Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - TEAM

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. RISK FACTORS

A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider such risks and uncertainties, together with the other information contained in this Annual Report on Form 10-K, and in our other public filings. If any such risks and uncertainties actually occur, our business, financial condition or results of operations could differ materially from the plans, projections, and other forward-looking statements included elsewhere in this Annual Report on Form 10-K and in our other public filings. In addition, if any of the following risks and uncertainties, or if any other risks and uncertainties, actually occur, our business, financial condition, or results of operations could be harmed substantially.

Risk Factor Summary

Our business is subject to numerous risks and uncertainties, including those highlighted in this section titled “Risk Factors” and summarized below. We have various categories of risks, including risks related to our business and industry, risks related to information technology, intellectual property, data security and privacy, risks related to legal, regulatory, accounting, and tax matters, risks related to ownership of our Class A Common Stock, risks related to our indebtedness, and general risks, which are discussed more fully below. As a result, this risk factor summary does not contain all of the information that may be important to you, and you should read this risk factor summary together with the more detailed discussion of risks and uncertainties set forth following this summary, as well as elsewhere in this Annual Report on Form 10-K. These risks include, but are not limited to, the following:

•Our historical rapid growth makes it difficult to evaluate our future prospects, and we may not be able to sustain our revenue growth rate or achieve profitability in the future.

•The continuing global economic and geopolitical volatility, and measures taken in response, could harm our business and results of operations.

•The markets in which we participate are intensely competitive, and if we do not compete effectively, our business, results of operations, and financial condition could be harmed.

•Our AI offerings and investments may not be successful, which could adversely affect our business or financial results.

•

•Our business depends on our customers renewing their subscriptions and purchasing additional licenses or subscriptions from us, and any decline in our customer retention or expansion could harm our future results of operations.

•

•If we fail to effectively manage our growth, our business and results of operations could be harmed.

•

•Our business model for our low-touch customers is based in part on a high volume of transactions and organic expansion. If this model is not effective, our business and results of operations could be harmed.

•If our security controls are compromised, leading to unauthorized or inappropriate access to customer data, our products could be perceived as insecure, and such perception may result in the loss of existing customers, hinder our ability to attract new ones, and expose us to significant liabilities.

•Interruptions or performance problems associated with our technology and infrastructure could harm our business and results of operations.

•

•Privacy concerns and laws, as well as evolving regulation of cloud computing, AI apps and services, cross-border data transfer restrictions, and other domestic or foreign regulations may limit the use and adoption of our services and adversely affect our business and results of operation.

•Our quarterly results have fluctuated in the past and may fluctuate significantly in the future and may not fully reflect the underlying performance of our business.

•We recognize certain revenue streams over the term of our subscription contracts. Consequently, downturns in new sales may not be immediately reflected in our results of operations and may be difficult to discern.

•Seasonality may cause fluctuations in our revenue.

•Our current and future indebtedness may limit our flexibility in obtaining additional financing and in pursuing other business opportunities or operating activities.

•Our global operations and structure subject us to potentially adverse tax consequences.

•Our development and use of AI technologies may expose us to operational, legal, regulatory, reputational and other risks that may adversely affect our business.

•The dual class structure of our common stock has the effect of concentrating voting control with certain stockholders, in particular, our Co-Founders and their affiliates, which will limit our other stockholders’ ability to influence the outcome of important transactions, including a change in control.

Risks Related to Our Business and Industry

Our historical rapid growth makes it difficult to evaluate our future prospects, and we may not be able to sustain our revenue growth rate or achieve profitability in the future.

This rapid growth also makes it more challenging to evaluate our future prospects. We make assumptions regarding the risks and uncertainties associated with our growth as we plan and operate our business. If our assumptions are incorrect or change, or if we do not address risks successfully, our operating and financial results could differ materially from our expectations, our growth rates may slow, and our business would suffer.

In addition, we expect our expenses to increase substantially in the near term, particularly as we continue to make significant investments in research and development and technology infrastructure for our Cloud offerings, expand our operations globally and develop new apps, agents and features for, and enhancements of, our existing apps and agents, including our AI offerings. As a result of these significant investments, and in particular stock-based compensation associated with our growth, we have not in the past and may not in the future be able to achieve profitability as determined under U.S. generally accepted accounting principles (“GAAP”). The additional expenses we will incur may not lead to sufficient additional revenue to maintain historical revenue growth rates and achieve profitability.

The continuing global economic and geopolitical volatility, and measures taken in response, could harm our business and results of operations.

Large-scale international events in recent years, such as the geopolitical instability and war in regions including Ukraine and the Middle East and economic uncertainty regarding the imposition of and changes in trade policies (including trade wars, tariffs or other trade restrictions or the threat of such actions), have negatively impacted or may in the future negatively impact the global economy, including by disrupting global supply chains and creating volatility and disruption of financial markets.

The impact our customers or potential customers experience from global economic and geopolitical volatility adversely affects demand for our offerings. The market adoption of our products and our revenue is dependent on the number of users of our products. The continuing global economic and geopolitical volatility and uncertainty could cause customers to reduce the number of personnel providing development or engineering services and decrease technology spending (including for software products). We may see declines in expected spending from new customers or renewals and reductions in paid seats from existing customers. There may also be negative impacts to collections of accounts receivable. Some customers, particularly our small- and medium-sized customers, may reduce or delay spending, request extended payment terms or concessions, or even file for bankruptcy protection or go out of business. We may also experience elongated sales cycles, budget cuts and freezes, delays in project implementation, and increased pricing pressure from our enterprise or larger-sized customers. Any of these impacts could harm our business, results of operations, and financial condition, and also negatively impact our ability to forecast our future results.

They could also heighten many of the other risks described in this “Risk Factors” section.

The markets in which we participate are intensely competitive, and if we do not compete effectively, our business, results of operations, and financial condition could be harmed.

The markets for our solutions are fragmented, rapidly evolving, highly competitive, and have relatively low barriers to entry. We face competition from a wide range of companies in each of the markets we serve, including from both large technology vendors and smaller companies that offer project management, collaboration, and developer tools; both cloud vendors targeting enterprise service management teams and legacy vendors that offer service desk solutions; and both large technology vendors that offer a suite of products and smaller companies offering point solutions for team collaboration. We expect this trend to continue as companies attempt to strengthen or maintain their market positions in an evolving industry.

In addition, as we continue to expand our focus into new use cases or other offerings beyond software development teams, we expect competition to increase. Pricing pressures and increased competition generally could result in reduced sales, reduced margins, losses, or the failure of our offerings to achieve or maintain more widespread market acceptance, any of which could harm our business, results of operations, and financial condition.

Some competitors, particularly new and emerging companies with sizeable venture capital investment, could focus all their energy and resources on one product line or use case and, as a result, any one competitor could develop a more successful product or service in a particular market we serve which could decrease our market share in that market and harm our brand recognition and results of operations. For all of these reasons and others we cannot anticipate today, we may not be able to compete successfully against our current and future competitors, which could harm our business, results of operations, and financial condition.

Our AI offerings and investments may not be successful, which could adversely affect our business or financial results.

We are investing in AI across the company and increasingly building out our AI-powered offerings, including apps, agents, and features like our Rovo platform apps. We expect AI apps, agents and features, both those we develop and those developed by third parties, to continue to be important to our offerings and our operations over time, but there can be no assurances that we will effectively develop, implement or market AI agents and features or that we will realize the desired or anticipated benefits from AI. We bear significant development and operational costs in building and supporting our AI tools and offerings, and expect these investments to continue to negatively impact our operating margins in the near term. As our business and offerings evolve to incorporate additional AI capabilities, we may be unable to effectively monetize our AI offerings or determine new methods for capitalizing on these opportunities. For example, we have made Rovo available to our premium and enterprise edition Jira, Confluence, and Jira Service Management customers at no additional cost to them and expect to do so for our standard edition customers in the near future. If strategies like this are not successful in helping us win new customers and retain and expand within existing customers, we may not be able to offset the investments we have made in these technologies, which would adversely impact our results of operations and financial condition.

Additionally, AI technology and services is a highly competitive and rapidly evolving market. Our competitors or other third parties may incorporate AI into their products and offerings more quickly or more successfully than we

can. Our ability to compete in this space will also depend in part on our ability to attract and retain employees with AI expertise. We also rely on certain third-party AI models, products, and integration providers. Such providers may be prohibited from offering certain models or technologies in jurisdictions in which we operate, may terminate their relationships with us, or otherwise cease to make certain models or technologies available to us, or may make certain models or technologies more expensive for us to use. Additionally, it is possible that an increased prevalence of AI may impact the work practices of software teams, IT operations and support teams, leadership, and business teams, and therefore our market opportunity. Any of the foregoing could adversely affect our business, reputation, or financial results.

While a substantial majority of our business was historically generated from customers using Server products, which are no longer available, and Data Center products, over time, our Cloud offerings have become more central to our distribution model. We expect this trend to continue in the future. For example, due to the higher fees associated with hosting our Cloud infrastructure, we have and expect to continue to see increased expenses and lower margins as customers transition to Cloud. Our strategy to provide our AI tools at no or low cost to the majority of our Cloud customers may further increase these hosting costs without corresponding revenue increases. Revenues recognized from our Cloud offerings are also typically lower in the initial year compared to our Data Center offerings, which may impact our near-term revenue growth rates and margins. We may also be subject to additional competitive and pricing pressures for our Cloud offerings compared to our Data Center offerings, which could harm our business. In our migration from Server, we offered discounts to certain of our enterprise-level Server customers as an incentive, which impacted our near-term revenue growth, and we may offer similar discounts in the future. If our Data Center customers do not migrate to our Cloud offerings in the future or migrate more slowly than we anticipate, our revenue growth and profitability may be negatively impacted.

Our business depends on our customers renewing their subscriptions and purchasing additional licenses or subscriptions from us, and any decline in our customer retention or expansion could harm our future results of operations.

In order for us to maintain or improve our results of operations, it is important that our customers renew their licenses or subscriptions when existing contract terms expire and that we expand our commercial relationships with our existing customers. Our customers have no obligation to renew their licenses or subscriptions, and our customers may not renew licenses or subscriptions with a similar contract duration or with the same or greater number of users. The majority of our customer base is on annual or monthly terms. Some of our customers have elected not to renew their agreements with us in the past, and it is difficult to accurately predict long-term customer retention.

Our ability to attract new customers and retain and increase revenue from existing customers depends in large part on our ability to enhance and improve our existing offerings and to introduce and package compelling new

apps or agents that reflect the changing nature of our markets.

These are all uncertain and we cannot predict the consequences, effects, or introduction of new, disruptive, emerging technologies or the manner and pace at which our markets develop over time, and our ability to compete in these markets depends on predicting and adapting to these changing circumstances. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis, and anticipating these factors requires that we allocate significant resources without any guarantee that any such investments and efforts will result in initial or enhanced adoption of our offerings in the marketplace.

If we do not spend our research and development budget efficiently or effectively on compelling innovation and technologies, our business could be harmed, and we may not realize the expected benefits of our strategy. Moreover, research and development projects can be technically challenging and expensive. The nature of these research and development cycles may cause us to experience delays between the time we incur expenses associated with research and development and the time we are able to offer compelling apps or agents and generate revenue, if any, from such investment. If we expend a significant amount of resources on research and development and our efforts do not lead to the successful introduction or improvement of offerings that are competitive in our current or future markets, it could harm our business and results of operations.

If we fail to effectively manage our growth, our business and results of operations could be harmed.

We have experienced and expect to continue to experience rapid growth, both in terms of employee headcount and number of customers, which has placed, and may continue to place, significant demands on our management, operational, and financial resources. Further, we have employees in Australia, Canada, France, Germany, India, Japan, the Netherlands, New Zealand, the Philippines, Poland, Singapore, South Korea, Turkey, the U.S., and the United Kingdom (the “UK”), and many of our employees have been with us for relatively shorter tenures. We plan to continue to invest in and grow our team and to expand our operations into other countries in the future, which will place additional demands on our resources and operations. As our business expands across numerous jurisdictions, we may experience difficulties, including in hiring, training, and managing a diffuse and growing employee base.

We have also experienced significant growth in the number of customers, users, transactions, and data that our offerings and our associated infrastructure support. Finally, our organizational structure is becoming more complex and if we fail to scale

and adapt our operational, financial, and management controls and systems, as well as our reporting systems and procedures, to manage this complexity, our business, results of operations, and financial condition could be harmed. We will require significant capital expenditures and the allocation of management resources to grow and adapt in these areas.

Expanding our sales infrastructure also has impacts on our cost structure and results of operations, and we may have to reduce other expenses, such as our research and development expenses, in order to accommodate a corresponding increase in marketing and sales expenses while maintaining positive free cash flow.

We may be required to submit more robust proposals, participate in extended proof-of-concept evaluation cycles, and engage in more extensive contract negotiations. In addition, our enterprise customers often demand more complex configurations and additional integration services and product features. We expect to see these impacts increase as we grow our enterprise sales motion. An increase in enterprise sales contracts could also increase our number of or mix of multi-year sales contracts, which can also have an impact on our revenue cycles.

Additionally, our existing and future pricing and packaging strategies for enterprise and other customers for our existing and future service offerings may not be accepted by customers. For example, we offer certain apps and agents in purchasable Collections and we have limited experience with determining the optimal pricing and terms for such packaging. Our adoption of, or failure to adopt, changes to our pricing and packaging strategies, as well as the timing and manner of such changes, may harm our business, results of operations and financial condition.

Our business model for our low-touch customers is based in part on a high volume of transactions and organic expansion. If this model is not effective, our business and results of operations could be harmed.

Our business model for low-touch customers is based in part on attracting a high volume of customers through free trials, limited free versions, and affordable starter licenses. This approach is intended to drive trial, adoption, and initial expansion organically within organizations, through low-touch customer service, high product quality, and transparent pricing arrangements. However, if users do not perceive sufficient value in upgrading from free or entry-level offerings or if users do not become, or influence others to become, paying customers, we may not realize the intended benefits of this strategy. Historically, a majority of users do not convert from free trials or limited free versions to paid apps or products, and our strategy also relies on these users influencing broader adoption within their organizations. Additionally, we have historically increased and will continue to increase prices from time to time, which may also hurt the efficacy of this strategy.

Our ability to compete may be adversely affected as competitors introduce lower-cost or free alternatives, making it more difficult to acquire new customers. Some customers may also view our offerings as discretionary purchases, which can reduce demand, especially during periods of economic uncertainty.

Any failure to offer high-quality product support could harm our relationships with our customers and our business, results of operations, and financial condition.

In deploying and using our apps, agents and products, our customers depend on our product support teams to resolve complex technical and operational issues. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for product support. We may also be unable to modify the nature, scope, and delivery of our product support to compete with changes in product support services provided by our competitors. Increased customer demand for product support, without corresponding revenue, could increase costs and harm our results of operations. The number of our customers has grown significantly and that has put additional pressure on our product support organization. End customers may also reach out to us requesting support for third-party apps sold on the Atlassian Marketplace. If we are unable to provide efficient product support globally at scale, including through the use of third-party vendors and self-service support, our ability to grow our operations could be harmed and we may need to hire additional support personnel, which could harm our results of operations. Certain of our customers have in the past experienced outages across their use of our apps, agents and products and it is possible that similar incidents may occur in the future. Our sales are highly dependent on our business reputation and on positive recommendations from our existing customers.

If we are unable to develop and maintain successful relationships with our solution partners, our business, results of operations, and financial condition could be harmed.

We have established relationships with certain solution partners to distribute our products. We believe that continued growth in our business is dependent upon identifying, developing, and maintaining strategic relationships with our existing and potential solution partners that can drive substantial revenue and provide additional value-added services to our customers. For fiscal year 2025, we derived over 50% of our revenue from channel partners’ sales efforts. At times in fiscal year 2025, one solution partner has represented more than 10% of our total accounts receivable.

Successfully managing our indirect channel distribution efforts is a complex process across the broad range of geographies where we do business or plan to do business. If any solution partners fail to pay us under the terms of our agreements, including any delays in payment, or we are otherwise unable to collect on our accounts receivable from these solution partners, we may be adversely affected both from the inability to collect amounts due and the cost of enforcing the terms of our contracts, including litigation. Additionally, our solution partners are independent businesses we do not control. Notwithstanding this independence, we still face legal risk and reputational harm from the activities of our solution partners, including, but not limited to, export control violations, workplace conditions, corruption, and anti-competitive behavior.

Our agreements with our existing solution partners are non-exclusive, meaning they may offer customers the products of several different companies, including products that compete with ours. If we fail to identify additional solution partners in a timely and cost-effective manner, or at all, or are unable to assist our current and future solution partners in independently distributing and deploying our offerings, our business, results of operations, and financial condition could be harmed.

In particular, we have developed our apps, agents, and products to be able to easily integrate with third-party applications, including the applications of software providers

that compete with us, through the interaction of application programming interfaces (“APIs”). In general, we rely on the fact that the providers of such software systems continue to allow us access to their APIs to enable these customer integrations. To date, we have not relied on long-term written contracts to govern our relationship with these providers. Instead, we are subject to the standard terms and conditions for application developers of such providers, which govern the distribution, operation, and fees of such software systems, and which are subject to change by such providers. From time to time, certain providers may claim we have failed to meet these standard terms and conditions. Our business could also be harmed if any provider:

•discontinues or limits our access to its APIs, due to a claim of breach of terms and conditions or for any other reason;

•modifies its terms of service or other policies, including fees charged to, or other restrictions on us or other application developers;

•changes how customer information is accessed by us or our customers;

•establishes more favorable relationships with one or more of our competitors; or

•develops or otherwise favors its own competitive offerings over ours.

We may also be subject to privacy risks in connection with the third-party data we collect and process through APIs and, in some instances, customers may find our administrative controls for such data use inadequate. As with any data processing, there are privacy considerations for the data we collect and process from third-party sources, and customers may seek more controls in our products around third-party integrations.

In addition, an increasing number of organizations and individuals within organizations are utilizing mobile devices to access the internet and corporate resources and to conduct business. If we cannot provide effective functionality through these mobile applications as required by organizations and individuals that widely use mobile devices, we may experience difficulty attracting and retaining customers.

If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of our offerings, our business, results of operations, and financial condition could be harmed.

Our ability to grow our business depends in part on our ability to persuade current and future customers to expand their use of our offerings to additional use cases beyond software developers, including information technology and business teams.

Our corporate values have contributed to our success, and if we cannot maintain these values as we grow, we could lose the innovative approach, creativity, and teamwork fostered by our values, and our business could be harmed.

We believe that a critical contributor to our success has been our corporate values, which we believe foster innovation, teamwork, and an emphasis on customer-focused results. In addition, we believe that our values create an environment that drives and perpetuates our product strategy and low-cost distribution approach. Any failure to preserve our values could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively, and execute on our business strategy.

If we are not able to maintain and enhance our brand, our business, results of operations, and financial condition could be harmed.

We believe that maintaining and enhancing our reputation as a differentiated and category-defining company is critical to our relationships with our existing customers and to our ability to attract new customers. The successful promotion of our brand attributes will depend on a number of factors, including our and our solution partners’ marketing efforts, our ability to continue to develop high-quality products, our ability to minimize and respond to errors, failures, outages, vulnerabilities, or bugs, and our ability to successfully differentiate our products from competitive products. If these analyses are negative or less positive as compared to those of our competitors’ products, our brand may be harmed.

Our sponsorship relationships and partnerships may also subject us to negative publicity as a result of any actual or alleged conduct by, or consumers’ perceptions of, our partners or individuals and entities associated with such organizations, which could have an adverse effect on our reputation and brand.

Our sponsorship relationships and partnerships and the general promotion of our brand requires us to make substantial expenditures. We anticipate that these expenditures will increase as our market becomes more competitive, as we expand into new markets, and as more sales are generated through our solution partners. To the extent that these activities yield increased revenue, this revenue may not offset the increased expenses we incur. If we do not successfully maintain and enhance our brand, our business may not grow, we may have reduced pricing power relative to competitors, and we could lose customers or fail to attract new customers, any of which could harm our business, results of operations, and financial condition.

If the Atlassian Marketplace does not continue to be successful, our business and results of operations could be harmed.

We operate the Atlassian Marketplace, an online marketplace, for selling third-party, as well as Atlassian-built, apps. If we do not continue to add new vendors and developers, are unable to sufficiently grow the number of cloud apps our customers demand, or our existing vendors and developers stop developing or supporting the apps that they sell on the Atlassian Marketplace, our business could be harmed.

In addition, third-party apps on the Atlassian Marketplace may not meet the same quality standards that we apply to our own development efforts and, in the past, third-party apps have caused disruptions affecting multiple customers. To the extent these apps contain bugs, vulnerabilities, or defects, such apps have in the past and may in the future create disruptions in our customers’ use of our products, lead to data loss or unauthorized access to customer data, damage our brand and reputation, and affect the continued use of our products, which could harm our business, results of operations and financial condition.

Acquisitions of, or investments in, other businesses, products, or technologies could disrupt our business, and we may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions.

We have completed a number of acquisitions and strategic investments and continue to evaluate and consider additional strategic transactions, including acquisitions of, or investments in, businesses, technologies, services, products, and other assets in the future. For example, in fiscal year 2024, we acquired Loom, Inc., an asynchronous video messaging platform that helps users communicate through instantly shareable videos. We also

from time to time enter into strategic relationships with other businesses to expand our offerings, which could involve preferred or exclusive licenses, additional channels of distribution, discount pricing, or investments in other companies.

Any acquisition, investment or business relationship may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products, personnel, or operations of the acquired companies, particularly if the key personnel of the acquired companies choose not to work for us, their software and services are not easily adapted to work with our apps, agents and products, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management or otherwise. We may also be, and we from time to time have been, exposed to unknown risks or liabilities, including security risks, stemming from acquisitions. Acquisitions may also disrupt our business, divert our resources, and require significant management attention that would otherwise be available for the development of our existing business. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges.

Our previous and future acquisitions or strategic investments may not achieve our goals, and any future acquisitions or strategic investments we complete could be viewed negatively by users, customers, developers, or investors.

Negotiating these transactions can be time consuming, difficult, and expensive, and our ability to complete these transactions may often be subject to approvals that are beyond our control. Consequently, these transactions, even if announced, may not be completed. For one or more of those transactions, we may:

•issue additional equity securities that would dilute our existing stockholders;

•use cash that we may need in the future to operate our business;

•incur large charges, expenses, or substantial liabilities;

•incur debt on terms unfavorable to us or that we are unable to repay;

•encounter difficulties retaining key employees of the acquired company, technology, or business cultures; and/or

•become subject to adverse tax consequences, substantial depreciation, impairment, or deferred compensation charges.

Risks Related to Information Technology, Intellectual Property, and Data Security and Privacy

If our security controls are compromised, leading to unauthorized or inappropriate access to customer data, our products could be perceived as insecure, and such perception may result in the loss of existing customers, hinder our ability to attract new ones, and expose us to significant liabilities.

Use of our products involves the storage, transmission, and processing of our customers’ proprietary data, including potentially personal or identifying information. Unauthorized or inappropriate access to, or security breaches of, our products could result in unauthorized or inappropriate access to data and information, and the loss, compromise or corruption of such data and information. In addition, we rely on third-party service providers to host or otherwise process some of such data, and any failure by a third party, or any other entity in our collective supply chain, to prevent or mitigate data security breaches or improper access to, or use, acquisition, disclosure, alteration, or destruction of, such data could have similar adverse consequences for us. We have incurred and expect to incur significant expenses to prevent security breaches, including costs related to deploying additional personnel and protection technologies, training employees, and engaging third-party solution providers and consultants. Our errors and omissions insurance, covering certain security and privacy damages and claim expenses, may not be sufficient to compensate for all liabilities we may incur.

Although we expend significant resources to create security protections that shield our customer data against potential theft and security breaches, the techniques used to obtain unauthorized access to systems or sabotage systems, or disable or degrade services, change frequently and are often unrecognizable until launched against a

target, and therefore such measures cannot provide absolute security. We have in the past experienced breaches of our security measures and other inappropriate access to our systems. Certain of these incidents have resulted in unauthorized access to certain data processed through our products. Our products are at risk for future breaches and inappropriate access, including, without limitation, inappropriate access that may be caused by errors or breaches that may occur as a result of third-party action, or employee, vendor or contractor error or malfeasance, and other causes. We have in the past been, and may in the future be, a target of security threats, including from state actors. While these incidents have not materially affected our business, reputation or financial results, there is no guarantee they will not in the future. Third parties have in the past and may in the future also utilize our products and platforms for malicious purposes, such as to upload abhorrent content (including on our Loom app) or host malware, which could result in reputational harm to us and negatively impact our business.

Our remote-first “Team Anywhere” work environment may pose additional data security risks. Further, AI technologies may be used in connection with certain cybersecurity attacks, resulting in heightened risks of security breaches and incidents.

For instance, we rely on third-party partners to develop apps on the Atlassian Marketplace that connect with and enhance our Cloud offerings for our customers. These apps may not meet the same quality standards that we apply to our own development efforts and have in the past, and may in the future, contain bugs, vulnerabilities, or defects that pose data security risks to our customers or lead to the unauthorized access of user data. Our ability to mandate security standards and ensure compliance by these third parties may be limited. Additionally, our products may be subject to vulnerabilities in the third-party software on which we rely. We have in the past identified a vulnerability in an open source software application we used and similar incidents may occur in the future and could have a material adverse effect on our business. We are likely to face increased risks that real or perceived vulnerabilities of our systems could seriously harm our business and our financial performance, by tarnishing our reputation and brand and limiting the adoption of our products.

Because the techniques used to obtain unauthorized access to or to sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. We may also experience security breaches that may remain undetected for an extended period and, therefore, have a greater impact on the products we offer, the proprietary data processed through our services, and, ultimately, on our business.

Data security breaches could also expose us to liability under various laws and regulations across jurisdictions and increase the risk of litigation and governmental or regulatory investigation. There may be additional regulations regarding the security of such data in the future. Additionally, we may need to notify customers, governmental authorities, and/or other affected individuals with respect to such incidents. For example, laws in the EU and UK and all 50 U.S. states may require businesses to provide notice to customers, governmental authorities, and/or other individuals whose personal information has been impacted by a data security breach. Complying with such numerous and complex regulations in the event of a data security breach would be expensive and difficult, and failure to comply with these regulations could subject us to regulatory scrutiny and additional liability. Regardless of our contractual protections, any actual or perceived data security breach, or breach of our contractual obligations, could harm our reputation and brand, expose us to potential liability, or require us to expend significant resources on data security and in responding to any such actual or perceived breach.

Interruptions or performance problems associated with our technology and infrastructure could harm our business and results of operations.

We rely heavily on our network infrastructure and information technology systems for our business operations, and our continued growth depends in part on the ability of our existing and potential customers to access our solutions at any time and within an acceptable amount of time. In addition, we rely almost exclusively on our websites for the downloading of, and payment for, all our apps, agents, and products. We have experienced, and may in the future experience, disruptions, data loss and corruption, outages and other performance problems with our infrastructure and websites due to a variety of factors, including infrastructure changes, introductions of new

functionality, human or software errors, capacity constraints, denial of service attacks, or other security-related incidents. In some instances, we have not been able to, and in the future may not be able to, identify the cause or causes of these performance problems within an acceptable period of time. It may become increasingly difficult to maintain and improve our performance, especially during peak usage times and as our products and websites become more complex and our user traffic increases.

If our apps, agents, products or websites are unavailable, if our users are unable to access our apps, agents, products or websites within a reasonable amount of time, or at all, or if our information technology systems for our business operations experience disruptions, delays or deficiencies, our business could be harmed. We may be subject to regulations that require us to report extended services outages to governmental authorities and customers. Moreover, we provide service level commitments under certain of our paid customer cloud contracts, pursuant to which we guarantee specified minimum availability. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service, or face contract termination with refunds of prepaid amounts related to unused subscriptions, which could harm our business, results of operations, and financial condition. From time to time, we have granted, and in the future will continue to grant, credits to paid customers pursuant to, and sometimes in addition to, the terms of these agreements. For example, we have in the past incurred costs associated with offering service level credits and other concessions to certain customers who experienced outages across their use of our offerings. It is possible that large-scale outages in the future could materially and adversely impact our results of operations or financial condition.

Additionally, we depend on services from various third parties, including cloud computing platform providers (such as Amazon Web Services) and other hardware and software providers, as well as general internet availability, to maintain our infrastructure and distribute our apps, agents, and products. Any disruptions in these services, including as a result of actions outside of our control, would significantly impact the continued performance of our apps, agents, and products. In the future, these services may not be available to us on commercially reasonable terms, or at all. To the extent that we do not effectively address capacity constraints, upgrade our systems as needed, and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology, our business, results of operations and financial condition could be harmed.

Our solutions are often used in connection with large-scale computing environments with different operating systems, system management software, equipment, and networking configurations, which may cause errors, failures of apps, agents, or products, or other negative consequences in the computing environment into which they are deployed. In addition, deployment of our products into complicated, large-scale computing environments may expose errors, failures, vulnerabilities, or bugs in our apps, agents, or products. Any such errors, failures, vulnerabilities, or bugs have in the past not been, and in the future may not be, found until after they are deployed to our customers.

In addition, third-party apps on Atlassian Marketplace may not meet the same quality standards that we apply to our own development efforts and in the past, third-party apps have caused disruptions affecting multiple customers.

Privacy concerns and laws as well as evolving regulation of cloud computing, AI products and services, cross-border data transfer restrictions and other domestic or foreign regulations may limit the use and adoption of our services and adversely affect our business and results of operation.

Regulation related to the provision of services over the internet is evolving, as federal, state and foreign governments continue to adopt new, or modify existing, laws and regulations addressing data privacy, cybersecurity, data protection, data sovereignty and the collection, processing, storage, hosting, transfer and use of data, generally. In the United States, the Federal Trade Commission and state regulators enforce a variety of data privacy issues, such as promises made in privacy policies or failures to appropriately protect information about individuals, as unfair or deceptive acts or practices in or affecting commerce in violation of the Federal Trade Commission Act or similar state laws. In addition, U.S. state data privacy laws, such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CPRA”), and laws that have recently passed and/or gone into effect in many other states similarly impose new obligations on us and many of our customers, potentially as both businesses and service providers.

For example, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 establishes certain requirements for commercial email messages and specifies penalties for the transmission of commercial email messages that are intended to deceive the recipient as to source or content. In addition, certain states and foreign jurisdictions, such as Australia, Canada, and the European Union (“EU”), have enacted laws that regulate sending email, and some of these laws are more restrictive than U.S. laws. Consent is tightly defined and includes a prohibition on pre-checked consents and a requirement to obtain separate consents for each type of cookie or similar technology. Recent European court and regulator decisions are driving increased attention to cookies and similar tracking technologies.

In addition, various safe harbors have historically been provided to those who hosted content provided by others, such as safe harbors from monetary damages for copyright infringement arising from copyrighted content provided by customers and others, and for defamation and other torts arising from information provided by customers and others. There is an increasing demand for repealing or limiting these safe harbors by either judicial decision or legislation. Loss of these safe harbors may require altering or limiting some of our services or may require additional contractual terms to avoid liabilities for our customers’ misconduct.

We monitor the regulatory, judicial, and legislative environment and have invested in addressing these developments. These new laws may require us to make additional changes to our practices and services to enable us or our customers to meet the new legal requirements, and may also increase our potential liability exposure through new or higher potential penalties for noncompliance. In addition, changes to penalties, fines, and action related to data breaches could impact our potential liability exposure.

Furthermore, privacy laws and regulations are subject to differing interpretations and may be inconsistent among jurisdictions. These and other requirements are causing increased scrutiny among customers, particularly in the public sector and highly regulated industries, and may be perceived differently from customer to customer. These developments could reduce demand for our services, require us to take on more onerous obligations in our contracts, restrict our ability to store, transfer and process data, require us to fundamentally change our business activities and practices or modify our products, or, in some cases, impact our ability or our customers' ability to offer our services in certain locations, to deploy our solutions, to reach current and prospective customers, or to derive insights from customer data globally. For example, in July 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield Framework, one of the mechanisms that allowed companies, including Atlassian, to transfer personal data from the EEA to the United States. Even though the CJEU decision

upheld the Standard Contractual Clauses as an adequate transfer mechanism, the decision created uncertainty around the validity of all EU-to-U.S. data transfers. While the EU and U.S. governments have recently adopted the EU-U.S. Data Privacy Framework to foster EU-to-U.S. data transfers and address the concerns raised in the aforementioned CJEU decision, it is uncertain whether this framework will eventually be overturned in court like the previous two EU-U.S. bilateral cross-border transfer frameworks. Certain countries outside of the EEA have also passed or are considering passing laws requiring varying degrees of local data residency. By way of further example, statutory damages available through a private right of action for certain data breaches under the CPRA and potentially other U.S. states’ laws may increase our and our customers’ potential liability and the demands our customers place on us.

The costs of compliance with, and other burdens imposed by, privacy laws, regulations and standards may limit the use and adoption of our services, reduce overall demand for our services, make it more difficult to meet expectations from our commitments to customers and our customers’ users, lead to significant fines, penalties or liabilities for noncompliance, impact our reputation, or slow the pace at which we close sales transactions, in particular where customers request specific warranties and unlimited indemnity for noncompliance with privacy laws, any of which could harm our business. We have adopted and continue to adopt data residency in certain territories. These services may enhance our ability to attract and retain customers operating in the relevant jurisdictions, but may also increase the cost and complexity of supporting those customers, the scope of our residency offering may not align with customer needs, and our customers may request similar offerings in other territories.

Our customers expect us to meet voluntary certification and other standards established by third parties. If we are unable to maintain these certifications or meet these standards, it could adversely affect our ability to provide our solutions to certain customers and could harm our business. In addition, we have seen a trend toward the private enforcement of data protection obligations, including through private actions for alleged noncompliance, which could harm our business and negatively impact our reputation. In addition, a shift in consumers’ data privacy expectations or other social, economic, or political developments could impact the regulatory enforcement of privacy regulations, which could require our cooperation and increase the cost of compliance with the imposed regulations.

Further, any failure or perceived failure by us to comply with our posted privacy policies, our privacy-related obligations to users or other third parties, or any other legal obligations or regulatory requirements relating to privacy, data protection or information security may result in governmental investigations or enforcement actions, litigation, claims or public statements against us by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us, and otherwise materially and adversely affect our reputation and business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations and policies that are applicable to the businesses of our users may limit the adoption and use of, and reduce the overall demand for, our platform. Additionally, if third parties we work with violate applicable laws, regulations or agreements, such violations may put our users’ data at risk, could result in governmental investigations or enforcement actions, fines, litigation, claims, or public statements against us by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us and otherwise materially and adversely affect our reputation and business. Further, public scrutiny of, or complaints about, our data handling or data protection practices, may also lead to increased regulatory scrutiny or cause our customers to seek alternative products or services.

While the GDPR already provides for transparency obligations and the imposition of safeguards where automated decision-making is used in certain circumstances, a number of U.S. state data privacy laws that have recently passed and/or gone into effect similarly impose transparency obligations and provide the right for data subjects to opt-out of profiling that will have legal or similarly significant effects. As these laws continue to evolve, we and our customers could be exposed to additional regulatory burdens that could increase our costs, reduce usage of our apps or agents, and adversely affect our business and results of operations.

Finally, the uncertain and shifting regulatory environment and trust climate may raise concerns regarding data privacy and cybersecurity, which may cause our customers or our customers’ users to resist providing the data necessary to allow our customers to use our services effectively. In addition, new products we develop or acquire may expose us to liability or regulatory risk. Even the perception that the privacy and security of personal information are not satisfactorily protected or do not meet regulatory requirements could inhibit sales of our offerings or services and could limit adoption of our cloud offerings.

We may be sued by third parties for alleged infringement or misappropriation of their intellectual property rights.

There is considerable patent and other intellectual property development activity in our industry. Our future success depends in part on not infringing upon or misappropriating the intellectual property rights of others. We have received, and may receive in the future, communications and lawsuits from third parties, including practicing entities and non-practicing entities, claiming that we are infringing upon or misappropriating their intellectual property rights, and we may be found to be infringing upon or misappropriating such rights. We may be unaware of the intellectual property rights of others that may cover some or all of our technology, or technology that we obtain from third parties. Furthermore, the legal issues, including copyright and related rights, surrounding AI technologies and the data used for training such technologies or otherwise used as inputs into such technologies has not been fully addressed by courts or national or local laws or regulations, and the use or adoption of AI technologies into our apps and services may result in exposure to claims of copyright infringement, other intellectual property infringement or misappropriation, or other related claims. Any claims or litigation could cause us to incur significant expenses and, if successfully asserted against us, could require that we pay substantial damages or ongoing royalty or license payments, prevent us from offering our products or using certain technologies, require us to implement expensive workarounds, refund fees to customers or require that we comply with other unfavorable terms. We may also be obligated to indemnify our customers or business partners in connection with any such claims or litigation and to obtain licenses, modify our products or refund fees, which could further exhaust our resources. Even if we were to prevail in the event of claims or litigation against us, any claim or litigation regarding our intellectual property could be costly and time-consuming and divert the attention of our management and other employees from our business operations and disrupt our business.

Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.

Our agreements with customers and other third parties may include indemnification or other provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of intellectual property infringement, damages caused by us to property or persons, or other liabilities relating to or arising from our products or other acts or omissions. The term of these contractual provisions often survives termination or expiration of the applicable agreement. Large indemnity payments or damage claims from contractual breach could harm our business, results of operations and financial condition. Although we generally contractually limit our liability with respect to such obligations, we may still incur substantial liability related to them. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other current and prospective customers, reduce demand for our products, damage our reputation and harm our business, results of operations and financial condition.

We use open source software in our products that may subject our products to general release or require us to re-engineer our products, which could harm our business.

We use open source software in our products and expect to continue to use open source software in the future. There are uncertainties regarding the proper interpretation of and compliance with open source software licenses. Consequently, there is a risk that the owners of the copyrights in such open source software may claim that the open source licenses governing their use impose certain conditions or restrictions on our ability to use the software that we did not anticipate. Such owners may seek to enforce the terms of the applicable open source license, including by demanding release of the source code for the open source software, derivative works of such software, or, in some cases, our proprietary source code that uses or was developed using such open source software. These claims could also result in litigation, require us to purchase a costly license or require us to devote additional research and development resources to change our products, any of which could result in additional cost, liability and reputational damage to us, and harm to our business and results of operations. In addition, if the license terms for the open source software we utilize change, we may be forced to re-engineer our products or incur

additional costs to comply with the changed license terms or to replace the affected open source software. Although we have implemented policies and tools to regulate the use and incorporation of open source software into our products, we cannot be certain that we have not incorporated open source software in our products in a manner that is inconsistent with such policies.

Any failure to protect our intellectual property rights could impair our ability to protect our proprietary technology and our brand.

Our success and ability to compete depend in part upon our intellectual property. We primarily rely on a combination of patent, copyright, trade secret and trademark laws, trade secret protection and confidentiality or license agreements with our employees, customers, business partners and others to protect our intellectual property rights. However, the steps we take to protect our intellectual property rights may be inadequate. We make business decisions about when to seek patent protection for a particular technology and when to rely upon trade secret protection, and the approach we select may ultimately prove to be inadequate. Even in cases where we seek patent protection, there is no assurance that the resulting patents will effectively protect every significant feature of our products. In addition, we believe that the protection of our trademark rights is an important factor in product recognition, protecting our brand and maintaining goodwill and if we do not adequately protect our rights in our trademarks from infringement, any goodwill that we have developed in those trademarks could be lost or impaired, which could harm our brand and our business. In any event, in order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights.

For example, we provide certain of our customers with the ability to request a copy of the source code of those products, which they may customize for their internal use under limited license terms, subject to confidentiality and use restrictions. If any of such customers misuse or distribute our source code in violation of our agreements with them, or anyone else obtains access to our source code, it could cost us significant time and resources to enforce our rights and remediate any resulting competitive harms.

Litigation brought to protect and enforce our intellectual property rights could be costly, time consuming and distracting to management. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights, which could result in the impairment or loss of portions of our intellectual property rights. Our failure to secure, protect and enforce our intellectual property rights could harm our brand and our business.

Risks Related to Financial Matters

Our quarterly results have fluctuated in the past and may fluctuate significantly in the future and may not fully reflect the underlying performance of our business.

Our quarterly financial results have fluctuated in the past and may fluctuate in the future as a result of a variety of factors, many of which are outside of our control. If our quarterly financial results fall below the expectations of investors or any securities analysts who follow us, the price of our Class A Common Stock could decline substantially. Factors that may cause our revenue, results of operations and cash flows to fluctuate from quarter to quarter include, but are not limited to:

•our ability to attract new customers, retain and increase sales to existing customers, and satisfy our customers’ requirements;

•the timing and terms of customer contracts and renewals;

•seasonality impacts in our sales cycle and other operations;

•challenges in collecting outstanding accounts receivable balances;

•changes in our or our competitors’ pricing policies and offerings;

•new products, features, enhancements, or functionalities introduced by our competitors;

•changes to our overall market;

•the amount and timing of our operating costs and capital expenditures related to the operations and expansion of our business;

•our focus on our Cloud offerings and customer migrations to our Cloud platform;

•the success of our AI offerings and our continued ability to incorporate AI solutions and features into our products, platform and business;

•changes in foreign currency exchange rates or adding additional currencies in which our sales are denominated;

•the amount and timing of acquisitions or other strategic transactions;

•significant security breaches, technical difficulties, or interruptions to our products or the third-party products on which we rely;

•the impact of new accounting pronouncements and associated system implementations, or changes in accounting principles and the application of new and existing accounting principles;

•extraordinary expenses such as litigation, tax settlements, adverse audit rulings or other dispute-related settlement payments;

•the number of new employees added or, conversely, any reductions in force;

•the timing of the grant or vesting of equity awards to employees, contractors, or directors;

•major changes to management or our board of directors;

•general economic conditions, including inflationary pressures and interest rate policy, that may adversely affect either our customers’ ability or willingness to purchase additional licenses, subscriptions, delay a prospective customer’s purchasing decisions, reduce the value of new license or subscription, or affect customer retention; and

•the impact of U.S. and international political and social unrest, changes in trade policies, armed conflict, natural disasters, climate change, diseases and pandemics, and any associated economic downturn, on our results of operations and financial performance.

Many of these factors are outside of our control, and the occurrence of one or more of them might cause our revenue, results of operations, and cash flows to vary widely. As such, we believe that quarter-to-quarter comparisons of our revenue, results of operations, and cash flows may not be meaningful and should not be relied upon as an indication of future performance.

We recognize certain revenue streams over the term of our subscription contracts. Consequently, downturns in new sales may not be immediately reflected in our results of operations and may be difficult to discern.

We generally recognize subscription revenue from customers ratably over the terms of their contracts. As a result, a significant portion of the revenue we report in each quarter is derived from the recognition of deferred revenue relating to subscription plans entered into during previous quarters. However, such a decline will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales and market acceptance of our offerings, and potential changes in our pricing policies or rate of expansion or retention, may not be fully reflected in our results of operations until future periods. Changes in the terms of our customer contracts, product lifecycles and the adoption and application of accounting principles relating to revenue recognition also impact our results.

In addition, a significant majority of our costs are expensed as incurred, while a significant portion of our revenue is recognized over the life of the agreement with our customer. As a result, increased growth in the number of our customers could continue to result in our recognition of more costs than revenue in the earlier periods of the terms of certain of our customer agreements. Our subscription revenue also makes it more difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from certain new customers must be recognized over the applicable term.

Seasonality may cause fluctuations in our revenue.

As we continue to invest in our sales-led motion and deepen our footprint with enterprise customer, we believe we have and may continue to see increased seasonal fluctuations in terms of the timing of when we enter into customer agreements. We believe we may have experienced in the past and may experience in the future seasonality effects due to enterprise customer budget cycles and our internal commission plans and quotas for our enterprise sales force. For instance, a higher percentage of customer sales are executed in the second and fourth quarters of our fiscal year. Seasonality effects may cause variability in revenue growth rates in certain quarters and within quarters. Our revenues fluctuate quarterly, and seasonality effects may cause additional fluctuations in our quarterly financial results. These fluctuations may adversely affect the market price of our Class A Common Stock.

We may require additional capital to respond to business opportunities, challenges, acquisitions, a decline in the level of revenue for our offerings, or other unforeseen circumstances. We may not be able to timely secure debt or equity financing on favorable terms, or at all. For example, during periods of higher interest rates, as has occurred in recent years in the U.S. and other regions, debt financing may become more expensive. If we raise additional funds through issuances of equity, convertible debt securities or other securities convertible into equity, our existing stockholders could suffer significant dilution in their percentage ownership of Atlassian. Any new equity or debt securities we issue could also have rights, preferences, and privileges senior to those of holders of our Class A Common Stock. If we are unable to obtain adequate financing or financing on terms satisfactory to us, when we require it, our ability to continue to grow or support our business and to respond to business challenges could be significantly limited.

Our current and future indebtedness may limit our flexibility in obtaining additional financing and in pursuing other business opportunities or operating activities.

In May 2024, we issued $500 million aggregate principal amount of 5.250% senior notes due 2029 (the “2029 Notes”) and $500 million aggregate principal amount of 5.500% senior notes due 2034 (together with the 2029 Notes, the “Notes”). In August 2024, we amended and restated our prior credit facility to eliminate the senior unsecured delayed-draw term loan facility and provide for a $750 million senior unsecured revolving credit facility (the “2024 Credit Facility”).

The Credit Facility also provides for a number of events of default, including, among others, failure to make a payment, bankruptcy, breach of a covenant or representation and warranty, default under material indebtedness (other than the Credit Facility), change of control and judgment defaults. The indentures governing our Senior Notes contain certain negative covenants, including a limitation on liens and a limitation on sale/leaseback covenants.

Under the terms of these covenants, we may be restricted from engaging in business or operating activities that may otherwise improve our business or from financing future operations or capital needs. Failure to comply with certain covenants, including the financial covenant, if not cured or waived, will result in an event of default that could trigger acceleration of our indebtedness, which would require us to repay all amounts owed and could have a material adverse impact on our business. In addition, our Credit Facility has a floating interest rate that is based on variable and unpredictable U.S. and international economic risks and uncertainties. If we were to draw on the Credit Facility, any increase in interest rates, as has occurred in the past and may occur in the future, may negatively impact our financial results.

We continue to have the ability to incur additional debt, subject to the limitations in our Credit Facility and the indentures governing our Senior Notes. Our level of debt could have important consequences to us, including the following:

•our ability to obtain additional financing, if necessary, for working capital, capital expenditures, acquisitions or other purposes may be impaired or such financing may not be available on favorable terms;

•we may need a substantial portion of our cash flow to make principal and interest payments on our debt, reducing the funds that would otherwise be available for investment in operations and future business opportunities;

•our debt level will make us more vulnerable than our competitors with less debt to competitive pressures or a downturn in our business or the economy generally; and

•our debt level may limit our flexibility in responding to changing business and economic conditions.

Our ability to service our debt will depend upon, among other things, our future financial and operating performance, which will be affected by prevailing economic conditions and financial, business, regulatory and other factors, some of which are beyond our control. If our operating results are not sufficient to service our current or future indebtedness, we will be forced to take actions such as reducing or delaying our business activities, acquisitions, investments or capital expenditures, selling assets, restructuring or refinancing our debt, or seeking additional equity capital or bankruptcy protection. We may not be able to effect any of these remedies on satisfactory terms to us or at all.

We are subject to risks associated with our strategic investments, including partial or complete loss of invested capital. Significant changes in the value of this portfolio could negatively impact our financial results.

We have strategic investments in privately held companies, and, in the past, publicly traded companies, in both domestic and international markets, including in emerging markets. These companies range from early-stage companies to more mature companies with established revenue streams and business models. Many such companies generate net losses and the market for their products, services or technologies may be slow to develop, and, therefore, they are dependent on the availability of later rounds of financing from banks or investors on favorable terms to continue their operations. The financial success of our investment in any privately held company is typically dependent on a liquidity event, such as a public offering, acquisition or other favorable market event reflecting appreciation relative to the cost of our initial investment. The capital markets for public offerings and acquisitions are dynamic and the likelihood of successful liquidity events for the companies we have invested in could significantly worsen.

Privately held companies in which we invest have undertaken in the past and others may in the future undertake, an initial public offering. We may also decide to invest in companies in connection with or as part of such company’s initial public offering or other transactions directly or indirectly resulting in it being publicly traded. Therefore, our investment strategy and portfolio have also expanded in the past to include public companies. In certain cases, our ability to sell these investments may be constrained by contractual obligations to hold the securities for a period of time after a public offering, including market standoff agreements and lock-up agreements.

All of our investments, especially our investments in privately held companies, are subject to a risk of a partial or total loss of investment capital and a number of our investments have lost value in the past. Valuations of privately held companies are also inherently complex due to the lack of readily available market data, and, as a result, the basis for these valuations is subject to the timing and accuracy of the data received from these companies. If we determine that any of our more significant investments have experienced a decline in value, we may be required to record an impairment, which could be material and negatively impact our financial results. In addition, we have in the past, and may in the future, continue to deploy material investments in individual companies in which we have previously invested, resulting in the increasing concentration of risk in a small number of companies. Partial or complete loss of investment capital of these individual companies could be material to our financial statements.

Our global operations and structure subject us to potentially adverse tax consequences.

We are subject to income taxes as well as non-income-based taxes in the U.S., Australia, and various other jurisdictions. Significant judgment is often required in the determination of our worldwide provision for (benefit from) income taxes. Our effective tax rate could be impacted by changes in our earnings and losses in countries with differing statutory tax rates, changes in transfer pricing, changes in operations, changes in nondeductible expenses, changes in excess tax benefits of stock-based compensation expense, changes in the valuation of deferred tax assets and liabilities and our ability to utilize them, the applicability of withholding taxes, effects from acquisitions,

and changes in accounting principles and tax laws. Any changes or uncertainty in taxing jurisdictions’ administrative interpretations, decisions, policies, and positions could also materially impact our income tax liabilities. Our intercompany relationships are subject to complex transfer pricing regulations administered by taxing authorities in various jurisdictions. The relevant revenue and taxing authorities may disagree with positions we have taken generally, or our determinations as to the value of assets sold or acquired, or income and expenses attributable to specific jurisdictions. For example, during fiscal year 2024, we entered into a unilateral advanced pricing arrangement with the Australian Taxation Office (“ATO”) in relation to our transfer pricing arrangements between Australia and the U.S. for the tax years ended June 30, 2019 to June 30, 2025 that resulted in us making a tax payment of $117.4 million. We will continue to pursue advanced pricing arrangements in Australia and other jurisdictions to proactively manage and mitigate the risk of transfer pricing disputes with tax authorities. In addition, in the ordinary course of our business we are subject to tax audits from various taxing authorities. Although we believe our tax positions are appropriate, the final determination of any future tax audits could be materially different from our income tax provisions, accruals and reserves. If such a disagreement were to occur, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax charges, a higher effective tax rate, reduced cash flows and lower overall profitability of our operations.

Tax laws in the U.S. and in foreign jurisdictions are subject to change. For example, in July 2025, the U.S. government enacted The One Big Beautiful Bill Act (“OBBBA”) which includes a broad range of tax reform provisions that may affect our financial results. The OBBBA includes, among other provisions, the allowance of immediate expensing of qualifying domestic research and development expenses and permanent extensions of certain provisions within the Tax Cuts and Jobs Act, which was signed into law in 2017. The Inflation Reduction Act (“IRA”), signed into law in 2022, includes various corporate tax provisions including a new alternative corporate minimum tax on applicable corporations. The IRA tax provisions may become applicable to us in future years, which could result in additional taxes, a higher effective tax rate, reduced cash flows and lower overall profitability of our operations.

Certain government agencies in jurisdictions where we do business have had an extended focus on issues related to the taxation of multinational companies. In addition, the Organization for Economic Cooperation and Development (the “OECD”) has introduced various guidelines changing the way tax is assessed, collected, and governed. Of note are the efforts around base erosion and profit shifting which seek to establish certain international standards for taxing the worldwide income of multinational companies. These measures have been endorsed by the leaders of the world’s 20 largest economies.

In March 2018, the EC proposed a series of measures aimed at ensuring a fair and efficient taxation of digital businesses operating within the EU. As collaborative efforts by the OECD and EC continue, some countries have unilaterally moved to introduce their own digital service tax or equalization levy to capture tax revenue on digital services more immediately. The EU and the UK have established a mandate that focuses on the transparency of cross-border arrangements concerning at least one EU member state through mandatory disclosure and exchange of cross-border arrangements rules. The mandate is further extended to include certain domestic arrangements in Poland.

The OECD introduced significant changes to the international tax law framework through the Pillar Two guidelines. The framework outlines a coordinated set of rules to prevent multinational enterprises from shifting profits to low-tax jurisdictions by implementing a 15% global minimum tax. Many countries in which we operate, including the member states of the EU, have enacted Pillar Two. Pillar Two rules began applying to us in fiscal year 2025. In January 2025, the United States issued an executive order announcing opposition to aspects of these rules. In late June 2025, a shared understanding of a new “side-by-side” solution to address U.S. concerns with Pillar Two was announced. If agreed upon and legislated by the OECD countries, this would exclude U.S.-parented groups from certain provisions of Pillar Two. The potential effects of Pillar Two may vary depending on the specific provisions and rules implemented by each country that adopts Pillar Two and may include tax rate changes, higher effective tax rates, potential tax disputes and adverse impacts to our cash flows, tax liabilities, results of operations and financial position.

Global tax developments applicable to multinational companies may continue to result in new tax regimes or changes to existing tax laws, regulations, and taxation officer interpretations. If the U.S. or foreign taxing authorities

change tax laws, our overall taxes could increase, lead to a higher effective tax rate, harm our cash flows, results of operations and financial position.

We do not collect sales and use, value-added and similar taxes in all jurisdictions in which we have sales, based on our understanding that such taxes are not applicable to the apps, agents, products, and services we sell in certain jurisdictions. Sales and use, value-added and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties, and interest, and we may be required to collect such taxes in the future. Such tax assessments, penalties and interest, or future requirements could harm our results of operations.

If we are unable to maintain effective internal control over financial reporting in the future, investors may lose confidence in the accuracy and completeness of our financial reports and the market price of our Class A Common Stock could be negatively affected.

As a public company, we are required to maintain internal controls over financial reporting and to report any material weaknesses in such internal controls. We are required to furnish a report by management on the effectiveness of our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act (“Section 404”). We could also become subject to investigations by the stock exchange on which our securities are listed, the SEC or other regulatory authorities, which could require additional financial and management resources.

We face exposure to foreign currency exchange rate fluctuations.

While we primarily sell our apps, agents, products, and services in U.S. dollars, we incur expenses in currencies other than the U.S. dollar, which exposes us to foreign currency exchange rate fluctuations. Moreover, our subsidiaries, other than our U.S. subsidiaries, maintain net assets that are denominated in currencies other than the U.S. dollar. In addition, we transact in non-U.S. dollar currencies for our apps, agents, products and services, and, accordingly, changes in the value of non-U.S. dollar currencies relative to the U.S. dollar could affect our revenue and results of operations due to transactional and translational remeasurements that are reflected in our results of operations.

We have a foreign exchange hedging program to hedge a portion of certain exposures to fluctuations in non-U.S. dollar currency exchange rates. We use derivative instruments, such as foreign currency forward contracts, to hedge the exposures. The use of such hedging instruments may not fully offset the adverse financial effects of unfavorable movements in foreign currency exchange rates over the limited time the hedges are in place. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments or if we are unable to forecast hedged exposures accurately.

We are exposed to credit risk and fluctuations in the market values of our investment portfolio.

Given the global nature of our business, we have diversified U.S. and non-U.S. investments. Credit ratings and pricing of our investments can be negatively affected by liquidity, credit deterioration, financial results, economic risk, including from impacts of inflation, recent geopolitical instability, political risk, sovereign risk, or other factors. As a result, the value and liquidity of our investments may fluctuate substantially. Therefore, although we have not realized any significant losses on our investments, future fluctuations in their value could result in a significant realized loss.

If we are deemed to be an investment company under the Investment Company Act of 1940, our results of operations could be harmed.

Under Sections 3(a)(1)(A) and (C) of the Investment Company Act of 1940, as amended (the “Investment Company Act”), a company generally will be deemed to be an “investment company” for purposes of the Investment

Company Act if (i) it is, or holds itself out as being, engaged primarily, or proposes to engage primarily, in the business of investing, reinvesting, or trading in securities or (ii) it engages, or proposes to engage, in the business of investing, reinvesting, owning, holding, or trading in securities and it owns or proposes to acquire investment securities having a value exceeding 40% of the value of its total assets (exclusive of U.S. government securities and cash items) on an unconsolidated basis. We do not believe that we are an “investment company,” as such term is defined in either of these sections of the Investment Company Act. We currently conduct, and intend to continue to conduct, our operations so that neither we, nor any of our subsidiaries, is required to register as an “investment company” under the Investment Company Act. If we were obligated to register as an “investment company,” we would have to comply with a variety of substantive requirements under the Investment Company Act that impose, among other things, limitations on capital structure, restrictions on specified investments, prohibitions on transactions with affiliates, and compliance with reporting, record keeping, voting, proxy disclosure and other rules and regulations that would increase our operating and compliance costs, could make it impractical for us to continue our business as contemplated, and could harm our results of operations.

Risks Related to Legal and Regulatory Matters

Our development and use of AI technologies may expose us to operational, legal, regulatory, reputational and other risks that may adversely affect our business.

We are continually enhancing and expanding our platform and offerings with AI technology. Our development and use of AI technologies may expose us to operational challenges, legal claims, regulatory scrutiny, and reputational harm. AI models can be flawed, biased, or produce inaccurate or misleading outputs, which may not be easily detected. Inappropriate data practices or negative public perception of AI could reduce acceptance of our AI-enabled products and services. If our AI tools or their outputs are harmful, biased, inaccurate, or otherwise controversial, we could face legal, competitive, or reputational damage, and customers may reduce or discontinue use of our offerings. Additionally, insufficient rights to use third-party AI tools, data, or content could result in violations of intellectual property, privacy, or contractual obligations.

We are also subject to evolving laws and regulations governing AI, including those related to privacy, data protection, intellectual property, and platform moderation. For example, there is currently uncertainty about the extent to which privacy and data protection laws apply to AI technologies and these requirements may conflict with our use of AI technologies. As a result, we may face increased difficulty operating these technologies, be subject to regulatory fines or penalties, be required to modify our business practices, retrain our AI systems, or even be prevented or restricted from using AI technologies altogether. New or changing legal requirements—such as the EU AI Act—may also require significant changes to our practices and increase compliance costs. Because the regulatory landscape for AI is rapidly evolving and varies by jurisdiction, we may face challenges in adapting our products and practices, and cannot predict all potential risks or liabilities related to AI use.

We and our customers are subject to increasing and changing laws and regulations that may expose us to liability and increase our costs.

Federal, state, local and foreign government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting the technology industry or the industries in which our customers operate, including imposing taxes, fees, or other charges. The costs of compliance with, and other burdens imposed by, industry-specific laws, regulations and interpretive positions may limit our customers’ use and adoption of our services and reduce overall demand for our services. Compliance with these regulations may also require us to devote greater resources to support certain customers, which may increase costs and lengthen sales cycles. For example, some financial services regulators in various jurisdictions have imposed guidelines for use of cloud computing services that mandate specific controls or require financial services enterprises to obtain regulatory approval prior to outsourcing certain functions.

Additionally, various of our products are subject to U.S. export controls, including the U.S. Department of Commerce’s Export Administration Regulations and economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Controls. These regulations may limit the export of our products and provision of our services outside of the U.S., or may require export authorizations, including by license, a license exception, or other appropriate government authorizations, including annual or semi-annual reporting and the filing of an encryption registration. Export control and economic sanctions laws may also include prohibitions on the sale or supply of certain of our products to embargoed or sanctioned countries, regions, governments, persons, and entities. In addition, various countries regulate the importation of certain products

through import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products. Import, export and economic sanctions laws may also change rapidly due to political events, such as has occurred in response to Russia’s invasion of Ukraine. The exportation, reexportation, and importation of our products, and the provision of services, including by our solution partners, must comply with these laws or else we may be adversely affected through reputational harm, government investigations, penalties, and a denial or curtailment of our ability to export our products or provide services. Complying with export control and sanctions laws can be time consuming and complex and may result in the delay or loss of sales opportunities. Although we take precautions to prevent our products from being provided in violation of such laws, we are aware of previous exports of certain of our products to a small number of persons and organizations that are the subject of U.S. sanctions or located in countries or regions subject to U.S. sanctions. If we are found to be in violation of U.S. sanctions or export control laws, it could result in substantial fines and penalties for us and for the individuals working for us. Changes in export or import laws or corresponding sanctions may delay the introduction and sale of our products in international markets, or, in some cases, prevent the export or import of our products to certain countries, regions, governments, persons or entities altogether, which could adversely affect our business, financial condition and results of operations. Changes in import and export laws are occurring in the jurisdictions in which we operate and we may fail to comply with new or changing regulations in a timely manner, which could result in substantial fines and penalties for us and could adversely affect our business, financial condition and results of operation.

We are also subject to various domestic and international anti-corruption laws, such as the U.S. Foreign Corrupt Practices Act and the UK Bribery Act, as well as other similar anti-bribery and anti-kickback laws and regulations. These laws and regulations generally prohibit companies and their employees and intermediaries from authorizing, offering, or providing improper payments or benefits to officials and other recipients for improper purposes. We rely on certain third parties to support our sales and regulatory compliance efforts and can be held liable for their corrupt or other illegal activities, even if we do not explicitly authorize or have actual knowledge of such activities. Although we take precautions to prevent violations of these laws, our exposure for violating these laws increases as our international presence expands and as we increase sales and operations in additional jurisdictions.

Regulators (both in the U.S. and in other jurisdictions in which we operate) may adopt new laws or regulations, change existing regulations, or their interpretation of existing laws or regulations may differ from ours. Additionally, many jurisdictions across the world are currently considering, or have already begun implementing, changes to antitrust and competition laws, regulations or their enforcement to enhance competition in digital markets and address practices by certain digital platforms that they perceive to be anticompetitive, which may impact our ability to invest in, acquire or enter into joint ventures with other entities.

New legislation, regulation, public policy considerations, changes in the cybersecurity environment, litigation by governments or private entities, changes to or new interpretations of existing laws may result in greater oversight of the technology industry, restrict the types of apps, agents, products and services that we can offer, limit how we can distribute our products, or otherwise cause us to change the way we operate our business. We may not be able to respond quickly to such regulatory, legislative, and other developments, and these changes may in turn increase our cost of doing business and limit our revenue opportunities. In addition, if our practices are not consistent with new interpretations of existing laws, we may become subject to lawsuits, penalties, and other liabilities that did not previously apply.

Our sales to U.S. government entities and contractors are subject to additional challenges and risks, including those related to FedRAMP compliance.

We offer apps, agents, products, and services to U.S. federal, state, and local government agencies, as well as to contractors and organizations that support them. We have obtained various government certifications and authorizations that are required to support sales opportunities to the government, including Federal Risk and Authorization Management Program (“FedRAMP”) Moderate, covering Jira, Confluence, and Jira Service Management. Maintaining FedRAMP and other similar restricted cloud environments places an increased compliance burden upon us, which may increase our internal costs to provide services to government agencies. Challenges and risks include:

•Maintaining FedRAMP authorization requires continuous monitoring, regular security assessments, and timely remediation of identified vulnerabilities. Any failure to meet these obligations, or any security incidents or breaches that demonstrate non-compliance with required controls, could result in loss of authorization, or otherwise undermine our trust with the authorizing agency, which would restrict our ability to serve public sector customers.

•Only products and features included within the FedRAMP authorization boundary are assessed for security compliance. Certain apps and integrations may not inherit FedRAMP status unless they are specifically evaluated and approved, which may limit the functionality available to government customers.

•The government security and certification requirements we are working towards (such as those for FedRAMP and related programs, including FedRAMP High and U.S. Department of Defense Impact Level 5), are subject to change. We are investing in expanding our compliance to higher security levels, but delays or inability to achieve these certifications could impact our competitiveness in the public sector.

•Government contracts may include terms that are less favorable than our standard agreements, and non-compliance with contract terms or regulatory requirements can result in severe penalties, including suspension or debarment from government contracting.

•Demand for our offerings from government customers may be influenced by public sector budget cycles, funding authorizations, and changes in government policy or administration priorities. Contracts with governmental entities are also subject to termination for the convenience of the customer.

•We may be subject to audits and investigations related to our government contracts that could result in severe consequences if violations are found, including contract termination, future debarment, payment suspensions, profit forfeiture, civil and criminal penalties, and administrative sanctions. These penalties could significantly damage our reputation and adversely affect our financial performance.

Our success in the government sector depends on our ongoing compliance efforts, our ability to expand the scope of authorized offerings, and our responsiveness to evolving regulatory and customer requirements. Any failure in these areas could adversely impact our business, reputation, and financial results.

Adverse litigation results could have a material adverse impact on our business.

We have in the past been, and in the future may continue to be, involved with claims, suits, purported class or representative actions, regulatory and government investigations, or other proceedings. The claims, suits, actions, regulatory and government investigations we face may involve intellectual property, labor and employment, competition, commercial disputes, data security and privacy, bankruptcy, tax and related compliance, and other matters. They could impose a significant burden on our management and employees, prevent us from offering one or more of our apps or products to others, require us to change our technology or business practices, or result in monetary damages, fines, injunctive relief, civil or criminal penalties, reputational harm, or other adverse consequences. Any litigation and other claims are subject to inherent uncertainties and a material adverse impact in our financial statements could occur for the period in which the effect of an unfavorable outcome becomes probable and reasonably estimable.

Any failure to meet the ESG standards set by various constituencies may damage our reputation or otherwise harm our business or financial condition.

As ESG best practices and reporting standards continue to develop, we expect to incur increasing costs relating to ESG monitoring, reporting, and compliance. If our ESG practices and reporting fail to meet such requirements, we may be exposed to risks of government or regulatory enforcement or liability. We voluntarily publish an annual Sustainability Report, which describes, among other things, the measurement of our greenhouse gas emissions and our efforts to reduce emissions. Our disclosures on these matters, or a failure to meet evolving stakeholder expectations for ESG practices and reporting, may potentially harm our

reputation and customer relationships. Due to new regulatory standards and market standards, certain new or existing customers, particularly those in the European Union, may impose stricter ESG guidelines or mandates for, and may scrutinize relationships more closely with, their counterparties, including us, which may lengthen sales cycles or increase our costs.

Furthermore, some investors may use ESG factors to guide their investment strategies and, in some cases, may choose not to invest in us if they believe our policies and actions relating to ESG are inadequate. In addition, in the event that we communicate certain initiatives or goals regarding ESG matters, we could fail, or be perceived to fail, in our achievement of such initiatives or goals, or we could be criticized for the scope of such initiatives or goals. If we fail to satisfy the expectations of investors, customers, employees and other stakeholders or our initiatives are not executed as planned, our business, financial condition, results of operations, and prospects could be adversely affected. Alternatively, any negative perceptions of any perceived insufficient or overdone pursuit of any ESG initiatives could also result in adverse impacts, including potential stakeholder engagement or litigation or other proceedings.

Risks Related to Ownership of Our Class A Common Stock

The dual class structure of our common stock has the effect of concentrating voting control with certain stockholders, in particular, our Co-Founders and their affiliates, which will limit our other stockholders’ ability to influence the outcome of important transactions, including a change in control.

Shares of our Class B Common Stock have ten votes per share and shares of our Class A Common Stock have one vote per share. The holders of our Class B Common Stock will collectively continue to control a majority of the combined voting power of our capital stock so long as the outstanding shares of our Class B Common Stock represent at least 10% of all shares of our outstanding Class A Common Stock and Class B Common Stock in the aggregate. Therefore, if Messrs. This will limit the ability or preclude the ability of our stockholders to influence corporate matters, including the election of directors and the amendments of our organizational documents.

At times, Messrs. Cannon-Brookes and Farquhar may have interests that differ from holders of our Class A Common Stock and may vote in a way that may be adverse to such interests. Cannon-Brookes’ case, as an executive officer, Messrs. Cannon-Brookes and Farquhar each owe statutory and fiduciary duties to Atlassian and must act in good faith and in a manner they consider would be most likely to promote the success of Atlassian for the benefit of stockholders as a whole. As stockholders, Messrs. Cannon-Brookes and Farquhar are entitled to vote their shares in their own interests, which may not always be in the interests of our stockholders generally.

The trading price of our Class A Common Stock is volatile, has fluctuated significantly in the past, and could continue to fluctuate significantly, regardless of our operating performance, in response to numerous factors, many of which are beyond our control, including:

•guidance regarding our operating results and other financial metrics that we provide to the public, differences between our guidance and market expectations, our failure to meet our guidance, any withdrawal of previous guidance or changes from our historical guidance;

•changes in investor and analyst valuation models for our Class A Common Stock;

•announcements of technological innovations, new applications or enhancements to services, acquisitions, strategic alliances, or significant agreements by us or by our competitors;

•disruptions in our services due to computer hardware, software, or network problems or any announcements related to security incidents;

•announcements of customer additions and customer cancellations or delays in customer purchases;

•recruitment or departure of key personnel;

•the economy as a whole, political and regulatory uncertainty, and market conditions in our industry and the industries of our customers;

•trading activity by directors, executive officers, and significant stockholders, or the perception in the market that the holders of a large number of shares intend to sell their shares;

•any future issuances of our securities; and

•any changes to our Share Repurchase Program (as defined below).

Additionally, the stock markets have at times experienced extreme price and volume fluctuations that have affected and may in the future affect the market prices of equity securities of many companies. These fluctuations have, in some cases, been unrelated or disproportionate to the operating performance of these companies. Further, the trading prices of many technology companies have been particularly volatile and fluctuated in a manner unrelated or disproportionate to the operating performance of those companies.

Large volatilities in the market price of our Class A Common Stock may subject us to securities class action litigation. For example, in February 2023, a purported securities class action complaint was filed against us and certain of our officers in U.S. federal court; this suit was dismissed in August 2024. Similar suits in the future could result in substantial costs and divert our management’s attention from other business concerns, which could harm our business.

Substantial future sales of our common stock could cause the market price of our Class A Common Stock to decline.

We have also registered shares of Class A Common Stock that we issue under our employee equity incentive plans. These shares may be sold freely in the public market upon issuance.

We cannot guarantee that our Share Repurchase Program will be fully consummated or that it will enhance long-term stockholder value. Repurchases of shares of our Class A Common Stock could also increase the volatility of the trading price of our Class A Common Stock and could diminish our cash reserves.

Our current share repurchase program covers $1.5 billion of our outstanding shares of Class A Common Stock (the “Share Repurchase Program”). It was authorized by the board of directors in September 2024 and commenced in April 2025. Under the Share Repurchase Program, stock repurchases may be made from time to time through open market purchases, in privately negotiated transactions, or by other means, including through the use of trading plans intended to qualify under Rule 10b5-1 under the Exchange Act, in accordance with applicable securities laws and other restrictions. The Share Repurchase Program does not have a fixed expiration date, may be suspended or discontinued at any time, and does not obligate us to acquire any amount of Class A Common Stock. The timing, manner, price, and amount of any repurchases will be determined by us at our discretion and will depend on a variety of factors, including business, economic and market conditions, prevailing stock prices, corporate and regulatory requirements, and other considerations. We cannot guarantee that the Share Repurchase Program will be fully consummated or that it will enhance long-term stockholder value. The Share Repurchase Program could also affect the trading price of our Class A Common Stock and increase volatility, and any announcement of a reduction, suspension or termination of the program may result in a decrease in the trading price of our Class A Common Stock. In addition, repurchasing our Class A Common Stock could diminish our cash and cash equivalents and marketable securities available to fund working capital, repayment of debt, capital expenditures, strategic acquisitions, investments, or business opportunities, and other general corporate purposes.

We do not expect to declare dividends in the foreseeable future.

We currently anticipate that we will retain future earnings for the development, operation, and expansion of our business and to fund our Share Repurchase Program, and do not anticipate declaring or paying any cash dividends for the foreseeable future. As a result, stockholders must rely on sales of their shares of Class A Common Stock after price appreciation, if any, as the only way to realize any future gains on their investment.

Anti-takeover provisions contained in our amended and restated certificate of incorporation, amended and restated bylaws, our Senior Notes, as well as provisions of Delaware law, could impair a takeover attempt.

Our amended and restated certificate of incorporation and amended and restated bylaws contain, and the General Corporation Law of the State of Delaware (the “Delaware General Corporation Law”) contains, provisions which could have the effect of rendering more difficult, delaying or preventing an acquisition deemed undesirable by our board of directors. These provisions provide for the following:

•a dual-class structure which provides our holders of Class B Common Stock with the ability to significantly influence the outcome of matters requiring stockholder approval, even if such holders own significantly less than a majority of the shares of our total outstanding stock;

•no cumulative voting in the election of directors, which limits the ability of minority stockholders to elect director candidates;

•the exclusive right of our board of directors to set the size of the board of directors and to elect a director to fill a vacancy, however occurring, including by an expansion of the board of directors, which prevents stockholders from being able to fill vacancies on our board of directors;

•the ability of our board of directors to authorize the issuance of shares of preferred stock and to determine the price and other terms of those shares, including voting or other rights or preferences, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;

•the ability of our board of directors to alter our amended and restated bylaws without obtaining stockholder approval;

•in addition to our board of directors’ ability to adopt, amend, or repeal our amended and restated bylaws, our stockholders may adopt, amend, or repeal our amended and restated bylaws only with the affirmative vote of the holders of at least 66 2/3% of the voting power of the outstanding shares of capital stock entitled to vote generally in the election of directors, voting together as a single class;

•the required approval of at least 66 2/3% of the voting power of the outstanding shares of capital stock entitled to vote thereon, voting together as a single class, to adopt, amend, or repeal certain provisions of our amended and restated certificate of incorporation;

•the ability of stockholders to act only at an annual or special meeting of stockholders;

•the requirement that a special meeting of stockholders may be called only by certain specified officers of the Company, a majority of our board of directors then in office or the chairperson of our board of directors;

•advance notice procedures that stockholders must comply with in order to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us; and

•the limitation of liability of, and provision of indemnification to, our directors and officers.

These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management.

In addition, the change in control repurchase event provisions of our Senior Notes may delay or prevent a change in control of the Company, because those provisions allow note holders to require us to repurchase such notes upon the occurrence of a fundamental change or change in control repurchase event. As a Delaware corporation, we are also subject to provisions of the Delaware General Corporation Law, including Section 203 thereof, which prevents some stockholders holding more than 15% of our outstanding common stock from engaging in certain business combinations without approval of the holders of substantially all of our outstanding common stock. Any provision of our amended and restated certificate of incorporation, amended and restated bylaws, Senior

Notes or the Delaware General Corporation Law that has the effect of delaying or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our common stock, and could also affect the price that some investors are willing to pay for our common stock.

Claims for indemnification by our directors and officers may reduce our available funds to satisfy successful third-party claims against us and may reduce the amount of money available to us.

Our amended and restated certificate of incorporation and amended and restated bylaws provide that we will indemnify our directors and officers, in each case to the fullest extent permitted by Delaware law.

In addition, as permitted by Section 145 of the Delaware General Corporation Law, our amended and restated bylaws, and our indemnification agreements that we have entered or intend to enter into with our directors and officers provide that:

•we will indemnify our directors and officers to the fullest extent permitted by Delaware law. Delaware law provides that a corporation may indemnify such person if such person acted in good faith and in a manner such person reasonably believed to be in or not opposed to the best interests of the registrant and, with respect to any criminal proceeding, had no reasonable cause to believe such person’s conduct was unlawful;

•we may, in our discretion, indemnify employees and agents in those circumstances where indemnification is permitted by applicable law;

•we are required to advance expenses, as incurred, to our directors and officers in connection with defending a proceeding, except that such directors or officers will undertake to repay such advances if it is ultimately determined that such person is not entitled to indemnification;

•the rights conferred in our amended and restated bylaws are not exclusive, and we are authorized to enter into indemnification agreements with our directors, officers, employees, and agents and to obtain insurance to indemnify such persons, both of which we have done; and

•we may not retroactively amend our amended and restated bylaw provisions to reduce our indemnification obligations to directors, officers, employees, and agents.

While we have procured directors’ and officers’ liability insurance policies, such insurance policies may not be available to us in the future at a reasonable rate, may not cover all potential claims for indemnification, and may not be adequate to indemnify us for all liability that may be imposed.

Our amended and restated certificate of incorporation and amended and restated bylaws provide for an exclusive forum in the Court of Chancery of the State of Delaware for certain disputes between us and our stockholders, and that the federal district courts of the United States will be the exclusive forum for the resolution of any complaint asserting a cause of action under the Securities Act.

Our amended and restated certificate of incorporation and amended and restated bylaws provide, that unless we consent in writing to the selection of an alternative forum, (a) the Court of Chancery of the State of Delaware (or, if such court does not have subject matter jurisdiction thereof, the federal district court for the District of Delaware or other state courts of the State of Delaware) will, to the fullest extent permitted by law, be the sole and exclusive forum for: (i) any derivative action, suit or proceeding brought on behalf of the Company, (ii) any action, suit or proceeding asserting a claim of breach of a fiduciary duty owed by any director, officer or stockholder to the Company or our stockholders, (iii) any action, suit or proceeding arising pursuant to any provision of the Delaware General Corporation Law or our amended and restated certificate of incorporation or amended and restated bylaws, or (iv) any action, suit or proceeding asserting a claim against the Company that is governed by the internal affairs doctrine; and (b) the federal district courts of the United States will be the exclusive forum for the resolution of any complaint asserting a cause or causes of action arising under the Securities Act, including all causes of action asserted against any defendant to such complaint. Any person or entity purchasing or otherwise acquiring any interest in any security of the Company will be deemed to have notice of and consented to these provisions. Nothing in our amended and restated certificate of incorporation or amended and restated bylaws precludes stockholders that assert claims under the Exchange Act, from bringing such claims in federal court to the extent that the Exchange Act confers exclusive federal jurisdiction over such claims, subject to applicable law.

We believe these provisions may benefit us by providing increased consistency in the application of Delaware law and federal securities laws by chancellors and judges, as applicable, particularly experienced in resolving corporate disputes, efficient administration of cases on a more expedited schedule relative to other forums and

protection against the burdens of multi-forum litigation. If a court were to find the choice of forum provision that is contained in our amended and restated certificate of incorporation or amended and restated bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could materially adversely affect our business, results of operations, and financial condition. For example, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder. Accordingly, there is uncertainty as to whether a court would enforce such a forum selection provision as written in connection with claims arising under the Securities Act.

The choice of forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our current or former director, officer or stockholder to the Company, which may discourage such claims against us or any of our current or former director, officer or stockholder to the Company and result in increased costs for investors to bring a claim.

General Risk Factors

Our global operations subject us to risks that can harm our business, results of operations, and financial condition.

Operating globally requires significant resources and management attention and subjects us to regulatory, economic, geographic, and political risks. In particular, our global operations subject us to a variety of additional risks and challenges, including:

•increased management, travel, infrastructure, and legal compliance costs associated with having operations in many countries;

•difficulties in enforcing contracts, including “clickwrap” contracts that are entered into online, of which we have historically relied as part of our product licensing strategy, but which may be subject to additional legal uncertainty in some foreign jurisdictions;

•increased financial accounting and reporting burdens and complexities;

•requirements or preferences within other regions for domestic products, and difficulties in replacing products offered by more established or known regional competitors;

•differing technical standards, existing or future regulatory and certification requirements, and required features and functionality;

•communication and integration problems related to entering and serving new markets with different languages, cultures, and political systems;

•compliance with foreign privacy and security laws and regulations and the risks and costs of non-compliance;

•compliance with laws and regulations for foreign operations, including anti-bribery laws (such as the U.S. Foreign Corrupt Practices Act, the U.S. Travel Act, and the UK Bribery Act), import and export control laws, tariffs, trade barriers, economic sanctions, and other regulatory or contractual limitations on our ability to sell our offerings in certain foreign markets, and the risks and costs of non-compliance;

•heightened risks of unfair or corrupt business practices in certain geographies that may impact our financial results and result in restatements of our consolidated financial statements;

•fluctuations in currency exchange rates, interest rates, and related effects on our results of operations;

•difficulties in repatriating or transferring funds from, or converting currencies in certain countries;

•weak economic conditions in any country or region in which we operate or sell our offerings, including due to rising inflation or hyperinflation, and related interest rate increases;

•geopolitical and economic risks relating to general political and economic instability around the world, including in the Middle East and Ukraine, and uncertainty regarding or any impacts from the imposition of and changes in trade policies, including trade wars, tariffs or other trade restrictions or the threat of such actions;

•differing labor standards, including restrictions related to, and the increased cost of, terminating employees in some countries;

•difficulties in recruiting and hiring employees in certain countries;

•the preference for localized software and licensing programs and localized language support;

•reduced protection for intellectual property rights in some countries and practical difficulties associated with enforcing our legal rights abroad;

•impacts of pandemics or public health emergencies; and

•compliance with the laws of numerous foreign taxing jurisdictions, including withholding obligations, and overlapping of different tax regimes.

Compliance with laws and regulations applicable to our global operations substantially increases our cost of doing business in foreign jurisdictions. We may be unable to keep current with changes in government requirements as they change from time to time. Failure to comply with these laws and regulations could harm our business. In many countries, it is common for others to engage in business practices that are prohibited by our internal policies and procedures or other regulations applicable to us. Although we have implemented policies and procedures designed to ensure compliance with these regulations and policies, there can be no assurance that all of our employees, contractors, business partners and agents will comply with these regulations and policies. Violations of laws, regulations or key control policies by our employees, contractors, business partners, or agents could result in delays in revenue recognition, financial reporting misstatements, enforcement actions, reputational harm, disgorgement of profits, fines, civil and criminal penalties, damages, injunctions, other collateral consequences, or the prohibition of the importation or exportation of our offerings and could harm our business, results of operations, and financial condition.

Our success depends largely upon the continued services of our executive officers and key employees. We rely on our leadership team and other key employees in the areas of research and development, products, strategy, operations, security, go-to-market, marketing, IT, support, and general and administrative functions. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives, which could disrupt our business. For example, one of our former Co-Chief Executive Officers stepped down from his executive officer role and into an advisory role, effective August 31, 2024, and, on August 7, 2025, we announced that our President will be stepping down, effective December 31, 2025. We do not have employment agreements with our executive officers or other key personnel that require them to continue to work for us for any specified period and, therefore, they are able to terminate their employment with us at any time.

In addition, in order to execute our growth plan, we must attract and retain highly qualified personnel. For example, we hired a new Chief Revenue Officer, effective January 1, 2025. Competition for highly qualified personnel is intense, and many of the companies with which we compete for experienced personnel have greater resources than we have. We have from time to time experienced, and we expect to continue to experience, difficulty hiring and retaining employees with appropriate qualifications. In particular, recruiting and hiring senior product engineering personnel, especially those with experience in designing and developing software and cloud-based services or with AI and machine learning backgrounds, has been, and we expect it to continue to be, challenging. Furthermore, as we hire employees from competitors or other companies, prior employers may attempt to assert that the employees or we have breached certain legal obligations, resulting in a diversion of our time and resources.

Any reorganizational efforts we conduct, such as our March 2023 rebalancing to improve operational efficiencies and operating costs, may have an adverse effect on our ability to attract and retain employees. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. We have experienced large fluctuations in our stock price since the end of fiscal year 2021. If the value or perceived value of our equity awards declines, it could harm our ability to recruit and retain

highly skilled employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business, results of operations and financial condition could be harmed.

Catastrophic events may disrupt our business.

Natural disasters, pandemics other public health emergencies, geopolitical conflicts, social or political unrest, or other catastrophic events may cause damage or disruption to our operations, international commerce, and the global economy, and thus could harm our business. We have a large employee presence and operations in Australia and the San Francisco Bay Area of California. Australia has experienced significant wildfires and flooding that have impacted our employees. The west coast of the United States contains active earthquake zones and is often at risk from wildfires. In the event of a major earthquake, hurricane, typhoon or catastrophic event such as fire, power loss, telecommunications failure, cyber-attack, war or terrorist attack in any of the regions or localities in which we operate, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our application development, lengthy interruptions in our product availability, breaches of data security and loss of critical data, all of which could harm our business, results of operations and financial condition.

Additionally, we rely on our network and suppliers of third-party infrastructure and applications, internal technology systems, and our websites for our development, marketing, internal controls, operational support, hosted services, and sales activities. If these systems were to fail or be negatively impacted as a result of a malfunction, natural disaster, disease or pandemic, or catastrophic event, our ability to conduct normal business operations and deliver our offerings to customers could be impaired.

As we grow our business, the need for business continuity planning and disaster recovery plans will grow in significance. If we are unable to develop adequate plans to ensure that our business functions continue to operate during and after a disaster, disease or pandemic, or catastrophic event, or if we are unable to successfully execute on those plans, our business and reputation could be harmed.

Climate change may have a long-term impact on our business.

The long-term effects of climate change on the global economy and the technology industry in particular are unclear; however, we recognize that there are inherent climate-related risks wherever business is conducted. Furthermore, failure to achieve or advance towards our public sustainability commitments and objectives regarding climate action may have an adverse effect on our standing with investors, suppliers, and customers, as well as on our financial results and our capacity to attract and retain skilled individuals. In addition, any negative perceptions of our pursuit of climate action sustainability initiatives could also result in adverse impacts, including potential stakeholder engagement or litigation.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

ITEM 1C. CYBERSECURITY

Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program includes a cybersecurity incident response plan.

We design and assess our program based on the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”) and Secure Software Development Framework (“SSDF”).

Cybersecurity risks are incorporated into our overall enterprise risk management program. Our Chief Trust Officer (“CTrO”) reports to our Chief Technology Officer and oversees our trust and overarching security strategy.

Our Chief Information Security Officer (“CISO”) reports to our CTrO and oversees the technical identification, assessment and management of cybersecurity risks relevant to our business.

Our cybersecurity risk management program includes, among other elements:

•Risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment.

•A Security team, principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents.

•The use of external service providers, where appropriate, to assess, test, respond to or otherwise assist with aspects of our security controls, as well as maturity assessments of our cybersecurity program.

•Implementation of new hire and annual data privacy and cybersecurity training of all employees, including senior management; annual role-based training for employees in specific incident response roles, as well as for employees with specific access to systems, devices, or locations, and targeted cybersecurity incident simulation training held on a recurring basis.

•Incident response playbooks and standard operating procedures outlining procedures for detecting, responding to, and mitigating cybersecurity incidents. Depending on the nature and severity of an incident, responses may involve escalating notification to our Chief Executive Officer and our board of directors.

•Post-incident reviews are conducted for major incidents, and to determine steps that may be taken to mitigate identified risks and reduce the likelihood of reoccurrence.

•Internal policies designed to protect our systems and operations, including (1) a data classification and labelling standard to evaluate the confidentiality level of internal information, (2) a cloud continuity policy to address experience disruption for cloud customers, and (3) a business resilience policy to provide a framework for operations during and after disruption events.

•A third-party risk management process for service providers, suppliers, and vendors. When third-party provider incidents occur, we assess their materiality to our operations and investigate accordingly.

We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, whether individually or in the aggregate, have materially affected or are reasonably likely to materially affect us, our business, and our results of operations in Part I, Item 1A in this Annual Report on Form 10-K, which disclosures are incorporated by reference herein.

Cybersecurity Governance

Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to its audit committee (the “Audit Committee”) oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program, and it reports to the full board of directors regarding its activities, including those related to cybersecurity. Our CTrO and CISO provide updates on significant risks to the Audit Committee quarterly and also provide updates to the full board of directors at least biannually.

The CTrO’s role involves managing cybersecurity risks and reviewing whether the company’s security practices align with customer expectations and industry standards. Our CISO leads our Security organization and is responsible for all security-related activities and controls at Atlassian. This includes defining the security strategy, developing, and enforcing security standards, and managing security technologies. The CISO also oversees security operations, incident response, and reviews compliance with legal and regulatory requirements. Our CISO has served in his role since December 2024 and also has extensive experience in cybersecurity, including serving as Chief Information Security Officer of a large publicly-traded enterprise software company. Our CTrO and CISO oversee our efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal personnel, threat intelligence, and

other information obtained from governmental, public, or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the IT environment.

Within the Trust and Security organizations, we implement a structured approach to proactively manage cybersecurity risks. Our Security Governance, Risk and Compliance team monitors, assesses, and coordinates proactive identification and remediation efforts for cybersecurity risks impacting Atlassian. Our Security team includes individuals with experience across a broad range of cybersecurity areas, including, but not limited to: product security; cloud security; infrastructure security; security monitoring and incident response; identity and access management; vulnerability management; and governance, risk, and compliance.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
BIVI	2 hours ago
EAT	2 hours ago
AMCR	3 hours ago
HRB	3 hours ago
TEAM	3 hours ago
AIT	10 hours ago
INBS	10 hours ago
TAYD	11 hours ago
COHR	22 hours ago
AVT	1 day, 1 hour ago
TPR	1 day, 12 hours ago
MSS	1 day, 21 hours ago
WDC	1 day, 22 hours ago
YYAI	2 days, 1 hour ago
SRCO	2 days, 2 hours ago
MSGE	2 days, 2 hours ago
PFGC	2 days, 3 hours ago
CMPR	1 week ago
LNBY	1 week ago
RMD	1 week ago
CRMT	1 week, 1 day ago
PTON	1 week, 1 day ago
LFCR	1 week, 1 day ago
ATGE	1 week, 1 day ago
OTEX	1 week, 1 day ago
CACI	1 week, 1 day ago
ADP	1 week, 2 days ago
PCTY	1 week, 2 days ago
NWSA	1 week, 2 days ago
FOXA	1 week, 2 days ago
LRN	1 week, 3 days ago
NRUC	1 week, 3 days ago
BR	1 week, 3 days ago
PG	1 week, 4 days ago
RELL	1 week, 4 days ago
CNTM	1 week, 4 days ago
SXI	1 week, 6 days ago
STX	2 weeks ago
TPCS	2 weeks, 2 days ago
MSFT	2 weeks, 2 days ago
APLD	2 weeks, 2 days ago
WOR	2 weeks, 2 days ago
NEOG	2 weeks, 2 days ago
WS	2 weeks, 3 days ago
USAU	2 weeks, 3 days ago
NORD	2 weeks, 3 days ago
MMEX	2 weeks, 3 days ago
GFMH	2 weeks, 3 days ago
VALU	2 weeks, 3 days ago
UUU	2 weeks, 3 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - TEAM

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - TEAM

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing