Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - RAMP

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors” and elsewhere in this report and those described from time to time in our future reports filed with the SEC;

•the possibility that the closing conditions in the Merger Agreement (as defined below) fail to be satisfied, or the closing the Merger is delayed or any event, change, or other circumstance occurs that could give rise to the right of one or multiple of the parties to terminate the Merger Agreement;

•the possibility that the Merger does not close when expected or at all because required regulatory, shareholder, or other approvals are not received or satisfied on a timely basis or at all;

•the possibility that the Merger may be more expensive to complete than anticipated, including as a result of unexpected factors or events, including those resulting from the announcement, pendency or completion of the Merger;

•the possibility that the Merger may disrupt our prior plans and operations, may lead to a disruption of management’s time and attention from ongoing business or may lead to unexpected costs, charges or expenses;

•the possibility that, due to the Merger, certain customers may attempt to invoke provisions in their contracts allowing for termination upon a change in control, which may result in a decline in revenue and profit;

•the possibility that certain restrictions as set forth in the Merger Agreement may impact our ability to pursue certain business opportunities or strategic transactions prior to the closing of the Merger;

•our directors and executive officers may have interests in the Merger that may be different from, or in addition to, the interests of our other stockholders;

•the possibility that if the Merger is completed, our stockholders will forgo the opportunity to benefit from potential future appreciation in the value of the Company;

•the possibility that the fair value of certain of our assets may not be equal to the carrying value of those assets now or in future time periods;

•the possibility that sales cycles may lengthen, including as a result of the Merger;

•the possibility that we will not be able to properly motivate our sales force or other employees, including as a result of the Merger;

•the possibility that we may not be able to attract and retain qualified technical and leadership employees, or that we may lose key employees to other organizations, including as a result of the Merger;

•the possibility that our global workforce strategy could encounter difficulty and not be as beneficial as planned;

•the possibility that we may not be able to sublease our exited office spaces on favorable terms and rates;

•the possibility that competent, competitive products, technologies or services will be introduced into the marketplace by other companies;

•the possibility that we will fail to keep up with rapidly changing technology practices in our products and services or that expected benefits from utilization of technological innovations, including artificial intelligence, may not be realized as soon as expected or at all;

•the possibility that there will be changes in consumer or business information industries and markets that negatively impact the Company;

•the possibility that we will not be able to protect proprietary information and technology or to obtain necessary licenses on commercially reasonable terms;

•the possibility that there will be continued changes in the judicial, legislative, regulatory, accounting, cultural and consumer environments affecting our business, including but not limited to litigation, investigations, legislation, regulations and customs at the state, federal and international levels impairing our and our customers' ability to collect, process, manage, aggregate, store and/or use data of the type necessary for our business, or prohibiting certain customers from continuing to do business in the United States;

•the possibility that data suppliers might withdraw data from us, leading to our inability to provide certain products and services, in particular that there might be restrictive legislation in the U.S. and other countries that restrict the availability of data;

•the possibility that data purchasers will reduce their reliance on us by developing and using their own, or alternative, sources of data generally or with respect to certain data elements or categories;

•the possibility that we may enter into short-term contracts that would affect the predictability of our revenues;

•the possibility that the amount of volume-based and other transactional-based work will not be as expected;

•the possibility that we may experience a loss of data center capacity or capability or interruption of telecommunication links or power sources;

•the possibility that we may experience failures or breaches of our network and data security systems, leading to potential adverse publicity, negative customer reaction, or liability to third parties;

•the possibility that our customers may cancel or modify their agreements with us (including as a result of the Merger), or may not make timely or complete payments;

•the possibility that we will not successfully meet customer contract requirements or the service levels specified in the contracts, which may result in contract penalties or lost revenue;

•the possibility that we experience processing errors that result in credits to customers, re-performance of services or payment of damages to customers;

•the possibility that our performance may decline and we lose advertisers and revenue as the use of "third-party cookies" or other tracking technology continues to be pressured by Internet users, restricted or otherwise subject to unfavorable regulation, blocked or limited by technical changes on end users' devices, or our customers' ability to use data on our platform is otherwise restricted;

•general and global negative conditions, risk related to tariffs and other trade restrictions, risk of recession, the military conflicts in Europe and the Middle East, capital markets volatility, bank failures, government shutdowns, cost increases and general inflationary pressure and other related causes; and

•our tax rate and other effects of changes to U.S. federal tax law.

With respect to the provision of products or services outside our primary base of operations in the United States, all of the above factors apply, along with the difficulty of doing business in numerous sovereign jurisdictions due to differences in scale, competition, culture, laws and regulations.

Other factors are detailed from time to time in periodic reports and registration statements filed with the SEC. The Company believes that it has the product and technology offerings, facilities, employees and competitive and financial resources for continued business success, but future revenues, costs, margins and profits are all influenced by a number of factors, including those discussed above, all of which are inherently difficult to forecast.

In light of these risks, uncertainties and assumptions, the Company cautions readers not to place undue reliance on any forward-looking statements. Forward-looking statements and such risks, uncertainties and assumptions speak only as of the date of this Annual Report on Form 10-K, and the Company expressly disclaims any obligation or undertaking to update or revise any forward-looking statements contained herein, to reflect any change in our expectations with regard thereto, or any other change based on the occurrence of future events, the receipt of new information or otherwise, except to the extent otherwise required by law.

Item 1. Business

LiveRamp Holdings, Inc. ("LiveRamp", "we", "us", or the "Company") is a leading data collaboration technology company, empowering marketers and media owners to deliver and measure marketing performance everywhere it matters. LiveRamp’s data collaboration network seamlessly unites data across advertisers, ad tech platforms, publishers, data providers, and commerce media networks — unlocking insights that deliver transformational consumer experiences, and drive measurable business outcomes. As consumers embrace AI-powered experiences, the LiveRamp data collaboration network expands the breadth and accuracy of the data on which marketing AI capabilities operate. Our platform is engineered for AI agent accessibility, facilitating autonomous data collaboration between the specialized AI agents utilized by our customers and partners and our networked platform. Built on a foundation of strict neutrality, interoperability, and global scale, LiveRamp enables organizations to maximize the value of their data while accelerating business growth.

LiveRamp is a Delaware corporation headquartered in San Francisco, California. Our common stock is listed on the New York Stock Exchange under the symbol “RAMP.” We serve a global customer base from locations in the United States, Europe, and the Asia-Pacific (“APAC”) region.

Pending Merger

On May 16, 2026, the Company entered into an Agreement and Plan of Merger (the “Merger Agreement”) with MMS USA Holdings, Inc., a Delaware corporation (“Parent”) and a wholly owned subsidiary of Publicis (defined below), Covey Merger Sub, Inc., a Delaware corporation and a wholly owned subsidiary of Parent ("Merger Sub"), and, solely for the purpose of Section 10.14 thereto, Publicis Groupe S.A., a French société anonyme ("Publicis"), pursuant to which, among other things, at the effective time of the Merger (the "Effective Time"), Merger Sub will merge with and into the Company (the “Merger”), with the Company continuing as the surviving corporation and a direct wholly owned subsidiary of Parent.

On the terms and subject to the conditions set forth in the Merger Agreement, at the Effective Time, each share of common stock, par value $0.10 per share, of the Company (“Company Common Stock”) issued and outstanding immediately prior to the Effective Time (other than any (i) Company Common Stock owned by stockholders that have properly perfected their rights of appraisal within the meaning of Section 262 of the Delaware General Corporation Law; (ii) Company Common Stock owned by the Company, Parent or Merger Sub; or (iii) Company Common Stock owned by any direct or indirect wholly owned subsidiary of Parent (other than Merger Sub) or of the Company) will be converted into the right to receive $38.50 in cash, without interest. The Merger is expected to close by the end of calendar year 2026, subject to customary closing conditions, including approval by the Company’s stockholders and the receipt of required regulatory approvals.

If the Merger is consummated, the Company Common Stock will be delisted from the New York Stock Exchange and deregistered under the Securities Exchange Act of 1934, as amended.

Additional information about the Merger Agreement and the Merger will be set forth in the Company’s Definitive Proxy Statement on Schedule 14A that will be filed with the SEC.

Industry

We are experiencing a convergence of several key industry trends that are shaping the future of how data is used to power marketing and the customer experience. Some of these key industry trends include:

Using Data to Optimize the Customer Experience in the AI Era

As AI transforms how consumers discover and purchase products, marketers increasingly realize that true competitive advantage lies in providing meaningful customer experiences that are personalized, relevant and cohesive across all marketing channels and customer interactions. Companies are also increasingly realizing that best-in-class customer experiences require enhanced insights that can only be achieved through a structured data collaboration effort that combines first-, second-, and third-party data.

At the same time, consumers expect personalization from brands and new AI tools that make it possible for every consumer interaction to be individually relevant, addressable, and measurable.

Data is at the center of exceptional customer experiences but is still vastly underutilized. While AI is increasingly being used across marketing workflows to deliver better customer experiences, data remains the key determinant of success. By understanding which devices, email addresses, and postal addresses relate to the same individual, enterprise marketers can leverage that insight to deliver seamless experiences as consumers engage with a company across all touchpoints. Enterprise marketers recognize the huge opportunity big data brings, yet many admit they are not using their data effectively to drive their customer experience.

Growing Data Usage

Advances in technology, including AI and machine learning, and the consumer's widespread use of Internet connected devices and applications have made it possible to collect and rapidly process massive amounts of customer data. With proper permissions, this data can be integrated with a company's own proprietary data and can be made non-identifiable if the use case requires it.

Growing Data Collaboration to Enable Commerce Media

The advertising market is being transformed by commerce media, a new form of advertising that closes the loop between media impressions and sales transactions. Commerce media provides brand advertisers with enhanced audience insights that drive more effective and efficient advertising and provides consumers with a more relevant experience. The foundation for commerce media is data collaboration where companies share first-party consumer data with trusted business partners in a manner that is secure and adheres to privacy regulations. Retail media was the first to scale, spurred by e-commerce, but other sectors are embracing the commerce media opportunity, including travel and hospitality, telecommunications, finance, automotive and healthcare.

There are other examples of data collaboration use cases, such as enterprise companies connecting consumer data across internal functional groups or properties, cross-screen media measurement and analysis, and business partners sharing data that can be used to train proprietary AI models.

Growing Complexity of the Customer Journey in the AI Era

The customer experience economy has evolved significantly in recent years, driven by rapid innovation and an explosion of data, marketing channels, devices, and applications. AI is the latest innovation and is changing where and how customers discover and purchase products. Consumers are increasingly using generative AI assistants and agents, with conversational prompts, to navigate the Internet and guide their online shopping journeys. Historically, brands interacted with consumers through a limited number of marketing channels, with limited visibility into the activities taking place. The billions of interactions that take place each day between brands and consumers create a trove of valuable data that can be harnessed to power better customer interactions and experiences. However, most enterprise marketers remain unable to navigate through the complexity to effectively leverage this data.

To make every customer experience relevant across channels and devices, organizations need a trusted platform that can break down those silos, make data portable, and accurately recognize individuals throughout the customer journey. Marketing is becoming more audience-centric, automated, and optimized. However, several important factors still prevent data from being used effectively to optimize the customer experience:

•Identity. For organizations to target audiences at the individual level, they must be able to recognize consumers across all channels and devices, and link multiple identifiers and data elements to create a single view of the customer. The evolving regulations around consumer data privacy highlight the importance of authenticated, first-party identity.

•Scaled Data Assets. Quality, depth, and recency of data matter when deriving linkages between identifiers. Organizations must have access to an extensive set of data and be able to match that data with a high degree of accuracy to perform true cross-device audience addressability and measurement.

•Connectivity. The fragmented marketing landscape creates a need for a common network of integrations that make it easy and safe to connect and activate data anywhere in the ecosystem.

•Data Control. Organizations are increasingly looking to collaborate with their most important partners but do not want to give up control of their data or, in certain cases, do not want their data to leave their environment.

•Walled Gardens. Walled gardens, or marketing platforms that strictly control the use of data outside of their walls, are becoming more pervasive and can result in diminished control and transparency for brand advertisers. For consumers, it can result in a disjointed user experience. Organizations need a solution that enables an open ecosystem and ensures complete control over customer data, along with the flexibility to choose a diversified approach to meeting marketing goals.

•Data Governance. Preserving brand integrity while delivering positive customer experiences is a top priority for every company. Organizations must be able to manage large sets of complex data ethically, securely, within legal boundaries, and in a way that protects consumers from harm. Importantly, they must also honor consumer preferences and put procedures in place that enable individuals to control how, when and for what reasons companies collect and use information about them.

Increasing Fragmentation of Consumer Identity

Today, customer journeys span multiple channels and devices over time, resulting in data silos and fragmented identities. As consumers engage with brands across various touchpoints – over the web, mobile devices and applications, by email and television, and in physical stores – they may not be represented as single unique individuals with complex behaviors, appearing instead as disparate data points with dozens of different identifiers. Becky Smith who lives at 123 Main Street may appear as [email protected] when she uses Facebook, [email protected] when she signs into Yahoo Finance, [email protected] when she conducts a Google search, cookie ABC when she browses cnn.com, device ID 234 on Hulu and so on. More specifically, data silos and fragmented identities prevent companies from being able to resolve all relevant data to a specific individual, which poses a challenge to the formation of accurate, actionable insights about a brand’s consumers or campaigns.

AI is Transforming Marketing Workflows

AI is changing how brands execute marketing and advertising campaigns. AI agents are being deployed by both advertising buyers and sellers to automate manual and fragmented workflows that support marketing activities. AI agents can autonomously orchestrate and execute multi-step tasks across multiple applications and functions. For example, conversational AI agents allow marketers to use natural language prompts to quickly generate target audiences, activate a campaign, and measure the results. A process that previously could take multiple hours, or days, can now be completed within minutes. Agentic workflows simplify and accelerate marketing throughput, resulting in significant operational efficiencies. The effectiveness of these automated AI workflows is contingent on the timely access to pertinent and accurate data.

Marketing Waste from Inaccurate Consumer Identification

Every day, brands spend billions of dollars on advertising and marketing, yet many of the messages they deliver are irrelevant, repetitive, mistimed, or simply reach the wrong audience. In addition, as the marketing landscape continues to grow and splinter across a growing array of online and offline channels, it is increasingly difficult to attribute marketing spend to a measurable outcome, such as an in-store visit or purchase. Wasted marketing spend is largely driven by the fragmented ecosystem of brands, data providers, marketing applications, media providers, and agencies that are involved in the marketing process, but operate without cohesion. Without a common understanding of consumer identity to unify otherwise siloed data, brands are unable to define accurate audience segments and derive insights that would enable better decision making.

Heightened Privacy and Security Concerns

Consumer privacy and security require ongoing diligence, especially with regulations such as the European General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"). The world, and the United States in particular, is experiencing rapid growth in data privacy laws, with a majority of the population of the United States now covered by state data collection and use privacy laws. Consumers' understanding of the benefits of marketing technology often lags the pace of innovation, giving rise to new demands from regulators and consumer advocacy groups across the world.

Our Approach

Leveraging our groundbreaking leadership in foundational identity and connectivity, we help our marketing and media owner customers deliver and measure marketing performance by unlocking siloed and fragmented consumer data and enabling responsible data collaboration.

We are middleware for the customer experience economy. We make data consistent, consumable and portable. We ensure the seamless connection of data to and from the customer experience applications our clients use and the partners with which they collaborate. We empower businesses to make data more accessible and create richer, more meaningful experiences for their customers.

/LiveRamp Data Collaboration Platform

As depicted in the graphic below, we power a leading enterprise platform for data collaboration. We enable organizations to access and leverage data more effectively across the applications they use to interact with their customers. At the core of our platform is an omnichannel, deterministic identity resolution technology that offers unparalleled accuracy, breadth, and depth. Leveraging deep expertise in data collaboration, the /LiveRamp Data Collaboration Platform enables an organization to unify customer and prospect data (first-, second-, or third-party) to build a single view of the customer in a way that protects consumer privacy. First-party data is data collected firsthand through a company's controlled channels. Second-party data is data that a company shares directly with a trusted business partner. Third-party data is data collected and sold by a company through an online data marketplace to companies with which it does not have a direct relationship. This single customer view can then be connected across any of the 500 partners in our ecosystem in order to support a variety of people-based marketing solutions. Our platform is configured to be interoperable with the AI models, applications and agents that our customers and partners are deploying to derive marketing outcomes more effectively and efficiently.

The /LiveRamp Data Collaboration Platform provides customers with four core capabilities:

•Live/Identity. We provide enterprise identity infrastructure that resolves disparate consumer identities across different internal and external systems to create an accurate, connected view of the customer. Our approach to identity is built from two complementary graphs, combining offline data and online data and providing accuracy with a focus on privacy. LiveRamp technology for directly identifiable information (or "DII") gives brands and platforms the ability to connect and update what they know about consumers, resolving DII across enterprise databases and systems to deliver better customer experiences. Our digital identity graph, powered by our Authenticated Traffic Solution (or "ATS"), associates pseudonymous device IDs, TV IDs and other online customer IDs from premium publishers, platforms or data providers, around a RampIDTM, a durable and privacy-centric connector to the digital ecosystem. This provides marketers with a consistent view of the consumer that is necessary for audience segmentation, targeting, and measurement.

•Live/Access. Our Data Marketplace provides customers with simplified access to industry-leading third-party data providers globally. Our platform also provides tools for data providers to manage the organization, distribution, and operation of their data and services across our network of customers and partners.

•Live/Connectivity. We enable organizations to leverage their customer and prospect data in the digital and TV ecosystems and across the customer experience applications they use through a safe and secure data matching process called data onboarding. Our technology ingests a customer’s first-party data, removes all DII, and replaces it with a pseudonymized RampID. RampID can then be distributed through direct integrations to the top platforms our customers work with, including leading marketing cloud providers, publishers and social networks, personalization tools, and connected TV services. We connect data across an ecosystem of more than 500 partners, representing one of the largest networks of connections in the digital marketplace.

•Live/Insights. Data Collaboration, using clean room technology, enables advanced measurement and analytics that helps produce insight-driven innovation. We power more accurate, more complete measurement with the measurement vendors and partners our customers use. Our platform allows customers to combine disparate data files, typically advertising exposure and customer sales transactions, securely by replacing customer identifiers with RampID. Customers then can use that aggregated view of each customer to measure reach and frequency, sales lift, closed loop offline-to-online conversion and cross-channel attribution.

Subscription

We primarily charge for our platform services on an annual basis. Our subscription pricing is based primarily on data volume, which is a function of data input records and connection points.

Our solutions are sold to enterprise marketers and the companies they partner with to execute their marketing, including agencies, marketing technology providers, publishers and data providers.

•Brands and Agencies.

•Advertising and Marketing Technology Providers. This adds value for brands by increasing reach, as well as the speed at which they can activate their marketing data.

•Publishers. We enable publishers of any size to offer people-based marketing on their properties. This adds value for brands by providing direct access to their customers and prospects in the publisher's premium inventory.

•Data Sellers. Leveraging our vast network of integrations, we enable data sellers to easily connect to the digital ecosystem and monetize their own data. Data can be distributed to customers or made available through the Data Marketplace. This adds value for brands as it allows them to augment their understanding of consumers and increase both their reach against and understanding of customers and prospects.

Marketplace and Other

Leveraging our common identity system and broad integration network, the LiveRamp Data Marketplace seamlessly connects data sellers’ audience data across the marketing ecosystem. Data providers include sources and brands exclusive to LiveRamp, emerging platforms with access to previously unavailable deterministic data, and data partnerships enabled by our platform.

We generate revenue from the Data Marketplace primarily through revenue-sharing arrangements with data sellers that are monetizing their data assets via our marketplace platform service. We also generate Marketplace and Other revenue through transactional usage-based arrangements with certain publishers and addressable TV providers. Data Marketplace revenue is recognized net of the share of revenue earned by the data seller.

To complement our product offering, we provide professional services and enhanced support entitlements to help customers leverage our platform and drive business outcomes. Our services offering includes product implementation, data science analytics, audience measurement and general advisory. Services revenue is less than 5% of total Company revenue.

Competitive Strengths

Our competitive strengths can be mapped back to our core capabilities around data access, identity, connectivity and data stewardship – which together create strong network effects that form a larger strategic moat around the entire business.

•Premier Data Collaboration Network. We offer an expansive, data-rich network of top-quality partners that spans the digital marketing ecosystem for incomparable scale and reach. We activate data across an ecosystem of more than 500 partners, representing one of the largest networks of connections in the digital marketing space. We use 100% deterministic matching, resulting in a strong combination of reach and accuracy. Additionally, through our Data Marketplace, we provide simplified access to more than 500,000 consumer data segments from the world's top data providers.

•Most Advanced Consumer-Level Recognition. Our proprietary, patented recognition technology draws upon an extensive historical reference base to identify and link together multiple consumer records and identifiers. We use the pioneering algorithms of AbiliTec® and deterministic digital matching to link individuals and households to the right digital identifiers including cookies, mobile device IDs, Advanced TV IDs, and user accounts at social networks. As a result, we are able to match online and offline data with a high degree of speed and accuracy.

•Groundbreaking Leadership in Privacy and Security. LiveRamp is a standard bearer in consumer privacy and data stewardship. We have been a strong and vocal proponent of providing consumers with more visibility and control over their data. A few examples of our commitment in this area:

◦In all of our major geographies we have privacy teams focused on the protection and responsible use of consumer data;

◦We provide a privacy-enabled environment that allows marketers and partners to connect different types of data while protecting and governing its use; and

◦We have industry-leading expertise in connecting data across the online and offline worlds.

•Scale Leader in Data Connectivity. We are a category creator and one of the largest providers of data connectivity at scale. We match records with a high level of accuracy and offer the flexibility for activating data through our extensive set of integrations. Our platform processes more than 4 trillion data records daily.

•Flexible Collaboration. We have flexibility to collaborate wherever data lives, enabling the widest possible range of data collaboration use cases. We bring our technology to the customer’s data environment and can collaborate with cloud providers or across clouds. We offer broad configurability, controls and permissioning to meet varying customer requirements. Our platform is extensible and scalable to meet growing collaboration usage.

•Uniquely Neutral in the Marketing Ecosystem. We provide the data connectivity required to build best-of-breed integrated marketing stacks, allowing our customers to innovate through their preferred choice of data, technology, and services providers. We strive to make every customer experience application more valuable. We enable the open marketing stack and power the open ecosystem.

•Strong Customer Relationships. We work with 846 direct customers worldwide and serve thousands of additional customers indirectly through our partner and reseller network.

Growth Strategy

LiveRamp is a category creator, thought leader and innovator in how data is used to power the customer experience. Key elements of our growth strategy include:

•Grow our Customer Base. We have strong relationships with many of the world’s largest brands, agencies, marketing technology providers, publishers and data providers. We expect to continue making investments in growing our sales and customer success team to support this strategy.

•Increase Network Density to Expand Existing Customer Relationships. A key growth lever for our business is the ability to land and expand – or grow existing customer relationships. Our subscription pricing is based on data volume, so over time, as customers expand their usage and leverage their data across more use cases, we are able to grow our relationships. We are focused on increasing the density of our collaboration network by adding more data owner nodes, such as large CTV publishers and commerce media networks, to enable more robust measurement of advertising effectiveness. An increase in nodes and use-cases should drive an increase in network edges, or connections between nodes, which will ultimately drive revenue.

•Expand Sales Channel Partnerships. A growth opportunity for our business is forging sales partnerships and product integrations with adjacent technology platforms and service providers. We are actively expanding our channel sales efforts with customer data platforms, public cloud providers, cloud data warehouses, marketing clouds, and global systems integrators.

•Continue to Innovate and Extend Leadership Position in Identity. We intend to establish LiveRamp as the standard for consumer-level recognition across the marketing ecosystem, providing a single source of user identity for audience measurement and personalization.

•Establish LiveRamp as the Trusted, Best and Essential Industry Standard for Data Collaboration. We intend to continue to make substantial investments in our platform and solutions and extend our market leadership through innovation. Our investments will focus on automation, speed, higher match rates, expanded partner integrations and use cases, and new product development.

•Expand Global Footprint. Many of our customers and partners serve their customers on a global basis, and we intend to expand our presence outside of the United States to serve the needs of our customers in additional geographies. As we expand relationships with our existing customers, we are investing in select regions in Europe and APAC.

•Expand Addressable Market. Historically, our focus has been to enable data-driven advertising for paid media. As customers look to deploy data across additional use cases, we intend to power all customer experience use cases and expand our role inside the enterprise. Call centers, email and messaging campaigns, and supply chain management are examples of this strategy. In addition, over time, we intend to pursue adjacent markets beyond marketing, like risk and fraud, healthcare and government, where similar identity and data connectivity challenges exist.

•Build an Exceptional Business. We do not aspire to be mediocre, good, or even great – we intend to be the absolute best in everything we do. We attract and employ exceptional people, challenge them to accomplish exceptional things, and achieve exceptional results for our customers and shareholders. We do this through six guiding principles: 1) Above all, we do what is right; 2) We love our customers; 3) We say what we mean and do what we say; 4) We empower people; 5) We respect people and time; and 6) We get stuff done.

Privacy Considerations

The growing online advertising and e-commerce industries are converging, with consumers expecting a seamless experience across all channels, in real time. This challenges marketing organizations to balance the deluge of data and demands of the consumer with responsible methods of managing data internally and with advertising technology intermediaries.

We have policies and operational practices governing our use of data that are designed to actively promote a set of meaningful privacy guidelines for digital advertising and direct marketing via all channels of addressable media, e-commerce, risk management and information industries as a whole. We have dedicated teams in place to oversee our compliance with the data protection regulations that govern our business activities in the various countries in which we operate.

The United States Congress and state legislatures, along with federal regulatory authorities, have recently increased their attention and regulatory enforcement on matters concerning the collection and use of consumer data.

We expect the trend of enacting and revising data protection laws to continue and that new and expanded data privacy legislation in various forms will be implemented in the United States and in other countries around the globe. We are supportive of legislation that codifies current industry guidelines of accountability-based data governance that includes meaningful transparency for the individual, appropriate controls over personal information and choice of whether that information is shared with independent third parties for marketing purposes. We also support legislation requiring all custodians of sensitive information to deploy reasonable information security safeguards to protect that information.

Changes in laws and regulations, approaches to enforcement, and violations of laws or regulations by us could have a significant direct or indirect effect on our operations and financial condition, as detailed below and set forth under "Risk Factors-Risks Related to Government Regulation and Taxation."

Customers

Our customer base consists primarily of Fortune 1000 companies and organizations in the financial, insurance and investment services, information services, direct marketing, retail, automotive, telecommunications, technology, consumer packaged goods, media, healthcare, travel and hospitality, entertainment as well as in non-profit sectors. Given the strong network effects associated with our platform, we work with both enterprise marketers and the companies they partner with to execute their marketing, including agencies, marketing technology providers, publishers and data providers. We had 846 direct subscription customers at the end of fiscal year 2026.

We seek to maintain long-term relationships with our customers. Our customers are loyal and typically grow their use of the platform over time, as evidenced by our growing number of customers year-over-year whose subscription contracts exceed $1 million in annual revenue, which totaled 133 at the end of fiscal year 2026.

Our ten largest customers represented approximately 30% of our revenues during the twelve months ended March 31, 2026. There were no customers that individually exceeded 10% of the Company's revenue during the twelve months ended March 31, 2026.

Sales and Marketing

Our sales teams focus on new business development across all markets – sales to new customers and sales of new lines of business to existing customers, as well as revenue growth within existing accounts. We organize our customer relationships around customer type and industry vertical, as we believe that understanding and speaking to the nuances of each industry is the most effective way to positively impact our customers’ businesses.

Our partner organization focuses on enabling key media partners, agencies and software providers who can help drive value for our customers. We are actively expanding our channel sales efforts with customer data platforms, public cloud providers, cloud data warehouses, marketing clouds, and global systems integrators.

Our marketing efforts are focused on increasing awareness for our brand, executing thought leadership initiatives, supporting our sales team and generating new leads. We seek to accomplish these objectives by hosting and presenting at industry conferences, hosting customer advisory boards, publishing white papers and research, public relations activities, social media presence and advertising campaigns.

Research and Development

We continue to invest in our global data collaboration platform to enable effective use of data. Our research and development teams are focused on the full cycle of product development from customer discovery through development, testing and release. Research and development expense was $148.1 million in the twelve months ended March 31, 2026, compared to $176.7 million in the twelve months ended March 31, 2025, and $151.2 million in the twelve months ended March 31, 2024. Management expects to maintain research and development spending, as a percentage of revenue, at relatively similar or increased levels to fiscal 2026 in fiscal 2027.

Seasonality

While the majority of our business is not subject to seasonal fluctuations, our Data Marketplace and usage-based subscription revenue experience modest seasonality, as the revenue generated from these areas of the business are more transactional in nature and tied to overall advertising spend by our customers. We expect our Data Marketplace and usage-based subscription revenue to continue to fluctuate based on seasonal factors that affect the advertising industry as a whole. Usage-based subscription revenue equaled 15% of total subscription revenue in the twelve months ended March 31, 2026, 15% in the twelve months ended March 31, 2025 and 15% in the twelve months ended March 31, 2024.

Competition

We operate in a complex and competitive environment. Competitors of LiveRamp are typically also members of our partner and reseller ecosystem, creating a paradigm where competition is the norm. Our primary competitors are companies that sell data onboarding as part of a suite of marketing applications or services. Walled gardens that offer a direct interface for matching customer relationship management (CRM) data compete for a portion of our services, particularly amongst marketers that have not yet adopted in-house platforms for programmatic marketing or attribution. Some providers of tag management, data management, and cross-device marketing solutions have adopted positioning similar to our business and compete for mindshare. In markets outside the United States, we primarily face small, local market players.

We continue to focus on levers to increase our competitiveness and believe that investing in the product and technology platform of our business is a key to our continued success. Further, we believe that enabling a broad partner ecosystem will help us to continue to provide competitive differentiation.

Pricing

Approximately 76% of our revenue is derived from subscription-based arrangements sold on an annual or multi-year basis. Our subscription pricing is based on data volume supported by our platform. We also generate revenue from data providers, digital publishers and advanced TV platforms in the form of revenue-sharing agreements in our Data Marketplace.

Our Human Capital

LiveRamp employs approximately 1,300 employees ("LiveRampers") worldwide. No U.S. LiveRampers are represented by a labor union or subject to a collective bargaining agreement. To the best of management’s knowledge, apart from the locally elected members of our French subsidiary's works council, no LiveRamper is an elected member of works councils and trade unions representing LiveRamp employees in the European Union. LiveRamp has never experienced a work stoppage. We promote high employee engagement, open communication and a culture of equality to foster positive employee relations.

In late fiscal 2026, we commenced the next phase of the Company’s multi-year global workforce strategy by winding down our arrangement with a third-party service provider in India and onboarding certain roles previously performed by the service provider. Consequently, our employee headcount will increase by approximately 200 in the second quarter of fiscal 2027.

Building a High-Performing Culture

At LiveRamp, fostering a workplace where every employee feels respected, supported, and equipped to contribute is central to our success and innovation. We believe that a thoughtful approach to talent, culture, and community engagement helps us build stronger teams and better products—while positioning us to meet the varying needs of our customers and partners.

In recent years, we have expanded efforts to cultivate a workplace environment that supports collaboration across varied perspectives and experiences. This includes the creation of a dedicated role focused on workforce engagement strategy and culture, as well as the development of a company-wide charter that provides a consistent framework for team-level efforts to strengthen collaboration, respect, and belonging.

Our internal framework is built on three focus areas:

•People & Teams – Empowering employees to thrive by supporting individual growth, team cohesion, and respectful engagement.

•Product & Customer Insight – Designing and evolving our solutions with input reflective of a broad user base, helping ensure accessibility and relevance.

•Community & Impact – Encouraging team members to contribute meaningfully to communities through volunteerism, skills-based service, and data-driven initiatives.

Our commitment to our people is centered around a unified employee experience designed to benefit our entire workforce. Within this framework, we provide the space for optional, employee-led Business Employee Resource Groups (BERGs) - where employees can lead their initiatives and build community. By prioritizing a high-impact environment first, we ensure these groups exist within a culture that values varied perspectives and shared success.

LiveRamp remains committed to hiring and supporting top talent from all backgrounds.

Beyond the workplace, our LiveRamp.org platform offers employees avenues to contribute through volunteer programs, donation matching, and our Data for Good initiative—supporting nonprofit and public interest work through the thoughtful use of our data capabilities.

Our approach reflects a long-term commitment to building a resilient and future-focused company culture—one that supports individual growth, team performance, and our mission to build solutions that serve a broad and evolving global customer base.

Information about our Executive Officers

LiveRamp’s executive officers, their current positions, ages and business experience are listed below. They are elected by the board of directors annually or as necessary to fill vacancies or to fill new positions. There are no family relationships among any of the officers or directors of the Company.

Scott E. Howe, age 58, is the Chief Executive Officer of the Company. Prior to joining the Company in 2011, he served as corporate vice president of Microsoft Advertising Business Group from 2007–2010. In this role, he managed a multi-billion-dollar business encompassing all emerging businesses related to online advertising, including search, display, ad networks, in-game, mobile, digital cable and a variety of enterprise software applications. Mr. Howe was employed from 1999–2007 as an executive and later as a corporate officer at aQuantive, Inc. where he managed three lines of business, including Avenue A | Razorfish (a leading Seattle-based global consultancy in digital marketing and technology), DRIVE Performance Media (now Microsoft Media Network), and Atlas International (an ad serving technology now owned by Facebook). Earlier in his career, he was with The Boston Consulting Group and Kidder, Peabody & Company, Inc. He is a member of the board of directors of the Internet Advertising Bureau (IAB) and previously served on the board of Blue Nile, Inc., a leading online retailer of diamonds and fine jewelry. Mr. Howe is a magna cum laude graduate of Princeton University, where he earned a degree in economics, and he holds an MBA from Harvard University.

Lauren R. Dillard, age 40, is the Company’s Executive Vice President and Chief Financial Officer, a position she has held since April 2023. She previously served as the Company’s SVP of Finance and Investor Relations, overseeing all aspects of the Company’s finance and investor relations functions since assuming the role in August 2021. Prior to her current positions, she served as the Company’s Chief Communications Officer & Head of Investor Relations from 2018 to 2021. Prior to joining the Company, she worked in corporate finance and investor relations for a number of San Francisco Bay Area technology companies and started her career at Ernst & Young. She is an active community leader and has served on and chaired several Bay Area nonprofit boards, including the Bay Area Discovery Museum and Multiplying Good. Ms. Dillard is a certified public accountant (inactive) and holds a Bachelor of Science degree in accounting from Santa Clara University.

Jerry C. Jones, age 70, is the Company’s Executive Vice President, Chief Ethics and Legal Officer, and Secretary. He joined the Company in 1999 and currently oversees the Company’s legal, data ethics and government relations matters. He also assists in the strategy and execution of mergers and alliances and the Company’s strategic initiatives. Prior to joining the Company, Mr. Jones was employed for 19 years as an attorney with the Rose Law Firm in Little Rock, Arkansas, representing a broad range of business interests. Mr. Jones is a member of the board of directors of Agilysys, Inc. (NASDAQ: AGYS), a leading developer and marketer of proprietary enterprise software, services and solutions to the hospitality and retail industries, where he serves on the Compensation Committee and the Nominating & Governance Committee. He serves on the executive committee of Privacy for America, the board of directors of the United States Chamber of Commerce, and is a co-founder of uhire U.S. He is a Special Advisor to the Club de Madrid, an organization composed of over 100 former Presidents and Prime Ministers from more than 70 democratic countries. Mr. Mr. Jones holds a bachelor’s degree in public administration and a juris doctorate degree, both from the University of Arkansas.

Vihan Sharma, age 47, has served as the Chief Revenue Officer of the Company since December 2023, where he is in charge of overseeing global sales, customer operations and partnership teams. He joined the Company in 2009 and currently oversees all global commercial functions and is responsible for LiveRamp's growth and operations. Prior to his current position, Mr. Sharma served as the Company’s Executive Vice President of Global Sales and was Managing Director Europe from 2019 to 2023. Mr. Sharma has extensive experience in global data and product strategy and has also served as Vice President of Safe Haven and Managing Director France, a leadership position he held for almost six years. Prior to joining the Company, Mr. Sharma held several strategic leadership positions across a number of startups in Europe. Mr. Sharma holds a master's degree in business administration from the ESCP Business School.

Matt Karasick, age 49, has served as the Chief Product Officer of the Company since December 2025, where he leads product strategy and development to drive innovation and growth. Prior to his current position, Mr. Karasick served as VP of Product from 2024 to 2025. Before joining LiveRamp, Mr. Karasick served as Chief Product Officer of Habu, Inc. from 2021 to 2024 when Habu was acquired by LiveRamp. Prior to Habu, Mr. Karasick held key leadership roles for numerous other companies including Indeed.com, Akamai Technologies, Trilogy and DoubleClick.

Item 1A. Risk Factors

An investment in our common stock involves a high degree of risk. You should carefully consider the risks described below and the other information in this Annual Report on Form 10-K and in other public filings before making an investment decision. Our business, prospects, financial condition, or operating results could be harmed by any of these risks, as well as other risks not currently known to us or that we currently consider immaterial. If any of such risks and uncertainties actually occurs, our business, financial condition or operating results could differ materially from the plans, projections and other forward-looking statements included in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and elsewhere in this report and in our other public filings. The trading price of our common stock could decline due to any of these risks, and, as a result, you may lose all or part of your investment.

Risks Related to the Pending Merger

We may fail to consummate the Merger, and uncertainties related to the consummation of the Merger may have a material adverse effect on our business, results of operations and financial condition and negatively impact the trading price of our common stock.

The Merger is subject to the satisfaction of a number of conditions beyond our control, including the approval of the Merger and the adoption of the Merger Agreement by the holders of sixty-six and two-thirds percent (66 2/3%) of the voting power represented by the issued and outstanding shares of our common stock entitled to vote thereon and the expiration or termination of any applicable waiting periods (and any extension thereof) under the Hart-Scott-Rodino Antitrust Improvements Act of 1976, as amended, the receipt of certain non-U.S. antitrust and foreign direct investment approvals, the receipt of the CFIUS Approval (as defined in the Merger Agreement) with respect to the Merger and other customary closing conditions. Failure to satisfy the conditions to the Merger could prevent or delay the completion of the Merger. Further, regulators may impose conditions, obligations or restrictions on the Merger that may have the effect of delaying or preventing its completion. If the Merger does not close, we may suffer other consequences that could adversely affect our business, financial condition, operating results, and stock price, and our stockholders would be exposed to additional risks, including, but not limited to:

•negative reactions from the financial markets, including negative impacts on our stock price, particularly to the extent that the current trading price of our common stock reflects an assumption that the Merger will be completed, the trading price of our common stock could decrease if the Merger is not completed and it is uncertain when, if ever, the trading price of our common stock would return to the prices at which our common stock currently trade;

•negative publicity, which could have an adverse effect on our ongoing operations including, but not limited to, retaining and attracting employees, customers, partners, suppliers and others with whom we do business;

•investor confidence in us could decline, stockholder litigation could be brought against us or members of the board of directors or our officers, which, even if meritless, may require us to commit significant time and resources defending;

•our relationships with existing and prospective customers, service providers, investors, and other business partners may be adversely impacted, we may be unable to retain key personnel and our operating results may be adversely impacted due to costs incurred in connection with the Merger;

•we have incurred, and will continue to incur, significant expenses such as legal, accounting, financial advisory, printing and other professional services in connection with the Merger for which we will have received little or no benefit if the Merger is not consummated;

•while the Merger Agreement is in effect, we are subject to restrictions on our business activities, including, among other things, restrictions on our ability to engage in certain kinds of material transactions, which could prevent us from pursuing strategic business opportunities, taking actions with respect to our business that we may consider advantageous and responding effectively and/or timely to competitive pressures and industry developments, and may as a result, materially adversely affect our business, results of operations and financial conditions;

•any disruptions to our business resulting from the announcement and pendency of the Merger, including adverse changes in our relationships with customers, suppliers, partners and employees, may continue or intensify in the event the Merger is not consummated or is significantly delayed; and

•the requirement that we pay a termination fee to Parent under certain circumstances.

In addition, if the Merger is not completed, stockholders will not receive any payment for their common stock in connection with the Merger. Instead, we will remain a public company, our common stock will continue to be listed and traded on the New York Stock Exchange and registered under the Securities Exchange Act of 1934, as amended, and we will be required to continue to file periodic reports with the SEC.

The efforts and costs to satisfy the closing conditions of the Merger may place a significant burden on management and internal resources, and the Merger and related transactions, whether or not consummated, may result in a diversion of management’s attention from day-to-day operations and prevent the pursuit of other opportunities that could have been beneficial to us. Any significant diversion of management’s attention away from ongoing business and difficulties encountered in the Merger process could have a material adverse effect on our business, results of operations and financial condition.

There also is no assurance that the Merger and the other transactions contemplated by the Merger Agreement will occur on the terms and timeline currently contemplated or at all.

We can provide no assurance that all required consents and approvals will be obtained or that all closing conditions will otherwise be satisfied (or waived, if applicable), and even if all required consents and approvals can be obtained and all closing conditions are satisfied (or waived, if applicable), we can provide no assurances as to the terms, conditions and timing of such consents and approvals or the timing of the completion of the Merger. Many of the conditions to completion of the Merger are not within our control, and we cannot predict when or if these conditions will be satisfied (or waived, if applicable). If the proposed Merger is delayed or not completed, the trading price of our common stock may decline, including to the extent that the current trading price of our common stock reflects an assumption that the Merger and the other transactions contemplated by the Merger Agreement will be consummated without further delays, which could have a material adverse effect on our business, results of operations and financial condition, and any adverse consequence of the pending Merger could be exacerbated by any delays in completion of the Merger or termination of the Merger Agreement. If the Merger Agreement is terminated and we determine to seek another business combination, we may not be able to negotiate a transaction with another party on terms comparable to, or better than, the terms of the Merger Agreement.

If the Merger Agreement is terminated, we may, under certain circumstances, be obligated to pay a termination fee to Parent. These costs could require us to use available cash that would have otherwise been available for other uses.

If the Merger is not completed, in certain circumstances, we could be required to pay a termination fee to Parent of up to $32,350,000. If the Merger Agreement is terminated, the termination fee we may be required to pay, if any, under the Merger Agreement may require us to use available cash that would have otherwise been available for general corporate purposes or other uses.

We are subject to various uncertainties while the Merger is pending, which could have a material adverse effect on our business, results of operations and financial condition.

Uncertainty about the pendency of the Merger and the effect of the Merger on employees, customers and other third parties who deal with us may have a material adverse effect on our business, results of operations, cash flows and financial condition, regardless of whether the Merger is completed. These risks and uncertainties include, but are not limited to:

•the possibility that our relationship with suppliers, customers and employees could be adversely affected, including if our suppliers, customers or others attempt to negotiate changes in existing business relationships, consider entering into business relationships with parties other than us, delay or defer decisions concerning their business with us, or terminate their existing business relationship with us during the pendency of the Merger;

•uncertainties caused by any negative sentiment in the marketplace with respect to the Merger, which could adversely impact investor confidence in the Company;

•a distraction of our current employees as a result of the Merger, which could result in a decline in their productivity or cause distractions in the workplace, as such personnel may experience uncertainty about their future roles following the consummation of the Merger;

•being subject to certain restrictions on the conduct of our business;

•possibly foregoing certain business opportunities that we might otherwise pursue absent the pending Merger;

•difficulties in attracting and retaining key employees due to uncertainties related to the Merger;

•impact of costs related to completion of the Merger; and

•other developments beyond our control, including, but not limited to, changes in domestic or global economic conditions that may affect the timing or success of the Merger.

Additionally, these uncertainties could have a material adverse effect on our business, results of operations, financial condition and trading price of our common stock.

While the Merger Agreement is in effect, we are subject to certain interim covenants.

The Merger Agreement generally requires us to operate our business in the ordinary course, subject to certain exceptions, including as required by applicable law, pending consummation of the Merger, and subjects us to customary interim operating covenants that restrict us from taking certain specified actions until the Merger is completed or the Merger Agreement is terminated in accordance with its terms.

The Merger Agreement limits our ability to pursue alternatives to the Merger and may discourage other companies from trying to acquire us for greater consideration than what Parent has agreed to pay pursuant to the Merger Agreement or could result in a competing acquisition proposal being at a lower price than it might otherwise be.

The Merger Agreement contains provisions that make it more difficult for us to sell our business to a party other than Parent. Under the Merger Agreement, beginning on May 16, 2026, we became subject to customary “no-shop” restrictions on our ability to solicit alternative Acquisition Proposals (as defined in the Merger Agreement) from third parties and to provide information to, and participate in discussions and engage in negotiations with, third parties regarding any alternative Acquisition Proposals, subject to a customary “fiduciary out” provision. These restrictions, including the added expense of the termination fees that may become payable by us in certain circumstances, might discourage a third party that has an interest in acquiring all or a significant part of the Company from considering or proposing that acquisition.Notwithstanding the limitations applicable under the “no-shop” restrictions, if, after the date of the Merger Agreement and prior to the date on which the Company Stockholder Approval (as defined in the Merger Agreement) is obtained, the Company receives a bona fide written Acquisition Proposal that did not result from a breach of the Company’s obligations under the “no-shop” restrictions and the board of directors of the Company determines in good faith, after consultation with its outside legal counsel and financial advisors, that such Acquisition Proposal (i) constitutes or could reasonably be expected to lead to a Superior Proposal (as defined in the Merger Agreement) or (ii) after consultation with the Company’s outside legal counsel, that the failure to take such action would reasonably be expected to be a breach of the directors’ fiduciary duties under applicable law, the Company may engage in discussions or negotiations with and may provide non-public information relating to the Company to the person making such Acquisition Proposal and change its recommendation that the Company’s

stockholders approve the adoption of the Merger Agreement, subject to certain notice rights, execution of confidentiality agreements and match rights in favor of Parent.

These provisions, along with the cash termination fee described in the risk factor with the heading “If the Merger Agreement is terminated, we may, under certain circumstances, be obligated to pay a termination fee to Parent. These costs could require us to use available cash that would have otherwise been available for other uses”, could discourage a potential competing acquirer that might have an interest in acquiring all or a significant part of the Company’s business from considering or making a competing acquisition proposal, even if the potential competing acquirer was prepared to pay consideration with a higher per share cash value than the per share value proposed to be received or realized in the Merger, or might cause a potential competing acquirer to propose to pay a lower price than it might otherwise have proposed to pay because of the added expense of the termination fee that may become payable in certain circumstances under the Merger Agreement.

We and our directors and officers may be subject to lawsuits relating to the Merger.

Litigation is common in connection with the sale of public companies, challenging the Merger or making other claims in connection therewith, regardless of whether the claims have any merit. Such lawsuits may be brought by our purported stockholders against us and the members of our board of directors and may seek, among other things, to enjoin consummation of the Merger. One of the conditions to consummating the Merger is that no order preventing the consummation of the Merger shall have been issued by any court or other governmental entity that is in effect. Consequently, if any such lawsuit challenging the Merger is successful in obtaining an order preventing the consummation of the Merger, that order may delay or prevent the Merger from being completed. While we will evaluate and defend against any lawsuits, the time and costs of defending against litigation, including the costs associated with the indemnification of directors and officers and other liabilities that may be incurred in connection with lawsuits and other negative effects, such as diversion of resources from the Merger and ongoing business activities, negative publicity or damage to our relationships with business partners, suppliers and customers, could adversely affect our business, results of operations, cash flows and financial condition.

We have incurred, and will continue to incur, substantial direct and indirect transaction-related costs in connection with the Merger.

We have incurred significant legal, advisory and financial services fees in connection with Merger. We have incurred, and expect to continue to incur, additional costs in connection with the satisfaction of the various conditions to closing of the Merger, including seeking approval from our stockholders and from applicable regulatory agencies, for which we will have received little or no benefit if the Merger is not completed. If there is any delay in the consummation of the Merger, these costs could increase significantly. There are a number of factors beyond our control that could affect the total amount or the timing of these costs and expenses. Many of these fees and costs will be payable by us even if the Merger is not completed and may relate to activities that we would not have undertaken other than to complete the Merger.

Our directors and executive officers have interests in the Merger that may be different from, or in addition to, the interests of our other stockholders.

Our directors and executive officers have financial interests in the Merger that may be different from, or in addition to, the interests of our other stockholders. These interests may include:

•the treatment of Company incentive awards;

•severance entitlements and other benefits in the case of certain qualifying terminations under the terms of an individual employment agreement or Company severance plan;

•retention arrangements for the benefit of certain Company employees; and

•continued indemnification and insurance coverage under the Merger Agreement, the Company’s organizational documents and indemnification agreements the Company has entered into with its directors and executive officers.

If the Merger is completed, our stockholders will forgo the opportunity to benefit from potential future appreciation in the value of the Company.

The Merger Agreement provides for the stockholders of record of the Company’s common stock to receive cash consideration of $38.50 per share of Company Common Stock, without interest and subject to any applicable withholding taxes, upon the closing of the Merger. The amount of cash per outstanding share of our common stock to be paid under the Merger Agreement is fixed and will not be adjusted for changes in our business, assets, liabilities, prospects, outlook, financial condition or operating results or in the event of any change in the market price of, analyst estimates of, or projections relating to, our common stock. If the transaction is consummated, our stockholders will no longer hold interests in the Company and, therefore, will not be entitled to benefit from any potential future appreciation in the value of the Company.

Risks Related to Our Business and Strategy

We are dependent upon customer renewals, the addition of new customers and increased revenue from existing customers for our subscription revenue through our LiveRamp platform and our Marketplace and Other business.

As the market matures and regulation increases, and as existing and new market participants produce new and different approaches to enable businesses to address their respective needs that compete with our offerings, we may be forced to reduce the prices we charge, unable to renew existing customer agreements, or unable to enter into new customer agreements at the same prices and upon the same terms that we have historically obtained.

If our existing customers do not renew their subscription contracts or otherwise decrease the amount they spend with us, our subscription revenue would decline and our business would suffer.

The loss of a contract upon which we rely for a significant portion of our revenues could adversely affect our operating results.

Our ten largest customers represented approximately 30% of our revenues in the twelve months ended March 31, 2026. Some of our significant customers have used, and may in the future use, their size and relative importance to our business to require that we enter into agreements with more favorable terms than we would otherwise agree to, to obtain price concessions, or to otherwise restrict our business. The loss of, or decrease in revenue from, any of our significant customers for any reason could have a material adverse effect on our revenue and operating results. The material adverse effect on our revenue and operating results may be exacerbated by customer consolidation, changes in technologies or solutions used by our customers, changes in demand for our platform, legal or regulatory changes, market optics, customer bankruptcies or departures from their respective industries, bans that

prohibit certain customers from continuing to do business in the United States, pricing or product competition, or deviation from marketing and sales methods, any one of which may result in even fewer contractual relationships accounting for a high percentage of our revenue and reduced demand from any single significant customer.

Additionally, we could terminate relationships with our data suppliers if they fail to adhere to our data quality standards or their legal and/or other contractual commitments.

Our business is subject to substantial competition from a diverse group of competitors. New products and pricing strategies introduced by these competitors could decrease our market share or cause us to lower our prices in a manner that reduces our revenues and operating margin.

Some of our competitors may choose to sell products or services competitive to ours at lower prices by accepting lower margins and profitability, or may be able to sell products or services competitive to ours at lower prices given proprietary ownership of data, technical superiority or economies of scale. Such introduction of competent, competitive products, pricing strategies or other technologies by our competitors that are superior to or that achieve greater market acceptance than our products and services could adversely affect our business. In such event, we could experience a decline in market share and revenues and be forced to reduce our prices, resulting in lower profit margins for the Company.

The failure to attract, recruit, onboard and retain qualified personnel could hinder our ability to successfully execute our business strategy, which could have a material adverse effect on our financial position and operating results.

Our growth strategy and future success depend in large part on our ability to attract, recruit, onboard, motivate and retain technical, customer services, sales, consulting, research and development, marketing, administrative and management personnel. The complexity of our products, processing functionality, software systems and services requires highly trained professionals. As our industry continues to become more technologically advanced, we anticipate increased competition for qualified personnel. In addition, many of the companies with which we compete for experienced personnel may be able to offer greater compensation and benefits packages and/or more flexible work alternatives. We may incur significant costs to attract and retain highly trained personnel and we may lose new employees to our competitors or other technology companies before we realize the benefit of our investment in recruiting and training them, and our succession plans may be insufficient to ensure business continuity if we are unable to retain key personnel. The loss or prolonged absence of the services of highly trained personnel like our current team of executives and employees, or the inability to recruit, attract, onboard and retain additional, qualified employees, could have a material adverse effect on our business, financial position or operating results.

In addition, effective succession planning is important to our long-term success. If we do not develop effective succession planning, the loss of one or more of our key executive or employees or groups of executives or employees could seriously harm our business.

If we cannot maintain our culture as we grow, we could lose the innovation, teamwork, passion and focus on execution that we believe contribute to our success, and our business may be harmed.

We believe that a critical component to our success has been our company culture, which is based on transparency and personal autonomy. We have invested substantial time and resources in building our team within this company culture. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel and to proactively focus on and pursue our corporate objectives. Remote work may present operational challenges and risks, including negative employee morale and productivity, low employee retention, and increased compliance and tax obligations in a number of jurisdictions. If we fail to maintain our company culture, our business may be adversely impacted.

Failure to keep up with rapidly changing technologies and marketing practices could cause our products and services to become less competitive or obsolete, which could result in loss of market share and decreased revenues, thereby impacting our results of operations.

Advances in information technology, including AI, are changing the way our customers use and purchase information products and services and may be disruptive to our existing platform offerings. Maintaining the technological competitiveness of our products, processing functionality, software systems and services is key to our continued success. However, the complexity and uncertainty regarding the development of new technologies and the extent and timing of market acceptance of innovative products and services create difficulties in maintaining this competitiveness. Without the timely introduction of new products, services and enhancements that comply with changing laws and standards, including through the use of new and emerging technologies (e.g. Furthermore, the expected benefits from the utilization of technological innovations (including AI) may not be realized as soon as expected or at all.

Consumer needs and expectations and the business information industry as a whole are in a constant state of change. Our ability to continually improve our current processes and products in response to changes in technology and to develop new products and services are essential in maintaining our competitive position, preserving our market share and meeting the increasingly sophisticated requirements of our customers. If we fail to enhance our current products and services or fail to develop new products in light of emerging technologies, industry standards, and regulations, we could lose customers to current or future competitors, which could result in impairment of our growth prospects, loss of market share and decreased revenues.

Our operations outside the United States are subject to risks that may harm the Company’s business, financial condition or results of operations.

During the twelve months ended March 31, 2026, we received approximately 6% of our revenues from business outside the United States. In those non-U.S. locations where legislation restricting the collection and use of personal data currently exists, less data is available and at a much higher cost. In some foreign markets, the types of products and services we offer have not been generally available and thus are not fully understood by prospective customers. Upon entering these markets, we must educate and condition the markets, increasing the cost and difficulty of successfully executing our business plan in these markets. Additionally, each of our foreign locations is generally expected to fund its own operations and cash flows, although periodically funds may be loaned or invested from the United States to the foreign subsidiaries. Because of such loans or investments, exchange rate movements of foreign currencies may have an impact on our future costs of, or future cash flows from, foreign investments. We have not entered into any foreign currency forward exchange contracts or other derivative instruments to hedge the effects of adverse fluctuations in foreign currency exchange rates.

Additional risks inherent in our non-U.S. business activities generally include, among others, the costs and difficulties of managing international operations, potentially adverse tax consequences, and greater difficulty enforcing intellectual property rights. The various risks that are inherent in doing business in the United States are also generally applicable to doing business outside of the United States, but such risks may be exaggerated by factors normally associated with international operations, such as differences in culture, laws and regulations, especially restrictions on collection, management, aggregation, localizations, and use of information. Failure to effectively manage the risks facing our non-U.S. business activities could materially adversely affect our operating results. For example, the military conflicts in Europe and the Middle East could result in regional instability and adversely impact financial markets as well as economic conditions, and any economic and political uncertainty caused by the U.S. tariffs imposed on goods from various countries, and any corresponding tariffs from those countries in response, could negatively impact financial markets and economic conditions. In addition, when operating in foreign jurisdictions, we must comply with complex foreign and U.S. laws and regulations, such as the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act and other local laws prohibiting corrupt payments to government officials, as well as anti-competition regulations and data protection laws and regulations, such as the U.S. Department of Justice's Data Security Program. Violations of these laws and regulations could result in fines and penalties, criminal sanctions, and restrictions on our business conduct and on our ability to offer our products and services in one or more countries. Such violations could also adversely affect our reputation with existing and prospective customers, which could negatively impact our operating results and growth prospects.

Public health emergencies may result in global, national and/or regional economic uncertainty, and measures taken in response to such emergencies could impact our business and future results of operations and financial condition.

The COVID-19 pandemic disrupted the flow of the economy and put unprecedented strains on governments, health care systems, educational institutions, businesses and individuals around the world, and future public health emergencies could result in the same. Any future public health emergencies could materially and adversely affect our business, our operating results, financial condition and prospects, and the value of our common stock.

A significant breach of the confidentiality of the information we hold or of the security of our or our customers’, suppliers’, or other partners’ computer systems could be detrimental to our business, reputation and results of operations.

Our business requires the storage, transmission and utilization of data, including personally identifiable information, much of which must be maintained on a confidential basis. These activities may make us a target of cyberattacks from malicious third parties seeking unauthorized access to the data we maintain, including our data and customer data, or to disrupt our ability to provide service. Any failure to prevent or mitigate security breaches and improper access to or disclosure of the data we maintain, including personal information, could result in the loss or misuse of such data, which could harm our business and reputation and diminish our competitive position. Our customers and suppliers are increasingly imposing more rigorous contractual obligations on us relating to data security protections. If we are unable to maintain protections and processes at a level equal to that required by our customers and suppliers, it could negatively affect our relationships with those customers and suppliers or increase our operating costs. In addition, computer malware, viruses, social engineering, ransomware, phishing and general hacking have become more prevalent, and events outside of our control, such as the military conflicts in Europe and the Middle East, and economic and political uncertainty caused by the U.S. tariffs could result in a further increase in such activities. As a result of the types and volume of personal data on our systems, we believe that we are a particularly attractive target for such breaches and attacks.

In recent years, the frequency, severity and sophistication of cyberattacks, computer malware, viruses, social engineering, ransomware, phishing and other intentional misconduct by computer hackers have significantly increased, including the ability to evade detection or obscure their activities, and government agencies and security experts have warned about the growing risks of hackers, cyber criminals and other potential attackers targeting information technology systems. Such third parties could attempt to gain entry to our systems for the purpose of stealing data or disrupting the systems. In addition, our security measures may also be breached due to employee error, malfeasance, system errors or vulnerabilities, including vulnerabilities of our vendors, suppliers, their products, or otherwise. Third parties may also attempt to fraudulently induce employees or customers into disclosing sensitive information such as usernames, passwords or other information to gain access to our customers’ data or our data, including intellectual property and other confidential business information. We believe we have taken appropriate measures to protect our systems from intrusion, but we cannot be certain that advances in criminal capabilities, discovery of new or existing vulnerabilities in our systems and attempts to exploit those vulnerabilities, physical system or facility break-ins and data thefts or other developments will not compromise or breach the technology protecting our systems and the information we possess.

Although we have developed systems and processes that are designed to protect our data, our customer data, and data transmissions to prevent data loss, and to prevent or detect security breaches, our databases may be subject to unauthorized access by third parties, and we may incur significant costs in protecting against or remediating cyberattacks. Any security breach could result in operational disruptions that impair our ability to meet our customers’ requirements, which could result in decreased revenues. Also, whether there is an actual or a perceived breach of our security, our reputation could suffer significant harm, causing our current and prospective customers to reject our products and services in the future and deterring data suppliers from supplying us data. Further, we could be forced to expend significant resources in response to a security breach, including those expended in repairing system damage, increasing cybersecurity protection costs by deploying additional personnel and protection technologies, and litigating and resolving legal claims or governmental inquiries and investigations, all of which could divert the attention of our management and key personnel away from our business operations. In any event, a significant security breach could materially harm our business, financial condition and operating results.

Our customers, suppliers and other partners are primarily responsible for the security of their information technology environments, and we rely heavily on them and other third parties to supply clean data content and/or to utilize our products and services in a secure manner. Each of these third parties may face risks relating to cybersecurity, which could disrupt their businesses and therefore materially impact ours. While we provide guidance and specific requirements in some cases, we do not directly control any of such parties’ cybersecurity operations, or the amount of investment they place in guarding against cybersecurity threats. Accordingly, we are subject to any flaw in or breaches of their systems, which could materially impact our business, operations and financial results.

Finally, while we maintain cyber liability insurance coverage that may cover certain liabilities in connection with a cybersecurity incident, we cannot be certain that our insurance coverage will be adequate for liabilities actually incurred, that insurance will continue to be available to us on commercially reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, financial condition, financial results and reputation.

Unfavorable publicity and negative public perception about our industry could adversely affect our business and operating results.

With the growth of online advertising and e-commerce, there is increasing awareness and concern among the general public, privacy advocates, mainstream media, governmental bodies and others regarding marketing, advertising, and data privacy matters, particularly as they relate to individual privacy interests and the global reach of the online marketplace. Any unfavorable publicity or negative public perception about us, our industry, including our competitors, or even other data-focused industries can affect our business and results of operations, and may lead to digital publishers changing their business practices or additional regulatory scrutiny or lawmaking that affects us or our industry. For example, in recent years, consumer advocates, mainstream media, elected officials and government officials have increasingly and publicly criticized the data and marketing industry for its collection, storage and use of personal data. Additional public scrutiny may lead to general distrust of our industry, consumer reluctance to share and permit use of personal data and increased consumer opt-out rates, any of which could negatively influence, change or reduce our current and prospective customers’ demand for our products and services and adversely affect our business and operating results.

Interruptions or delays in service from our third-party data center providers could impair our ability to deliver our products and services to our customers, resulting in customer dissatisfaction, damage to our reputation, loss of customers, limited growth and reduction in revenue.

We currently serve the majority of our platform functions from third-party data center hosting facilities operated by Google Cloud Platform and Amazon Web Services. Our operations depend, in part, on our third-party facility providers’ abilities to protect these facilities against any damage or interruption from natural disasters, such as earthquakes and hurricanes, power or telecommunication failures, criminal acts and similar events. In the event that any of our third-party facilities arrangements are terminated, or if there is a lapse of service or damage to a facility, we could experience interruptions in our platform as well as delays and additional expenses in arranging new facilities and services.

Any damage to, or failure of, the systems of our third-party providers could result in interruptions to our platform. Despite precautions taken at our data centers, the occurrence of spikes in usage volume, a natural disaster, such as earthquakes or hurricanes, an act of terrorism, destruction, vandalism or sabotage, a decision to close a facility without adequate notice, or other unanticipated problems at a facility could result in lengthy interruptions in the availability of our platform. Even with current and planned disaster recovery arrangements, our business could be harmed, and no assurance can be provided that any interruptions would be remediated without significant cost or in a timely manner or at all. Also, in the event of damage or interruption, our insurance policies may not adequately compensate us for any losses that we may incur.

We are dependent on the continued availability of third-party data hosting and transmission services.

We incur significant costs with our third-party data hosting services. If the costs for such services increase due to vendor consolidation, regulation, contract renegotiation, or otherwise, we may not be able to increase the fees for our products and services to cover the changes. As a result, our operating results may be significantly worse than forecasted.

As the use of “third-party cookies” or other tracking technology continues to be pressured by Internet users, restricted or otherwise subject to unfavorable regulation, blocked or limited by technical changes on end users’ devices, or our and our customers’ ability to use data on our platform is otherwise restricted, our business could be materially impacted.

Digital advertising mostly relies on the use of cookies, pixels and other similar technology, including mobile device identifiers that are provided by mobile operating systems for advertising purposes, which we refer to collectively as cookies, to collect data about interactions with users and devices. We utilize third-party cookies, which are cookies owned and used by parties other than the owners of the website visited by the Internet user. Our cookies are used to record information tied to a random unique identifier, including such information as when an Internet user views an ad, clicks on an ad or visits one of our advertiser’s websites through a browser while the cookie is active. We use cookies to help us achieve our advertisers’ campaign goals on the web, to limit the instances that an Internet user sees the same advertisement, to report information to our advertisers regarding the performance of their advertising campaigns and to detect and prevent malicious behavior and invalid traffic throughout our network of inventory. Additionally, our customers use cookies and other technologies to add information they have collected or acquired about users into our platform. Without such data, our customers may not have sufficient insight into an Internet user’s activity, which may compromise their ability to determine which inventory to purchase for a specific campaign and undermine the effectiveness of our platform.

Cookies may be deleted or blocked by Internet users who do not want information to be collected about them. The most commonly used Internet browsers—Chrome, Firefox, Internet Explorer and Safari—allow Internet users to modify their browser settings to prevent cookies from being accepted by their browsers. Google announced in January 2020 that the Chrome browser would begin blocking third-party cookies within 24 months and began releasing updates with features intended to phase out third-party cookies. However, in April 2025, Google announced that after further consideration it will not be rolling out a new standalone prompt for third-party cookies in Chrome and third-party cookies will remain with the current opt-out functionality. While Google has determined not to deprecate cookies or roll out a new standalone prompt for third-party cookies in Chrome at this time, it is possible that Google's ongoing efforts in this area may have a substantial impact on the ability to collect and use data from Internet users. Mobile devices allow users to opt out of the use of mobile device IDs for targeted advertising. Additionally, the Safari browser currently blocks some third-party cookies by default and has recently added controls that algorithmically block or limit some cookies. Other browsers have added similar controls. In addition, Internet users can delete cookies from their computers at any time. Some Internet users also download free or paid ad blocking software that not only prevents third-party cookies from being stored on a user’s computer, but also blocks all interaction with a third-party ad server. Google has introduced ad blocking software in its Chrome web browser that will block certain ads based on quality standards established under a multi-stakeholder coalition. Additionally, the DAA, NAI, their international counterparts, and our company have certain opt-out mechanisms for users to opt out of the collection of their information via cookies. If more Internet users adopt these settings or delete their cookies more frequently than they currently do, or restrictions are imposed by advertisers and publishers, there are changes in technology or new developments in laws, regulations or industry standards around cookies, our business could be harmed.

For in-app advertising, data regarding interactions between users and devices are tracked mostly through stable, pseudonymous mobile device identifiers that are built into the device operating system with privacy controls that allow users to express a preference with respect to data collection for advertising, including to disable the identifier. These identifiers and privacy controls are defined by the developers of the mobile platforms and could be changed by the mobile platforms in a way that may negatively impact our business. Privacy aspects of other channels for programmatic advertising, such as CTVs or over-the-top video, are still developing. Technical or policy changes, including regulation or industry self-regulation, could harm our growth in those channels.

As the collection and use of data for digital advertising has received ongoing media attention over the past several years, some government regulators, such as the FTC, and privacy advocates have raised significant concerns around observed data. There has been an array of 'do-not-track' efforts, suggestions and technologies introduced to address these concerns, and state statutes are beginning to incorporate the obligation to honor them. However, the potential regulatory and self-regulatory landscape is inherently uncertain, and there is not yet a consensus definition of tracking, nor agreement on what would be covered by 'do-not-track' functionality. There is activity by the major Internet browsers to default set on 'do-not-track' functionality, including by Safari and Firefox. In addition, state laws such as the California Opt Me Out Act, make it a requirement for browsers to support new opt out signals. It is not clear how many other Internet browsers will follow. Substantial increases in the rate and number of people opting out of various data collection processes could have a negative impact on our business and the ecosystems in which we operate.

In addition, in the EU, Directive 2002/58/EC (as amended by Directive 2009/136/EC), commonly referred to as the ePrivacy or Cookie Directive, directs EU member states to ensure that accessing information on an Internet user’s device, such as through a cookie and other similar technologies, is allowed only if the Internet user has been informed about such access and given his or her consent. The EU regulatory framework governing cookies and similar technologies continues to evolve. While the existing ePrivacy Directive (as implemented by EU member states) operates alongside the GDPR, regulators have taken increasingly strict positions on consent requirements and enforcement. In addition, the European Commission's Digital Omnibus package, proposed in November 2025, includes amendments to the ePrivacy Directive that could, if adopted, introduce a centralized browser-based consent framework and further restrict the use of cookies and similar tracking technologies. Ongoing policy developments and regulatory interpretations may further limit the lawful bases available for processing data collected through cookies and similar technologies and increase compliance burdens and potential penalties. Limitations on the use or effectiveness of cookies, or other limitations on our, or our customers’, ability to collect and use data for advertising, whether imposed by EU member state implementations of the Cookie Directive or otherwise, may impact the performance of our platform. We may be required to, or otherwise may determine that it is advisable to, make significant changes in our business operations and product and services to obtain user opt-in for cookies and use of cookie data, or develop or obtain additional tools and technologies to compensate for a lack of cookie data. We may not be able to make the necessary changes in our business operations and products and services to obtain user opt-in for cookies and use of cookie data, or develop, implement or acquire additional tools that compensate for a lack of cookie data. Moreover, even if we are able to do so, such additional products and tools may be subject to further regulation, time consuming to develop or costly to obtain, and less effective than our current use of cookies.

Climate change may have an impact on our business.

Any of our primary locations may be vulnerable to the adverse effects of climate change. For example, our offices and facilities in California have experienced, and are projected to continue to experience, climate-related events at an increasing frequency, including drought, water scarcity, heat waves, wildfires and resultant air quality impacts and power shutoffs associated with wildfire prevention. Furthermore, it may be more difficult to mitigate the impact of these events on our remote employees working from home.

Risks Related to Government Regulation and Taxation

Changes in legislative, judicial, regulatory, or cultural environments relating to information collection and use may limit our ability to collect and use data. Such developments could cause revenues to decline, increase the cost and availability of data and adversely affect the demand for our products and services.

We receive, store and process personal information and other data from and about consumers in addition to our customers, employees, and services providers. Our handling of this data is subject to a variety of federal, state, and foreign laws and regulations and is subject to regulation by various government authorities. Our data handling also is subject to contractual obligations and may be deemed to be subject to industry standards.

Additionally, the FTC and many state attorneys general are interpreting federal and state consumer protection laws as imposing standards for the online collection, use, dissemination and security of data. In addition, the European Union has been developing new requirements related to the use of data, including in the Digital Services Act, that may impose additional rules and restrictions on the use of the data.

The regulatory framework for data privacy issues worldwide is currently evolving and is likely to remain uncertain for the foreseeable future. The occurrence of unanticipated events often rapidly drives the adoption of legislation or regulation affecting the use, collection or other processing of data and manners in which we conduct our business. Restrictions could be placed upon the collection, management, aggregation and use of information, which could result in a material increase in the cost of collecting or otherwise obtaining certain kinds of data and could limit the ways in which we may use or disclose information.

In particular, interest-based advertising, or the use of data to draw inferences about a user’s interests and deliver relevant advertising to that user, and similar or related practices, such as cross-device data collection and aggregation, steps taken to de-identify or pseudonymize personal data and to use and distribute the resulting data, including for purposes of personalization and the targeting of advertisements, have come under increasing scrutiny by legislative, regulatory, and self-regulatory bodies in the United States and abroad that focus on consumer protection or data privacy. Much of this scrutiny has focused on the use of cookies and other technology to collect information about Internet users’ online browsing activity on web browsers, mobile devices, and other devices, to associate such data with user or device identifiers or pseudonymous identifiers across devices and channels. In addition, providers of Internet browsers have engaged in, or announced plans to continue or expand, efforts to provide increased visibility into, and certain controls over, cookies and similar technologies and the data collected using such technologies. Google announced in January 2020 that the Chrome browser would begin blocking third-party cookies within 24 months and began releasing updates with features intended to phase out third-party cookies. However, in April 2025, Google announced that after further consideration it will not be rolling out a new standalone prompt for third-party cookies in Chrome and third-party cookies will remain with the current opt-out functionality.

In the United States, the U.S. Congress and state legislatures, along with federal regulatory authorities have recently increased their attention on matters concerning the collection and use of consumer data. For example, California enacted legislation, the California Consumer Privacy Act (“CCPA”), that became operative on January 1, 2020 and came under California Attorney General ("AG") enforcement on July 1, 2020. The CCPA requires covered companies to, among other things, provide new disclosures to California consumers and afford such consumers new abilities to opt-out of certain sales of personal information, a concept that is defined broadly.

The CCPA is the subject of regulations issued by the California AG. In November 2020 California voters also approved the ballot initiative known as the California Privacy Rights Act of 2020 (“CPRA”). Pursuant to the CPRA, effective January 1, 2023, the CCPA was amended by creating additional privacy rights for California consumers and additional obligations on businesses, which could subject us to additional compliance costs as well as possible fines, individual claims and commercial liabilities for certain compliance failures. In addition, California enacted the Delete Act (SB 362) in October 2023, which requires data brokers to register annually with the California Privacy Protection Agency and, beginning August 1, 2026, to process consumer deletion requests submitted through a centralized Delete Request and Opt-out Platform ("DROP"), a state-hosted mechanism that allows California consumers to request deletion of their personal information from all registered data brokers through a single request. Since the CCPA, a majority of the population of the United States is now covered by state data collection and use privacy laws. Together with the CCPA and CPRA, these are referred to throughout as "State Consumer Privacy Acts.

We cannot yet predict the full impact of the State Consumer Privacy Acts on our business or operations, but they may require us to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to comply. The State Consumer Privacy Acts have prompted a number of proposals for federal and other state privacy legislation that, if enacted, could increase our exposure to potential liability, add additional complexity to compliance in the U.S. market and increase our compliance costs. For example, other states have enacted or are considering legislation similar to that of the State Consumer Privacy Act statutory frameworks, including legislation that would require individuals to “opt-in” to the collection of certain consumer data. Decreased availability and increased costs of information could adversely affect our ability to meet our customers’ requirements and could result in decreased revenues.

There are a growing number of states that have adopted laws that impact the collection and use of data that could create additional risks and require costly expenditures to ensure continued compliance. At the United States Federal level, Congress continues to study whether to adopt new data collection and use laws. The FTC over the last several years has been asserting expansive interpretations of its authority, which could create additional risks, increase costs of compliance and adversely impact revenue.

In Europe, the European General Data Protection Regulation ("GDPR") took effect on May 25, 2018 and applies to products and services that we provide in Europe, as well as the processing of personal data of EU citizens, wherever that processing occurs. The GDPR includes operational requirements for companies that receive or process personal data of residents of the European Union. For example, the GDPR requires offering a variety of controls to individuals in Europe before processing data for certain aspects of our service. In addition, the GDPR includes significant penalties for non-compliance of up to the greater of €20 million or 4% of an enterprise’s global annual revenue. The European Commission's Digital Omnibus package, proposed in November 2025, includes amendments to the ePrivacy Directive and GDPR that could impose additional consent requirements and

compliance obligations relating to the use of cookies and similar technologies. In addition, some countries are considering or have passed legislation or interpretations implementing data protection requirements or requiring local storage and processing of data or similar requirements that could increase the cost and complexity of delivering our services. Any failure to achieve required data protection standards may result in lawsuits, regulatory fines, or other actions or liability, all of which may harm our operating results.

We are also subject to laws, regulations and other restrictions that dictate whether, how, and under what circumstances we can transfer, process and/or receive certain data that is critical to our operations, including data shared between countries or regions in which we operate, and data shared among our products and services. For example, in July 2023, the EU adopted an adequacy decision for the EU-U.S. Data Privacy Framework ("DPF"), allowing the DPF to facilitate the transfer of data from Europe to the United States, and with the U.K. Extension, also from the U.K. to the United States.

In addition to government regulation, privacy advocacy and industry groups may propose new and different self-regulatory standards that either legally or contractually apply to us or our customers. We are members of self-regulatory bodies that impose additional requirements related to the collection, use, and disclosure of consumer data. Under the requirements of these self-regulatory bodies, in addition to other compliance obligations, we are obligated to provide consumers with notice about our use of cookies and other technologies to collect consumer data and of our collection and use of consumer data for certain purposes, and to provide consumers with certain choices relating to the use of consumer data. Some of these self-regulatory bodies have the ability to discipline members or participants, which could result in fines, penalties, and/or public censure (which could in turn cause reputational harm). Additionally, some of these self-regulatory bodies might refer violations of their requirements to the Federal Trade Commission or other regulatory bodies.

Because the interpretation and application of privacy and data protection laws, regulations and standards are uncertain, it is possible that these laws, regulations and standards may be interpreted and applied in manners that are, or are asserted to be, inconsistent with our data management practices or the technological features of our solutions. If so, in addition to the possibility of fines, investigations, lawsuits and other claims and proceedings, it may be necessary or desirable for us to fundamentally change our business activities and practices or modify our products and services, which could have an adverse effect on our business. We may be unable to make such changes or modifications in a commercially reasonable manner or at all. Any inability to adequately address privacy concerns, even if unfounded, or any actual or perceived failure to comply with applicable privacy or data protection laws, regulations, standards or policies, could result in additional cost and liability to us, damage our reputation, decrease the availability of and increase costs for information, inhibit sales and harm our business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, standards and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our platform. Privacy concerns, whether valid or not valid, may inhibit market adoption of our platform particularly in certain industries and foreign countries.

Changes in tax laws, changes in valuation allowance, and examinations by tax authorities could have a material adverse effect on our results of operations, cash flows, and financial condition.

We are subject to income tax, sales tax, and other tax laws in the U.S. and other jurisdictions. Changes in tax laws, or changes in the interpretation or enforcement of those laws, could materially increase tax expense. These changes could include increases in statutory tax rates, reductions or eliminations of tax benefits from net operating losses or tax credits, and the application of sales taxes to additional goods and services.

Deferred tax assets are reduced by a valuation allowance when it is more likely than not that some portion of the related tax benefits will not be realized. Changes in valuation allowance could materially increase income tax expense. Unrecognized tax benefits arise from tax positions for which the related tax benefit has not been fully recognized. A tax benefit is recognized if it is more likely than not that a tax position will be sustained upon examination by the relevant tax authority. Adverse outcomes of examinations could materially increase income tax expense and result in interest and penalties.

Risks Related to Intellectual Property

Third parties may claim that we are infringing their intellectual property and we could suffer significant litigation or licensing expenses or be prevented from developing or selling products or services. Additionally, third parties may infringe our intellectual property and we may suffer competitive injury or expend significant resources enforcing our rights.

As our business is focused on data-driven results and analytics, we rely heavily on proprietary information technology, processes and other protectable intellectual property rights. From time to time, third parties may claim that one or more of our products or services infringe their intellectual property rights. We analyze and take action in response to such claims on a case-by-case basis. Any dispute or litigation regarding patents or other intellectual property, whether they are with or without merit, could be costly and time-consuming due to the complexity of our technology and the uncertainty of intellectual property litigation, which could divert the attention of our management and key personnel away from our business operations, even if ultimately determined in our favor. The extent to which such rights can be protected varies from jurisdiction to jurisdiction. Our competitive position may suffer if we do not enforce our intellectual property rights vigorously and successfully and we may expand significant resources enforcing our intellectual property rights, either or both of which could harm our operating results.

Item 1B. Unresolved Staff Comments

None.

Item 1C. Cybersecurity

Our customers’ and partners’ trust is crucial to our business; as such, a cybersecurity incident impacting the confidentiality, integrity, or availability of LiveRamp’s systems or the data we process may have a significant impact on our strategy, operations, and financials. Direct impacts may include fees, penalties, or loss of customer revenue. While we do not believe our strategy, operations, and financials have been materially affected by risks from cybersecurity threats, we cannot provide assurances that they will not be materially affected in the future by such risks. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 10-K.

In order to mitigate cybersecurity risk, LiveRamp maintains a security program based on widely known and accepted industry standards, including NIST CSF, ISO 27001, and SOC 2. Aligning to these standards allows our program to adjust to changing conditions such as new technology, industry best practices, or organizational risk tolerance.

Security Governance

Oversight of our security program starts at the Board level. On an annual basis, the enterprise risk team reports to the full Board regarding the top ten enterprise risks, including cybersecurity.

LiveRamp maintains a Security Charter which establishes the overall security program, appoints responsibility and authority to the Chief Information Security Officer (CISO), and establishes a Security Action Committee (SAC) to provide leadership and oversight. LiveRamp’s CISO has over 20 years of experience as the Company’s security leader and maintains several industry standard security certifications. The members of the security leadership team, who report directly to the CISO, each have at least a decade of experience relevant to their area of responsibility.

The SAC includes leadership across our security, enterprise risk management, internal audit, engineering, product, data ethics, legal, and commercial teams. The SAC is responsible for reviewing and approving major updates to LiveRamp’s security policies and standards, reviewing and recommending actions related to exceptions to the security program, ensuring that the security program is in alignment with business objectives, ensuring that the organization has appropriate training and awareness related to security, and providing leadership and support for the security program.

All employees must undergo annual security awareness training, which covers topics including, but not limited to, phishing, incident reporting, insider threat, and LiveRamp's Security and Acceptable Use policies.

Security Risk Management

LiveRamp also maintains a security risk management program overseen by our CISO and aligned with the Company’s overall Enterprise Risk Management strategy. The security risk management program includes processes for consistently identifying, classifying, analyzing, and documenting risk. Throughout the year, LiveRamp’s security team conducts risk assessments focused on a particular product or compliance scope. Risks are documented and communicated to relevant stakeholders.

In addition to internal teams and resources, LiveRamp leverages a variety of third parties in support of our security risk management efforts. Third-party managed services are used to support functions including our Security Operations Center, forensic incident response, and incident response tabletop exercises. Third-party providers are also utilized for penetration testing and for a bug bounty program. Third-party tooling is utilized in support of functions including threat intelligence, security logging, security information and event management (SIEM), vulnerability scanning, email protection, security awareness training, secure development training, cloud posture

management, secret management, identity and access management, and anti-malware. Furthermore, following the shared responsibility model with our cloud service providers, we rely on their implementation of certain security controls, such as physical security.

We engage with auditors directly on an annual basis to assess controls specific to a particular scope and compliance standard (e.g. SOC 2 or ISO 27001). External auditors also perform assessments on behalf of our customers to validate our compliance with specific customer requirements.

In order to mitigate risk associated with the use of third parties, LiveRamp maintains a third-party risk management program, incorporating the review of third parties by data ethics and security teams. A third party’s inherent security risk is determined by identifying their level of access to our systems and data. Third parties with a high inherent risk or with access to sensitive data types undergo a review of their security controls, wherein LiveRamp reviews the third party’s responses to a security due diligence questionnaire, external audit reports, penetration test reports, and/or security policies. A residual score is then determined based on the third party’s controls and/or operational impact to LiveRamp. LiveRamp does not approve the use of any third parties with an inadequate security posture. For third parties handling personal information, LiveRamp also conducts legal and privacy due diligence to assess legal and privacy risks and apply mitigations where appropriate. LiveRamp security also conducts ongoing monitoring of existing third parties. On a cadence determined by the third party’s residual risk level, controls are re-evaluated to ensure that the security controls of the third party have not been diminished.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
LOGI	51 minutes ago
RAMP	an hour ago
MCHP	an hour ago
HLNE	an hour ago
CRUS	an hour ago
AGYS	an hour ago
WMS	an hour ago
GEN	an hour ago
THR	4 hours ago
RL	7 hours ago
ALGM	9 hours ago
ELF	1 day ago
DT	1 day ago
VIIQ	1 day ago
FLEX	1 day ago
ENS	1 day, 1 hour ago
VFC	1 day, 6 hours ago
IMVT	1 day, 10 hours ago
ROIV	1 day, 10 hours ago
HAE	1 day, 11 hours ago
AREC	1 day, 23 hours ago
CETI	1 day, 23 hours ago
EDUC	2 days ago
CSWC	2 days, 1 hour ago
EXP	2 days, 1 hour ago
NXT	2 days, 1 hour ago
JHX	2 days, 1 hour ago
DRVN	2 days, 1 hour ago
DOCS	2 days, 1 hour ago
KCRD	2 days, 8 hours ago
UAA	2 days, 8 hours ago
IHT	2 days, 9 hours ago
FATN	3 days, 1 hour ago
LVPA	3 days, 3 hours ago
RBC	6 days, 2 hours ago
AIXN	6 days, 3 hours ago
BOOT	1 week ago
RMTG	1 week ago
OZSC	1 week ago
PBH	1 week ago
NTCT	1 week ago
HWKN	1 week, 1 day ago
RPDL	1 week, 1 day ago
GAIN	1 week, 2 days ago
EA	1 week, 3 days ago
ITOX	1 week, 3 days ago
GRAF	1 week, 3 days ago
CVLT	1 week, 3 days ago
WYGC	1 week, 6 days ago
DXC	1 week, 6 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - RAMP

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - RAMP

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing