalties are a component of the cost of our products or services and may affect the margins on our products and services. If we are unable to enter into the necessary licenses on acceptable terms or at all, it could adversely impact our business, financial condition, and results of operations.

Risks Related to Our International Operations

Our current operations are international in scope, and we may pursue further geographic expansion, creating a variety of operational challenges.

We currently operate internationally, and a component of our growth strategy involves the further expansion of our operations and customer base internationally. Customers outside the U.S. generated 57% and 54% of our revenue for fiscal years 2024 and 2023, respectively. Beyond the U.S., we have operational presence internationally, including in Romania, the U.K., and a number of other countries in Europe, Australia, Brazil, Canada, China, India, Israel, Japan, Mexico, Singapore, South Korea, Turkey, and the United Arab Emirates, among others. We are continuing to adapt to and develop strategies to further address international markets, but there is no guarantee that such efforts will have the desired effect. For example, we anticipate that we will need to establish relationships with new partners in order to expand into certain countries, and if we fail to identify, establish, and maintain such relationships, we may be unable to execute on our expansion plans. As of January 31, 2024, the majority of our full-time employees were located outside of the U.S. We expect that our international activities will continue to grow for the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant dedication of management attention and financial resources.

Our current and future international business and operations involve a variety of risks, including:

•slower than anticipated availability to and adoption of our platform and products by international businesses;

•changes in a specific country’s or region’s political, regulatory, or economic conditions;

•the need to adapt and localize our products for specific countries;

•greater difficulty collecting accounts receivable and longer payment cycles;

•potential changes in trade relations, regulations, or laws;

•unexpected changes in laws or regulatory requirements, including tax laws and regulations;

•more stringent regulations relating to privacy and data security and the unauthorized use of or access to commercial and personal data, particularly in the EU;

46

---

Table of Contents

•differing and potentially more onerous labor regulations, especially in Europe, where labor laws are generally more advantageous to employees as compared to the U.S., including deemed hourly wage and overtime regulations in these locations;

•challenges inherent in efficiently managing, and the increased costs associated with, an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs that are specific to each jurisdiction;

•difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems;

•increased travel, real estate, infrastructure, and legal compliance costs associated with international operations;

•currency exchange rate fluctuations and the resulting effect on our revenue and expenses, and the cost and risk of entering into hedging transactions if we chose to do so in the future;

•limitations on our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries;

•laws and business practices favoring local competitors or general market preferences for local vendors;

•limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting, or enforcing our intellectual property rights, including our trademarks and patents;

•the impacts of political instability, military conflicts, or terrorist activities on our employees, our business, and the global economic environment;

•an outbreak of a contagious disease, which may cause us or our third-party providers and/or customers to temporarily suspend our or their respective operations in the affected city or country;

•exposure to liabilities under anti-corruption and anti-money laundering laws, including the FCPA, U.S. bribery laws, the U.K. Bribery Act, and similar laws and regulations in other jurisdictions;

•exposure to anti-competition laws in foreign jurisdictions that may conflict with or be more restrictive than similar U.S. anti-competition laws; and

•adverse changes to domestic and foreign tax laws and regulations, and the requirements of foreign exchange controls, which could make it difficult to repatriate earnings and cash.

Although we have taken steps designed to ensure that we comply with applicable regulations including evolving U.S. and international sanctions, these steps involve additional compliance costs and operational costs. Any of these risks could adversely impact our business, financial condition, and results of operations. Any of the foregoing could adversely impact our business, financial condition, and results of operations. Failure to comply with these international regulations as they evolve could harm our business. If we invest substantial time and resources to further expand our international operations and are unable to do so successfully and in a timely manner, our business and results of operations will suffer.

Risks Related to Tax and Accounting Matters

If we fail to maintain effective internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable laws and regulations could be impaired.

We are subject to the reporting requirements of the Exchange Act, SOX, the rules and regulations of the New York Stock Exchange, and other securities rules and regulations that impose various requirements on public companies. Our management and other personnel devote substantial time and resources to comply with these rules and regulations. Our management and other personnel devote a substantial amount of time to compliance with these requirements. Such compliance has increased and will continue to increase our legal, accounting, and financial compliance costs and make some activities more difficult and time-consuming. SOX requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to refine our disclosure controls and procedures, internal control over financial reporting, and other procedures that are designed to ensure that information required to be disclosed by us in our financial statements and in the reports that we file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms, and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers.

47

---

Table of Contents

Our current controls and any new controls we develop may become inadequate because of changes in conditions in our business. Additionally, to the extent that we acquire other businesses, the acquired company may not have a sufficiently robust system of internal controls and we may uncover new deficiencies. Weaknesses in our internal controls may be discovered in the future. Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our results of operations, may result in a restatement of our financial statements for prior periods, may cause us to fail to meet our reporting obligations, could result in an adverse opinion regarding our internal control over financial reporting from our independent registered public accounting firm, and could lead to investigations or sanctions by regulatory authorities.Our agreements with our customers and other third parties may include indemnification provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of infringement, misappropriation, or other violation of intellectual property rights, data protection, damages caused by us to property or persons, or other liabilities relating to or arising from our software, services, or platform, our acts or omissions under such agreements, or other contractual obligations.

Section 404 of SOX requires our management to certify financial and other information in our quarterly and annual reports and provide an annual management report on the effectiveness of our internal control over financial reporting. We are also required to have our independent registered public accounting firm attest to, and issue an opinion on, the effectiveness of our internal control over financial reporting. If we are unable to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion on the effectiveness of our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, which could cause the price of our Class A common stock to decline.

Any failure to maintain effective disclosure controls and procedures and internal control over financial reporting could have a material and adverse effect on our business, financial condition, and results of operations.

We are exposed to fluctuations in currency exchange rates, which affect our results of operations.We are exposed to fluctuations in currency exchange rates, which could negatively affect our results of operations.

While our sales contracts are denominated predominantly in U.S. dollars, we also have sales contracts representing a large portion of our revenue denominated in foreign currencies. Therefore, a significant portion of our revenue has been and continues to be subject to fluctuations due to changes in foreign currency exchange rates. Additionally, for our foreign sales contracts denominated in U.S. dollars, a strengthening of the U.S. dollar has increased and could continue to increase the real cost of our products and platform capabilities to these customers outside of the U.S., which could adversely affect our results of operations.

Further, an increasing portion of our operating expenses are incurred outside the U.S. We conduct our business and incur costs in the local currency of most countries in which we operate. We incur currency transaction risk whenever one of our operating subsidiaries enters into either a purchase or a sales transaction using a different currency from the currency in which it operates, or holds assets or liabilities in a currency different from its functional currency. We incur currency transaction risk whenever one of our operating subsidiaries enters into either a purchase or a sales transaction 42Table of Contentsusing a different currency from the currency in which it operates, or holds assets or liabilities in a currency different from its functional currency. Changes in exchange rates can also affect our results of operations when the value of sales and expenses of foreign subsidiaries are translated to U.S. dollars. We cannot accurately predict the impact of future exchange rate fluctuations on our results of operations. Given the volatility of exchange rates, we may not be able to effectively manage our currency risks, and any volatility in currency exchange rates may have an adverse effect on our financial condition, cash flows, and profitability.

Our corporate structure and intercompany arrangements cause us to be subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which could materially adversely affect our business, financial condition, results of operations, and growth prospects.

Our international operations and personnel have rapidly expanded to support our business in numerous international markets.We have been rapidly expanding our international operations and personnel to support our business in numerous international markets. We generally conduct our international operations through directly or indirectly wholly-owned subsidiaries, and we are or may be required to report our taxable income in various jurisdictions worldwide with increasingly complex tax laws based upon our business operations in those jurisdictions. Our intercompany relationships and agreements are subject to complex transfer pricing regulations administered by tax authorities in various jurisdictions with potentially divergent tax laws. Tax authorities may disagree with tax positions that we have taken. For example, the IRS or another tax authority could challenge our allocation of income by tax jurisdiction and the amounts paid between our affiliated companies pursuant to our intercompany arrangements and transfer pricing policies, including amounts paid with respect to our intellectual property in connection with our intercompany research and development cost sharing arrangement and legal structure. We are currently under audit in certain jurisdictions, and topics as described above have been raised in the tax audits in Romania and India. We believe our position is reasonable, however, the administrative procedures in finalizing the tax audits are in process and potential disputes and/or litigation may follow.

The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the U.S., to our international business activities, changes in tax rates, new or revised

48

---

Table of Contents

tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The authorities in these jurisdictions could audit our tax returns or require us to file tax returns in jurisdictions in which we are not currently filing and could impose additional tax, interest, and penalties. In addition, the authorities could claim that various withholding requirements apply to us or our subsidiaries, assert that benefits of tax treaties are not available to us or our subsidiaries, or challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows, and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such contingencies. Furthermore, we are subject to periodic audits in the various jurisdictions in which we operate. Furthermore, we are subject to periodic audits in the various jurisdictions in which we operate, which if determined aversely could have an adverse impact on our financial conditions. We regularly assess the likelihood of an adverse outcome resulting from these audits to determine the adequacy of our accruals for taxes. Although we believe our estimates are reasonable, the final outcome of audits could materially differ from our expectations.

Changes in tax laws or tax rulings could materially affect our financial condition, results of operations, and cash flows.Changes in tax laws or tax rulings could materially affect our financial position, results of operations, and cash flows.

The tax regimes that we are subject to or operate under, including income and non-income taxes, may be subject to significant change.The tax regimes we are subject to or operate under, including income and non-income taxes, may be subject to significant change. Changes in tax laws, regulations, or rulings, or changes in interpretations of existing laws and regulations, could materially affect our financial condition and results of operations and we must monitor such changes closely. For example, the TCJA, the Coronavirus Aid, Relief, and Economic Security Act enacted in 2020, and the Inflation Reduction Act enacted in 2022, made many significant changes to the U.S. tax laws, especially with regard to international aspects of taxation. Further, effective January 1, 2022, the TCJA eliminated the option to deduct research and development expenses for tax purposes in the year incurred, and instead requires taxpayers to capitalize and subsequently amortize such expenses over five years for research activities conducted in the U.S. and over 15 years for research activities conducted outside the U.S. Although there has been legislative adoption in the U.S. House of Representatives to amend the capitalization requirement, there can be no assurance that the provision will be further adopted by the U.S. Senate or otherwise modified. Similarly, as our operations are material in Romania, legislative changes have been introduced to enact for fiscal years starting after January 1, 2024 an Alternative Minimum Corporate Tax and we will be subject to this legislation in the future. Future guidance from the IRS and other tax authorities with respect to any existing or new laws may affect us, and certain aspects of such laws could be repealed or modified in future legislation.

In addition, the OECD has been working on a BEPS Project and issued a report in 2015, an interim report in 2018, and has issued additional guidelines, model rules, and final proposals that may change various aspects of the existing framework under which our tax obligations are determined in many of the countries in which we do business. In particular, the OECD is coordinating the implementation of rules to be adopted from 2023 for taxing the digital economy, specifically with respect to nexus and profit allocation (Pillar One), and for a global minimum tax (Pillar Two). As these and other BEPS initiatives are subject to further final negotiation and implementation by each member country, we cannot predict the timing and ultimate outcome or the potential impact it may have on our tax obligations, operations, or our financial statements.

Additionally, the European Commission and several countries have issued (and continue to issue) legislation and proposals that could change various aspects of the current tax framework under which we are taxed.Additionally, the European Commission and several countries have issued (and continue to issue) proposals that could change various aspects of the current tax framework under which we are taxed. These proposals include changes to the existing framework to calculate income tax, as well as proposals to change or impose new types of non-income taxes, including taxes based on a percentage of revenue or online sales (e.g. Romanian Alternative Minimum Corporate Tax). For example, several countries have proposed or enacted taxes applicable to digital services which could apply to our business (subject to any scaling back or withdrawal of such proposals or enactments following the implementation of Pillar One and Pillar Two and/or the introduction of mechanisms to avoid double taxation currently being assessed).

Due to the large and expanding scale of our international business activities, these types of changes to the taxation of our activities could increase our worldwide effective tax rate, increase the amount of taxes imposed on our business, and harm our financial position. Such changes may also apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our financial statements.

49

---

Table of Contents

We could be required to collect additional sales, use, transfer, or other indirect taxes or be subject to other tax liabilities that may increase the costs our customers would have to pay for our products and adversely affect our results of operations.

We currently collect and remit applicable sales, use, transfer, or other indirect taxes in jurisdictions where we, through our employees or economic activity, have a presence and where we have determined, based on applicable legal precedents, that sales or licensing of our products are classified as taxable. We do not currently collect and remit state and local excise, utility user or ad valorem taxes, fees, or surcharges in jurisdictions where we believe we do not have sufficient nexus. There is uncertainty as to what constitutes sufficient nexus for a state or local jurisdiction to levy taxes, fees, and surcharges for sales made over the internet, and there is also uncertainty as to whether our characterization of our products as not taxable in certain jurisdictions will be accepted by state and local tax authorities.

An increasing number of states have considered or adopted laws that attempt to impose tax collection obligations on out-of-state companies. Additionally, the Supreme Court of the U.S. ruled in South Dakota v. Wayfair, Inc. et al that online sellers can be required to collect sales and use tax despite not having a physical presence in the buyer’s state. In response to this ruling, or otherwise, states or local governments may adopt, or begin to enforce, laws requiring us to calculate, collect, and remit taxes on sales in their jurisdictions. In response to Wayfair, or otherwise, states or local governments may adopt, or begin to enforce, laws requiring us to calculate, collect, and remit taxes on sales in their jurisdictions. A successful assertion by one or more states requiring us to collect taxes where we presently do not do so, or to collect more taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest. A 44Table of Contentssuccessful assertion by one or more states requiring us to collect taxes where we presently do not do so, or to collect more taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest. The imposition by state governments or local governments of sales tax collection obligations on out-of-state sellers could also create additional administrative burdens for us and put us at a competitive disadvantage if they do not impose similar obligations on our competitors. The imposition by state governments or local governments of sales tax collection obligations on out-of-state sellers could also create additional administrative burdens for us, put us at a competitive disadvantage if they do not impose similar obligations on our competitors, and decrease our future sales, which could have a material adverse effect on our business and results of operations.

Our ability to use our NOLs to offset future taxable income may be subject to certain limitations.

Certain of our NOLs could expire unused and be unavailable to offset future income tax liabilities because of their limited duration or because of restrictions under U.S. or foreign tax law. NOLs generated in taxable years beginning before January 1, 2018 are permitted to be carried forward for only 20 taxable years under applicable U.S. federal income tax law. Under current law, NOLs arising in taxable years beginning after December 31, 2020 may not be carried back. Moreover, under current law, NOLs generated in taxable years beginning after December 31, 2017 may be carried forward indefinitely, but the deductibility of such NOLs generally will be limited to 80% of current year taxable income. Moreover, under current law, NOLs generated in taxable years beginning after December 31, 2017 may be carried forward indefinitely, but the deductibility of such NOLs generally will be limited in taxable years beginning after December 31, 2020 to 80% of current year taxable income. NOLs generated in taxable years beginning before January 1, 2024 are permitted to be carried forward for 7 taxable years under the Romania income tax law. NOLs generated in taxable years beginning before January 1, 2018 are permitted to be carried forward for only 20 taxable years under applicable US federal income tax law. In 2023, the Romanian government approved Emergency Ordinance No. 115/2023. Under the Ordinance, NOLs generated in taxable years beginning after January 1, 2024 can be carried forward for 5 years, and the utilization of the NOLs is limited to 70% of current year taxable income.

In general, under Section 382 of the IRC, a corporation that undergoes an “ownership change” (as defined under Section 382 of the IRC and applicable Treasury Regulations) is subject to limitations on its ability to utilize its pre-change NOLs to offset future taxable income. We have identified Section 382 ownership changes in April 2017 and July 2020 and, accordingly, our NOLs are subject to limitation. We did not experience a subsequent ownership change in connection with the Series F Financing and our IPO. We do not believe that any Section 382 limitations will prevent us from fully utilizing our NOLs. It is possible that we have in the past undergone and may in the future undergo additional ownership changes that we have not identified and that could result in additional limitations on our NOLs. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to reduce future income tax liabilities, including for state tax purposes. For these reasons, we may not be able to utilize a material portion of our NOLs, even if we achieve or sustain profitability, which could potentially result in increased future tax liability to us and could adversely affect our results of operations and financial condition. For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheets, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our operating results and financial condition.

50

---

Table of Contents

Risks Related to Ownership of Our Class A Common Stock

The dual class structure of our common stock has the effect of concentrating voting control with Daniel Dines, our Chief Innovation Officer, co-founder, and Chairman, which will limit stockholders' ability to influence the outcome of important decisions.

Our Class B common stock has 35 votes per share and our Class A common stock has one vote per share. Our Chief Innovation Officer, co-founder, and Chairman, Daniel Dines, collectively with his controlled entities, holds all our outstanding shares of Class B common stock, and beneficially owned shares representing approximately 86% voting power of our outstanding capital stock as of January 31, 2024. As a result, Mr. Our Chief Executive Officer, Co-Founder, and Chairman, Daniel Dines, who, collectively with his controlled entities, holds all our outstanding shares of Class B common stock, and beneficially owned shares representing approximately 87% voting power of our outstanding capital stock as of January 31, 2022. As a result, Mr. Dines has the ability to control the outcome of matters requiring stockholder approval, including the election of directors and approval of significant corporate transactions, such as a merger or other sale of our company or our assets, even if his stock ownership represents less than 50% of the outstanding aggregate number of shares of our capital stock. This concentration of ownership will limit the ability of other stockholders to influence corporate matters and may cause us to make strategic decisions that could involve risks to other stockholders or that may not be aligned with other stockholders' interests. This concentration of ownership will limit the ability of other stockholders to influence corporate matters and may cause us to make strategic decisions that could involve risks to you or that may not be aligned with your interests. As a board member, Mr. Dines owes a fiduciary duty to our stockholders and is legally obligated to act in good faith and in a manner he reasonably believes to be in the best interests of our stockholders. As a stockholder, Mr. Dines is entitled to vote his shares in his own interests, which may not always be in the interests of our stockholders generally. Mr. Dines’ control may adversely affect the market price of our Class A common stock.

Further, future transfers by holders of our Class B common stock will generally result in those shares converting into shares of our Class A common stock, subject to limited exceptions, such as certain transfers effected for tax or estate planning purposes.

We have not elected to take advantage of the “controlled company” exemption to the corporate governance rules for publicly-listed companies but may do so in the future.

Because our Chief Innovation Officer, co-founder, and Chairman, Daniel Dines, who, collectively with his controlled entities, holds all our outstanding shares of Class B common stock, and beneficially owns shares representing in excess of 50% of the voting power of our outstanding capital stock, we are eligible to elect the “controlled company” exemption to the corporate governance rules for publicly-listed companies.Because our Chief Executive Officer, Co-Founder, and Chairman, Daniel Dines, who, collectively with his controlled entities, holds all our outstanding shares of Class B common stock, and beneficially owns shares representing in excess of 50% of the voting power of our outstanding capital stock, we are eligible to elect the “controlled company” exemption to the corporate governance rules for publicly-listed companies. We have not elected to do so. If we decide to rely on the “controlled company” exemption, then under the corporate governance rules for publicly-listed companies, we would not be required to have a majority of our board of directors be independent, nor would we be required to have a compensation committee or an independent nominating function. If we decide to become a “controlled company” under the corporate governance rules for publicly-listed companies, we would not be required to have a majority of our board of directors be independent, nor would we be required to have a compensation committee or an independent nominating function. If we choose controlled company status in the future, our status as a controlled company could cause our Class A common stock to be less attractive to certain investors and adversely affect the market price of our Class A common stock. If we choose controlled company status in the future, our status as a controlled company could cause our Class A common stock to be less attractive to certain investors or otherwise harm our trading price.

We cannot predict the impact our dual class structure may have on the market price of our Class A common stock.46Table of ContentsWe cannot predict the impact our dual class structure may have on the market price of our Class A common stock.

We cannot predict whether our dual class structure, combined with the concentrated control of our Chief Innovation Officer, co-founder, and Chairman, Daniel Dines, who holds all of the outstanding shares of our Class B common stock, will result in a lower or more volatile market price of our Class A common stock or in adverse publicity or other adverse consequences.We cannot predict whether our dual class structure, combined with the concentrated control of our Chief Executive Officer, Co-Founder, and Chairman, who holds all of the outstanding shares of our Class B common stock, will result in a lower or more volatile market price of our Class A common stock or in adverse publicity or other adverse consequences. Certain index providers have announced restrictions on including companies with multiple-class share structures in certain of their indexes. Given the sustained flow of investment funds into passive strategies that seek to track certain indexes, exclusion from stock indexes would likely preclude investment by many of these funds and could make our Class A common stock less attractive to other investors. As a result, the market price of our Class A common stock could be adversely affected.

Future sales of our Class A common stock in the public market could cause the market price of our Class A common stock to decline.

Sales of a substantial number of shares of our Class A common stock in the public market in the future, or the perception that these sales might occur, could depress the market price of our Class A common stock and could impair our ability to raise capital through the sale of additional equity securities. We are unable to predict the timing of or the effect that such sales may have on the prevailing market price of our Class A common stock. We are unable to predict the timing of or the effect that such sales may have on the prevailing market price of our Class A common stock.

51

---

Table of Contents

In addition, there were 42,352,294 shares of Class A common stock issuable upon the exercise of options and upon the vesting and settlement of restricted stock units outstanding as of January 31, 2024. We have registered all of the shares of Class A common stock issuable upon exercise of outstanding options, vesting and settlement of outstanding restricted stock units, and other equity incentives we may grant in the future for public resale under the Securities Act. The shares of Class A common stock became eligible for sale in the public market to the extent such options are exercised or restricted stock units vested and settled, subject to compliance with applicable securities laws. Further, certain of our stockholders have rights, subject to some conditions, to require us to file registration statements covering the sale of their shares or to include their shares in registration statements that we may file for ourselves or other stockholders.

Sales, short sales, or hedging transactions involving our equity securities, whether or not we believe them to be prohibited, could adversely affect the price of our Class A common stock.

Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current management, and limit the market price of our Class A common stock.

In addition to the effects of our dual class structure, provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change in control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management.

In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which generally, subject to certain exceptions, prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any “interested” stockholder for a period of three years following the date on which the stockholder became an “interested” stockholder. Any of the foregoing provisions could limit the price that investors might be willing to pay in the future for shares of our Class A common stock, and they could deter potential acquirers of our company, thereby reducing the likelihood that stockholders would receive a premium for their shares of our Class A common stock in an acquisition.

Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware and the federal district courts of the U.S. will be the exclusive forums for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.

Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware is the exclusive forum for the following types of actions or proceedings under Delaware statutory or common law:

•any derivative claim or cause of action brought on our behalf;

•any claim or cause of action asserting a breach of fiduciary duty;

•any claim or cause of action against us arising under the Delaware General Corporation Law;

•any claim or cause of action arising under or seeking to interpret our amended and restated certificate of incorporation or our amended and restated bylaws; and

•any claim or cause of action against us that is governed by the internal affairs doctrine.

The provisions would not apply to suits brought to enforce a duty or liability created by the Exchange Act.The provisions would not apply to suits brought to enforce a duty or liability created by the Securities Exchange Act of 1934, as amended (the "Exchange Act"). Furthermore, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all such Securities Act actions. Accordingly, both state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated certificate of incorporation provides that the federal district courts of the U.S. will be the exclusive forum for resolving any complaint asserting a cause or causes of action arising under the Securities Act, including all causes of action asserted against any defendant to such complaint. For the avoidance of doubt, this provision is intended to benefit and may be enforced by us, our officers and directors, the underwriters to any offering giving rise to such complaint, and any other professional entity whose

52

---

Table of Contents

profession gives authority to a statement made by that person or entity and who has prepared or certified any part of the documents underlying the offering.

While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our amended and restated certificate of incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions and there can be no assurance that the provisions will be enforced by a court in those other jurisdictions.

These exclusive forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers, and other employees. If a court were to find either exclusive forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions, all of which could seriously harm our business. If a court were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions, all of which could seriously harm our business.

General Risk Factors

Our stock price may be volatile, and the value of our Class A common stock may decline.

The market price of our Class A common stock may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, some of which are beyond our control, including:

•actual or anticipated fluctuations in our financial condition or results of operations;

•variance in our financial performance from expectations of securities analysts;

•changes in the pricing of our products and services;

•changes in our projected operating and financial results;

•changes in laws or regulations applicable to our platform and products;

•announcements by us or our competitors of significant business developments, acquisitions, or new products;

•significant data breaches, disruptions to, or other incidents involving our software;

•our involvement in litigation or governmental investigations;

•future sales of our Class A common stock by us or our stockholders;

•changes in senior management or key personnel;

•the issuance of new or changed securities analysts’ reports or recommendations;

•the trading volume of our Class A common stock;

•changes in the anticipated future size and growth rate of our market;

•economic and market conditions in general, or in our industry in particular; and

•technical factors in the public trading market for our Class A common stock that may produce price movements that may or may not comport with macro, industry, or company-specific fundamentals, including, without limitation, the sentiment of retail investors, the amount and status of short interest in our securities, access to margin debt, trading in options and other derivatives on our common stock, and other technical trading factors.

Accordingly, we cannot assure stockholders of the liquidity of an active trading market, the ability to sell their shares of our Class A common stock when desired, or the prices that they may obtain for their shares of our Class A common stock.Accordingly, we cannot assure you of the liquidity of an active trading market, your ability to sell your shares of our Class A common stock when desired, or the prices that you may obtain for your shares of our Class A common stock. The lack of an active market may impair stockholders' ability to sell their shares at the time they wish to sell them or at a price that they consider reasonable. The lack of an active market may impair your ability to sell your shares at the time you wish to sell 49Table of Contentsthem or at a price that you consider reasonable. The lack of an active market may also reduce the fair value of their shares. An inactive market may also impair our ability to raise capital to continue to fund operations by selling shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.

53

---

Table of Contents

Broad market and industry fluctuations, as well as general economic, political, regulatory, and market conditions, may also negatively impact the market price of our Class A common stock. In addition, technology stocks have historically experienced high levels of volatility. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We have been and may be the target of this type of litigation in the future, which could result in substantial expenses and divert our management’s attention. We may be the target of this type of litigation in the future, which could result in substantial expenses and divert our management’s attention.

Our issuance of additional capital stock in connection with financings, acquisitions, investments, our equity incentive plans, or otherwise will dilute all other stockholders.

We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to continue to grant equity awards to employees and directors under our equity incentive plans. We expect to continue to grant equity awards to employees, directors, and consultants under our equity incentive plans. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in companies, products, or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our Class A common stock to decline.

Our business, financial condition, results of operations, or cash flows could be significantly hindered by the occurrence of a natural disaster, public health crisis, military action, terrorist attack, or other catastrophic event.Our business, financial condition, results of operations, or cash flows could be significantly hindered by the occurrence of a natural disaster, military action, terrorist attack, or other catastrophic event.

Our business operations may be susceptible to outages due to fire, floods, unusual weather conditions, power loss, telecommunications failures, military actions, terrorist attacks, public health crises, and other events beyond our control. Natural disasters including tornados, hurricanes, floods, and earthquakes may damage the facilities of our customers or those of their suppliers or retailers or their other operations, which could lead to reduced revenue for our customers and thus reduced spending on our platform and products. In addition, a substantial portion of our operations rely on support from our headquarters in New York City and our office in Bucharest, Romania. To the extent that fire, floods, unusual weather conditions, power loss, telecommunications failures, military actions, terrorist attacks, and other events beyond our control materially impacts our ability to operate those offices, it may have a material impact on our business operations as a whole.

To the extent that such events disrupt our business or the businesses of our current or prospective customers, or adversely impact our reputation, such events could adversely affect our business, financial condition, results of operations, and cash flows.To the extent that such events disrupt our business or the business of our current or prospective customers, or adversely impact our reputation, such events could adversely affect our business, financial condition, results of operations, and cash flows.

If our estimates or judgments relating to our critical accounting estimates prove to be incorrect, our results of operations could be adversely affected.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances. The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant estimates and judgments relate to revenue recognition and stock-based compensation. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the market price of our Class A common stock.

54

---

Table of Contents

Item 1B. Unresolved Staff Comments

Not applicable.

Item 1C.Item 1A. Cybersecurity

Risk Management and Strategy

We have implemented and maintain various information security processes designed to identify, assess, and manage material risks from cybersecurity threats (which we refer to as information security threats) to our critical computer networks, third-party hosted services, communications systems, hardware and software, and our critical data. Our critical data includes intellectual property, confidential information that is proprietary, strategic, or competitive in nature, and personal and sensitive information related to our employees, prospective employees, third-party service providers, and our customers. Together, we refer to these systems and data as our Information Assets, Systems, and Data).

Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, and standards and policies designed to manage and mitigate material risks from information security threats to our Information Assets, Systems, and Data, including, for example: using manual and automated monitoring tools; conducting scans of our threat environment; subscribing to reports and services that identify information security threats; analyzing reports of threats and actors; evaluating threats reported to us; conducting and using third parties to conduct tests of certain systems; coordinating with law enforcement concerning certain threats; having third parties conduct threat assessments; conducting threat assessments and vulnerability assessments to identify vulnerabilities; evaluating our and our industry’s risk profile; conducting penetration testing; having third parties conduct red/blue team testing and tabletop incident response exercises; using external intelligence feeds; and conducting various threat model exercises. The level of investment and maturity of each of these measures are mapped directly to our risk management program.

Our assessment and management of material risks from information security threats are integrated into our overall risk management processes. For example: (1) information security risk is addressed as a component of our enterprise risk management program and identified in our risk register; (2) the information security team with enterprise input from other teams, including our risk management, internal audit, security, and technology management personnel, works with management to prioritize our risk management processes and mitigate information security threats that have a higher likelihood of leading to a material impact to our business; (3) our global risk and compliance team, under the direction of our CISO, evaluates material risks from information security threats against our overall business objectives.

We use third-party service providers to assist, from time to time, in identification, assessment, and management of material risks from information security threats, including but not limited to penetration testing firms, professional services firms, external legal counsel, threat intelligence service providers, information security consultants and software providers, managed cybersecurity service providers, and forensic investigators. Further, we use third-party service providers to perform a variety of functions throughout our business, such as application providers and hosting companies. We use certain vendor management processes to help manage information security risks associated with our use of certain of these providers. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances. Depending on the nature of the services provided, the sensitivity of the Information Assets, Systems and Data at issue, and the identity of the provider, our vendor management process may involve different levels of assessment designed to help identify information security risks associated with a provider and impose contractual obligations related to information security on the provider, including, for example: conducting risk assessments and vulnerability scans related to our vendors’ services; requiring our vendors to complete security questionnaires; reviewing our vendors’ written security programs and security assessments; conducting and maintaining reports on our vendors; reviewing our vendors' third-party audit reports; conducting security assessment calls with our vendors’ security personnel; and imposing certain contractual obligations on our vendors. We apply mitigations and processes based on our evaluation of the sensitivity of the data accessed by the vendor and the maturity of the vendor's programs. Reports from our third-party vendors are treated as an intake to our incident response process. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, financial condition, or results of operations. However, like other companies in our industry, we and our third-party vendors have from time to time experienced threats and security incidents that could affect our information or systems.

55

---

Table of Contents

For a description of the risks from information security threats that may materially affect us and how they may do so, see Risk Factors—Risks Related to Data Privacy and Cybersecurity in Part I, Item 1A of this Annual Report on Form 10-K.

Governance

In fiscal year 2024, our information security risk assessment and management processes were implemented and maintained by certain of our management, including our CISO, our Chief Technology Officer—Cloud, and our Senior Director of Security Operations. Our CISO has over 30 years of experience developing and leading IT product security teams across multiple technology domains, and previously held leadership positions at several large technology companies. Our Chief Technology Officer—Cloud holds a Master of Science degree in Computer Engineering and has over 20 years of experience in various IT leadership roles, including most recently as Head of Engineering within a large technology company's Cloud and IT division. Our Senior Director of Security Operations has over 12 years of experience in IT security and is a Certified Information Systems Security Professional.

Our CISO and information security team are responsible for hiring appropriate information security personnel, helping to integrate information security risk considerations into our overall risk management strategy, and communicating key priorities to relevant personnel. The CISO and CISO's leadership team are responsible for approving budgets, approving information security processes, helping to prepare for possible cybersecurity incidents, and reviewing security assessments and other security-related reports. Other teams are also involved in aspects of this work.

The CISO regularly reports to senior management and the board of directors on the oversight of our information security program. The CISO is also a member of the senior leadership team that meets quarterly on risk and compliance, which includes executives throughout the company who oversee areas such as finance, accounting, investor relations, people, legal and compliance, IT, and product and engineering. This committee meets regularly, as relevant, to discuss oversight of the information security program, program enhancements, and new risks or threats the company might be facing. The company has established, as part of its incident response program, a smaller senior executive committee to oversee and manage information security incidents or vulnerabilities, assessed by severity and/or known or threatened impact. Security management and others work with our incident response team to help mitigate and remediate information security incidents of which they are notified. In addition, our incident response plan includes reporting to the board of directors for certain information security incidents. In addition, the increased pace of consolidation in certain industries may result in reduced overall spending on our products.

The CISO reports at least quarterly to the audit committee of the board of directors. Pursuant to its charter, the audit committee has, as an area of focus, the adequacy and effectiveness of our information security and cybersecurity policies and practices. The board of directors retains overall responsibility for assessing the our major risks and considering ways to address those risks, and addresses our information security risk management as part of its general oversight function. Through its meetings with management, including the information security, internal audit and legal and compliance functions, the audit committee reviews and discusses significant areas of our business and summarizes key areas of risk and relevant mitigating factors for the board of directors.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
EAWD	9 hours ago
ARAT	9 hours ago
IONM	9 hours ago
NHWK	10 hours ago
GBBK	10 hours ago
APOG	11 hours ago
FWAV	13 hours ago
JRSS	14 hours ago
PPIH	17 hours ago
WAVS	1 day, 6 hours ago
GBNH	1 day, 7 hours ago
ACCD	1 day, 8 hours ago
EFSH	1 day, 10 hours ago
RFAC	1 day, 10 hours ago
GXXM	1 day, 13 hours ago
PGY	1 day, 17 hours ago
KPLT	2 days, 9 hours ago
MSB	2 days, 10 hours ago
MMMB	2 days, 10 hours ago
LVPA	2 days, 12 hours ago
HELE	2 days, 19 hours ago
RILY	3 days, 4 hours ago
BHAC	3 days, 10 hours ago
STZ	3 days, 13 hours ago
ARMT	3 days, 18 hours ago
ARMT	3 days, 18 hours ago
RCFA	4 days, 6 hours ago
FSR	4 days, 7 hours ago
TPIA	4 days, 8 hours ago
MEDS	4 days, 9 hours ago
PVNC	4 days, 9 hours ago
CDTX	4 days, 9 hours ago
ENCP	4 days, 9 hours ago
ACI	4 days, 17 hours ago
AZZ	4 days, 20 hours ago
DGWR	4 days, 20 hours ago
AURX	1 week ago
CIRX	1 week ago
GTCH	1 week ago
HWNI	1 week ago
CSSE	1 week ago
WNLV	1 week ago
RBTK	2 weeks ago
BTTR	2 weeks ago
ROYL	2 weeks ago
VIRC	2 weeks ago
SCS	2 weeks ago
DHAC	2 weeks ago
ALOT	2 weeks ago
NUBI	2 weeks ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

TRADE SMARTER

with our free, cutting-edge alternative data platform

Please enter user name

Password too short

Sign in

Don't have an account? Sign Up for Free

Forgot password?

TRADE SMARTER

with our free, cutting-edge alternative data platform

Please enter user name

Please enter valid email

Password too short

Password too short

Sign Up

I already have an account, Sign In

App Store (iOS)

Play Store (Android)