Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - PEGA

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A.

Words such as expects, anticipates, intends, plans, believes, will, could, should, estimates, may, targets, strategies, intends to, projects, positions, forecasts, guidance, likely, and usually or variations of such words and other similar expressions identify forward-looking statements. These statements represent our views only as of the date the statement was made and are based on current expectations and assumptions.

Forward-looking statements deal with future events and are subject to risks and uncertainties that are difficult to predict, including, but not limited to:

•our future financial performance and business plans;

•the adequacy of our liquidity and capital resources;

•the successful execution of investments in artificial intelligence;

•reliance on key personnel;

•potential legal and financial liabilities, as well as damage to our reputation, due to cyber-attacks;

•security breaches and security flaws;

•our ability to protect our intellectual property rights, costs associated with defending such rights, intellectual property rights claims, and other related claims by third parties against us, including related costs, damages, and other relief that may be granted against us;

•our ongoing litigation with Appian Corp. and associated legal proceedings; and

•management of our growth.

These risks and others that may cause actual results to differ materially from those expressed in such forward-looking statements are described further in “Item 1A. Risk Factors” of this Annual Report and other filings we make with the SEC.

Investors are cautioned not to place undue reliance on such forward-looking statements, and there are no assurances that the results included in such statements will be achieved. Although subsequent events may cause our view to change, except as required by applicable law, we do not undertake and expressly disclaim any obligation to publicly update or revise these forward-looking statements, whether as the result of new information, future events, or otherwise. The forward-looking statements in this Annual Report represent our views as of February 10, 2026.

ITEM 1. BUSINESS

Our Business

We develop, market, license, host, and support enterprise software that helps organizations optimize decisions and processes in real-time so they can deliver outcomes that transform their business. Clients can leverage our AI technology and scalable architecture to accelerate their digital transformation. In addition, our sales and client success teams, world-class partners, and clients can leverage Pega BlueprintTM (“Blueprint”) to rapidly prototype and accelerate the development and deployment of applications quickly and collaboratively.

To grow our business, we intend to:

•Increase market share by developing and delivering a platform for enterprise AI decisioning and workflow automation for buyers in marketing, sales, service, operations, and IT that can work together seamlessly with maximum competitive differentiation;

•Deepen and expand our relationships with existing clients;

•Establish relationships with new clients;

•Continue to scale our marketing efforts to support how today’s buyers discover, evaluate, and choose products and services;

•Deepen partnerships with systems integrators and hyperscalers to drive sales and delivery of our products; and

•Leverage partner-branded Blueprints to extend our market reach with strategic partners.

Whether we are successful depends, in part, on our ability to:

•Execute our marketing and sales strategies;

•Manage our expenses appropriately as we grow our organization;

•Develop new products and enhance our existing products; and

•Incorporate acquired technologies into our solutions and the unified Pega Platform™.

Our Products

Pega Infinity

Pega Infinity™, the latest version of our software portfolio, helps build agility into our clients’ organizations so they can work smarter, unify experiences, and adapt to meet changing requirements.

Our applications and low-code platform intersect with and encompass several software markets, including:

•Customer Engagement, including Customer Relationship Management (“CRM”);

•Business Orchestration and Automation Technologies (“BOAT”) and Digital Process Automation (“DPA”), including Business Process Management (“BPM”), Workflow, and Dynamic Case Management (“DCM”);

•Low-code application development platforms (“LCAP”), including Multi-experience Development Platforms (“MXDP”);

•Robotic Process Automation (“RPA”), and Task-Centric Process Automation;

•Business Rules Management Systems (“BRMS”);

•Decision Management, including predictive and adaptive analytics and Real-time Interaction Management (“RTIM”); and

•the Vertical-Specific Software (“VSS”) market of industry solutions and packaged applications.

1:1 Customer Engagement

Our omnichannel customer engagement applications are designed to maximize the lifetime value of customers and help reduce the costs of serving customers while ensuring a consistent, unified, and personalized customer experience. At the center of our customer engagement applications is the Pega Customer Decision Hub™ (“CDH”), our real-time, AI-powered decision engine, which can predict a customer’s behavior and recommend the “next best action” to take across channels in real-time. It is designed to enable enterprises to improve customer acquisition and experience across inbound, outbound, and paid media channels. Recently, we introduced Pega Customer Engagement Blueprint™, a new GenAI powered collaboration tool that helps brands easily visualize customer journeys and quickly ideate and refine strategies for better engagement. It leverages our powerful AI framework so users can collaborate online, map their vision from data models to brand strategy, and create a comprehensive roadmap for customer-centric programs that drive results. This helps clients quickly visualize the value of Pega CDH for their marketing and data and analytics programs.

Customer Service

The Pega Customer Service™ application simplifies customer service. It is designed to anticipate customer needs, connect customers to the right people and systems, automate or intelligently guide customer interactions, rapidly and continuously evolve the customer service experience, and allow enterprises to deliver consistent interactions across channels and improve employee productivity. The application consists of a contact center desktop, case management for customer service, chat, knowledge management, mobile field service, omnichannel self-service, AI-powered virtual assistants, and industry-specific processes (“Microjourney®”) and data models. For clients who want to extend intelligence and automation into the early stages of the customer journey, Pega Sales Automation™ automates and manages the entire sales process, from prospecting to product fulfillment. It allows enterprises to capture best practices and leverage AI to guide sales teams through the sales and customer onboarding processes. Blueprint enables AI design agents to transform legacy systems, uncovering end-to-end customer journeys and centralizing processes across all channels.

Workflow Automation

Pega Platform™, our software for AI-powered workflow automation, boosts the efficiency of our clients’ processes and operational workflows. This technology allows organizations to take an end-to-end approach to transformation by using intelligence and design thinking to streamline processes and create better customer and employee experiences. With Blueprint, clients can leverage the power of AI to design best practice processes for any industry domain in minutes. Pega’s automation goes beyond traditional BPM to unify technologies such as RPA and AI to enable organization-wide digital transformation. Pega Platform and Blueprint, combined with industry best practices, provide the right structure and platform for clients to unlock automation for the agentic AI future.

Legacy Transformation

Our Legacy Transformation solution leverages Pega Platform and Blueprint to help organizations retire technical debt and modernize operations without disrupting business. It uses Blueprint to rapidly analyze existing systems and processes, uncovering end-to-end workflows and identifying opportunities for simplification. From there, the offering applies AI-powered design and low-code development to reimagine legacy applications, accelerating time-to-value while reducing risk. By insulating business logic from back-end complexity, it enables clients to preserve critical functionality while eliminating redundant systems and maintenance costs. Combined with workflow automation and decisioning capabilities, our Legacy Transformation solution delivers agility, scalability, and cost efficiency – empowering enterprises to move beyond outdated technology and embrace a future-ready architecture.

Our Capabilities

We drive better business outcomes for our clients in four ways:

•1:1 Customer Engagement: we enable clients to hyper-personalize interactions with their customers using our AI-powered decision engine, resulting in higher customer lifetime value.

•Customer Service: we enable clients to streamline customer service and deliver better service experiences for their customers and employees, resulting in higher customer satisfaction and loyalty with reduced costs.

•Workflow Automation: we enable clients to automate mission-critical workflows, resulting in improved operational efficiency, faster time to value, and lower cost.

•Legacy Transformation: we enable clients to retire technical debt faster, increase agility, and eliminate maintenance costs.

This approach insulates business logic from back-end and front-end complexity, delivering consistent customer experiences and agility to the business.

The key aspects of this architecture are:

Centrally-managed AI-powered decisioning

Pega’s centrally-managed AI-powered decisioning ensures AI and business rules operate across all channels. Applications built on Pega’s low-code Platform leverage predictive and adaptive analytics to deliver personalized customer experiences and maximize business objectives.

End-to-end workflow automation aligned with business outcomes

We combine human-assisted robotic desktop automation and unattended robotic process automation with our unified workflow automation and case management capabilities. This combination provides our platform and applications the differentiated ability to automate customer-facing and back-office operational processes from “end to end,” connecting across organizational and system silos to connect customers and employees to outcomes seamlessly and efficiently.

Consistent omnichannel experiences

With centrally defined business and process logic, Pega provides dynamic, open APIs to align front-end channels and business logic for consistent customer experiences. By leveraging innovative user interface (“UI”) technology, Pega-powered processes and decisions can be easily embedded into existing front ends or used as the basis for new employee-facing applications.

Insulation of back-end complexity

Pega’s architecture insulates case and decision logic from the complexity of back-end systems. Our data virtualization automatically pulls in needed data in a common structure, regardless of source. This capability allows clients the agility to build new experiences on existing systems, modernizing legacy systems without breaking existing processes.

A layered approach to managing variation

Pega’s Situational Layer Cake™ organizes logic into layers that map to the unique dimensions of a client’s business – customer types, lines of business, geographies, etc. This layered approach lets organizations manage variations of their businesses without duplicating logic. This capability allows initial deployments into a single department or region to seamlessly scale to manage the complexity of a global, multi-line enterprise.

In addition to our Center-out agent architecture, Pega technology has been designed to be deployed rapidly, be easily changed, and scale across changing architecture needs.

Rapid, AI-enabled transformation with Blueprint

Pega's approach to digital transformation projects brings business, IT, and AI together to accelerate collaboration, development, and time-to-value. We and our customers can begin projects in Blueprint, which leverages generative AI to analyze business requirements and legacy documentation to generate a starting point template aligned with clients' strategic business outcomes. From there, Blueprint streamlines business and IT collaboration, providing guidance to teams through the end-to-end requirements gathering process – either through virtual collaboration or in a workshop setting.

Through use of Blueprint, our clients are able to generate a starting point application that gives developers a head start on deep configuration and integration. Through our low-code configuration and AI-powered assistance, developers in Pega are aided in quickly building out and adapting application functionality. We refer to this process as our Blueprint Delivered™ design and implementation. Blueprint Delivered uses an agile approach to assist in the acceleration of application build-out in alignment with client success criteria, emphasizing reusable components that ensure both immediate and long-term value creation.

Pega Predictable AI™

Pega Predictable AI brings agents and workflows together to deliver consistent, governed execution at scale. Starting in Blueprint, design agents rapidly model best-practice workflows aligned to business outcomes. These workflows then guide agents – human and AI – at runtime, ensuring predictable, transparent operations across channels and processes. By combining centralized decisioning with real-time analytics and machine learning, Predictable AI automates tasks, personalizes experiences, and optimizes results.

Integrated with our Center-out agent architecture, this capability enables organizations to adapt quickly to change while maintaining compliance and control, accelerating transformation with confidence. Predictable AI provides the structure and intelligence to accelerate transformation, reduce risk, and deliver consistent outcomes with confidence. With this approach, we help clients unify business and IT, streamline collaboration, and scale automation across the enterprise to drive operational excellence and long-term value.

Pega Cloud

Pega Cloud® allows clients to develop, test, and deploy, on an accelerated basis, our applications and the Pega Platform using a secure, flexible internet-based infrastructure, minimizing cost while focusing on core revenue-generating competencies.

Some clients will choose to manage the Pega deployment themselves using the cloud architecture they prefer.

Our Services and Support

We offer services and support through our Global Client Success, Global Service Assurance and Client Support, and Pega Academy groups. We also use third-party contractors to assist us in providing these services.

•Global Client Success – Global Client Success guides our clients to maximize their investment in our technology and realize the business outcomes they are targeting. Within Global Client Success, our Client Innovation team helps clients transform and prototype their customer journeys through our Pega Catalyst™ offering, our Success team ensures our clients receive the maximum business value from their Pega investments, and our Pega Consulting team provides planning, design, implementation, and assurance services.

•Global Service Assurance and Client Support – Global Service Assurance addresses risks to client success because of technical concerns. By providing technical staff dedicated to client success, we reduce the time to resolve technical issues, eliminate lengthy deliberations of technical resource logistics, and increase clients’ confidence in our technology and client service. Global Client Support provides technical support for our products and services. Support services include cloud service reliability management, online support community management, self-service knowledge, proactive problem prevention through information and knowledge sharing, problem tracking, prioritization, escalation, diagnosis, and resolution.

•Pega Academy – Pega Academy offers enablement content for all Pega product implementations to ensure the success of our Clients and Partners. We have increased our ability to train partners and clients to implement our technology and made it easier for individuals to stay current as it evolves. We offer many mediums, including instructor-led and online training to our employees, clients, and partners so individuals can learn in the way that best suits them. We have also added AI-enabled learning into our products so individuals are able to access real-time enablement material as they build, based on our best-in-class documentation (also available in our standalone documentation portal). Lastly, engagement is an important part of our strategy to create a broad ecosystem passionate about Pega technology to further increase our advocates across our clients and other key stakeholders, and providing ongoing enablement given the pace of change of technology.

Our Partners

We collaborate with global systems integrators and technology consulting firms that provide consulting services to our clients, cloud hyperscalers that provide the technology infrastructure and programs that accelerate legacy transformation and AI innovation, and Independent Software Vendors (“ISVs”) that extend clients’ investment with integrated solutions. These partners may deliver strategic business planning, consulting, project management, training, and implementation services to our clients.

Our partners are recognized through our Pega partner program, helping those organizations differentiate themselves in the marketplace. They do so by achieving distinctions in industries or across specific solutions areas and geographies. Pega’s largest partners include Aaseya, Accenture, Areteans, Capgemini, Coforge, Cognizant Technology Solutions, Evonsys Inc, Ernst & Young, HCL Tech, Infosys, LTIMindtree, Tata Consultancy Services, and Virtusa.

Our Markets

Target Clients

We focus on enterprise-scale businesses and government agencies that require advanced solutions to distinguish themselves in the competitive markets they serve.

Our clients represent many industries, including:

•Financial services – Pega’s software for AI-powered decisioning and workflow automation is used by financial services organizations for Customer Engagement, Onboarding and Know Your Customer (“KYC”), Lending, Customer Service, Payment Exceptions, Bank Operations, and Managing Financial Crime. Our platform enables clients to increase loyalty and wallet share, reduce time and effort to close loans and open accounts, address compliance more effectively while simplifying customer experiences, resolve service requests across channels more quickly with less effort, and boost the efficiency of various back-office processes with fewer human touches.

•Healthcare – Pega’s software for AI-powered decisioning and workflow automation is used by healthcare organizations for Customer Engagement, Onboarding and Enrollment, Customer Service, Care Management Services, and Claims/Core Admin.

•Government – Pega’s software for AI-powered decisioning and workflow automation is used by government agencies for Enterprise Modernization, Licensing, Investigative Case Management, Grants and Financial Management, Acquisition and Supply Chain Modernization, and Citizen Service. Our platform enables clients to modernize legacy systems and processes to meet the growing demands for improved constituent service, lower costs, reduced fraud, and greater transparency.

•Communications and media – Pega’s software for AI-powered decisioning and workflow automation is used by communications and media organizations for Customer Engagement, Order Management, Customer Service, Service Assurance, Network Operations, and Shared Services. Our platform enables clients to increase loyalty and wallet share, simplify experiences while accelerating revenues and processes, resolve service requests across channels more quickly with less effort, drive a faster, simpler repair experience, and boost the efficiency of 5G, fiber, and cloud processes.

•Insurance – Pega’s software for AI-powered decisioning and workflow automation is used by insurance companies for Customer Engagement, Sales, Distribution, Underwriting, Policyholder Service, and Claims. Our platform enables clients to nurture and grow their book of business, increase agent sales effectiveness, power better partner performance and loyalty, automate application intake and processing with intelligence, personalize seamless policy lifecycle experiences, and improve claims handling efficiencies with more modern customer and employee experiences.

•Manufacturing and high tech – Pega’s software for AI-powered decisioning and workflow automation is used by manufacturers to streamline their complex global operations and create more value for their customers, dealers, distributors, and suppliers while directly managing the performance, uptime, and impact of their connected products, equipment, and experiences. Our platform enables clients to reduce the complexity of enterprise operations in domains like supply chain, order management, quality management, shared services, customer service, and aftermarket services, including warranty management and captive finance, while minimizing the constraints on digital transformation caused by legacy systems.

•Consumer services – Pega’s software for AI-powered decisioning and workflow automation is used by consumer services organizations for Customer Engagement, Supplier Onboarding, Customer Service, and Enterprise Operations in industries such as transportation, utilities, internet providers, retail, hospitality, and entertainment.

Competition

The markets for our offerings are intensely competitive, rapidly changing, and highly fragmented as current competitors expand their product offerings and new companies enter the market.

We also compete with clients’ internal information systems departments that seek to modify their existing systems or develop their own proprietary systems and professional service organizations that develop their own products or create custom software in conjunction with rendering consulting services.

We have been most successful in competing for clients whose businesses are characterized by a high degree of change, complexity, and/or regulation.

We believe we are competitively differentiated through the combination of Blueprint and our unified Pega Platform, which allows us to harness the power of large language models to design applications and use the power of Pega’s patented world-class workflow engine to create the appropriate context and guardrails prior to putting applications into production. This allows client business and IT staff, using a single, intuitive user interface, to build and evolve enterprise applications in a fraction of the time it would take with disjointed architectures and tools offered by many of our competitors. We believe we compete favorably due to our expertise in our target industries and our long-standing client relationships. We believe we compete less favorably on some of the above factors against our larger competitors, many of which have greater sales, marketing, and financial resources, a more extensive geographical presence, and greater name recognition. In addition, we may be at a competitive disadvantage against our larger competitors with respect to our ability to provide expertise outside our target industries.

Intellectual Property

We rely primarily on a combination of copyright, patent, trademark, and trade secrets laws, as well as confidentiality procedures, technical safeguards, and contractual provisions, to protect our intellectual property rights and our brand. We have obtained patents relating to our system architecture and products in strategic global markets. We enter into confidentiality, intellectual property ownership, and license agreements with our employees, partners, clients, and other third parties. To protect our proprietary rights, we also control access to and ownership of software, services, documentation, and other information. We also purchase or license third-party technology, including open-source software and large language models, that we incorporate into our products and services.

Sales and Marketing

We encourage our direct sales force and outside partners to co-market, pursue joint sales initiatives, and drive broader adoption of our technology, helping us grow our business more efficiently and focus our resources on continued innovation and enhancement of our solutions. In addition, strategic partnerships with management consulting firms and major systems integrators are important to our sales efforts because they influence buying decisions, help us identify sales opportunities, and complement our software and services with their domain expertise and consulting capabilities. We also partner with technology providers and application developers.

To support our sales efforts, we conduct a broad range of marketing programs, including awareness advertising, client and industry-targeted solution campaigns, trade shows, including our PegaWorld® user conference, solution seminars and webinars, industry analyst and press relations, web and digital marketing, community development, social media presence, and other direct and indirect marketing efforts.

Research and Development

Our research and development organization is responsible for product architecture, core technology development, design, product testing, and quality assurance. We continuously expand our technology’s capabilities and ensure we deliver superior AI-based cloud-native solutions. We intend to maintain and extend the support of our existing applications, and we may choose to invest in additional strategic applications that incorporate the latest business innovations. We also intend to maintain and extend the support for popular public and private cloud platforms, and integration options to facilitate easy and rapid deployment in diverse IT infrastructures and ecosystems.

Backlog

As of December 31, 2025, we expected to recognize $2.1 billion in revenue from backlog on existing contracts in future periods. For additional information, see "Note 15. Revenue" in Item 8 of this Annual Report.

People and Culture

As of January 30, 2026, we had 5,598 employees: 2,002 in the Americas, 1,272 in Europe, 1,982 in India, and 342 across Asia-Pacific.

Our talent strategy is designed to bring our business strategy to life through our people, who are the very foundation of our success. We focus on identifying, growing, and keeping people with the right leadership, values, and growth mindset needed to deliver our business strategy now and in the future. Collaboration and fresh thinking drive how we work together, ensuring that our people can contribute meaningfully while growing in their careers.

We believe when all perspectives are considered, we make better decisions and create stronger outcomes. Through continuous feedback and transparency, we build a workplace of connection, engagement, and performance.

Learning and Development

Lifelong learning and curiosity are core to who we are, rooted in the belief that skills and intelligence aren’t fixed – but rather grow and develop through continuous learning. We encourage our people to lean into challenges, seek feedback, and be open to varying perspectives to sharpen thinking. The culture of learning enhances problem solving and allows us to turn obstacles into opportunities. We are committed to providing meaningful opportunities for our people to take ownership of their professional growth, leveraging mentorship, job shadowing, on-demand learning, and structured development programs. Pega Academy helps accelerate skill development across our global community of employees, clients, and partners, focusing on emerging technologies and capabilities. Our leadership development programs are designed to cultivate leaders who drive high performance while fostering inclusive team environments. Our commitment to continuous learning is backed by education reimbursement programs and external partnerships, ensuring our workforce stays ahead of industry trends and technological advancements.

Total Rewards

We offer a competitive and comprehensive total rewards package that drives performance, supports well-being, and emphasizes career growth. Our compensation philosophy is designed to recognize performance and align with Pega’s success, with a mix of base pay, short-term cash incentives, and long-term incentives.

We also provide a suite of market competitive benefits that promote health and well-being. We regularly assess and evolve our offerings to ensure they meet the needs of our workforce, recognizing that employees' priorities change over time.

Talent Cultivation

Talent Cultivation is a key pillar of our talent strategy. Our dynamic approach combines continuous feedback with personalized development, enabling employees to thrive in an ever-evolving digital landscape. We foster a culture of growth where every employee has the power to make informed choices and own their career by providing the right conditions, tools, and development pathways.

Corporate Information

Pegasystems Inc. was incorporated in Massachusetts in 1983. Our stock is traded on the NASDAQ Global Select Market under the symbol “PEGA.pega.com, and our investor relations website is at www.pega.com/about/investors.

Available Information

We make available our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to these reports, free of charge, through our website as soon as reasonably practicable after we electronically file such material with or furnish such material to the SEC. We also make available on our website reports filed by our executive officers and directors on Forms 3, 4, and 5 regarding their ownership of our securities. Our Code of Conduct is available on our website in the “Governance” section.

The SEC maintains a website that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC at www.sec.gov.

ITEM 1A. RISK FACTORS

The risks and uncertainties described below are not the only ones we face. Events that we do not currently anticipate, or expect to be immaterial, may also materially adversely affect our results of operations, cash flows, and financial condition.

Risks Related to Our Business and Industry

If we fail to operate our subscription-based business model successfully, our results of operations and/or cash flows could be negatively impacted.

Continued growth of our subscription-based offerings will depend on our ability to continue to:

•innovate and include new functionality and improve the usability of our products in a manner that addresses our clients’ needs and requirements; and

•optimally price our products considering marketplace conditions, competition, our costs, and client demand.

Other than in instances where clients manage Pega deployment themselves, our cloud-based subscription model also requires that we rely on third parties to host our software for our clients and incur significant recurring third-party hosting expenses. If we are unable to meet these challenges effectively, our operating results and financial condition could be materially adversely affected.

We may not achieve the key elements of our strategy and grow our business as anticipated.

Key elements of our strategy include increasing our market share by developing and delivering robust solutions that can work together seamlessly with maximum differentiation and minimal customization, offering versatility in the Pega Platform and application deployment and licensing options to meet the specific needs of our clients, growing our network of partner alliances, and developing the talent and organizational structure capable of supporting our revenue and earnings growth targets. We may not achieve one or more of our key initiatives. Our success depends on our ability to manage our expenses as we appropriately grow our organization, successfully execute our marketing and sales strategies, successfully incorporate acquired technologies into our unified Pega Platform, and develop new products or product enhancements. If we are not able to execute these actions, our business may not grow as we anticipate, and our operating results and financial condition could be materially adversely affected.

If we are not successful in executing our investments in AI, including generative AI, our business, financial condition, and results of operations may be harmed.

We are investing significantly in AI. This investment is occurring as the legal and regulatory landscape applicable to AI is uncertain and evolving rapidly, and at the same time as our competitors are also investing in AI. There are significant risks in deploying AI, and there can be no assurance that using AI in our solutions will enhance or be beneficial to our business, including our profitability. The rapid evolution of AI will require the application of resources to develop, test, and maintain our products and services to help ensure that we implement AI in a manner that minimizes any unintended, harmful impact and that maximizes our ability to provide products and services to our customers. Other companies may develop AI enabled products that are similar to ours or adopt and implement AI more successfully or at a quicker pace than we do. If we fail to develop products in a manner that satisfies customer preferences in a timely and cost-effective manner, we may fail to retain our existing customers or increase demand for our solutions. In addition, complying with multiple regulations from different jurisdictions related to AI could increase our cost of doing business, may influence the way that we operate in certain jurisdictions, or may impede our ability to offer certain products and services in certain jurisdictions if we are unable to comply with applicable regulations.

The loss of key personnel could be disruptive to our operations and materially adversely affect our financial performance. We do not carry, nor do we currently intend to obtain, significant key-person life insurance on officers or other employees. Our success will depend on attracting and retaining qualified personnel and rapidly replacing and developing new management, as needed. The number of potential employees who have the extensive knowledge needed to develop, sell, and maintain our offerings is limited, and competition for their services is intense. There can be no guarantee that we will be able to attract and retain such personnel. If we are unable to do so, our business, operating results, and financial condition could be materially adversely affected. We have from time to time in the past experienced, and we expect to continue to experience in the future, difficulty in hiring and difficulty in retaining highly skilled employees with appropriate qualifications.

In addition, we believe our corporate culture has been a key contributor to our success.

A change in the size or volume of license and Pega Cloud arrangements, or a change in the mix between perpetual licenses, subscription licenses, and Pega Cloud arrangements, can cause our revenues, bookings, and cash flows to fluctuate materially between periods. Revenue from subscription service arrangements, which includes Pega Cloud and maintenance, is typically recognized over the contract term, while revenue from license sales is recognized when the license rights become effective, typically upfront.

Factors that may influence the predictability of our license and Pega Cloud revenue and bookings include:

•changes in clients’ budgets and decision-making processes that could affect both the timing and size of transactions;

•the timing of the execution of an agreement or our ability to deliver the products or services;

•changes in our business model; and

•our ability to execute our marketing and sales strategies.

We budget for our selling and marketing, product development, and other expenses based upon anticipated future bookings and revenue. Other factors that may cause our operating results to vary include changes in foreign currency exchange rates, income tax effects, and the impact of new accounting pronouncements.

As a result, period-to-period comparisons of our operating results are not necessarily meaningful and should not be relied upon to predict future performance.

We will need to acquire or develop new products, evolve existing ones, address defects or errors, and adapt to technology changes.

Technical developments, client requirements, programming languages, industry standards, and regulatory requirements frequently change in the markets in which we operate. As a result, our success will depend upon our ability to enhance current products, address any product defects or errors, acquire or develop and introduce new products that meet client needs, keep pace with technology and regulatory changes, respond to competitive products, and achieve market acceptance. Product development requires substantial investments for research, refinement, and testing. We may not have sufficient resources to make the necessary product development investments. We may experience technical or other difficulties that will delay or prevent the successful development, introduction, or implementation of new or enhanced products. We may also experience technical or other challenges integrating acquired technologies into our existing platform and applications. Inability to introduce or implement new or enhanced products in a timely manner could result in loss of market share if competitors are able to provide solutions to meet client needs before we do, give rise to unanticipated expenses related to further development or modification of acquired technologies, and materially adversely affect our financial performance.

We frequently enter into a series of license or Pega Cloud arrangements that each focus on a specific purpose or area of operations. If we are not successful in obtaining follow-on business from these clients, our financial performance could be materially adversely affected.

Once a client has realized the value of our software, we work with the client to identify opportunities for follow-on sales. However, we may not be successful in demonstrating this value for several reasons, including the performance of our products, the quality of the services and support provided by our partners and us, or external factors. Also, some of our smaller clients may have limited additional sales opportunities available. We may not obtain follow-on sales, or the follow-on sales may be delayed, and our future revenue could be limited.

We rely on third-party relationships.

We have a number of relationships with third parties that are significant to our sales, marketing, support, and product development efforts, including hosting facilities for our Pega Cloud offering. We rely on software and hardware vendors, large system integrators, and technology consulting firms to supply marketing and sales opportunities for our direct sales force and to strengthen our offerings using industry-standard tools and utilities. We also have relationships with third parties that distribute our products. There can be no assurance that these companies, many of which have far greater financial and marketing resources than us, will not develop or market offerings that compete with ours in the future or will not otherwise end or limit their relationships with us. Further, the use of third-party hosting facilities requires us to rely on the functionality and availability of the third parties’ services, as well as their data security, which despite our due diligence, may be or become inadequate, as further discussed below under the risk factor “”

The number and value of license and Pega Cloud arrangements has been increasing, and we may not be able to sustain this growth unless our partners and we can provide sufficient high-quality consulting, training, and maintenance resources to enable our clients to realize significant business value from our software.

Our clients typically request consulting and training to assist them in implementing our license and Pega Cloud offerings. Our clients also usually purchase maintenance on our perpetual and term licenses. As a result, an increase in the number and value of license and Pega Cloud arrangements is likely to increase demand for consulting, training, and maintenance related to our offerings. Given that the number and value of our license and Pega Cloud arrangements has been growing, we will need to provide our clients with more consulting, training, and maintenance to enable them to realize significant business value from our software. We have been increasing our partner and client enablement through training to create an expanded ecosystem of people that are skilled in the implementation of our solutions. However, if our partners and we are unable to provide sufficient high-quality consulting, training, and maintenance resources, our clients may not realize sufficient business value from our offerings to justify follow-on sales, which could impact our future financial performance.

Further, some of our client engagements have high public visibility. If our partners or we encounter problems in helping these clients implement our license and Pega Cloud offerings or if there is negative publicity regarding these engagements (even if unrelated to our services or offerings), our reputation could be harmed, and our future financial performance could be negatively impacted. Finally, the investments required to meet the increased demand for our consulting services could strain our ability to deliver our consulting engagements at desired profitability, thereby impacting our overall profitability and financial results.

We may not be able to maintain our retention rate for our subscription clients.

The majority of our revenue is derived from our subscription offerings. Our clients have no obligation to renew their subscriptions, although historically, most have elected to do so. If our retention rate for those clients decreases, our business, operating results, and financial condition could be materially affected.

Investments we are making to continue to grow license and Pega Cloud arrangements may result in decreased profitability or losses and reduced or negative cash flow if we do not continue to increase the value of our license and Pega Cloud arrangements to balance our growth in expenses.

We expect to provide our clients with more cloud and maintenance support as our business grows and have been investing significantly in research and development to expand and improve the Pega Platform and applications. These investments have resulted in increased fixed costs that do not vary with the level of revenue. If the increased demand for our offerings does not continue, we could experience decreased profitability or losses and reduced or negative cash flow because of these increased fixed costs. Conversely, if we are unable to achieve an appropriate balance of sales and marketing personnel to meet future demand or research and development personnel to enhance our current products or develop new products, we may not be able to achieve our sales and profitability targets.

We face risks from operations and clients based outside of the United States.

We market our products and services to clients based outside of the U.S., representing 45% of our revenue over the last three years. We have established offices in the Americas, Europe, Asia, and Australia. If we are unable to do one or more of these things in a timely and effective manner, the growth, if any, of our international operations may be restricted, and our business, operating results, and financial condition could be materially adversely affected.

Additional risks inherent in our international business activities include:

•laws and business practices favoring local competitors;

•compliance with multiple, conflicting, and changing governmental laws and regulations, including employment, tax, privacy, and data privacy and protection;

•increased tariffs and other trade barriers;

•the costs of localizing offerings for local markets, including translation into foreign languages and associated expenses;

•longer payment cycles and credit and collectability risk on our foreign trade receivables;

•difficulties in enforcing contractual and intellectual property rights;

•heightened fraud and bribery risks;

•treatment of revenue from international sources and changes to tax codes, including being subject to foreign tax laws, being liable for paying withholding, income or other taxes in foreign jurisdictions, and other potentially adverse tax consequences (including restrictions on repatriating earnings and the threat of “double taxation”);

•management of our international operations, including increased administrative and compliance expenses;

•heightened risks of political and economic instability; and

•foreign currency exchange rate fluctuations and controls.

There can be no assurance that one or more of these factors will not have a material adverse effect on our international operations and, consequently, on our business, operating results, and financial condition.

We encounter significant competition from:

•customer engagement vendors, including Customer Relationship Management application vendors;

•Digital Process Automation vendors and platforms, including Business Process Management vendors, low-code application development platforms, and service-oriented architecture middleware vendors;

•case management vendors;

•decision management, data science, and AI vendors, as well as vendors of solutions that leverage decision making and data science in managing customer relationships and marketing;

•robotic automation and workforce intelligence software providers;

•companies that provide application-specific software for financial services, healthcare, insurance, and other specific markets;

•mobile application platform vendors;

•co-browsing software providers;

•social listening, text analytics, and natural language processing vendors;

•commercialized open-source vendors;

•professional services organizations that develop their own products or create custom software in conjunction with rendering consulting services; and

•clients’ in-house information technology departments, which may seek to modify their existing systems or develop their own proprietary systems.

Many of our competitors, such as International Business Machines Corporation (“IBM”), Microsoft Corporation, Oracle Corporation, Salesforce, SAP SE, and ServiceNow, have far greater resources than we do and may be able to respond more quickly and efficiently to new or emerging technologies, programming languages or standards, or changes in client requirements or preferences. Competitors may also be able to devote greater managerial and financial resources to develop, promote, and distribute products and to provide related consulting and training services.

We believe the principal competitive factors within our market include:

•product adaptability, scalability, functionality, and performance;

•proven success in delivering cost-savings and efficiency improvements;

•proven success in enabling improved customer interactions;

•ease-of-use for developers, business units, and end-users;

•timely development and introduction of new products and product enhancements;

•establishment of a significant base of reference clients;

•effective and efficient integration of AI into products;

•ability to integrate with other products and technologies;

•customer service and support;

•product price;

•vendor reputation; and

•relationships with systems integrators.

Competition for market share and pressure to reduce prices and make sales concessions is likely to increase. There can be no assurance that we will be able to compete successfully against current or future competitors or that the competitive pressures we face will not materially adversely affect our business, operating results, and financial condition.

For additional information, see "Item 1. Business" of this Annual Report.

Our consulting revenue is significantly dependent upon our consulting personnel implementing new license and Pega Cloud arrangements.

We derive a substantial portion of our consulting revenue from implementations of new license and Pega Cloud arrangements managed by our consulting personnel and consulting for partner and client-led implementation efforts. Our strategy is to support and encourage partner-led and client-led implementations to increase the breadth, capability, and depth of market capacity to deliver implementation services to our clients. Accordingly, if our consulting personnel’s involvement in future implementations decreases, this could materially adversely affect our consulting revenue.

our operating results and financial condition could be adversely impacted.

We are currently party to litigation with Appian Corp. — see Part I, Item 3 “Legal Proceedings” and "Note 20. Commitments And Contingencies" in the “Notes to Consolidated Financial Statements” included in Part II, Item 8 of this Annual Report. On September 15, 2022, the circuit court of Fairfax County entered judgment for Appian in the amount of $2,060,479,287 with post-judgment interest. On July 30, 2024, the Court of Appeals of Virginia issued a written opinion that reversed judgment on Appian’s Virginia Uniform Trade Secrets Act claim and ordered a new trial on that claim. On January 8, 2026, the Supreme Court of Virginia issued a written opinion unanimously affirming the ruling of the Court of Appeals of Virginia and on January 29, 2026 remanded Appian’s trade secret case to the Court of Appeals with direction to remand to the Circuit Court of Fairfax County for further proceedings in accordance with its written opinion. Although it is not possible to predict timing, the entirety of the litigation process, including retrial and possible future appeals, could potentially take years to complete. We continue to believe we did not misappropriate any alleged trade secrets and that sales of our products at issue were not caused by, or the result of, any alleged misappropriation of trade secrets. We are unable to reasonably estimate possible damages because of, among other things, uncertainty as to the outcome of any new trial or subsequent appellate proceedings.

We believe we have strong grounds to prevail in a potential retrial. Further discussion of these risks is contained below under the heading “Risks Related to Our Financial Obligations and Indebtedness.”

Risks Related to Information Technology Resilience and Security

We face risks related to outages, data losses, and disruptions of our online services if we fail to maintain an adequate operations infrastructure.

The increasing user traffic for our Pega Cloud offering demands more computing power. It requires that we maintain an internet connectivity infrastructure that is robust and reliable within competitive and regulatory constraints that continue to evolve. Inefficiencies or operational failures, including temporary or permanent loss of client data, power outages, or telecommunications infrastructure outages, by our third-party service providers or us, could diminish the quality of our user experience resulting in contractual liability, claims by clients and others, damage to our reputation, loss of current and potential clients, and negatively impact our operating results and financial condition.

Security of our systems and global client data is a growing challenge. Cyber-attacks and security breaches may expose us to significant legal and financial liabilities.

High-profile security breaches at other companies have increased in recent years. Security industry experts and government officials have warned about the risks of hackers and cyber-attackers targeting information technology products and businesses. Threats to IT security can take a variety of forms and continue to evolve and become more sophisticated and more difficult to detect and defend against, including by the increased use of AI to enhance attacks.

Although we are not aware of having experienced any prior material data breaches, regulatory non-compliance incidents or cyber security incidents, we may in the future be impacted by such an event, exposing our clients and us to a risk of someone obtaining access to our information, to information of our clients or their customers, or to our intellectual property, disabling or degrading service, or sabotaging systems or information. Any such security breach could result in a loss of confidence in the security of our services, damage our reputation, disrupt our business, require us to incur significant costs of investigation, remediation and/or payment of a ransom, lead to legal liability, negatively impact our future sales, and result in a substantial financial loss. Additionally, our Pega Cloud offering provides provisioned, monitored, and maintained environments for individual clients to create and deploy Pega-based applications using an Internet-based infrastructure. These services involve storing and transmitting client data and other confidential information.

Our security measures, those of our suppliers, third-party technology providers, and our clients may be breached because of third-party actions or those of employees, consultants, clients, or others, including intentional misconduct by computer hackers, system errors, human errors, errors introduced by our use of AI internally and in our products, technical flaws in our products, or otherwise. Because we do not control the configuration of Pega applications by our clients, the transmissions between our clients and our third-party technology providers, the processing of data on the servers at third-party technology providers, or the internal controls maintained by our clients and third-party technology providers that could prevent unauthorized access or provide appropriate data encryption, we cannot fully ensure the complete integrity or security of such transmissions processing or controls. In addition, privacy, security, and data transmission concerns in some parts of the world may inhibit demand for our Pega Cloud offering or lead to requirements to provide our products or services in configurations that may increase the cost of serving such markets. The techniques used to obtain unauthorized access or sabotage systems change frequently and are generally only recognized once launched against a target. Moreover, like most software companies, we incorporate open-source code into our software products and services, which also creates a potential risk. We deal with security issues regularly and have experienced security incidents from time to time.

Our Pega Cloud offering involves hosting client applications on the servers of third-party technology providers. We also rely on third-party systems and technology, including encryption, virtualized infrastructure, and support, and employ a shared security model with our clients and third-party technology providers.

To defend against security threats, we need to continuously engineer products and services with enhanced security and reliability features, improve the deployment of software updates to address security vulnerabilities, apply technologies that mitigate the risk of attacks, and maintain a digital security infrastructure that protects the integrity of our network, products, and services. The cost of these steps could negatively impact our operating results. While we actively work to improve vulnerability scanning, patching, threat intelligence, security event detection, and security event alerting and forensics, it is possible that security breaches, whether due to unpatched vulnerabilities or otherwise, occur and may be undetected when they occur. Any such security breach could result in a loss of confidence in the security of our services, damage our reputation, disrupt our business, require us to incur significant costs of investigation, remediation and/or payment of a ransom, lead to legal liability, negatively impact our future sales, and result in a substantial financial loss.

Our use of third-party hosting facilities requires us to rely on the functionality and availability of the third-party services and their data security, which, despite our due diligence, may be or become inadequate. Our continued growth depends in part on the ability of our existing and potential customers to use and access our cloud services or our website to download our software within an acceptable amount of time. We use third-party service providers for key infrastructure components, particularly when developing and delivering our cloud-based products. These service providers give us greater flexibility in efficiently delivering a more tailored, scalable customer experience and expose

us to additional risks and vulnerabilities. Third-party service providers operate platforms we access and which are vulnerable to service interruptions. We may experience interruptions, delays, and outages in service and availability due to problems with our third-party service providers’ infrastructure. This infrastructure’s lack of availability could be due to many potential causes, including technical failures, power shortages, natural disasters, fraud, terrorism, or security attacks that we cannot predict or prevent. Such outages could trigger our service level agreements and the issuance of credits to our clients, which may impact our business and consolidated financial statements.

If we are unable to renew our agreements with our cloud service providers on commercially reasonable terms, an agreement is prematurely terminated, or we need to add new cloud services providers to increase capacity and uptime, we could experience interruptions, downtime, delays, and additional expenses related to transferring to and providing support for these new platforms. Any of the above circumstances or events may harm our reputation and brand, reduce our platforms’ availability or usage, and impair our ability to attract new users, which could adversely affect our business, financial condition, and results of operations.

We may experience significant errors or security flaws in our products and services and could face privacy, product liability, and warranty claims.

Despite quality testing each release, our software frequently contains errors or security flaws, especially when first introduced or when new versions are released. Errors in our software could affect its ability to work with hardware or other software or delay the development or release of new products or new versions of our software. Errors or security flaws in our software could result in the inadvertent disclosure of confidential information or personal data relating to our clients, employees, or third parties. Software errors and security flaws in our products or services could expose us to privacy, product liability, or warranty claims and harm our reputation, which could impact our future sales of products and services. Typically, we enter into license agreements that contain provisions intended to limit the nature and extent of our risk of product liability and warranty claims. A court might interpret these terms in a limited way or hold part or all of them unenforceable. Also, there is a risk that these contract terms might not bind a party other than the direct client. Furthermore, some of our licenses with our clients are governed by non-U.S. law, and there is a risk that foreign law might give us less or different protection. Although we have not experienced any material product liability claims to date, a product liability suit or action claiming a breach of warranty, whether meritorious, could result in substantial costs and a diversion of management’s attention and our resources.

Risks Related to Intellectual Property and Government Regulation

We face risks related to intellectual property claims or appropriation of our intellectual property rights.

We also try to control access to and distribution of our technologies and other proprietary information. We cannot be certain that such patents will not be challenged, invalidated, or circumvented, or that rights granted thereunder, or the claims contained therein will provide us with competitive advantages. Moreover, despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our software or to obtain the use of information that we regard as proprietary. Although we generally enter into intellectual property and confidentiality agreements with our employees and strategic partners, despite our efforts our former employees may seek employment with our business partners, clients, vendors, or competitors, and there can be no assurance that the confidential nature of our proprietary information will be maintained. In addition, the laws of some foreign countries do not protect our proprietary rights as effectively as they do in the U.S. There can be no assurance that our means of protecting our proprietary rights will be adequate or that our competitors will not independently develop similar technology.

Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks, and trade secrets and frequently enter into litigation based on allegations of infringement or other violations of intellectual property rights. In addition, many of these companies can dedicate greater resources to enforce their intellectual property rights and to defend claims that may be brought against them. The litigation may involve patent holding companies or other adverse patent owners that have no relevant product revenues and against which our patents may, therefore, provide little or no deterrence. We are currently party to litigation with Appian Corp. — see Part I, Item 3 “Legal Proceedings”, "Note 20. Commitments And Contingencies" in the “Notes to Consolidated Financial Statements” included in Part II, Item 8 of this Annual Report and the preceding risk factor captioned “ our operating results and financial condition could be adversely impacted.”

Although we attempt to limit with our clients the amount and type of our contractual liability for alleged infringement or other violation of the proprietary rights of third parties and assert ownership of work product and intellectual property rights as appropriate, there are often exceptions, and limitations may not be applicable and enforceable in all cases. Even if limitations are found to be applicable and enforceable, our liability to our clients for these types of claims could be material given the size of certain of our transactions.

As evidenced by our previously mentioned litigation with Appian Corp. It

is also possible that these claims result in treble damages if we are found to have willfully infringed patents or copyrights, cause product shipment and delivery delays, require us to enter into royalty or licensing agreements, or preclude us from making and selling the infringing software, if such proprietary rights are found to be valid. Royalty or licensing agreements, if required, may not be available on terms acceptable to us or at all. Even if a license were available, we could be required to pay significant royalties, which would increase our operating expenses. As a result, we may be required to develop alternative non-infringing technology, which could require substantial time, effort, and cost.

Significant judgments are required for the determination of probability and the range of the outcomes in any legal dispute such as, but not limited to, our litigation with Appian Corp., and the estimates are based only on the information available to us at the time. Due to the inherent uncertainties involved in claims, legal proceedings, and in estimating the losses that may arise, actual outcomes may differ from our estimates. Contingencies deemed not probable or for which losses were not estimable in one period may become probable, or losses may become estimable in later periods which may have a material impact on our results of operations and financial position.

Our success depends in part on maintaining and increasing our sales to clients in the public sector.

We derive a portion of our revenues from contracts with domestic and foreign governments and related agencies. We believe that our business’s success and growth will continue to depend on our successful procurement of government contracts. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that our efforts will produce any sales.

Factors that could impede our ability to maintain or increase the revenue derived from government contracts include:

•changes in fiscal or contracting policies;

•decreases in available government funding;

•changes in government programs or applicable requirements;

•the adoption of new laws or regulations or changes to existing laws or regulations;

•potential delays or changes in the government appropriations or other funding authorization processes;

•governments and governmental agencies requiring contractual terms that are unfavorable to us, such as most-favored-nation pricing provisions; and

•delays in the payment of our invoices by government payment offices.

The occurrence of any of those factors could cause governments and governmental agencies to delay or refrain from purchasing our software in the future or otherwise harm our business, results of operations, financial condition, and cash flows.

Further, to increase our sales to clients in the public sector, we must comply with laws and regulations relating to the formation, administration, performance, and pricing of contracts with the public sector, including U.S. federal, state, and local governmental bodies, which affect how our channel partners and we do business in connection with governmental agencies. These laws and regulations may impose added costs on our business, and failure to comply with these laws and regulations or other applicable requirements, including non-compliance in the past, could lead to claims for damages from our channel partners or government clients, penalties, termination of contracts, loss of intellectual property rights, and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions, or limitations in our ability to do business with the public sector could have a material adverse effect on our business, results of operations, financial condition, and cash flows.

We are subject to increasingly complex U.S. and foreign laws and regulations, requiring costly compliance measures. Any failure to comply with these laws and regulations could subject us to, among other things, penalties and legal expenses that could harm our reputation or otherwise have a material adverse effect on our business, financial condition, and results of operations.

Data privacy laws throughout the world impose many compliance obligations concerning the handling of personal data, including, among other things, requiring companies to provide disclosure to consumers and other individuals about such companies’ data collection, use and sharing practices; requiring companies to provide consumers and other individuals ways to make requests about their personal information, including requests to delete their personal information, to know what information a company has about the individual, and to opt-out of certain sales, transfers, or sharing of personal information; and providing consumers and other individuals with additional causes of action. In addition, Europe has finalized a comprehensive legal framework for governance of the development and use of AI, and other jurisdictions, including jurisdictions in the US, are considering or have passed laws governing the development or use of AI. Similarly, Europe has enacted laws governing cyber resilience, and we expect more laws will be considered and passed on this issue.

Although we have developed and implemented a compliance program based on what we believe are reasonable practices, we cannot guarantee that we, our employees, our consultants, our partners, our vendors, or our contractors are or will be compliant with all federal, state, and foreign regulations. Even if we are determined not to have violated these laws, government inquiries into these issues typically require the expenditure of significant resources and generate negative publicity, which could also harm our business. In addition, regulation of data privacy and security laws is increasing worldwide, including various restrictions on cross-border access or transfer of data, including personal data of our employees, our clients, and customers of our clients. Compliance with such regulations may increase our costs, and there is a risk of enforcement of such laws resulting in damage to our brand, as well as financial penalties and the potential loss of business, which could be significant.

Our tax exposures could be greater than anticipated.

The determination of our worldwide provision for income taxes and other tax liabilities requires estimation and significant judgment and there are many transactions and calculations where the ultimate tax determination is uncertain. Like many other multinational corporations, we are subject to tax in multiple U.S. and foreign jurisdictions. The determination of our tax liability is always subject to audit and review by applicable domestic and foreign tax authorities. We are undergoing inquiries, audits, and reviews by various taxing authorities. Any adverse outcome of any such audit or review could harm our business, and the ultimate tax outcome may differ from the amounts recorded in our financial statements and may materially affect our financial results in the period or periods for which such determination is made. While we have established reserves based on assumptions and estimates that we believe are reasonable to cover such eventualities, these reserves may prove insufficient.

In addition, our future income taxes could be materially adversely affected by a shift in our jurisdictional income mix, by changes in the valuation of our deferred tax assets and liabilities, because of changes in tax laws, regulations, or accounting principles, as well as by certain discrete items.

Considering fiscal challenges in many jurisdictions, various levels of government are increasingly focused on tax reform and other legislative actions to increase tax revenue, including corporate income taxes. Several U.S. states have attempted to increase corporate tax revenues by taking an expansive view of corporate presence to attempt to impose corporate income taxes and other direct business taxes on companies that have no physical presence in their state, and taxing authorities in foreign jurisdictions may take similar actions. Many U.S. states are also altering their apportionment formulas to increase the amount of taxable income or loss attributable to their state from certain out-of-state businesses. Similarly, in Europe and elsewhere globally, various tax reform efforts underway are designed to increase the taxes paid by corporate entities.

If it becomes necessary or desirable to repatriate our foreign cash balances to the United States, we may be subject to increased taxes, other restrictions, and limitations.

As of December 31, 2025, $168 million of our cash and cash equivalents were held in our foreign subsidiaries. Because we consider some of the earnings of our foreign subsidiaries to be permanently reinvested, our financial statements may not reflect the domestic and foreign taxes on such earnings. We have provided a deferred tax liability associated with the tax cost of repatriating unremitted earnings which we do not consider indefinitely reinvested.

General Risk Factors

Material adverse developments in global economic conditions, or the occurrence of certain other world events, could affect demand for our products, increase our costs of operation and harm our business.

Global economic uncertainty has produced, and continues to produce, substantial stress, volatility, illiquidity and disruption of global credit and other financial markets. Economic uncertainty has and could continue to negatively affect the business and purchasing decisions of companies in industries in which our customers operate. As global economic conditions experience stress and negative volatility, or if there is an escalation in regional or global conflicts, the ability and willingness of our customers to make investments in technology may be impacted, which in turn may delay or reduce the purchases of our software and services and also impact the ability and willingness of our customers to pay amounts due to us or otherwise honor their contractual commitments. These clients may also become subject to increasingly restrictive regulatory requirements, which could limit or delay their ability to proceed with technology purchases and may result in longer sales cycles, increased price competition, and reductions in sales of our products and services. At the same time, factors such as inflation may increase our costs of operation. The combination of these factors could negatively impact our business, operating results, and financial condition.

We are exposed to fluctuations in foreign currency exchange rates that could negatively impact our financial results and cash flows.

Because a significant portion of our business is conducted outside of the U.S., we face exposure to movements in foreign currency exchange rates. Our international sales are usually denominated in foreign currencies. The operating expenses of our foreign operations are also primarily denominated in foreign currencies, which partially offset our foreign currency exposure on our international sales. Our results of operations and cash flows are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the U.S. dollar, the Euro, and the Australian dollar relative to the British Pound. These exposures may change over time as business practices evolve.

We do not currently use foreign currency forward contracts to hedge our exposure to changes in foreign currency exchange rates. We may enter into hedging contracts again in the future if we believe it is appropriate.

Our realized gain or loss for foreign currency fluctuations will depend on the size and type of cross-currency exposures that we enter into, the currency exchange rates associated with these exposures and changes in those rates, whether we have entered forward contracts to offset these exposures, and other factors. All these factors could materially impact our operating results, financial condition, and cash flows.

As a result, he has the ability to exert significant influence over all matters submitted to our stockholders for approval, including the election and removal of directors and any merger, consolidation, or sale of our assets. Under Massachusetts law and our governing documents, approval of a merger, share exchange or sale of all or substantially all of our assets requires approval of two-thirds of all shares entitled to vote.

The market price of our common stock has been and is likely to continue to be volatile.

The market price of our common stock may be highly volatile and fluctuate due to a variety of factors, some of which are related in complex ways.

Factors that may affect the market price of our common stock include:

•actual or anticipated fluctuations in our financial condition and operating results;

•variance in our financial performance from expectations of securities analysts;

•changes in our projected operating and financial results;

•changes in the prices of our products and professional services;

•changes in laws or regulations applicable to our products or services;

•announcements by our competitors or us of significant business developments, acquisitions, or new offerings;

•our involvement in any litigation or investigations by regulators, including litigation judgments, settlements, or other litigation-related costs;

•our sale of our common stock or other securities;

•changes in our Board of Directors, senior management, or key personnel;

•the trading volume of our common stock;

•price and volume fluctuations in the overall stock market;

•changes in the anticipated future size and growth rate of our market; and

•general economic, regulatory, political, and market conditions.

Broad market and industry fluctuations, as well as general economic, regulatory, political, and market conditions, may negatively impact the market price of our common stock. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial costs and divert our management’s attention.

We may fail to meet our publicly announced guidance or other expectations about our business and future operating results, which could cause our stock price to decline.

We have provided and may continue to give guidance on our business, future operating results, and other business metrics. In developing this guidance, our management must make certain assumptions and judgments about our future performance. Furthermore, analysts and investors may develop and publish their own projections of our business, which may form a consensus about our future performance. Our business results may vary significantly from such guidance or that consensus due to a number of factors, many of which are outside of our control and which could materially adversely affect our operations and operating results. Furthermore, if we make downward revisions of our previously announced guidance, or if our publicly announced guidance of future operating results fails to meet expectations of securities analysts, investors, or other interested parties, our common stock price may decline.

If securities or industry analysts do not publish research or reports about our business, or publish negative reports about our business, our stock price and trading volume could decline.

The trading market for our common stock depends partly on the research and reports that securities and industry analysts publish about us or our business. We do not have any control over these analysts. If our financial performance fails to meet analyst estimates or one or more of the analysts who cover us downgrade our shares or change their opinion of our shares, our stock price will likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, we could lose visibility in the financial markets, which could cause our stock price or trading volume to decline.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

CYBERSECURITY

We recognize the critical importance of maintaining the safety and security of our systems and data and have a comprehensive approach to overseeing and managing cybersecurity and related risks. Our Board of Directors (the “Board”), the Risk Subcommittee of the Audit Committee of the Board (the “Risk Subcommittee”), and our management are actively involved in the oversight of our risk management program, of which cybersecurity represents an important component. We have established policies, standards, processes, and practices for assessing, identifying, and managing material risks from cybersecurity threats. A key component of this is our standing Security and Quality Steering Group (“SQSG”), whose members include, among others, our Chief Information Security Officer (“CISO”), Chief Product Officer, and Vice President of Cloud Technology. We have devoted significant financial and personnel resources to implement and maintain security measures to meet regulatory requirements and customer expectations, and we intend to continue to make significant investments to maintain the security of our data and cybersecurity infrastructure. There can be no guarantee that our policies, standards, processes, and practices will be properly followed in every instance or that they will be effective.

Although we are not aware of having experienced any prior material data breaches, regulatory non-compliance incidents, or cyber security incidents, we may in the future be impacted by such an event, exposing our clients and us to the risk of someone obtaining access to our information, to the information of our clients or their customers, or to our intellectual property, disabling or degrading service, or sabotaging systems or information. For additional information, see "Item 1A.

Risk Management and Strategy

Our policies, standards, processes, and practices for assessing, identifying, and managing material risks from cybersecurity threats are integrated into our overall risk management program and are based on frameworks established by the National Institute of Standards and Technology, the International Organization for Standardization, and certain other applicable industry standards.

Our cybersecurity program focuses on the following key areas:

Collaboration

We have implemented a governance structure and processes to aggregate reported cybersecurity risks on behalf of Pega Cloud, Pega’s software products, and the corporate environment. Our SQSG is responsible for providing strategic direction for implementing and maintaining our cyber risk management program.

Risk Assessment

Our cyber risk management program is designed to follow the ISO 31000, NIST SP 800-37, and NIST SP 800-53 frameworks and is within the scope of our ISO 27001 certifications.

At least annually, we conduct cybersecurity risk assessments that consider information from internal stakeholders, known information security vulnerabilities, and information from external sources, such as reported security incidents that have impacted other companies, industry trends, and evaluations by third parties and consultants. The results of the assessments are provided to our SQSG and are used to drive alignment on, and prioritization of, initiatives to enhance our security controls, make recommendations to improve processes, and inform our broader enterprise-level risk assessment. Key findings of these assessments are periodically presented to the Board and the Risk Subcommittee.

Technical Safeguards

We regularly assess and deploy technical safeguards designed to protect our information systems from cybersecurity threats. Such safeguards are regularly evaluated and improved based on vulnerability assessments, cybersecurity threat intelligence, and incident response experience.

Incident Response and Recovery Planning

We have implemented Cyber Incident Response Programs, which are within the scope of our ISO 27001 certifications. We have also implemented Business Continuity Programs, which are within the scope of our ISO 22301 certification. We have established comprehensive incident response and recovery plans and test and evaluate the effectiveness of those plans regularly.

Third-Party Risk Management

We have implemented a Vendor Cybersecurity Risk Management Program (“VCRMP”), which is within the scope of our ISO 27001 certifications. The VCRMP controls are designed to identify and mitigate cybersecurity threats associated with our use of third-party service providers. These providers are subject to security risk assessments at the time of onboarding, contract renewal, and upon detection of an increase in risk profile. We use a variety of inputs in making these risk assessments, including information supplied by providers and third parties. In addition, we require our providers to meet appropriate security requirements, controls and responsibilities, and investigate security incidents that have impacted our third-party providers, as appropriate.

Education and Awareness

We require all employees to participate in security awareness training, including frequent phishing tests. Currently, our mandatory employee training courses include Security Awareness, Physical Security Awareness, Mobile Device Security, Business Continuity and Phishing, Work From Home, and AI Use. In addition, all of our employee software developers are required to take additional security awareness training, currently including Secure Development. We periodically adjust the list of mandatory and optional courses.

Corporate Security Posture

We periodically conduct independent security assessments to assess our corporate environment’s security posture and inform where cyber security investments should be made. For systems in our corporate environment where our cloud certifications have an operational dependency, we also maintain ISO/IEC 27001 certifications relating to overall IT processes and controls and ISO 22301 certification relating to business continuity.

Product Security Posture

To facilitate identification of security vulnerabilities in our products, we periodically conduct third party penetration tests and participate in the independent Verified By Veracode program. We also generate a monthly software bill of materials that identifies open source included in certain of our product offerings and periodically have an independent security assessment firm evaluate the security risks linked to suppliers we use, including source code repositories, the infrastructure employed for software development, and the mechanisms used for software delivery, such as Amazon Web Services (“AWS”), Google Cloud, and Microsoft Azure. Our Chief Product Officer reviews these findings and provides updates to our SQSG.

Our AI products maintain an ISO/IEC 42001:2023 certification, an international standard for establishing, implementing, maintaining, and improving an Artificial Intelligence Management System (AIMS) to ensure responsible, ethical, and trustworthy AI use. Certification helps to validate our commitment to managing AI risks (like bias, privacy, and security), enhances stakeholder trust, and provides a structured framework for AI governance.

We make Software Bill of Materials (“SBOM”) for products under standard support available to clients, listing the components of our software, providing clients transparency into open-source risk.

We regularly release new versions of our products to address identified security vulnerabilities, enabling clients to stay updated with the latest product releases. However, even after we make these updates available, it is possible that clients do not implement these updates or use products on extended support that do not include security updates.

Pega Cloud Security Posture

Pega Cloud undergoes several security assessments a year. Redacted versions of these reports are made available to our clients. Pega Cloud also maintains several security, quality, and industry certifications, which are listed at https://pega.com/trust, which is included as an inactive reference and the content of which is not incorporated by reference into this Annual Report.

Pega Cloud for Government is rated FedRAMP High and undergoes several security assessments a year as part of the FedRAMP certification process.

Our Vice President of Cloud Technology reviews these assessments and provides updates to our SQSG.

Governance

Board Oversight

As part of our corporate governance process, the Board, along with the Risk Subcommittee, oversee our risk management process, which includes cybersecurity and related risks. Our CISO periodically meets with the Board and Risk Subcommittee to inform and update them on our cybersecurity program.

SQSG and Key Personnel

We have a standing SQSG whose members include, among others, our CISO, Chief Product Officer, and Vice President of Cloud Technology. The SQSG is charged with providing strategic direction for the implementation and ongoing operation of our cyber security program. The SQSG meets at least quarterly. Our CISO chairs the SQSG and decisions and recommendations are based on a consensus of the members.

Our CISO has over twenty years of professional experience, with thirteen years in information security roles. He has been with Pega for over six years and has a Master of Science degree from Northwestern University.

Our Chief Product Officer has been with Pega for over thirty years, has extensive experience in software development, and has a Bachelor of Science from the Indiana University of Pennsylvania.

Our Vice President of Cloud Technology has been with Pega for over eight years and has twenty-six years of networking and security management experience, with eighteen years of leadership roles in cloud services and related information security issues.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
DIOD	2 hours ago
LEGT	2 hours ago
NTST	2 hours ago
AOS	2 hours ago
EXEL	2 hours ago
HCA	3 hours ago
PEGA	3 hours ago
MOH	3 hours ago
GPRE	3 hours ago
PTEN	3 hours ago
PECO	3 hours ago
ARI	3 hours ago
HIW	3 hours ago
SLAB	3 hours ago
KVYO	3 hours ago
UPST	3 hours ago
TCBI	3 hours ago
ADC	3 hours ago
MEDP	3 hours ago
INCY	3 hours ago
CMI	4 hours ago
CNX	5 hours ago
MAR	5 hours ago
GT	7 hours ago
CMS	8 hours ago
L	10 hours ago
CNA	11 hours ago
MAS	12 hours ago
CURB	12 hours ago
CVS	12 hours ago
ACRE	21 hours ago
T	1 day, 2 hours ago
BE	1 day, 2 hours ago
SIGI	1 day, 2 hours ago
UTL	1 day, 2 hours ago
RXO	1 day, 2 hours ago
APAD	1 day, 2 hours ago
ITT	1 day, 2 hours ago
CLF	1 day, 3 hours ago
VNO	1 day, 3 hours ago
ON	1 day, 3 hours ago
PI	1 day, 3 hours ago
BSAA	1 day, 3 hours ago
ZWS	1 day, 3 hours ago
BRX	1 day, 3 hours ago
KN	1 day, 3 hours ago
MRSH	1 day, 3 hours ago
FCFS	1 day, 3 hours ago
WM	1 day, 3 hours ago
NSC	1 day, 7 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - PEGA

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - PEGA

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing