Autodesk Inc. Common Stock

ITEM 1A.RISK FACTORS

We operate in a rapidly changing environment that involves significant risks, a number of which are beyond our control. In addition to the other information contained in this Quarterly Report on Form 10-Q, the following discussion highlights some of these risks and the possible impact of these factors on our business, financial condition, and future results of operations. If any of the following risks actually occur, our business, financial condition, or results of operations may be adversely impacted, causing the trading price of our common stock to decline. In addition, these risks and uncertainties may impact the forward-looking statements described elsewhere in this Quarterly Report on Form 10-Q and in the documents incorporated herein by reference. They could affect our actual results of operations, causing them to differ materially from those expressed in forward-looking statements.

Summary of Risk Factors

60

Our business is subject to numerous risks and uncertainties that you should consider before investing in our securities. These risks are described more fully below and include, but are not limited to, risks relating to the following:

59

Our strategy to develop and introduce new products and services, exposing us to risks such as limited customer acceptance (both with new and existing customers), costs related to product defects, and large expenditures.

Global economic and political conditions.

Costs and challenges associated with strategic acquisitions and investments.

Dependency on international revenue and operations, exposing us to significant international regulatory, economic, intellectual property, collections, currency exchange rate, taxation, political, and other risks.

Inability to predict subscription renewal rates and their impact on our future revenue and operating results.

Existing and increased competition and rapidly evolving technological changes.

Fluctuation of our financial results, key metrics and other operating metrics.

Deriving a substantial portion of our net revenue from a small number of solutions, including our AutoCAD-based software products and collections.

Any failure to successfully execute and manage initiatives to realign or introduce new business and sales initiatives.

Net revenue, billings, earnings, cash flow, or subscriptions shortfalls or volatility of the market causing the market price of our stock to decline.

Challenges relating to the proper management and governance of our use of AI in our offerings.

Security incidents compromising the integrity of our or our customers offerings, services, data, or intellectual property.

Reliance on third parties to provide us with a number of operational and technical services as well as software.

Our highly complex software, which may contain undetected errors, defects, or vulnerabilities, and is subject to service disruptions, degradations, outages or other performance problems.

Increasing regulatory focus on privacy, data protection, and information security issues and expanding laws.

Governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate the controls.

Protection of our intellectual property rights and intellectual property infringement claims from others.

The government procurement process.

Fluctuations in currency exchange rates.

Our debt service obligations.

Our investment portfolio consisting of a variety of investment vehicles that are subject to interest rate trends, market volatility, and other economic factors.

Risks Relating to Our Business and Strategy

Our strategy to develop and introduce new products and services exposes us to risks such as limited customer acceptance (both with new and existing customers), costs related to product defects, and large expenditures, each of which may result in no additional net revenue or decreased net revenue.

The software industry is characterized by rapid technological changes as well as changes in customer requirements and preferences. In recent years, the industry has undergone a transition from developing and selling perpetual licenses and on-premises products to subscriptions and cloud-enabled technologies. Both new and existing customers are also reconsidering how they purchase software products, which requires us to constantly evaluate our business model and strategy. In response, we are focused on providing solutions to enable our customers to be more agile and collaborative on their projects. We devote significant resources to the development of new technologies. If we are unable to provide new features, enhancements to user experience, and modifications in a timely and cost-effective manner that achieve market acceptance, align with customer expectations, and that keep pace with rapid technological developments and changing regulatory landscapes, our business and operating results could be adversely affected. For example, AI and machine learning are propelling advancements in technology, but if they are not widely adopted and accepted or fail to operate as expected, our business and reputation may be harmed.

In addition, we frequently introduce new business models or methods that require a considerable investment of technical and financial resources, such as our introduction of flexible subscription and service offerings and our transition of multi-subscription plans to named-user plans. It is uncertain whether these strategies, including our product and pricing changes, will accurately reflect customer demand or be successful, or whether we will be able to develop the necessary infrastructure and

61

business models more quickly than our competitors. We make such investments through further development and enhancement of our existing products and services, as well as through acquisitions. Such investments may not result in sufficient revenue

60

generation to justify their costs and could result in decreased net revenue or profitability. If we are not able to meet customer requirements, either with respect to new customers or existing customers, and either with respect to our software or the manner in which we provide such products, or if we are not able to adapt our business model to meet our customers requirements, our business, financial condition, or results of operations may be adversely impacted.

In particular, a critical component of our growth strategy is to have customers of our AutoCAD and AutoCAD LT products, as well as other individual Autodesk products, expand their portfolios to include our other offerings and cloud-based functionality, and we are taking steps to accelerate this migration. At times, sales of our AutoCAD and AutoCAD LT or individual Autodesk flagship products have decreased without a corresponding increase in Industry Collections or cloud-based functionality revenue, or without purchases of customer seats to our Industry Collections. Should this continue, our results of operations will be adversely affected.

Our executive management team must continuously act quickly and with vision, given the rapidly changing customer expectations and technology advancements inherent in the software industry, the extensive and complex efforts required to create useful and widely accepted products, and the rapid evolution of cloud computing, mobile devices, new computing platforms, and other technologies, such as consumer products. Although we have articulated a strategy that we believe will fulfill these challenges, if we fail to execute properly on that strategy or adapt the strategy as market conditions evolve, we may fail to meet our customers expectations, be unable to compete with our competitors' products and technology, and lose the confidence of our channel partners and employees. This in turn could adversely affect our business and financial performance.

Global economic and political conditions may further impact our industries, business, and financial results.

Our overall performance depends largely upon domestic and worldwide economic and political conditions. The United States and other countries economies have experienced cyclical downturns, in which economic activity was impacted by falling demand for a variety of goods and services, restricted credit, poor liquidity, decreased government spending, reduced corporate profitability, volatility in credit, equity, and foreign exchange markets, inflationary pressures and higher interest rates, bankruptcies, and overall uncertainty. These economic conditions can occur abruptly. For example, current geopolitical and global macro-economic challenges have caused uncertainty in the global economy, and an economic downturn or recession in the United States or in other countries may occur or has already occurred and may continue. The extent to which these challenges will impact our financial condition or results of operations is still uncertain and will continue to depend on developments such as the impact of these challenges on our customers, vendors, distributors, and resellers, such as the supply chain disruption and resulting inflationary pressures and global labor shortage that we have seen recently, material scarcity, as well as other factors; actions taken by governments, businesses, and consumers in response to these challenges; speed and timing of economic recovery, including in specific geographies; our billings and renewal rates, including new business close rates, rate of multi-year contracts, pace of closing larger transactions, and new unit volume growth; wars and armed conflicts, including the ongoing wars between Ukraine and Russia and between Israel and Hamas; foreign exchange rate fluctuations; and the effect of these challenges on margins and cash flow. All of these factors continue to evolve and remain uncertain at this time, and some of these factors are not within our control. If economic growth in countries where we do business slows or if such countries experience further economic recessions, customers may delay or reduce technology purchases, which we have seen recently in certain countries including China. Our customers include government entities, including the U.S. federal government, and if spending cuts impede the ability of governments to purchase our products and services, our revenue could decline. In addition, a number of our customers rely, directly and indirectly, on government spending.

As described elsewhere in these risk factors, we are dependent on international revenue and operations and are subject to related risks of conducting business globally. Trends toward nationalism and protectionism and the weakening or dissolution of international trade pacts may increase the cost of, or otherwise interfere with, conducting business. These trends have increased political and economic unpredictability globally and may increase the volatility of global financial markets, and the impact of such developments on the global economy remains uncertain. Political instability or adverse political developments in any of the countries in which we do business could harm our business, results of operations, and financial condition. A financial sector credit crisis could impair credit availability and the financial stability of our customers, including our distribution partners and channels. A disruption in the financial markets may also have an effect on our derivative counter-parties and could also impair our banking partners, on which we rely for operating cash management. War, including the ongoing wars between Ukraine and Russia and between Israel and Hamas, and any related political or economic responses and counter-responses or otherwise by various global actors or the general effect on the global economy, could also affect our business. Any of these events could harm our business, results of operations, and financial condition.

Our business could be adversely impacted by the costs and challenges associated with strategic acquisitions and investments.

62

We regularly acquire or invest in businesses, software solutions, and technologies that are complementary to our business through acquisitions, strategic alliances, or equity or debt investments, including several transactions in fiscal 2024 and the six

61

nine months ended JulyOctober 31, 2024. The risks associated with such acquisitions include the difficulty of integrating solutions, operations, and personnel; inheriting liabilities such as intellectual property infringement claims; failure to realize anticipated revenue and cost projections and expected synergies; the requirement to test and assimilate the internal control processes of the acquired business in accordance with the requirements of Section 404 of the Sarbanes-Oxley Act of 2002; and diversion of management's time and attention. In addition, such acquisitions and investments involve other risks such as:

the inability to retain customers, key employees, vendors, distributors, business partners, and other entities associated with the acquired business;

the potential that due diligence of the acquired business or solution does not identify significant problems;

exposure to litigation or other claims in connection with, or inheritance of claims or litigation risk as a result of, an acquisition, including claims from terminated employees, customers, or other third parties;

the potential for incompatible business cultures;

significantly higher than anticipated transaction or integration-related costs;

the potential that acquired businesses or businesses that we invest in may not have adequate controls, processes, and procedures to ensure compliance with laws and regulations, including with respect to data privacy, data protection, and data security, as well as anti-bribery and anti-corruption laws, export controls, sanctions and industry-specific-regulation;

potential additional exposure to economic, tax, currency, political, legal, and regulatory risks and liabilities, including risks associated with specific countries; and

the potential impact on relationships with existing customers, vendors, and distributors as business partners as a result of acquiring another business.

We may not be successful in overcoming such risks, and such acquisitions and investments may negatively impact our business. In addition, if we do not complete an announced acquisition transaction or integrate an acquired business successfully and in a timely manner, we may not realize the benefits of the acquisition to the extent anticipated. Acquisitions and investments have in the past and may in the future contribute to fluctuations in our quarterly financial results. These fluctuations could arise from transaction-related costs and charges associated with eliminating redundant expenses or write-offs of impaired assets recorded in connection with acquisitions and investments, and could negatively impact our financial results.

We are dependent on international revenue and operations, exposing us to significant international regulatory, economic, intellectual property, collections, currency exchange rate, taxation, political, and other risks, which could adversely impact our financial results.

International net revenue represented 64% of our net revenue forduring both the sixnine months ended JulyOctober 31, 2024 and 2023, respectively. Our international revenue, some of which comes from emerging economies, is subject to economic and political conditions in foreign markets, including those resulting from economic and political conditions in the United States. For example, we have recently seen a deceleration in growth in certain geographies including China. Our total revenue is also impacted by the relative geographical and country mix of our revenue over time. Our dependency on international revenue makes us much more exposed to global economic and political trends, which can negatively impact our financial results even if our results in the United States are strong for a particular period.

We anticipate that our international operations will continue to account for a significant portion of our net revenue and, as we expand our international development, sales, and marketing expertise, will provide significant support to our overall efforts in countries outside of the United States. Risks inherent in our international operations include:

economic volatility;

tariffs, quotas, and other trade barriers and restrictions, including any political or economic responses and counter-responses or otherwise by various global actors to the ongoing wars between Ukraine and Russia and between Israel and Hamas;

fluctuating currency exchange rates, including devaluations, currency controls, and inflation, and risks related to any hedging activities we undertake;

changes in regulatory requirements and practices;

delays resulting from difficulty in obtaining export licenses for certain technology;

different purchase patterns as compared to the developed world;

623

operating in locations with a higher incidence of corruption and fraudulent business practices, particularly in emerging economies;

compliance with the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act, and other anti-corruption laws;

difficulties in staffing and managing foreign sales and development operations;

local competition;

longer collection cycles for accounts receivable;

U.S. and foreign tax law changes and the complexities of tax reporting;

laws regarding the free flow of data across international borders and management of and access to data and public networks;

possible future limitations upon foreign-owned businesses;

increased financial accounting and reporting burdens and complexities;

inadequate local infrastructure;

greater difficulty in protecting intellectual property;

software piracy; and

other factors beyond our control, including popular uprisings, terrorism, war (including the ongoing wars between Ukraine and Russia and between Israel and Hamas, and any related political or economic responses and counter-responses or otherwise by various global actors or the general effect on the global economy), natural disasters, and diseases and pandemics, such as COVID-19.

Some of our business partners also have international operations and are subject to the risks described above.

The application of the Trade and Cooperation Agreement between the European Union, the European Atomic Energy Community, and the United Kingdom signed in December 2020 (the TCA), which took effect January 1, 2021, could have adverse tax, tax treaty, banking, operational, legal, regulatory, or other impacts on our businesses in the region. The withdrawal could also, among other potential outcomes, create currency volatility; disrupt the free movement of goods, services, and people between the United Kingdom and the European Union; and significantly disrupt trade between the United Kingdom and the European Union and other parties. Uncertainty around these and related issues could lead to adverse effects on the United Kingdom economy, the European Union economies, and the other economies in which we operate.

In addition, in recent years, the United States has instituted or proposed changes to foreign trade policy, including the negotiation or termination of trade agreements, the imposition of tariffs on products imported from certain countries, economic sanctions on individuals, corporations, or countries, and other government regulations affecting trade between the United States and other countries in which we do business. More recently, the United States and other global actors have imposed sanctions as a result of the war against Ukraine launched by Russia and the ongoing war between Israel and Hamas. New or increased tariffs and other changes in U.S. trade policy, including new sanctions, could trigger retaliatory actions by affected countries, including Russia. In addition, certain foreign governments, including the Chinese government, have instituted or considered imposing trade sanctions on certain U.S.-manufactured goods. The escalation of protectionist or retaliatory trade measures in either the United States or any other countries in which we do business, such as announcing sanctions, a change in tariff structures, export compliance, or other trade policies, may increase the cost of, or otherwise interfere with, the conduct of our business, and could have a material adverse effect on our operations and business outlook.

Even if we are able to successfully manage the risks of international operations, our business may be adversely affected if our business partners are not able to successfully manage these risks.

We may not be able to predict subscription renewal rates and their impact on our future revenue and operating results.

We are dependent on attracting new customers as well as renewing and expanding our business with existing customers. Our customers are not obligated to renew their subscriptions for our offerings, and they may elect not to renew, upgrade, or expand their subscriptions. We cannot assure renewal rates or the mix of subscriptions renewals. Customer renewal rates may decline or fluctuate due to a number of factors, including offering pricing; competitive offerings; customer satisfaction; and reductions in customer spending levels, customer activity, or number of users due to economic downturns or financial markets uncertainty. If our customers do not renew their subscriptions or if they renew on less favorable terms, our revenues may decline.

Existing and increased competition and rapidly evolving technological changes may reduce our revenue and profits.

634

The software industry has limited barriers to entry, and the availability of computing devices with continually expanding performance at progressively lower prices contributes to the ease of market entry. The industry has undergone a transition from developing and selling perpetual licenses and on-premises products to subscriptions and cloud-enabled technologies. This shift further lowers barriers to entry and poses a disruptive challenge to established software companies. The markets in which we operate are characterized by vigorous competition, both by entrants with innovative technologies and by consolidation of companies with complementary offerings and technologies. Some of our competitors have greater financial, technical, sales and marketing, and other resources. Our competitors may also be able to develop and market new technologies that render our existing or future products less competitive. For example, disruptive technologies such as machine learning and other AI technologies may significantly alter the market for our products in unpredictable ways and reduce customer demand. Furthermore, a reduction in the number and availability of compatible third-party applications or our inability to rapidly adapt to technological and customer preference changes, including those related to cloud computing, mobile devices, and new computing platforms, may adversely affect the sale of our solutions. Because of these and other factors, competitive conditions in the industry are likely to intensify in the future. Increased competition could result in price reductions, reduced net revenue and profit margins, and loss of market share, any of which would likely harm our business.

Our financial results, key metrics, and other operating metrics fluctuate within each quarter and from quarter to quarter, making our future revenue and financial results difficult to predict.

Our quarterly financial results, key metrics, and other operating metrics have fluctuated in the past and will continue to do so in the future. These fluctuations c have in the past caused and could in the future cause our stock price to change significantly or experience declines. We also provide investors with quarterly and annual financial forward-looking guidance that could prove to be inaccurate as a result of these fluctuations. In addition to the other risks described in these risk factors, some of the factors that chave in the past caused and could in the future cause our financial results, key metrics, and other operating metrics to fluctuate include:

general market, economic, business, and political conditions in Europe, APAC, and emerging economies, including from an economic downturn or recession in the United States or other countries;

failure to produce sufficient revenue, billings, subscription, profitability, and cash flow growth;

failure to accurately predict the impact of acquired businesses or to identify and realize the anticipated benefits of acquisitions, and successfully integrate such acquired businesses and technologies;

shift to named-user plans and annual billing of multi-year contracts, which impacted the timing of our billings and cash collections in fiscal year 2024 and which is expected to continue into fiscal year 2025;

our ability to successfully introduce and expand new transaction models such as Flex;

potential goodwill impairment charges related to prior acquisitions;

failure to manage spend;

changes in billings linearity;

changes in subscription mix, pricing pressure, or changes in subscription pricing;

weak or negative growth in one or more of the industries we serve, including AEC, manufacturing, and digital media and entertainment markets;

the success of new business or sales initiatives;

security breaches, related reputational harm, and potential financial penalties to customers and government entities;

restructuring or other accounting charges and unexpected costs or other operating expenses;

timing of additional investments in our technologies or deployment of our services;

changes in revenue recognition or other accounting guidelines employed by us and/or established by the Financial Accounting Standards Board, Securities and Exchange Commission, or other rulemaking bodies;

fluctuations in foreign currency exchange rates and the effectiveness of our hedging activity;

dependence on and timing of large transactions;

adjustments arising from ongoing or future tax examinations;

the ability of governments around the world to adopt fiscal policies, meet their financial and debt obligations, and finance infrastructure projects;

failure to expand our AutoCAD and AutoCAD LT customer base to related design products and services;

our ability to rapidly adapt to technological and customer preference changes, including those related to cloud computing, mobile devices, and new computing platforms;

timing of the introduction of new products by us or our competitors;

the financial and business condition of our reseller and distribution channels;

645

perceived or actual technical or other problems with a product or combination of subscriptions;

unexpected or negative outcomes of matters and expenses relating to litigation or regulatory inquiries;

increases in cloud functionality-related expenses;

timing of releases and retirements of offerings;

changes in tax laws or tax or accounting rules and regulations, such as increased use of fair value measures;

changes in sales compensation practices;

failure to effectively implement and maintain our copyright legalization programs, especially in developing countries;

renegotiation or termination of royalty or intellectual property arrangements;

interruptions or terminations in the business of our consultants or third-party developers;

timing and degree of expected investments in growth and efficiency opportunities;

failure to achieve continued success in technology advancements;

catastrophic events, natural disasters, or public health events, such as pandemics and epidemics, including COVID-19;

regulatory compliance costs; and

failure to appropriately estimate the scope of services under consulting arrangements.

We have also experienced fluctuations in financial results in interim periods in certain geographic regions due to seasonality or regional economic or political conditions. In particular, our financial results, key metrics, or other operating metrics in Europe during our third quarter are usually affected by a slower summer period, and our APAC operations typically experience seasonal slowing in our fourth quarter. War, including the ongoing wars between Ukraine and Russia and between Israel and Hamas, and any related political or economic responses and counter-responses or otherwise by various global actors or the general effect on the global economy, could also affect our business.

Our operating expenses are based in part on our expectations for future revenue and are relatively fixed in the short term. Accordingly, any revenue shortfall below expectations has had, and in the future could have, an immediate and significant adverse effect on our profitability. Greater than anticipated expenses or a failure to maintain rigorous cost controls would also negatively affect profitability.

We derive a substantial portion of our net revenue from a small number of solutions, including our AutoCAD-based software products and collections, and if these offerings are not successful, our revenue would be adversely affected.

We derive a substantial portion of our net revenue from sales of subscriptions of a limited number of our offerings, including AutoCAD software, solutions based on AutoCAD, which include our collections that serve specific markets, and products that are interoperable with AutoCAD. Any factor adversely affecting sales of these subscriptions, including the product release cycle, market acceptance, product competition, performance and reliability, reputation, price competition, economic and market conditions, and the availability of third-party applications, would likely harm our financial results. During the sixnine months ended JulyOctober 31, 2024 and 2023, combined revenue from our AutoCAD and AutoCAD LT family products, not including collections having AutoCAD or AutoCAD LT as a component, represented 26% and 27% of our total net revenue, respectively.

From time to time we realign or introduce new business and sales initiatives; if we fail to successfully execute and manage these initiatives, our results of operations could be negatively impacted.

As part of our effort to accommodate our customers needs and demands and the rapid evolution of technology, from time to time we evolve our business and sales initiatives, such as shifting to annual billing of multi-year contracts, introducing and expanding new business models such as the new transaction model and Flex, realigning our development and marketing organizations, offering software as a service, and realigning our internal resources in an effort to improve efficiency. We may take such actions without clear indications that they will prove successful and, at times, we have been met with short-term challenges in the execution of such initiatives. Market acceptance of any new business or sales initiative is dependent on our ability to match our customers needs at the right time and price. Often, we have limited prior experience and operating history in these new areas of emphasis. If any of our assumptions about expenses, revenue, or revenue recognition principles from these initiatives proves incorrect, or our attempts to improve efficiency are not successful, our actual results may vary materially from those anticipated, and our financial results will be negatively impacted.

Net revenue, billings, earnings, cash flow, or subscriptions shortfalls or volatility of the market generally may cause the market price of our stock to decline.

656

The market price for our common stock has experienced significant fluctuations and may continue to fluctuate significantly. The market price for our common stock  has in the past been, and in the future may be, affected by a number of factors, including the other risks described in these risk factors and the following:

shortfalls in our expected financial results, including net revenue, billings, earnings, and cash flow or key performance metrics, such as subscriptions, and how those results compare to securities analyst expectations, including whether those results fail to meet, exceed, or significantly exceed securities analyst expectations;

quarterly variations in our or our competitors results of operations;

general socioeconomic, political, or market conditions, including from an economic downturn or recession in the United States or in other countries;

changes in forward-looking estimates of future results, how those estimates compare to securities analyst expectations, or changes in recommendations or confusion on the part of analysts and investors about the short- and long-term impact to our business;

uncertainty about certain governments abilities to repay debt or effect fiscal policy;

announcements of new offerings or enhancements by us or our competitors;

unusual events such as significant acquisitions, divestitures, regulatory actions, and litigation;

changes in laws, rules, or regulations applicable to our business;

outstanding debt service obligations;

actions by activist shareholders or others, and our response to such actions; and

other factors, including factors unrelated to our operating performance, such as instability affecting the economy or the operating performance of our competitors.

Significant changes in the price of our common stock could expose us to costly and time-consuming litigation. Historically, after periods of volatility in the market price of a company's securities, a company becomes more susceptible to securities class action litigation. This type of litigation is often expensive and diverts managements attention and resources.

As a result of our strategy of partnering with other companies for product development, our product delivery schedules could be adversely affected if we experience difficulties with our product development partners.

We partner with certain independent firms and contractors to perform some of our product development activities. We believe our partnering strategy allows us to achieve efficiencies in developing new products and maintaining and enhancing existing product offerings. This strategy creates a dependency on independent developers. Independent developers, including those who currently develop solutions for us in the United States and throughout the world, may not be able or willing to provide development support to us in the future. In addition, use of development resources through consulting relationships, particularly in non-U.S. jurisdictions with developing legal systems, may be adversely impacted by, and expose us to risks relating to, evolving employment, export, and intellectual property laws. These risks could, among other things, expose our intellectual property to misappropriation and result in disruptions to product delivery schedules.

We incorporate AI into our offerings, and challenges with properly managing its use could result in competitive harm, reputational harm, or liability, and adversely affect our results of operations.

We are increasingly building AI into many of our offerings. We expect to rely on AI technologies to help drive future growth in our business, but there can be no assurance that we will realize the desired or anticipated benefits from AI or at all. We may also fail to properly implement or market our AI offerings. As with many innovations, AI presents risks and challenges that could affect its adoption, and therefore our business. Our competitors or other third parties may incorporate AI into their products more quickly or more successfully than us, which could impair our ability to compete effectively and adversely affect our results of operations. Additionally, our offerings based on AI may expose us to additional lawsuits and regulatory investigations and subject us to legal liability as well as brand and reputational harm. For example, if the content, analyses, or recommendations that AI applications assist in producing are or are alleged to be deficient, inaccurate, or biased, our business, financial condition, and results of operations may be adversely affected. The use of AI applications has resulted in, and may in the future result in, cybersecurity incidents that implicate the personal data of end users of such applications. Any such cybersecurity incidents related to our use of AI applications could adversely affect our reputation and results of operations.

Social and ethical issues relating to the use of new and evolving technologies such as AI in our offerings, may result in reputational harm and liability, and may cause us to incur additional research and development costs to resolve such issues. AI presents emerging ethical issues and if we enable or offer solutions that draw controversy due to their perceived or actual

667

impact on society, we may experience brand or reputational harm, competitive harm, or legal liability. Potential government regulation in the space of AI ethics may also increase the burden and cost of research and development in this area, subjecting us to brand or reputational harm, competitive harm, or legal liability. Failure to address AI ethics issues by us or others in our industry could undermine public confidence in AI and slow adoption of AI in our products and services.

The Audit Committee internal investigation has been time-consuming and expensive, has resulted in the filing of lawsuits, and may result in additional expense and/or litigation.

As previously disclosed on April 1, 2024, the Audit Committee commenced an internal investigation with the assistance of outside counsel and advisors, regarding Autodesks free cash flow and non-GAAP operating margin practices. The results of that investigation were announced on May 31, 2024.

We have incurred significant expenses, including audit, legal, consulting and other professional fees, in connection with the investigation, and we could be forced to incur asignificant additional time and expense as a result of the investigation. The incurrence of significant additional expense, or the requirement that management devote significant time that could reduce the time available to execute on our business strategies, could have an adverse effect on our business, results of operations and financial condition.

Autodesk voluntarily contacted the Securities and Exchange Commission (the SEC) to advise it that an internal investigation was ongoing. Autodesk is cooperating with the SECs investigation. Furthermore, if the SEC commences legal action, we could be required to pay significant penalties and become subject to injunctions, a cease and desist order and other equitable remedies. In addition, the United States Attorneys Office for the Northern District of California contacted us regarding the Audit Committee investigation. We cannot guarantee that we will not receive inquiries from other regulatory authorities regarding the investigation, or that we will not be subject to future claims, investigations or proceedings. Any future inquiries from the SEC or other regulatory authorities, or future claims or proceedings or any related regulatory investigation will, regardless of the outcome, likely consume a significant amount of our internal resources and result in additional legal and accounting costs. We can provide no assurances as to the outcome of any governmental investigation.

In addition, we and certain of our officers and directors have been named in purported shareholder litigation arising out of our announcement of the investigation. For additional discussion, see Part II, Item 1. Legal Proceedings and Note 17 to our Consolidated Financial Statements. The pending litigation, and any future litigation, investigation or other actions that may be filed or initiated against us or our officers or directors, may be time consuming and expensive. We cannot predict what losses we may incur in these litigation matters, and contingencies related to our obligations under the federal and state securities laws, or in other legal proceedings or governmental investigations or proceedings related to these matters.

Any legal proceedings, if decided adversely to us, could result in significant monetary damages, penalties and reputational harm, and will likely involve significant defense and other costs. We have entered into indemnification agreements with each of our directors and certain of our officers, and our bylaws require us to indemnify each of our directors and officers. Further, our insurance may not cover all claims that have been or may be brought against us, and insurance coverage may not continue to be available to us at a reasonable cost. As a result, we may be exposed to substantial uninsured liabilities, including pursuant to our indemnification obligations, which could adversely affect our business, prospects, results of operations and financial condition.

Risks Relating to Our Operations

Security breaches or incidents may compromise the integrity of our or our customers systems, solutions, offerings, services, applications, data, or intellectual property, harm our reputation, damage our competitiveness, create additional liability, and adversely impact our financial results.

As we digitize Autodesk and use cloud- and web-based technologies to leverage customer data to deliver the total customer experience, we are exposed to increased security risks and the potential for unauthorized access to, or improper use, disclosure, or other processing of, our and our customers information. Like other software offerings and systems, ours are vulnerable to security breaches and incidents, including those from acquired companies. Also, our ability to mitigate the risk of security breaches and incidents may be impacted by our limited control over our customers or third-party technology providers and vendors, or the processing of data by third-party technology providers and vendors, which may not allow us to maintain the integrity or security of such transmissions or processing. We devote significant resources in an effort to maintain the security and integrity of our systems, offerings, services, and applications (online, mobile, and desktop). Despite these efforts, we may not preventare subject to security breaches orand incidents, and we may face delays orand other difficulties in identifying, responding to, or remediating security breaches or incidents.

6768

Hackers regularly have targeted our systems, offerings, services, and applications, and we expect them to do so in the future. To date, such identified security events have not been material or significant to us or our customers, including to our reputation or business operations, or had a material financial impact, but there can be no assurance that future cyberattacks will not be material or significant. Security breaches or incidents could ddisrupt the proper functioning of our systems, solutions, offerings, applications, or services; cause errors in the output of our customers work; allow unauthorized access to or unauthorized use, disclosure, modification, loss, unavailability, or destruction of, sensitive data or intellectual property, including proprietary or confidential information of ours or our customers; or cause other destructive or disruptive outcomes. The risk of a security incident, particularly through cyber-attack or cyber intrusion, including by computer hackers, foreign governments, and cyber terrorists, has increased as the number, intensity, and sophistication of attempted attacks and intrusions from around the world have increased. These threats include, among others, identity theft, unauthorized access, DNS attacks, wireless network attacks, viruses and worms, malware, bugs, vulnerabilities, advanced persistent threats, application-centric attacks, peer-to-peer attacks, social engineering, phishing, credential stuffing, malicious file uploads, backdoor trojans, supply chain attacks, ransomware attacks, and distributed denial of service attacks. In addition, third parties may attempt to fraudulently induce our employees, vendors, partners, customers, or users to disclose information to gain access to our data or our customers or users data and there is the risk of employee, contractor, or vendor error or malfeasance. These existing risks are compounded given the shift in recent years to work-from-home arrangements for a large population of employees and contractors, as well as employees and contractors of our third-party technology providers and vendors, and the risks could also be elevated in connection with the ongoing war between Ukraine and Russia as we and our third-party technology providers and vendors are vulnerable to a heightened risk of cyberattacks from or affiliated with nation-state actors, including retaliatory attacks from Russian actors against U.S.-based companies. Despite our significant efforts to create security barriers to such threats, we cannot entirely mitigate these risks, and there is no guarantee that inadvertent or unauthorized use or disclosure of such information will not occur or that third parties will not gain unauthorized access to such information.

Many governments have enacted laws requiring companies to provide notice of security breaches or incidents involving certain types of personal data and personal information. We are also contractually required to notify certain customers of certain security breaches or incidents. Any security breach or incident suffered, or believed to have been suffered, by us or by our technology providers or vendors could result in harm to our reputation and competitive position, difficulty attracting new customers (including government customers), retaining existing customers, and securing payment from customers, our expenditure of significant capital and other resources to evaluate and alleviate the security incident and to try to prevent further or additional incidents, and regulatory inquiries, investigations, and other proceedings, private claims, demands, lawsuits, potential liability, and the potential loss of our authorization under the Federal Risk and Authorization Management Program (FedRAMP). We could incur significant costs and liabilities, including due to litigation, indemnity obligations, damages for contract breach, penalties for violation of applicable laws or regulations, and costs for remediation and other incentives offered to customers or other business partners in an effort to maintain business relationships after a security breach or incident, and our financial performance could be negatively impacted.

We cannot assure you that any limitations of liability provisions in our contracts would be enforceable or adequate or would otherwise protect us from any liabilities or damages with respect to any particular claim relating to a security incident. We also cannot be sure that our existing insurance coverage will continue to be available on acceptable terms or will be available in sufficient amounts to cover one or more large claims related to a security incident, or that the insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.

Our use of third-party open source software could negatively affect our ability to sell subscriptions to access our products and subject us to possible litigation and greater security risks.

We use third-party open source software. From time to time, companies that use third-party open source software have faced claims challenging the use of such open source software and compliance with the open source software license terms. Accordingly, we may be subject to suits by parties claiming ownership of what we believe to be open source software or claiming non-compliance with the applicable open source licensing terms. Some open source software licenses require end-users, who distribute or make available across a network software and services that include open source software, to make publicly available or to license all or part of such software (which in some circumstances could include valuable proprietary code, such as modifications or derivative works created, based upon, incorporating, or using the open source software) under the terms of the particular open source license. While we employ practices designed to monitor our compliance with the licenses of third-party open source software and protect our valuable proprietary source code, we may inadvertently use third-

69

party open source software in a manner that exposes us to claims of non-compliance with the terms of the applicable license,

68

including claims of intellectual property rights infringement or for breach of contract. Furthermore, there exists today an increasing number of types of open source software licenses, almost none of which have been tested in courts of law to provide clarity on their proper legal interpretation. If we were to receive a claim of non-compliance with the terms of any of these open source licenses, we may be required to publicly release certain portions of our proprietary source code. We could also be required to expend substantial time and resources to re-engineer some or all of our software. Any of the foregoing could materially adversely affect our business, financial condition, results of operations, and prospects.

In addition, the use of third-party open source software typically exposes us to greater risks than the use of third-party commercial software because open source licensors generally do not provide warranties or controls on the functionality or origin of the software. Use of open source software may also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to determine how to compromise our platform. Any of the foregoing could materially adversely affect our business, financial condition, results of operations, and prospects and could help our competitors develop products and services that are similar to or better than ours.

We rely on third parties to provide us with a number of operational and technical services; third-party security incidents could result in the loss of our or our customers data, expose us to liability, harm our reputation, damage our competitiveness, and adversely impact our financial results.

We rely on third parties, such as Amazon Web Services, to provide us with operational and technical services. These third parties may have access to our systems, provide hosting services, or otherwise process data about us or our customers, employees, or partners. Our ability to monitor such third parties security measures is limited. There have been and may continue to be significant supply chain attacks, and we cannot guarantee that our or our such third parties systems have not been breached or otherwise compromised or that they do not contain exploitable defects, bugs, or vulnerabilities that could result in an incident, breach, or other disruption to, our or these third parties systems. Any security breach or incident involving such third parties could compromise the integrity or availability of, or result in the theft or unauthorized use, modification, or other processing of, our and our customers data. In addition, our operations or the operations of our customers or partners could be negatively affected in the event of a security breach or incident and could be subject to the loss or theft of confidential or proprietary information, including source code. Unauthorized access to or other processing of data and other confidential or proprietary information may be obtained through break-ins, network breaches by unauthorized parties, employee theft or misuse, or other misconduct. If any of the foregoing were to occur or to be perceived to occur, our reputation may suffer, our competitive position may be diminished, customers may buy fewer of our offerings and services, we could face lawsuits, regulatory investigation, fines, and potential liability, and our financial results could be negatively impacted.

Delays in service from third-party service providers could expose us to liability, harm our reputation, damage our competitiveness, and adversely impact our financial results.

From time to time, we may rely on a single or limited number of suppliers, or upon suppliers in a single country, for the provision of services and materials that we use in the operation of our business and production of our solutions. Inability of such third parties to satisfy our requirements could disrupt our operations or make it more difficult for us to implement our strategy. If any of these situations were to occur, our reputation could be harmed, we could be subject to third-party liability, including under laws relating to privacy, data protection, and information security in certain jurisdictions, and our financial results could be negatively impacted.

We are investing in resources to update and improve our information technology systems to digitize Autodesk and support our customers. Should our investments not succeed, or if delays or other issues with new or existing information technology systems disrupt our operations, our business could be harmed.

We rely on our network and data center infrastructure, technology systems, and websites for our development, marketing, operational, support, sales, accounting, and financial reporting activities. We continually invest resources to update and improve these systems to meet the evolving requirements of our business and customers. In particular, our transition to cloud-based products and a subscription-only business model involves considerable investment in the development of technologies, as well as back-office systems for technical, financial, compliance, and sales resources. Such improvements are often complex, costly, and time consuming. In addition, such improvements can be challenging to integrate with our existing technology systems, or may uncover problems with those systems. Unsuccessful implementation of hardware or software updates and improvements could result in disruption in our business operations, loss of customers, loss of revenue, errors in our accounting and financial reporting, or damage to our reputation, all of which could harm our business.

6970

Our software solutions are highly complex and may contain undetected errors, defects, or vulnerabilities, and are subject to service disruptions, degradations, outages or other performance problems, each of which could harm our business and financial performance.

The software solutions that we offer are complex and, despite extensive testing and quality control, may contain errors, defects, or vulnerabilities. Some errors, defects, or vulnerabilities in our software solutions may only be discovered after they have been released. In addition, we have experienced, and may in the future experience, service disruptions, degradations, outages, and other performance problems in connection with our software solutions.

Any errors, defects, vulnerabilities, service disruptions, degradations, outages or other performance problems could result in the need for corrective releases to our software solutions, damage to our reputation, damage to our customers businesses, loss of revenue, an increase in subscription cancellations, or lack of market acceptance of our offerings, any of which would likely harm our business and financial performance.

If we do not maintain good relationships with the members of our distribution channel, or if our distribution channel suffers financial losses, becomes financially unstable or insolvent, or is not provided the right mix of incentives to sell our subscriptions, our ability to generate revenue will be adversely affected.

We sell our software products both directly to end users and through a network of distributors and resellers. For the sixnine months ended JulyOctober 31, 2024 and 2023, approximately 610% and 643%, respectively, of our revenue was derived from indirect channel sales through distributors and resellers, and we expect that the majority of our revenue will continue to be derived from indirect channel sales in the near future. Our ability to effectively distribute our solutions depends in part upon the financial and business condition of our distributor and reseller network. Computer software distributors and resellers typically are not highly capitalized, and have previously experienced difficulties during times of economic contraction as well as during the past several years. We have processes to ensure that we assess the creditworthiness of distributors and resellers prior to our sales to them. In the past we have taken steps to support them, and may take additional steps in the future, such as extending credit terms and adjusting our incentives. These steps, if taken, could harm our financial results. If our distributors and resellers were to become insolvent, they would not be able to maintain their business and sales or provide customer support services, which would negatively impact our business and revenue.

We rely significantly upon major distributors and resellers in both the U.S. and international regions. Of our distributors, TD Synnex accounted for 375% and 40% of our total net revenue for the sixnine months ended JulyOctober 31, 2024 and 2023, respectively. During October 2022, we entered into a transition agreements with each of TD Synnex and Ingram Micro Inc. to provide transition distribution activities for a one-to-two-year period, with potential extensions. In connection the third fiscal quarter of 2025, we entered into a new distribution agreement with TD Synnex for government business in certain jurisdictions. Existing distribution agreements will continue in emerging markets. In connection with such transition agreements, we intend to increase our selling efforts with value-added resellers and agents. During the transition period, we believe the resellers and end users who currently purchase our products through TD Synnex and Ingram Micro Inc. will be able to continue to do so, and following the transition period, we believe such end users will be able to continue to purchase our products from certain value-added resellers or directly from Autodesk, in each case under substantially the same terms and without substantial disruption to our revenue. However, if during the transition period, TD Synnex or Ingram Micro Inc. were to experience a significant business disruption or if our relationship with either were to significantly deteriorate, it is possible that our ability to sell to end users would, at least temporarily, be negatively impacted. Also, if any of our assumptions about our end users, value added resellers, distributors, or agents or our direct selling capabilities proves incorrect, these changes could harm our business. This could, in turn, negatively impact our financial results.

Over time, we have modified and especially during the transition process noted above, will continue to modify aspects of our relationship with our distributors and resellers, such as their incentive programs, pricing to them, and our distribution model to motivate and reward them for aligning their businesses with our strategy and business objectives. Changes in these relationships and underlying programs could negatively impact their business and harm our business. Further, our distributors and resellers may lose confidence in our business, move to competitive products, or not have the skills or ability to support customers. The loss of or a significant reduction in business with those distributors or resellers could harm our business. In particular, if one or more of such distributors or resellers were unable to meet their obligations with respect to accounts payable to us, we could be forced to write off such accounts and may be required to delay the recognition of revenue on future sales to these customers. These events could have a material adverse effect on our financial results.

We rely on software from third parties, and a failure to properly manage our use of third-party software could result in increased costs or loss of revenue.

7071

Many of our products are designed to include software licensed from third parties. Such third-party software includes software licensed from commercial suppliers and under public open source licenses. While we have internal processes to manage our use of such third-party software, if such processes are inadequate, we may be subject to copyright infringement or other third-party claims. If we are non-compliant with a license for commercial software, we may be required to pay penalties or undergo costly audits pursuant to the license agreement. In the case of open-source software licensed under certain copyleft licenses, the license itself, or a court-imposed remedy for non-compliant use of the open source software, may require that proprietary portions of our own software be publicly disclosed or licensed. This could result in a loss of intellectual property rights, increased costs, re-engineering of our software, damage to our reputation, or loss of revenue.

In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties, support, indemnities, assurances of title or controls on origin of the software, or other contractual protections regarding infringement claims or the quality of the code. Likewise, some open source projects have known security and other vulnerabilities and architectural instabilities, or are otherwise subject to security attacks due to their wide availability, and are provided on an as-is basis.

Our business could be adversely affected if we are unable to attract and retain key personnel.

Our success and ability to invest and grow depend largely on our ability to attract and retain highly skilled technical, professional, managerial, sales, and marketing personnel. Historically, competition for these key personnel has been intense. The loss of services of any of our key personnel, including key personnel joining our company through acquisitions, inability to retain and attract qualified employees in the future, or delays in hiring required personnel, particularly engineering and sales personnel, could make it difficult to meet key objectives, such as timely and effective product introductions and financial goals.

We rely on third-party technologies and if we are unable to use or integrate these technologies, our solutions and service development may be delayed and our financial results negatively impacted.

We rely on certain software that we license from third parties, including software that is integrated with internally developed software and used in our offerings to perform key functions. These third-party software licenses may not continue to be available on commercially reasonable terms, and the software may not be appropriately supported, maintained, or enhanced by the licensors. The loss of licenses to, or inability to support, maintain, and enhance any such software could result in increased costs or delays until equivalent software can be developed, identified, licensed, and integrated, which would likely harm our business.

Disruptions in licensing relationships and with third-party developers could adversely impact our business.

We license certain key technologies from third parties. Licenses may be restricted in the term or the use of such technology in ways that negatively affect our business. Similarly, we may not be able to obtain or renew license agreements for key technology on favorable terms, if at all, and any failure to do so could harm our business. Our business strategy has historically depended in part on our relationships with third-party developers who provide products that expand the functionality of our design software. Some developers may elect to support other products or may experience disruption in product development and delivery cycles or financial pressure during periods of economic downturn. In particular markets, such disruptions have in the past, and would likely in the future, negatively impact these third-party developers and end users, which could harm our business.

Technology created by outsourced product development, whether outsourced to third parties or developed externally and transferred to us through business or technology acquisitions, involves additional risks such as effective integration into existing products, adequate transfer of technology know-how, and ownership and protection of transferred intellectual property.

Risks Relating to Laws and Regulations

Increasing regulatory focus on privacy, data protection, and information security issues and new and expanding laws may impact our business and expose us to increased liability.

Our strategy to digitize Autodesk involves increasing our use of cloud- and web-based technologies and applications to leverage customer data to improve our offerings for the benefit of our customers. To accomplish this strategy, we must collect and otherwise process customer data, which may include personal data and personal information of users from different

72

jurisdictions globally. We also collect and otherwise process personal data and personal information of our employees and

71

contractors. As a result, federal, state, and global laws relating to privacy, data protection, and information security apply to Autodesks personal data and personal information processing activities. The scope of these laws and regulations is rapidly evolving, subject to differing interpretations, may be inconsistent among jurisdictions, or conflict with other rules and is likely to remain uncertain for the foreseeable future. We also expect that there will continue to be new laws, regulations, and industry standards concerning privacy, data protection, and information security proposed and enacted in various jurisdictions. Globally, laws such as the General Data Protection Regulation (EU) 2016/679 (GDPR) in the European Union (EU) and the Personal Information Protection Law (PIPL) in China have been enacted, and numerous other countries have proposed or have enacted laws concerning privacy, data protection, and information security. In addition, new and emerging state laws in the United States governing privacy, data protection, and information security, such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and numerous laws in other states, many of which provide for obligations similar to the CCPA and CPRA, have been enacted. These laws and regulations, as well as industry self-regulatory codes, industry standards, and other actual and asserted obligations to which we are or may be asserted to be subject, create new compliance obligations and substantially expand the scope of potential liability and provide greater penalties for non-compliance. For example, the GDPR provides for penalties of up to 20 million or 4% of a companys annual global revenue, whichever is greater, the PIPL provides for penalties of up to 50 million renminbi or 5% of a company's annual revenue and disgorgement of all illegal gains, whichever is greater, and the CCPA provides for penalties of up to $7,500 per violation. These laws, regulations, and codes may also impact our innovation and business drivers in developing new and emerging technologies (e.g., AI and machine learning). These requirements, among others, may impact demand for our offerings and force us to bear the burden of expanded obligations in our contracts.

In addition, there is continued instability of international personal data transfer legal mechanisms that are complex, uncertain, and subject to active litigation and enforcement actions in a number of jurisdictions around the world. For example, on June 4, 2021, the European Commission published a new set of modular standard contractual clause (SCCs), providing for an 18-month implementation period, which became effective on June 29, 2021, and imposes on companies obligations relating to personal data transfers, including the obligation to conduct a transfer impact assessment and, depending on a partys role in the transfer, to implement additional security measures and to update internal privacy practices. We may, in addition to other impacts, be required to expend significant time and resources to update our contractual arrangements and to comply with new obligations, and we face exposure to regulatory actions, substantial fines and injunctions in connection with transfers of personal data from the EU.

In addition, the United Kingdoms (UK) exit from the EU, and ongoing developments in the UK, have created uncertainty with regard to data protection regulation in the UK. Data processing in the UK is now governed by the UK General Data Protection Regulation and supplemented by other domestic data protection laws, such as the UK Data Protection Act 2018, which authorizes fines of up to 17.5 million or 4% of annual global revenue, whichever is higher. We are also exposed to potentially divergent enforcement actions for certain violations. Furthermore, the new SCCs apply only to the transfer of personal data outside the EU and not the UK. Although the European Commission adopted an adequacy decision for the UK on June 28, 2021, allowing the continued flow of personal data from the EU to the UK, this decision will be regularly reviewed going forward and may be revoked if the UK diverges from its current adequate data protection laws following its exit from the EU. On February 2, 2022, the UKs Information Commissioners Office issued new standard contractual clauses to support personal data transfers out of the UK (UK SCCs), which became effective March 21, 2022. We may, in addition to other impacts, experience additional costs associated with increased compliance burdens and be required to engage in new contract negotiations with third parties that aid in processing personal data on our behalf or localize certain personal data. On March 25, 2022, the United States and EU announced an agreement in principle to replace the EU-U.S. Privacy Shield transfer framework with the Trans-Atlantic Data Privacy Framework (EU-U.S. DPF). On July 10, 2023, the European Commission adopted an adequacy decision in relation to the EU-U.S. DPF, allowing the EU-U.S. DPF to be utilized as a means of legitimizing EU-U.S. personal data transfers for participating entities. We are evaluating whether the EU-U.S. DPF will be appropriate for us to utilize. The EU-U.S. DPF may be subject to legal challenges from privacy advocacy groups or others, and the European Commissions adequacy decision regarding the EU-U.S. DPF provides that the EU-U.S. DPF will be subject to future reviews and may be subject to suspension, amendment, repeal, or limitations to its scope by the European Commission.

Further, several European data protection authorities recently indicated that the use of Google Analytics by European website operators involves the unlawful transfer of personal data to the United States. As the enforcement landscape further develops, and depending on the impacts of these rulings and other developments with respect to cross-border data transfer, we could suffer additional costs, complaints and/or regulatory investigations or fines, have to stop using certain tools and vendors, and make other operational changes.

Several other countries, including China, Australia, New Zealand, Brazil, and Japan, have also established specific legal requirements for cross-border data transfers. There is also an increasing trend towards data localization policies. For example, in 2021, China introduced localization requirements for certain data. Other countries, such as India, also are considering data localization requirements. If this trend continues, and countries implement more restrictive regulations for cross-border personal

73

data transfers (or do not permit personal data to leave the country of origin), it could affect the manner in which we provide our

72

services, the geographical location or segregation of our relevant systems and operations, and our business, financial condition, and results of operations in those jurisdictions could be impacted.

In addition, the CPRA and many of the other new state laws addressing privacy and information security, including those that have become or will become effective in 2024, provide for additional obligations such as data minimization and storage limitations, granting additional rights to consumers such as correction of personal information and additional opt-out rights. The CPRA also created a new agency to implement and enforce the law. These new state laws have required us to modify our data processing practices and policies and may cause us to make additional modifications, and to incur substantial costs and expenses, in our efforts to comply. Laws in all 50 states, and some of our contracts, require us to provide notice under certain circumstances to customers whose personal information has been disclosed as a result of a data breach. Also, if third parties we work with, such as suppliers, violate applicable data protection laws or regulations, such violations may also put our users information at risk and could materially adversely affect our business, financial condition, results of operations, and prospects. Additionally, in addition to government activity, privacy advocacy groups and technology and other industries are considering various new, additional, or different self-regulatory standards that may place, or be asserted to place, additional burdens on us. Evolving legislation and the interplay of federal and state laws may be subject to varying interpretations by courts and government agencies, creating complex compliance issues and have and may cause variation in requirements, increase restrictions and potential legal risk and impact strategies and the availability of previously useful data, potentially exposing us to additional expense, adverse publicity, and liability.

In the EU and the UK, regulators are increasingly focusing on compliance with requirements in the online behavioral advertising ecosystem, and current national laws that implement the ePrivacy Directive are likely to be replaced by an EU regulation known as the ePrivacy Regulation, which is expected to significantly increase fines for non-compliance. While the text of the ePrivacy Regulation is under development, recent European case law and regulators recent guidance are driving increased attention to cookies and tracking technologies. This could lead to substantial costs, require significant system changes, limit the effectiveness of our marketing activities, divert the attention of our technology personnel, adversely affect our margins, increase costs, and subject us to additional liabilities. Regulation of cookies and similar technologies, and any decline of cookies or similar online tracking technologies as a means to identify and potentially target users, may lead to broader restrictions and impairments on our marketing and personalization activities and may negatively impact our efforts to understand our customers.

Governments, regulators, plaintiffs attorneys, privacy advocates have increased their focus on how companies collect, process, use, store, share, and transmit personal data and personal information. Any perception of our practices, products, offerings, or services as a violation of individual privacy or data protection rights may subject us to public criticism, lawsuits, reputational harm, or investigations, claims, demands, or other proceedings by regulators, industry groups or other third parties, all of which could disrupt or adversely impact our business and expose us to increased liability. Moreover, because the interpretation and application of many laws, regulations, and other actual and asserted obligations relating to privacy, data protection, and information security are uncertain, it is possible that these laws, regulations, and obligations may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our products, offerings, and services. We could be required to fundamentally change our business activities and practices or modify our offerings and services, any of which could require significant additional expense and adversely affect our business, including impacting our ability to innovate, delaying our development roadmap and adversely affecting our relationships with customers and our ability to compete. If we are obligated to fundamentally change our business activities and practices or modify our products, offerings, or services, we may be unable to make such changes and modifications in a commercially reasonable manner, or at all, and our ability to develop new products, offerings, and services could be limited.

We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate the controls.

Our offerings are subject to export controls and economic sanctions laws and regulations that prohibit the delivery of certain solutions and services without the required export authorizations or export to locations, governments, and persons targeted by applicable sanctions. While we have processes to prevent our offerings from being exported in violation of these laws, including obtaining authorizations as appropriate and screening against U.S. government and international lists of restricted and prohibited persons, we cannot guarantee that these processes will prevent all violations of export control and sanctions laws.

If our channel partners fail to obtain appropriate import, export, or re-export licenses or permits, we may also be adversely affected, through reputational harm as well as other negative consequences including government investigations and penalties. We presently incorporate export control and sanctions compliance requirements in our channel partner agreements. Complying

734

with export control and sanctions regulations for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities. Violations of applicable sanctions or export control laws can result in fines or penalties.

For additional risks regarding sanctions and trade protectionism, please see the risk factor entitled We are dependent on international revenue and operations . . . earlier in this section.

If we are not able to adequately protect our proprietary rights, our business could be harmed.

We rely on a combination of patent, copyright, and trademark laws, trade secret protections, confidentiality procedures, and contractual provisions to protect our proprietary rights. However, the steps we take to protect our intellectual property rights may be inadequate. While we have patent applications pending in the United States and throughout the world, we may be unable to obtain patent protection for the technology covered in our patent applications. In addition, any patents issued to us in the future may not provide us with competitive advantages or may be successfully challenged by third parties. Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our efforts to protect our proprietary rights, unauthorized parties from time to time have copied or reverse engineered aspects of our software or have obtained and used information that we regard as proprietary. Policing unauthorized use of our software is time-consuming and costly. We are unable to measure the extent to which unauthorized use of our software exists and we expect that unauthorized use of software will remain a persistent problem, particularly in emerging economies.

Additionally, we actively protect the secrecy of our confidential information and trade secrets, including our source code. If unauthorized disclosure of our source code occurs, we could potentially lose future trade secret protection for that source code. Unauthorized disclosure of our source code could make it easier for third parties to compete with our offerings by copying functionality, which could adversely affect our financial performance and our reputation. We also seek to protect our confidential information and trade secrets through the use of non-disclosure agreements with our employees, customers, contractors, vendors, and partners. However, it is possible that our confidential information and trade secrets may be disclosed or published without our authorization. If this were to occur, it may be difficult and/or costly for us to enforce our rights, and our financial performance and reputation could be negatively impacted.

We may face intellectual property infringement claims that could be costly to defend and result in the loss of significant rights.

Our competitors, as well as a number of other entities and individuals, may own or claim to own intellectual property relating to our business. Third parties may claim that we are infringing upon or misappropriating their intellectual property rights, and we may be found to be infringing upon such rights, even if we are unaware of the intellectual property rights claimed against us. As more software patents are granted worldwide, the number of offerings and competitors in our industries grows, and the functionality of products in different industries overlaps, we expect that software developers will be increasingly subject to infringement claims. Additionally, certain patent assertion entities have become more aggressive in threatening and pursuing litigation in attempts to obtain fees for licensing the right to use patents.

Any claims or threats of infringement or misappropriation, whether with or without merit, have been and could in the future be time-consuming to defend, result in costly litigation and diversion of resources, cause product delays, require us to change our products or business practices, prevent us from offering our software and services, or require us to enter into royalty or licensing agreements. In addition, such royalty or license agreements, if required, may not be available on acceptable terms, if at all, which would likely harm our business. We may also be obligated to indemnify our customers or business partners or pay substantial settlement costs, including royalty payments, in connection with any such claim or litigation and to obtain licenses, modify applications, or refund fees, which could be costly. Furthermore, from time to time we may introduce or acquire new products, including in areas where we historically have not competed, which could increase our exposure to patent and other intellectual property claims.

Contracting with government entities exposes us to additional risks inherent in the government procurement process.

We provide products and services, directly and indirectly, to a variety of government entities. Risks associated with licensing and selling products and services to government entities include extended sales and collection cycles, varying governmental budgeting processes, and adherence to complex procurement regulations and other government-specific contractual requirements, which are subject to change by the government, and which may require significant upfront cost, time, and resources, with no assurance that we will secure contracts with government entities. Furthermore, government certification requirements applicable to our platform, including FedRAMP, may change and, in doing so, restrict our ability to sell into the

745

governmental sector until we have attained the full or revised certification. Governmental entities may also have statutory, contractual or other legal rights to terminate contracts with us or our partners for convenience or for other reasons.

We have obtained authorization under FedRAMP, which facilitates our entry into the U.S. federal government market. Such certification is subject to rigorous compliance and if we lose our certification, it could inhibit or preclude our ability to contract with certain U.S. federal government customers. In addition, some customers may rely on our authorization under FedRAMP to help satisfy their own legal and regulatory compliance requirements and our failure to maintain FedRAMP authorization might result in a breach under public sector contracts obtained on the basis of such authorization. This could subject us to liability, result in reputational harm, and adversely impact our financial condition or operating results.

We may be subject to audits and investigations relating to our government contracts and any violations could result in civil and criminal penalties and administrative sanctions, including termination of contracts, payment of fines, and suspension or debarment from future government business, as well as harm to our reputation and financial results.

Risks Relating to Financial Developments

We are exposed to fluctuations in currency exchange rates that could negatively impact our financial results and cash flows.

Because we conduct a substantial portion of our business outside the United States, we face exposure to adverse movements in foreign currency exchange rates, which could have a material adverse impact on our financial results and cash flows. These exposures may change over time as business practices evolve and economic conditions change. We use derivative instruments to manage a portion of our cash flow, revenue and expense exposure to fluctuations in foreign currency exchange rates. As part of our risk management strategy, we use foreign currency contracts to manage a portion of our exposures of underlying assets, liabilities, and other obligations, which exist as part of our ongoing business operations. These foreign currency instruments may have maturities that extend for one to 18 months in the future and provide us with some protection against currency exposures. However, our attempts to hedge against these risks may not be completely successful, resulting in an adverse impact on our financial results.

The fluctuations of currencies in which we conduct business can both increase and decrease our overall revenue and expenses for any given period. Although our foreign currency cash flow hedge program extends beyond the current quarter in order to reduce our exposure to foreign currency volatility, we do not attempt to completely mitigate this risk, and in any case, will incur transaction fees in adopting such hedging programs. Such volatility, even when it increases our revenues or decreases our expenses, impacts our ability to accurately predict our future results and earnings.

In addition, global events, including geopolitical and economic developments, may contribute to volatility in foreign exchange markets, which we may not be able to effectively manage, and our financial results could be adversely impacted. Additionally, countries in which we operate may be classified as highly inflationary economies, requiring special accounting and financial reporting treatment for such operations, or such countries currencies may be devalued, or both, which may adversely impact our business operations and financial results.

Our debt service obligations may adversely affect our financial condition and cash flows from operations.

We have $2.30 billion of principal debt, consisting of notes due at various times from June 2025 to December 2031, as of JulyOctober 31, 2024, as described in Part I, Item 1. We also entered into a credit agreement that provides for an unsecured revolving loan facility in the aggregate principal amount of $1.5 billion, with an option to be increased up to $2.0 billion, as described in Part I, Item 1. Maintenance of our indebtedness, contractual restrictions, and additional issuances of indebtedness could:

cause us to dedicate a substantial portion of our cash flows from operations towards debt service obligations and principal repayments

increase our vulnerability to adverse changes in general economic, industry, and competitive conditions;

limit our flexibility in planning for, or reacting to, changes in our business and our industry;

impair our ability to obtain future financing for working capital, capital expenditures, acquisitions, general corporate, or other purposes and

due to limitations within the debt instruments, restrict our ability to grant liens on property, enter into certain mergers, dispose of all or substantially all of the assets of Autodesk and its subsidiaries, taken as a whole, materially change our business, and incur subsidiary indebtedness, subject to customary exceptions.

7576

We are required to comply with the covenants set forth in our credit agreement. If we breach any of the covenants and do not obtain a waiver from the note holders or lenders, then, subject to applicable cure periods, we would not be able to incur additional indebtedness under the credit agreement described in Part I, Item 1, and any outstanding indebtedness under the credit agreement may be declared immediately due and payable. In addition, changes by any rating agency to our credit rating may negatively impact the value and liquidity of our securities. Under certain circumstances, if our credit ratings are downgraded or other negative action is taken, the interest rate payable by us under our credit agreement could increase. Downgrades in our credit ratings could also restrict our ability to obtain additional financing in the future and could affect the terms of any such financing.

Our investment portfolio consists of a variety of investment vehicles that are subject to interest rate trends, market volatility, and other economic factors. If general economic conditions decline, this could cause the credit ratings of our investments to deteriorate and illiquidity in the financial marketplace, and we may experience a decline in interest income and an inability to sell our investments, leading to impairment in the value of our investments.

It is our policy to invest our cash, cash equivalents, and marketable securities in highly liquid instruments with, and in the custody of, financial institutions with high credit ratings and to limit the amounts invested with any one institution, type of security, or issuer. However, we are subject to general economic conditions, interest rate trends, and volatility in the financial marketplace that can affect the income that we receive from our investments, the net realizable value of our investments (including our cash, cash equivalents, and marketable securities), and our ability to sell them. Any one of these factors could reduce our investment income or result in material charges, which in turn could impact our overall net income (loss) and earnings (loss) per share.

From time to time we make direct investments in privately held companies. Investments in privately held companies are considered inherently risky. The technologies and products these companies have under development are typically in the early stages and may never materialize, which could result in a loss of all or a substantial part of our initial investment in these companies. The evaluation of privately held companies is based on information that we request from these companies, which is not subject to the same disclosure regulations as U.S. publicly traded companies and, as such, the basis for these evaluations is subject to the timing and accuracy of the data received from these companies.

A loss on any of our investments may cause us to record an other-than-temporary impairment charge. The effect of this charge could impact our overall net income and earnings per share. In any of these scenarios, our liquidity may be negatively impacted, which in turn may prohibit us from making investments in our business, taking advantage of opportunities, and potentially meeting our financial obligations as they come due.

Changes in tax rules and regulations, and uncertainties in interpretation and application, could materially affect our tax obligations and effective tax rate.

We are a U.S.-based multinational company subject to tax in multiple U.S. and foreign tax jurisdictions. Our effective tax rate is primarily based on our geographic mix of earnings; statutory rates; stock-based compensation; intercompany arrangements, including the manner we develop, value, and license our intellectual property; and enacted tax rules. Significant judgment is required in determining our effective tax rate and in evaluating our tax positions on a worldwide basis. While we believe our tax positions, including intercompany transfer pricing policies, are consistent with the tax laws in the jurisdictions in which we conduct our business, it is possible that these positions may be challenged by tax authorities and may have a significant impact on our effective tax rate and cash taxes.

Tax laws in the United States and in foreign tax jurisdictions are dynamic and subject to change as new laws are passed and new interpretations of the law are issued or applied. For example, the U.S. government enacted significant tax law changes in December 2017, the Tax Act, which impacted our tax obligations and effective tax rate beginning in our fiscal 2018 tax year, and significant tax legislation was included in the March 2020 CARES Act and subsequent Consolidated Appropriations Act in December 2020. Due to the complexity and varying interpretations of the Tax Act and the CARES Act, the U.S. Department of Treasury and other standard-setting bodies have been issuing and will continue to issue regulations and interpretative guidance that could significantly impact how we will apply the law and the ultimate effect on our results of operations from both the Tax Act and the CARES Act, including for our prior tax years. In addition, increases in corporate tax rates, could increase our effective tax rate, cash taxes and have an adverse effect on our results from operations.

77

Signed into law on August 16, 2022, the Inflation Reduction Act contains many provisions that may impact Autodesk, including the corporate alternative minimum tax and excise tax on stock buybacks. We are monitoring these impacts on our consolidated financial statements.

76

For tax years beginning after December 31, 2021, the Tax Act required taxpayers to capitalize and amortize research and development costs pursuant to Internal Revenue Code Section 174. Section 174 required taxpayers to capitalize research and development costs and amortize them over 5 years for expenditures attributed to domestic research and 15 years for expenditures attributed to foreign research. Although Congress is considering legislation that would reinstate and extend Section 174 expensing for certain research and experimental expenditures, the possibility that this will happen is uncertain.

Increasingly, tax authorities are reviewing existing corporate tax regulatory and legal regimes. Many countries are actively considering or implementing new taxing regimes and changes to existing tax laws. This could include U.S. and foreign tax law developments related to changes to long-standing tax principles arising from proposals made by the Organization for Economic Co-operation and Development that seek to allocate greater taxing rights to countries where customers are located and establish a global minimum tax rate of 15%. If U.S. or foreign tax authorities change applicable tax laws or successfully challenge how or where our profits are currently recognized, our overall taxes could increase, and our business, financial condition, or results of operations may be adversely impacted.

If we were required to record an impairment charge related to the value of our long-lived assets or an additional valuation allowance against our deferred tax assets, our results of operations would be adversely affected.

Our long-lived assets are tested for impairment if indicators of impairment exist. If impairment testing shows that the carrying value of our long-lived assets exceeds their estimated fair values, we would be required to record a non-cash impairment charge, which would decrease the carrying value of our long-lived assets, adversely affecting our results of operations. Our deferred tax assets include net operating loss, amortizable tax assets, and tax credit carryforwards that can be used to offset taxable income and reduce income taxes payable in future periods. Each quarter, we assess the need for a valuation allowance, considering both positive and negative evidence to determine whether all or a portion of the deferred tax assets are more likely than not to be realized. We continue to have a valuation allowance against certain U.S. and foreign deferred tax assets. Changes in the amount of the U.S. and foreign jurisdictions valuation allowance could also result in a material non-cash expense or benefit in the period in which the valuation allowance is adjusted, and our results of operations could be materially affected. We will continue to perform these tests on our worldwide deferred tax assets, and any future adjustments to the realizability of our deferred tax assets may have a material effect on our financial condition and results of operations.

General Risk Factors

Our business may be significantly disrupted upon the occurrence of a catastrophic event.

Our business is highly automated and relies extensively on the availability of our network and data center infrastructure, our internal technology systems, and our websites. We also rely on hosted computer services from third parties for services that we provide to our customers and computer operations for our internal use. The failure of our systems or hosted computer services due to a catastrophic event, such as an earthquake, fire, flood, tsunami, weather event, telecommunications failure, power failure, cyber -attack, terrorism or war (including the ongoing wars between Ukraine and Russia and between Israel and Hamas, and any related political or economic responses and counter-responses or otherwise by various global actors or the general effect on the global economy), or business interruption from epidemics or pandemics, or the fear of such events, could adversely impact our business, financial results, and financial condition. For example, our corporate headquarters and executive offices are located near major seismic faults in the San Francisco Bay Area and face annual periods of wildfire danger, which increase the probability of power outages and may impact employees abilities to commute to work or to work from home. We have developed disaster recovery plans and maintain backup systems in order to reduce the potential impact of a catastrophic event; however, there can be no assurance that these plans and systems would enable us to return to normal business operations. In addition, any such event could negatively impact a country or region in which we sell our products. This could in turn decrease that countrys or regions demand for our products, negatively impacting our financial results.

We are subject to legal proceedings and regulatory inquiries, and we may be named in additional legal proceedings or become involved in regulatory inquiries in the future, all of which are costly, distracting to our core business, and could result in an unfavorable outcome or a material adverse effect on our business, financial condition, results of operations, cash flows, or the trading prices for our securities.

78

We are involved in legal proceedings and receive inquiries from regulatory agencies. As the global economy has changed and our business has evolved, we have seen an increase in litigation activity and regulatory inquiries. Like many other technology companies, the number and frequency of inquiries from U.S. and foreign regulatory agencies we have received

77

regarding our business and our business practices, as well as the business practices of others in our industry, have increased in recent years. In the event we are involved in significant disputes or are the subject of a formal action by a regulatory agency, we could be exposed to costly and time-consuming legal proceedings that could result in any number of outcomes. Any claims or regulatory actions initiated by or against us, whether successful or not, could result in high defense costs, damage awards, injunctive relief, increased costs of business, fines or orders to change certain business practices, significant dedication of management time, diversion of operational resources, or otherwise harm our business. In any such event, our financial results, results of operations, cash flows, or trading prices for our securities could be negatively impacted.

Changes in existing financial accounting standards or practices, or taxation rules or practices may adversely affect our results of operations.

Changes in existing accounting or taxation rules or practices, new accounting pronouncements or taxation rules, or varying interpretations of current accounting pronouncements or taxation practices could have a significant adverse effect on our results of operations or the way we conduct our business. Further, such changes could potentially affect our reporting of transactions completed before such changes are effective.

We are required to evaluate our internal control over financial reporting under Section 404 of the Sarbanes-Oxley Act of 2002 and any adverse results from such evaluation could result in a loss of investor confidence in our financial reports and have an adverse effect on our stock price.

Pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, we are required to furnish a report by our management on our internal control over financial reporting, including an assessment of the effectiveness of our internal control over financial reporting as of the end of our fiscal year. This assessment must include a statement as to whether or not our internal control over financial reporting is effective and disclosure of any material weaknesses in our internal control over financial reporting identified by management. If our management or independent registered public accounting firm identifies one or more material weaknesses in our internal control over financial reporting, we are unable to assert that our internal control over financial reporting is effective, or our independent registered public accounting firm is unable to express an opinion that our internal controls are effective, investors could lose confidence in the accuracy and completeness of our financial reports, which could have an adverse effect on our business and stock price.

In preparing our financial statements we make certain assumptions, judgments, and estimates that affect amounts reported in our consolidated financial statements which, if not accurate, may significantly impact our financial results.

We make assumptions, judgments, and estimates for a number of items, including revenue recognition for product subscriptions and enterprise business arrangements (EBAs), the determination of the fair value of acquired assets and liabilities, goodwill, financial instruments including strategic investments, long-lived assets, and intangible assets, the realizability of deferred tax assets, and the fair value of stock awards. We also make assumptions, judgments, and estimates in determining the accruals for uncertain tax positions, variable compensation, partner incentive programs, allowances for credit losses, asset retirement obligations, legal contingencies, and operating lease liabilities. These assumptions, judgments, and estimates are drawn from historical experience and various other factors that we believe are reasonable under the circumstances as of the date of the consolidated financial statements. Actual results could differ materially from our estimates, and such differences could significantly impact our financial results.