Spot new risks in SEC filings.

Select a ticker to compare risks across 10-K filings.

Comparing

10-QAug 29, 2024, 4:18 PM EDT 10-QNov 27, 2024, 4:22 PM EST

SNOW

Snowflake Inc. Class A Common Stock

What's Changed

Significant updates: SNOW's 10-Q risk factors now emphasize AI investments, regulatory hurdles, competition, geopolitical risks, debt obligations, and evolving tax laws, while de-emphasizing ESG, stock repurchase, and open-source software risks.

Breakdown

ITEM 1A. RISK FACTORS

Our operations and financial results are subject to various risks and uncertainties, including those described below. You should consider and read carefully all of the risks and uncertainties described below, together with all of the other information contained in this Quarterly Report on Form 10-Q, including the sections titled Special Note about Forward-Looking Statements and Managements Discussion and Analysis of Financial Condition and Results of Operations and our unaudited condensed consolidated financial statements and related notes, before making an investment decision. The risks described below are not the only ones we face. The occurrence of any of the following risks or additional risks and uncertainties not presently known to us or that we currently believe to be immaterial could materially and adversely affect our business, financial condition, results of operations, or growth prospects. In such case, the trading price of our common stock could decline. You should not interpret our disclosure of any of the following risks to imply that such risks have not already materialized.

6067

Table of ~~Contents~~of Conte n ts

Risks Related to Our Business and Operations

We have experienced rapid revenue growth and have a limited operating history, both of which make it difficult to forecast our future results of operations.

Our revenue was ~~$868.8~~$942.1 million and ~~$674.0~~$734.2 million for the three months ended ~~July~~October 31, 2024 and 2023, respectively, and $1$2.76 billion and $1$2.30 billion for the ~~six~~nine months ended ~~July~~October 31, 2024 and 2023, respectively. As a result of our historical rapid growth, limited operating history, large number of new product features, including those including artificial intelligence and machine learning technology, or (AI Technology), and unstable macroeconomic conditions, our ability to accurately forecast our future results of operations, including revenue, gross margin, remaining performance obligations (RPO), and the percentage of RPO we expect to recognize as revenue in future periods, is limited and subject to a number of uncertainties, including our ability to plan for and model future growth and platform consumption. Our historical revenue growth should not be considered indicative of our future performance.

Further, our revenue growth could slow or our revenue could decline for a number of reasons, including increased competition,; changes to technology, such as changes in software or underlying cloud infrastructure or the increasing prominence of new technology like artificial intelligence,; reputational harm,; and reduced demand for our platform. For example, customers may continue to optimize consumption, rationalize budgets, and prioritize cash flow management, including by reducing storage through shorter data retention policies and shortening committed contract durations. As a result of the foregoing and our rapid revenue growth in prior periods, our revenue growth rate has slowed in recent periods. Any further declines in our revenue growth rate could adversely affect investors perceptions of our business, and negatively impact the trading price of our common stock.

Our revenue growth is also dependent on our ability to increase our penetration into existing markets, and to successfully enter and grow new markets, including highly-regulated markets such as financial services, healthcare, and the public sector. Sales to highly-regulated entities are subject to substantial additional costs and risks that are not present in sales to other customers, which are described below in the risk factor titled We do business with federal, state, local, and foreign governments and agencies, and heavily regulated organizations; as a result, we face heightened risks related to ~~the procurement process, budget, delays, and product decisions driven by statutory and regulatory determinations, termination of contracts, and compliance with government contracting requirements~~special contract terms, non-standard product deployments, and compliance with additional processes, rules, and regulations.

We have also encountered, and will continue to encounter, risks and uncertainties frequently experienced by growing companies in rapidly changing industries, such as the risks and uncertainties described below. If our assumptions regarding these risks and uncertainties and our future revenue growth are incorrect or change, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations, and our business could suffer.

We may not have visibility into our future financial position and results of operations.

Customers generally consume our platform by using compute, storage, and/or data transfer resources. Unlike a subscription-based business model, in which revenue is recognized ratably over the term of the subscription, we generally recognize revenue on consumption. Because our customers have flexibility in the timing of their consumption, we do not have the visibility into the timing of revenue recognition that a typical subscription-based software company has. Customer consumption fluctuates, and there is a risk that customers will consume our platform at lower levels than we expect, including in response to new software releases or hardware improvements that may make our platform more efficient or adverse macroeconomic conditions or holidays. Unexpected fluctuations in customer consumption may cause actual results to differ from our forecasts. As a result, our results of operations in a given period should not be relied upon as indicative of future performance.

6168

Table of ~~Contents~~of Conte n ts

We have a history of operating losses and may not achieve or sustain profitability in the future.

We have experienced net losses in each period since inception. We generated net losses of ~~$317.8~~$327.9 million and ~~$227.3~~$214.7 million for the three months ended ~~July~~October 31, 2024 and 2023, respectively, and ~~$635.6~~$963.5 million and ~~$453.4~~$668.1 million for the ~~six~~nine months ended ~~July~~October 31, 2024 and 2023, respectively. As of ~~July~~October 31, 2024 and January 31, 2024, we had an accumulated deficit of $5$7.60 billion and $4.1 billion, respectively. We expect our costs and expenses to increase in future periods. In particular, we intend to continue to invest significant resources to further develop our platform, expand our research and development teams, retain our employees, and acquire other businesses, including in the areas of data science, artificial intelligence, and machine learning. In addition, our platform currently operates on public cloud infrastructure provided by Amazon Web Services (AWS), Microsoft Azure (Azure), and Google Cloud Platform (GCP), and our costs and gross margins are significantly influenced by the prices we are able to negotiate with these public cloud providers, which in certain cases are also our competitors. If we fail to meet any minimum commitments under our third-party cloud infrastructure agreements, we may be required to pay the difference, and our results of operations could be negatively impacted. We will also incur increased general and administrative expenses associated with our growth, including costs related to internal systems, operating as a public company, and targeting regulated industries or markets. Our efforts to grow our business have been and may continue to be costlier than we expect, or our revenue growth rate may be slower than we expect, and we may not be able to increase our revenue enough to offset the increase in operating expenses resulting from these investments. If we are unable to achieve and sustain profitability, or if we are unable to achieve the revenue growth that we expect from these investments, the value of our business and common stock may significantly decrease.

The markets in which we operate are highly competitive, and if we do not compete effectively, our business, financial condition, and results of operations could be harmed.

Our go-to-market strategy is focused on acquiring new customers and driving increased use of our platform by existing customers. The markets in which we operate are rapidly evolving and highly competitive, and the competition we face in such markets continues to increase with our investments in AI Technology, new workloads types, and new product capabilities, such as our increased support for open data formats that allow customers to use our platform for compute services without requiring storage (for example, Iceberg tables, which became generally available to our customers in June 2024). As these markets continue to mature and new technologies and competitors enter such markets, we expect competition to intensify. Our current competitors include:

large, well-established, public cloud providers that generally compete in all of our markets, including AWS, Azure, and GCP;

less-established public and private cloud companies with products that compete in some of our markets;

other established vendors of legacy database solutions or big data offerings; and

new or emerging entrants seeking to develop competing technologies.

We compete based on various factors, including price, performance, product features, breadth of use cases, multi-cloud availability, brand recognition and reputation, customer support, and differentiated capabilities, including ease of implementation and data migration, ease of administration and use, scalability and reliability, data governance, security and compatibility with existing standards, programming languages, and third-party products. Many of our competitors have substantially greater brand recognition, customer relationships, and financial, technical, and other resources than we do, and may be able to respond more effectively than us to new or changing opportunities, technologies, standards, customer requirements, and buying practices. In addition, we may not be able to respond to market opportunities as quickly as smaller companies. Our support of open data formats may also reduce switching costs between us and our competitors.

We currently only offer our platform on the public clouds provided by AWS, Azure, and GCP, which are also some of our primary competitors. Currently, a substantial majority of our business is run on the AWS public cloud. There is risk that one or more of these public cloud providers could use its respective control of its public clouds to embed innovations or privileged interoperating capabilities in competing products, bundle competing products, provide us unfavorable pricing, leverage its public cloud customer relationships to exclude us from opportunities, and treat us and our customers differently with respect to terms and conditions or regulatory requirements than it would treat its similarly situated customers. Further, they have the resources to acquire, invest in, or partner with existing and emerging providers of competing technologies and thereby accelerate adoption of those competing technologies. All of the foregoing could make it difficult or impossible for us to provide products and services that compete favorably with those of the public cloud providers.

Table of ~~Contents~~of Conte n ts

Some of our customers use drivers and/or connectors to connect our platform to third-party applications or databases. Attempts by third-party application or database providers to restrict the use of drivers and connectors may make it more difficult for customers to use our platform, which could lead to reduced sales and consumption.

For all of these reasons, competition may negatively impact our ability to acquire new customers and maintain and grow use of our platform, or it may put downward pressure on our prices and gross margins, any of which could materially harm our business, reputation, results of operations, revenue retention rate, and financial condition.

If we fail to innovate in response to changing customer needs, new technologies, or other market requirements, our business, financial condition, and results of operations could be harmed.

We compete in markets that evolve rapidly. We believe that the pace of innovation will continue to accelerate as customers increasingly base their purchases of cloud data platforms on a broad range of factors, including performance and scale, markets addressed, types of data processed, ease of data ingress and egress, user experience and programming languages, use of artificial intelligence, and data governance, security, and regulatory compliance. We introduced data warehousing on our platform in 2014 as our core use case, and our customers subsequently began using our platform for additional workloads, including data lake, data engineering, AI/ML, applications, collaboration, cybersecurity, and Unistore. Our future success depends on our ability to continue to innovate rapidly and effectively and increase customer adoption of our platform and the AI Data Cloud, including the Snowflake Marketplace and Snowpark.

Further, the value of our platform to customers is increased to the extent they are able to use it to process and access all types of data. We need to continue to invest in technologies, services, and partnerships that increase the types of data available and processed on our platform and the ease with which customers can ingest data into our platform. We must also continue to enhance our data sharing and marketplace capabilities so customers can share their data with internal business units, customers, and other third parties, acquire additional third-party data and data products to combine with their own data to gain additional business insights, and develop and monetize applications on our platform. As we develop, acquire, and introduce new services and technologies, including those that may incorporate artificial intelligence and machine learning, we may be subject to new or heightened legal, ethical, and other challenges. In addition, our platform requires third-party public cloud infrastructure to operate. Currently, we use public cloud offerings provided by AWS, Azure, and GCP. We will need to continue to innovate to optimize our offerings for these and other public clouds that our customers require, particularly as we expand internationally. Further, the markets in which we compete are subject to evolving industry standards and regulations, resulting in increasing data governance and compliance requirements for us and our customers and partners. To the extent we expand further into the public sector and highly regulated countries and industries, our platform and operations may need to address additional requirements specific to those markets, including data sovereignty requirements.

If we are unable to enhance our platform or operations to keep pace with these rapidly evolving customer requirements, or if new technologies emerge that deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our platform, our business, financial condition, and results of operations could be adversely affected.

~~If we are not successful in executing our investments in AI Technology, including generative AI Technology, our business, financial condition, and results of operations could be harmed.~~

We are investing significantly in AI Technology. Our investments include internally developing AI Technology, acquiring companies with complementary AI Technology, and partnering with companies to bring AI Technology to our platform. Our competitors are pursuing similar opportunities and may, as a result of greater resources, branding, or otherwise, develop, adopt and implement AI Technology faster or more successfully than we do, which could impair our ability to compete effectively and adversely affect our business, financial condition and results of operations. In addition, our successful development of AI Technology depends on our access to GPUs, which are currently in high demand. Finally, customers use of our AI Technology is often dependent on their ability to meet evolving regulatory standards, successfully complete internal compliance reviews, and enter into mutually acceptable contractual terms. If they are unable to do so, they may not use our AI Technology as much as we anticipate. It is also possible that our investments in AI Technology do not result in the benefits we anticipate, or enable us to maintain our competitive advantage, which may adversely affect our business, financial condition, and results of operations. For example, we may not accurately anticipate market demand or offer AI Technology that amplifies our core data platform.

Table of ~~Contents~~of Conte n ts

If we are not successful in executing our investments in AI Technology, including generative AI Technology, our business, financial condition, and results of operations could be harmed.

We are investing significantly in AI Technology. Our investments include internally developing AI Technology, acquiring companies with complementary AI Technology, and partnering with companies to bring AI Technology to our platform. Our competitors are pursuing similar opportunities and may, as a result of greater resources, branding, or otherwise, develop, adopt and implement AI Technology faster or more successfully than we do, which could impair our ability to compete effectively and adversely affect our business, financial condition and results of operations. In addition, our successful development of AI Technology depends on our access to GPUs, which are currently in high demand. Finally, customers use of our AI Technology is often dependent on their ability to meet evolving regulatory standards, successfully complete internal compliance reviews, and enter into mutually acceptable contractual terms. If they are unable to do so, they may not use our AI Technology as much as we anticipate, or at all. It is also possible that our investments in AI Technology do not result in the benefits we anticipate, or enable us to maintain our competitive advantage, which may adversely affect our business, financial condition, and results of operations. For example, we may not accurately anticipate market demand or offer AI Technology that amplifies our core data platform.

If we, our customers, or third-party service providers experience an actual or perceived security breach or unauthorized parties otherwise obtain access to our customers data, our data, or our platform, our platform may be perceived as not being secure, our reputation may be harmed, demand for our platform may be reduced, and we may incur significant liabilities.

In the ordinary course of our business, we store, transmit, generate, and process our, our customers, and our business partners confidential and proprietary data. Such data includes sensitive data, such as personal information, protected health information, and financial data. We also use third-party service providers, sub-processors, and technology to help us deliver services to our customers and their end-users, as well as for our internal business operations. For example, our platform is built on the infrastructure of third-party public cloud providers, such as AWS, Azure, and GCP, and we use third-party technology to assist with securing our environment and providing access to our platform. ~~Our customers may~~Some of our customers also use third-party service providers to assist with their use of our platform or third-party technology, such as connectors, to access our platform. These third-party service providers may process, store, or transmit data of our employees, partners, customers, and customers end-users or may otherwise be used to help operate our platform and corporate systems. We, our customers and business partners, and these third parties face a variety of evolving cybersecurity threats.

Cybersecurity threats come from a variety of sources, including traditional computer hackers, internal and external personnel (such as through theft or misuse), sophisticated nation-states, and nation-state-supported actors. Cybersecurity threat actors can use a wide variety of methods, including unauthorized intrusions, denial-of-service attacks, ransomware attacks, business email compromises, computer malware, infostealer malware, social engineering attacks (including through deep-fakes and phishing), internal and external personnel misconduct or error, supply-chain attacks, software vulnerabilities, software or hardware disruptions or failures, and attacks enhanced or facilitated by AI Technology, all of which are prevalent in our industry and our customers and partners industries. These methods change frequently and are becoming increasingly difficult to detect. Threat actors who successfully compromise networks or systems may use the unauthorized access as a vector to compromise other networks and systems. Threat actors goals often include disrupting a companys operations or ability to provide services, obtaining unauthorized access to platforms, systems, networks, or physical facilities in which data is stored or processed, or through which data is transmitted, and stealing data. Ransomware attacks are becoming more frequent and severe.

There can be no assurance that security measures designed to protect against security incidents will be effective, and our efforts to investigate, mitigate, contain, and remediate any security incidents that do occur may not be successful. Even though we may not control the security measures of third-party providers, we may incur liability or suffer reputational harm if such measures are breached. Actions taken by us, third-party cloud providers, or the other third parties with whom we work to detect, investigate, mitigate, contain, and remediate security incidents could result in outages, data losses, and disruptions of our business. We may be unable to detect, mitigate, or remediate vulnerabilities in our information security systems (such as our hardware and software, including that of third parties upon which we rely) on a timely basis. We may be unwilling or unable to make ransom payments due to, for example, applicable laws or regulations prohibiting such payments, the negative precedent such payments would set, or uncertainty over whether such payments would result in the threat actor deleting stolen data or otherwise delivering on their promised course of action. In general, cybersecurity incidents or security vulnerabilities could lead to significant interruptions in our operations, loss of data and income, reputational harm, diversion of funds, increased insurance costs, and other harm to our business, reputation, and competitive position. Security incidents and their resulting consequences, including negative publicity, may also cause customers to stop using our platform, deter existing or prospective customers from using our platform, and negatively impact our ability to grow and operate our business.

Table of ~~Contents~~of Conte n ts

There can be no assurance that security measures designed to protect against security incidents will be effective, and our efforts to investigate, mitigate, contain, and remediate any security incidents that do occur may not be successful. Even though we may not control the security measures of third-party providers, we may incur liability or suffer reputational harm if such measures are breached. Actions taken by us, third-party cloud providers, or the other third parties with whom we work to detect, investigate, mitigate, contain, and remediate security incidents could result in outages, data losses, and disruptions of our business. We may be unable to detect, mitigate, or remediate vulnerabilities in our information security systems (such as our hardware and software, including that of third parties upon which we rely) on a timely basis. We may be unwilling or unable to make ransom payments due to, for example, applicable laws or regulations prohibiting such payments, the negative precedent such payments would set, or uncertainty over whether such payments would result in the threat actor deleting stolen data or otherwise delivering on their promised course of action. In general, cybersecurity incidents or security vulnerabilities could lead to significant interruptions in our operations, loss of data and income, reputational harm, diversion of funds, increased insurance costs, and other harm to our business, reputation, and competitive position. In addition, customers use of our platform in violation of our terms of service, including by granting access to a single Snowflake account to various third-party entities, could amplify the impact of any cybersecurity or product incidents. Security incidents and their resulting consequences, including negative publicity, may also cause customers to stop using our platform, deter existing or prospective customers from using our platform, and negatively impact our ability to grow and operate our business.

Our customers have experienced and may in the future experience security incidents in connection with their use of our platform that harm our customer relationships and our reputation, even when such incidents are due to vulnerabilities, policy violations, inadequate security controls, or credential exposures that we do not cause. We operate under a shared responsibility cybersecurity model where we are responsible for the security of our platform and underlying cloud infrastructure, while our customers are responsible for selecting, enabling, and configuring security controls for their individual environments in a manner that meets applicable cybersecurity standards and effectively reduces their information security risk. To assist customers in meeting their responsibilities, we offer and support a range of tools and features for access control, including multi-factor authentication (MFA), network access policies, and unified role-based access controls and policies. Customers may also use third-party external authentication tools, in which case we do not have visibility into whether adequate access controls (such as MFA or network restrictions) are being enforced. Regardless of whether customers use our authentication tools or external tools, if customers allow static access credentials, they are responsible for ensuring that the credentials remain private and are rotated on a regular basis. If our customers do not implement, or incorrectly implement, these features or otherwise fail to fulfill their responsibilities under our shared responsibility model, there is a higher risk that they will be the victim of cybersecurity incidents, which may harm our customer relationships, our reputation, and our business, which has occurred in the past and may happen again in the future.

We have contractual and other legal obligations to notify customers and other parties of certain security incidents, and may choose to make such notifications even if not legally required to do so. For example, SEC rules require disclosure on Form 8-K of the nature, scope and timing of any material cybersecurity incident and the reasonably likely impact of such incident. Determining whether a cybersecurity incident is notifiable or reportable may not be straightforward, and any such mandatory disclosures are costly and could lead to negative publicity, loss of customer or partner confidence in the effectiveness of our security measures, diversion of managements attention, governmental investigations, and the expenditure of significant capital and other resources to investigate, respond to, or alleviate problems caused by the actual or perceived security breach.

Any security breach of our platform, our operational systems, our software (including open-source software), our physical facilities, or the systems of our third-party service providers or sub-processors, or the perception that one has occurred, or unauthorized access to our customers or partners systems, data, or technology, could result in claims that we have breached customer contracts or other legal obligations, including as described below. In addition, we may be subject to, and have received in the past, requests by regulators (including members of Congress) for information about our security practices, our public statements about our security program, experiences, and issues. Alleged failures, problems, or issues related to our information security or our customers use of our platform, including following such information requests, could result in ~~formal~~additional investigations; actions from a variety of regulators, including state attorneys general, the Department of Justice, the Federal Trade Commission (FTC), and the SEC; litigation; indemnity obligations; fines; penalties; mitigation and remediation costs; reputational harm; diversion of managements attention; friction with customers; and other liabilities and damage to our business. Further, cybersecurity incidents may lead customers or prospective customers to attempt to negotiate contractual terms that are less favorable to us, such as broader indemnification obligations and higher limitations of liability.

Our insurance coverage may not be adequate for liability arising from data security breaches involving us or our customers or other third parties, indemnification obligations, or other liabilities. The successful assertion of one or more large claims against us that exceeds our available insurance coverage or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements) could have an adverse effect on our business. In addition, we cannot be sure that our existing insurance coverage and coverage for errors and omissions will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim. Risks related to our systems and security breaches are likely to increase as we continue to expand our platform and geographic footprint, grow our customer and partner base, acquire operating companies, and process, store, and transmit increasingly large amounts of data.

Table of ~~Contents~~of Conte n ts

~~For example, in May 2024, we became aware that a cybersecurity threat actor had potentially~~

For example, in May 2024, we became aware that a cybersecurity threat actor had accessed a number of our customers Snowflake accounts as a result of such customers failure to fulfill certain of their obligations under our shared responsibility cybersecurity model (e.g., implementing MFA and network access policies). Even though we did not identify any evidence suggesting this activity was caused by or otherwise related to any vulnerability or misconfiguration of our systems, or a breach of our platforms security or our environment, we ~~are now~~have been the subject of multiple lawsuits, regulatory ~~actions and~~ investigations, and lawmaker inquiries ~~(including Congressional inquiries)~~ relating to these customer incidents. Since May 2024, we have been made aware of additional cyberattacks on customers Snowflake accounts using similar methods to take advantage of customers failures to implement MFA and network access policies. We are unable to predict the outcome or timeline of these matters or if any additional requests, inquiries, lawsuits, investigations or other government actions may arise. We have suffered and may continue to suffer negative publicity and reputational damage, including due to the misperception that our customers incidents resulted from a vulnerability, misconfiguration or breach of our platforms security or systems and malicious activity within our environment. In addition, we may experience customer churn or face claims by customers, and it is possible that we are not able to fully recover any losses relating to these matters through any applicable insurance coverage or we may be required to seek indemnification from breached customers to mitigate our damages. These matters, together with any additional inquiries, regulatory or governmental investigations or other disputes that result from these customer security incidents, will require us to divert resources and may harm our reputation, business, financial condition and results of operations.

~~In addition~~Finally, some of our employees work remotely, including while traveling for business, which increases our cybersecurity risk, creates data accessibility concerns, and makes us more susceptible to security breaches or business disruptions. Any of the foregoing could have a material adverse effect on our business, financial condition, results of operations, or prospects.

Any litigation against us could be costly and time-consuming to defend.

From time to time, we may become subject to legal proceedings and claims, such as claims brought by our customers in connection with commercial disputes, employment claims, including claims related to the loss of employee equity grants upon termination, intellectual property claims, or securities class actions or other claims related to volatility in the trading price of our common stock. For example, we are named in a securities class action lawsuit in federal court alleging federal securities law violations, as well as several class action lawsuits alleging common law and statutory claims in connection with ~~the~~ security matters ~~we became aware of in May 2024~~. See the section titled Legal Proceedings for more information. Litigation could result in substantial costs and divert managements attention and resources, which might seriously harm our business, financial condition, and results of operations. Our existing insurance might not cover such claims, provide sufficient payments to cover all the costs to resolve one or more such claims, or continue to be available on terms acceptable to us (including premium increases or the imposition of large deductible or co-insurance requirements). A claim brought against us that is uninsured or underinsured could result in unanticipated costs, potentially harming our business, financial position, and results of operations.

We or our third-party service providers could suffer disruptions, outages, defects, and other performance and quality problems with our platform or with the public cloud and internet infrastructure on which it relies.

Our business depends on our platform being available without disruption. We and our third-party service providers have experienced, and may in the future experience, disruptions, outages, defects, and other performance and quality problems related to our platform and with the public cloud and internet infrastructure on which our platform relies. These problems can be caused by a variety of factors, including introductions of new functionality, vulnerabilities, coding errors, and defects in proprietary and open-source software, human error or misconduct, natural disasters (such as tornadoes, earthquakes, or fires), capacity constraints, design limitations, denial of service attacks, or other security-related incidents.

Further, if our contractual and other business relationships with our public cloud providers are terminated, suspended, or suffer a material change to which we are unable to adapt, such as the elimination of services or features on which we depend, we could be unable to provide our platform and could experience significant delays and incur additional expenses in transitioning customers to a different public cloud provider.

Any disruptions, outages, defects, and other performance and quality problems with our platform or with the public cloud, internet infrastructure, or other technology on which it relies, or any material change in our contractual and other business relationships with our public cloud providers, could result in reduced use of our platform, increased expenses, including service credit obligations, and harm to our brand and reputation, any of which could have a material adverse effect on our business, financial condition, and results of operations.

Table of ~~Contents~~of Conte n ts

We expect fluctuations in our financial results, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors with respect to our results of operations, our stock price could decline.

Our results of operations have fluctuated in the past and are expected to fluctuate in the future due to a variety of factors, many of which are outside of our control. As a result, our past results may not be indicative of our future performance. In addition to the other risks described herein, factors that may affect our results of operations include the following:

fluctuations in demand for our platform or changes in our pricing model;

fluctuations in usage of our platform, including as a result of customer optimization efforts that result in reduced consumption to execute workloads;

our ability to attract new customers;

our ability to retain existing customers and drive their increased sustained consumption of our platform (including new product features and functionality);

customer expansion rates;

timing, amount, and cost of our investments to expand the capacity of our public cloud providers;

seasonality, including the impact of holidays;

investments in new features, functionality, and programming languages, including investments in AI Technology and in making our platform available to store and process highly regulated data or comply with new or existing data sovereignty requirements;

fluctuations in consumption resulting from the introduction of new features, technologies, or capabilities to our software, systems, or to underlying cloud infrastructure, including features or capabilities that may increase or decrease the consumption required to execute existing or future workloads, like better storage compression and cloud infrastructure processor improvements, or that allow customers to use our platform for compute services without requiring storage;

our ability to execute on our business strategy, including our strategies related to the AI Data Cloud, such as Snowpark, ~~and~~ the Snowflake Marketplace, and Snowflake Cortex;

the timing and frequency of purchases;

the speed with which customers are able to migrate data onto our platform;

fluctuations or delays in purchasing decisions in anticipation of new products or enhancements by us or our competitors;

changes in customers budgets and cash flow management strategies and in the timing of their budget cycles and purchasing decisions;

our ability to control costs, including our operating expenses;

Table of Conte n ts

the amount and timing of operating expenses, particularly research and development expenses, including with respect to GPUs to develop AI Technology, and sales and marketing expenses, including commissions;

the amount and timing of non-cash expenses, including stock-based compensation, goodwill impairments, and other non-cash charges;

the amount and timing of costs associated with recruiting, training, and integrating new employees and retaining and motivating existing employees;

the effects and timing of acquisitions and their integration;

~~Table of~~ ~~Contents~~

general political, social, market, and economic conditions, uncertainty, or volatility, both domestically and internationally, as well as political, social, and economic conditions specifically affecting industries in which our customers and partners participate or on which they rely;

public health crises, such as the COVID-19 pandemic;

the impact, or timing of our adoption, of new accounting pronouncements;

changes in regulatory or legal environments, including the interpretation or enforcement of regulatory or legal requirements, that may cause us to incur, among other things, expenses associated with compliance;

the overall tax rate for our business, which may be affected by the mix of income we earn in the United States and in jurisdictions with different tax rates, the effects of stock-based compensation, and the effects of changes in our business;

the impact of changes in tax laws or judicial or regulatory interpretations of tax laws, which are recorded in the period in which such laws are enacted or interpretations are issued and may significantly affect the effective tax rate of that period;

inflation and our ability to control costs, including our operating expenses;

fluctuations in currency exchange rates and changes in the proportion of our revenue and expenses denominated or measured in foreign currencies;

fluctuations or impairments in, or the full loss of, the market values of our strategic investments or of our portfolio, including changes to the value or accessibility of our cash and cash equivalents as a result of economic conditions or bank failures;

fluctuations in interest rates;

changes in the competitive dynamics of our market, including consolidation among competitors or customers;

significant security breaches affecting our platform or customers accounts; and

technical difficulties with, or interruptions to, the delivery and use of our platform.

Any of these factors may cause our results of operations to vary significantly or be adversely affected. If our results of operations fall below the expectations of investors and securities analysts who follow our stock, the price of our common stock could decline substantially, and we could face costly lawsuits, including securities class actions.

~~Failure to effectively develop and expand our sales and marketing capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our products and platform.~~

We must increase the size and productivity of our sales and marketing organization to increase our sales to new and existing customers. It requires significant time and resources to effectively onboard new sales and marketing personnel and to train new and existing personnel so they are able to successfully sell our product. We also plan to continue to dedicate significant resources to sales and marketing programs that are industry-specific and focused on large organizations. Once a new customer begins using our platform, our sales team needs to focus on expanding consumption with that customer. All these efforts require us to invest significant financial and other resources, including in industries and sales channels in which we have limited experience to date. In addition, our sales compensation plans must be structured in a way that properly incentivizes our sales and marketing personnel to drive increased consumption and new capacity arrangements. Our business and results of operations will be harmed if our sales and marketing efforts generate increases in revenue that are smaller than anticipated. We may not achieve anticipated revenue growth from our sales force if we are unable to attract, hire, develop, integrate, and retain talented and effective sales personnel, if our sales personnel are unable to achieve desired productivity levels, or if our sales and marketing programs, including our sales compensation plans, are not effective.

Table of ~~Contents~~of Conte n ts

Failure to effectively develop and expand our sales and marketing capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our products and platform.

We must increase the size and productivity of our sales and marketing organization to increase our sales to new and existing customers. It requires significant time and resources to hire and effectively onboard new sales and marketing personnel and to train and manage new and existing personnel so they are able to successfully sell our product. We also plan to continue to dedicate significant resources to sales and marketing programs that are industry-specific and focused on large organizations. Once a new customer begins using our platform, our sales team needs to focus on expanding consumption with that customer. All these efforts require us to invest significant financial and other resources, including in industries and sales channels in which we have limited experience to date. In addition, our sales compensation plans must be structured in a way that properly incentivizes our sales and marketing personnel to drive increased consumption and new capacity arrangements. Our business and results of operations will be harmed if our sales and marketing efforts generate increases in revenue that are smaller than anticipated. We may not achieve anticipated revenue growth from our sales force if we are unable to attract, hire, develop, integrate, and retain talented and effective sales personnel, if our sales personnel are unable to achieve desired productivity levels, or if our sales and marketing programs, including our sales compensation plans, are not effective.

Sales efforts to large customers involve risks that may not be present or that are present to a lesser extent with respect to sales to smaller organizations.

Sales to large customers involve risks that may not be present or that are present to a lesser extent with sales to smaller organizations, such as longer sales cycles, stronger customer leverage in negotiating pricing and other terms, more complex customer requirements, including ~~our ability~~in response to evolving industry regulations, the additional need to partner with third parties that advise such customers or help them integrate their IT solutions, substantial upfront sales costs, less predictability in completing some of our sales, and higher customer support expectations. For example, large customers may require considerable time to evaluate and test our platform or new features prior to making a purchase decision. In addition, large customers may be switching from legacy on-premises solutions when purchasing our products, and may rely on third parties with whom we do not have relationships when making purchasing decisions. Furthermore, large customers may have more extensive compliance and vendor diligence programs with respect to new products and services, which may increase both the time and resources needed to sell to them and also result in the inability to sell to them if we do not meet their compliance standards. A number of factors also influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our platform, the renegotiation of existing agreements to cover additional workloads, changing laws, the discretionary nature of purchasing and budget cycles, and the competitive nature of evaluation and purchasing approval processes. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, may vary significantly from customer to customer, with sales to large enterprises typically taking longer to complete. We have also historically seen consumption growth from large enterprises take longer than when compared to smaller enterprises. Moreover, large customers often begin to deploy our products on a limited basis but nevertheless demand implementation services and negotiate pricing discounts, which increase our upfront investment in the sales effort with no guarantee that sales to these customers will justify our substantial upfront investment. If we fail to effectively manage these risks associated with sales cycles and sales to large customers, our business, financial condition, and results of operations could be affected.

Table of Conte n ts

Unfavorable conditions in our industry or the global economy, or reductions in cloud spending, or lower than expected consumption, could limit our ability to grow our business and negatively affect our results of operations.

Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers and potential customers. Negative conditions or volatility in the general economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, bank failures, international trade relations, inflation, and interest rate fluctuations, or the existence of epidemics, pandemics or other public health crises (such as the COVID-19 pandemic), political turmoil and geopolitical conflicts, natural catastrophes, warfare, or terrorist attacks on the United States, Europe, the Asia-Pacific region, Japan, or elsewhere, could cause a decrease in business investments, including spending on cloud technologies, and negatively affect the growth of our business. For example, the ongoing ~~Hamas-Israel and Russia-Ukraine conflicts~~military conflicts between Russia and Ukraine and in the Middle East, as well as the rising tensions between China and Taiwan have created volatility in the global capital markets and could have further global economic consequences, including disruptions of the global supply chain. In addition, unfavorable conditions in the general economy may negatively impact our customers budgets or cash flow, which could impact the contract terms, including payment terms, our customers demand from us. Competitors, many of whom are larger and have greater financial resources than we do, may respond to challenging market conditions by lowering prices in an attempt to attract our customers. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry.

Our growth depends on the development, expansion, and success of our partner relationships.

As part of our vision for the AI Data Cloud, we will need to grow and maintain a network of data providers, data consumers, and data application developers. The relationships we have with these partners, and that our partners have with our customers, provide our customers with enhanced value from our platform and the AI Data Cloud, including the Snowflake Marketplace. Our future growth will be increasingly dependent on the success of these relationships, and if we are unsuccessful in growing and maintaining these relationships or the types and quality of data and data applications supported by or available for consumption on our platform, our business, financial condition, and results of operations could be adversely affected.

Additionally, a small but increasing portion of our revenue is generated as a result of our relationships with global system integrators, managed service providers, and resellers. Increasingly, we and our customers rely on these partners to provide professional services, including customer implementations and migrations from legacy solutions and there may not be enough qualified partners available, or we may not be able to develop or maintain relationships with enough partners, to meet customer demand. While we provide our partners with training and other enablement programs, these programs may not be effective or utilized consistently, and our return on these investments may be lower than expected. In addition, new partners may require extensive training or significant time and resources to achieve productivity. If we fail to effectively manage and grow our network of these partners, or properly monitor the quality and efficacy of their interactions with our customers, our ability to attract and retain new customers and expand customer consumption of our platform may be impacted, and our operating results and growth rate may be harmed.

If we are unable to successfully manage the growth of our professional services business and improve our profit margin from these services, our operating results could be harmed.

Our professional services business, which performs implementation and training services for our customers, has grown larger and more complex as our product revenue has increased. We believe our future success depends in part on investment in professional services to facilitate customer code conversion and migration from legacy solutions and adoption of our platform, especially with large enterprises. As a result, our sales efforts have been and will continue to be focused on helping our customers more quickly realize the value of our platform and the AI Data Cloud rather than on the profitability of our professional services business. We price our professional services based on the anticipated cost of those services and, as a result, we expect to improve the gross profit percentage of our professional services business over time. If we are unable to manage the growth of our professional services business and improve our profit margin from these services, our operating results, including our profit margins, could be harmed.

Table of ~~Contents~~of Conte n ts

Additionally, a small but increasing portion of our revenue is generated as a result of our relationships with global system integrators, managed service providers, and resellers. Increasingly, we and our customers rely on these partners to provide professional services, including customer implementations and migrations from legacy solutions, and there may not be enough qualified partners available, or we may not be able to develop or maintain relationships with enough partners, to meet customer demand. While we provide our partners with training and other enablement programs, these programs may not be effective or utilized consistently, and our return on these investments may be lower than expected. In addition, new partners may require extensive training or significant time and resources to achieve productivity. If we fail to effectively manage and grow our network of these partners, or properly monitor the quality and efficacy of their interactions with our customers, our ability to attract and retain new customers and expand customer consumption of our platform may be impacted, and our operating results and growth rate may be harmed.

~~If we are unable to successfully manage the growth of our professional services business and improve our profit margin from these services, our operating results could be harmed.~~

Our professional services business, which performs implementation services for our customers, has grown larger and more complex as our product revenue has increased. We believe our future success depends in part on investment in professional services to facilitate customer code conversion and migration from legacy solutions and adoption of our platform, especially with large enterprises. As a result, our sales efforts have been and will continue to be focused on helping our customers more quickly realize the value of our platform and the AI Data Cloud rather than on the profitability of our professional services business. We price our professional services based on the anticipated cost of those services and, as a result, we expect to improve the gross profit percentage of our professional services business over time. If we are unable to manage the growth of our professional services business and improve our profit margin from these services, our operating results, including our profit margins, could be harmed.

If we lose key members of our management team or are unable to attract and retain the executives and employees we need to support our operations and growth, our business and future growth prospects may be harmed.

Our success depends in part on the continued services of our executive officers, as well as our other key employees in the areas of research and development and sales and marketing.

From time to time, there may be changes in our executive management team or other key employees resulting from the hiring or departure of these personnel. Our executive officers and other key employees are employed on an at-will basis, which means that these personnel could terminate their employment with us at any time. For example, in February 2024, Frank Slootman retired as Chief Executive Officer and Sridhar Ramaswamy was appointed to replace him. In July 2024, Grzegorz Czajkowski, our former EVP, Engineering and Support, resigned and left Snowflake to pursue another opportunity, and in September 2024, Vivek Raghunathan was appointed as SVP, Engineering and Support to replace him. The loss of additional executive officers or any significant change in executive leadership could harm morale, cause additional personnel to depart, or introduce operational delays or risks as successor executives learn our business, each of which could harm our operating results.

In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially for engineers experienced in designing and developing cloud-based data platform products, including products with artificial intelligence capabilities, and experienced sales, customer support, and professional services personnel. We also are dependent on the continued service of our existing software engineers because of the sophistication of our platform.

In order to support our growing business, we will need to continue to hire in new locations around the world and manage return to work and remote working policies, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have and can provide more competitive compensation and benefits. In addition, we require the majority of our employees to work from a physical office, while certain of our competitors allow remote work environments. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. Since the beginning of fiscal 2025, our stock price has declined significantly. If the actual or perceived value of our equity awards continues to decline or undergoes significant volatility, or if our existing employees receive significant proceeds from liquidating their previously vested equity awards, it may adversely affect our ability to recruit and retain key employees. Furthermore, current and prospective employees may believe that their equity award offers have limited upside, and our competitors may be able to offer more appealing compensation packages. In order to retain our existing employees and manage potential attrition, including as a result of any stock price decreases and market volatility that impact the actual or perceived value of our equity awards, we may issue additional equity awards or provide our employees with increased cash compensation, which could negatively impact our results of operations and be dilutive to stockholders. Finally, if we hire employees from competitors or other companies, their former employers may attempt to assert that we or these employees have breached our or their legal obligations, resulting in a diversion of our time and resources.

We also believe our culture has been a key contributor to our success to date and that the critical nature of the platform that we provide promotes a sense of greater purpose and fulfillment in our employees. As our workforce becomes larger and more distributed around the world, we may not be able to maintain important aspects of our culture. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel. If we fail to attract and recruit new personnel or fail to retain and motivate our current personnel, our business and future growth prospects would be harmed.

Table of ~~Contents~~of Conte n ts

In order to continue to hire and retain highly qualified personnel, we will need to continue to hire in new locations around the world and manage return to work and remote working policies, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have and can provide more competitive compensation and benefits. In addition, we require the majority of our employees to work from a physical office, while certain of our competitors allow remote work environments. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. Since the beginning of fiscal year 2025, our stock price has declined significantly. If the actual or perceived value of our equity awards continues to decline or undergoes significant volatility, or if our existing employees receive significant proceeds from liquidating their previously vested equity awards, it may adversely affect our ability to recruit and retain key employees. Furthermore, current and prospective employees may believe that their equity award offers have limited upside, and our competitors may be able to offer more appealing compensation packages. In order to retain our existing employees and manage potential attrition, including as a result of any stock price decreases and market volatility that impact the actual or perceived value of our equity awards, we may issue additional equity awards or provide our employees with increased cash compensation, which could negatively impact our results of operations and be dilutive to stockholders. Finally, if we hire employees from competitors or other companies, their former employers may attempt to assert that we or these employees have breached our or their legal obligations, resulting in a diversion of our time and resources.

If the availability of our platform does not meet our service-level commitments to our customers, our current and future revenue may be negatively impacted.

We typically commit to our customers that our platform will maintain a minimum service-level of availability. If we are unable to meet these commitments, we may be obligated to provide customers with additional capacity at no cost, which could significantly affect our revenue. We rely on public cloud providers, such as AWS, Azure, and GCP, and any availability interruption in the public cloud could result in us not meeting our service-level commitments to our customers. In some cases, we may not have a contractual right with our public cloud providers that compensates us for any losses due to availability interruptions in the public cloud. Further, any failure to meet our service-level commitments could damage our reputation and hinder the adoption of our platform, and we could face loss of revenue from reduced future consumption of our platform. Any service-level failures could adversely affect our business, financial condition, and results of operations.

We assume liability for data breaches, intellectual property infringement, and other claims, which exposes us to substantial potential liability.

In our customer contracts and certain strategic partnership agreements, we assume liability for certain security breaches and data protection claims caused by us and by certain third parties on which we rely. Our contracts with customers, partners, investors, and other third parties may also include indemnification provisions under which we agree to defend and indemnify them against claims and losses arising from alleged infringement, misappropriation, or other violation of intellectual property rights and for other matters. We may not be successful in our attempt to limit our liability and indemnity obligations and obtain corresponding liability and indemnification obligations from vendors and partners that would require them to contribute to our obligations, and an event triggering our liability or indemnity obligations could give rise to multiple claims involving multiple customers or other third parties. In addition, there have been instances where our customers or other business partners ~~may~~ attempt to claim indemnification even if ~~we are not at fault~~indemnification obligations have not been triggered, and defending against such claims ~~may~~can be time-consuming and expensive. There is no assurance that our applicable insurance coverage, if any, would cover, in whole or in part, any such liability or indemnity obligations. We may be liable for up to the full amount of the contractual claims, which could result in substantial liability or material disruption to our business or could negatively impact our relationships with customers or other third parties, reduce demand for our platform, and adversely affect our business, financial condition, and results of operations.

~~Table of~~ ~~Contents~~

Acquisitions, strategic investments, partnerships, or alliances could be difficult to identify, pose integration challenges, divert the attention of management, disrupt our business, dilute stockholder value, and adversely affect our business, financial condition, and results of operations.

We have in the past and may in the future seek to acquire or invest in businesses, joint ventures, and platform technologies that we believe could complement or expand our platform, enhance our technology, or otherwise offer growth opportunities. For example, ~~during~~since the ~~fiscal year ended January 31,~~beginning of fiscal 2024, we have acquired several companies, including Samooha, Inc., a privately-held company which developed data clean room technology; Neeva Inc., a privately-held internet search company which leveraged generative artificial intelligence; Mountain US Corporation (f/k/a Mobilize.net Corporation), a privately-held company which provided a suite of tools for efficiently migrating databases to the AI Data Cloud; ~~and~~ LeapYear Technologies, Inc., a privately-held company which provided a differential privacy platform; and Night Shift Development, Inc. (Night Shift), a privately-held data analytics firm focused on the U.S. public sector. Any such acquisitions or investments may divert the attention of management and cause us to incur various expenses in identifying, investigating, financing, and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties or unexpected costs assimilating or integrating the businesses, technologies, products, personnel, contracts or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform, or we have difficulty retaining the customers, suppliers, or partners of any acquired business due to changes in ownership, management, or otherwise. Any such transactions that we are able to complete may not result in the synergies or other benefits we expect to achieve, which could result in substantial impairment charges. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. In addition, we may inherit commitments, risks, and liabilities of companies that we acquire that we are unable to successfully mitigate and that may be amplified by our existing business. Finally, ~~our acquisitions or investments may result in~~ disputes or litigation~~, including in connection with the achievement of earnouts.~~

As part of our corporate development program, we invest in companies to support our key business initiatives. These companies range from early, growth stage companies to mature companies with established revenue streams. Our strategic investments are subject to risk of inability to achieve the desired strategic synergies and partial or total loss of investment capital. Furthermore, our competitors may invest in these companies alongside us, and may obtain information about our corporate development program or other business plans. The financial success of our investment is typically dependent on an exit in favorable market conditions. To the extent any of the companies in which we invest are not successful, which can include failure to achieve strategic business objectives as well as failure to achieve a favorable exit, we could recognize an impairment or loss on all or part of our investment. In addition, in certain cases we may be required to consolidate one or more of our strategic investees financial results into ours. Fluctuations in any such investees financial results, due to general market conditions, bank failures, or otherwise, could negatively affect our condensed consolidated financial condition, results of operations, cash flows, or the price of our common stock. If one or more of such investees fails to timely provide us with information necessary for the preparation of our condensed consolidated financial statements and disclosures, we may be unable to report our financial results in a timely manner, which would negatively affect our business and the price of our common stock.

We also enter into strategic partnerships where we agree to incorporate third-party technologies into our platform and services. In some cases, we have revenue-sharing arrangements with our strategic partners who supply the technology. We may be unable to reach agreements with potential strategic partners on terms acceptable to us, if at all, and we may not be successful in partnering with the companies that have the technologies we need. Such strategic partnerships are also subject to a number of risks, including with respect to security controls, indemnification obligations, and ownership of intellectual property and other proprietary information. Any of the foregoing could harm our business, financial position, and results of operations.

can arise out of our acquisitions or investments from time to time, including in connection with the achievement of earnouts.

Table of ~~Contents~~of Conte n ts

As part of our corporate development program, we invest in companies to support our key business initiatives. These companies range from early, growth stage companies to mature companies with established revenue streams. Our strategic investments are subject to risk of inability to achieve the desired strategic synergies and partial or total loss of investment capital. Furthermore, our competitors may invest in these companies alongside us, and may obtain information about our corporate development program or other business plans. The financial success of our investment is typically dependent on an exit in favorable market conditions. To the extent any of the companies in which we invest are not successful, which can include failure to achieve strategic business objectives as well as failure to achieve a favorable exit, we could recognize an impairment or loss on all or part of our investment, which we have done in the past. In addition, in certain cases we are required to consolidate one or more of our strategic investees financial results into ours. Fluctuations in any such investees financial results, due to general market conditions, bank failures, or otherwise, could negatively affect our condensed consolidated financial condition, results of operations, cash flows, or the price of our common stock. If one or more of such investees fails to timely provide us with information necessary for the preparation of our condensed consolidated financial statements and disclosures, we may be unable to report our financial results in a timely manner, which would negatively affect our business and the price of our common stock.

Seasonality may cause fluctuations in our remaining performance obligations or in customer consumption.

Historically, we have received a higher volume of orders from new and existing customers in the fourth fiscal quarter of each year. As a result, we have historically seen higher non-GAAP free cash flow in the first and fourth fiscal quarters of each year, and our sequential growth in remaining performance obligations has historically been the highest in the fourth fiscal quarter of each year. We may not be successful in our attempt to align our cash outflows with our cash receipts, particularly since we expect this seasonality to become more pronounced as we continue to target large enterprise customers based on their procurement, budgeting, and deployment cycles. In addition, while consumption is typically lower during holidays, the magnitude of any decrease is difficult to predict and that may result in inaccurate financial guidance. For more information about non-GAAP free cash flow, including a definition of non-GAAP free cash flow and a reconciliation of free cash flow to the most directly comparable financial measure calculated in accordance with U.S. generally accepted accounting principles (GAAP), see the section titled Managements Discussion and Analysis of Financial Condition and Results of Operations.

We do business with federal, state, local, and foreign governments and agencies, and heavily regulated organizations; as a result, we face heightened risks related to ~~the procurement process, budget, delays, and product decisions driven by statutory and regulatory determinations, termination of contracts, and compliance with government contracting requirements~~special contract terms, non-standard product deployments, and compliance with additional processes, rules, and regulations.

We provide our platform to the U.S. government, state and local governments, foreign governments, and heavily regulated organizations directly and through our partners. We have made, and may continue to make, significant investments to support future sales opportunities in the government sector, including obtaining government certifications or clearances. ~~However, government certification or clearance requirements may change, we~~We may be unable to achieve or sustain one or more required government certifications or clearances, or we may be required to make unexpected changes to our business, operations or products to obtain or sustain such certifications or clearances. As a result, our ability to sell into the government sector could be restricted until we satisfy the requirements of such certifications or clearances.

A substantial majority of our sales to government entities have been made indirectly through our distribution and reseller partners. Doing business with government entities, whether directly or indirectly, presents a variety of risks. Many government entities need significant education regarding our business model, as well as the uses and benefits of our platform. The procurement process for governments and their agencies is highly competitive and time-consuming, and government decisions about their procurement needs may, in certain circumstances, be subject to political influence. To pursue these opportunities, we incur significant up-front time and expense, which subjects us to additional compliance risks and costs, without any assurance that we (or a third-party distributor or reseller) will win a contract. Beyond this, demand for our platform may be adversely impacted by public sector budgetary cycles, and funding availability that in any given fiscal cycle may be reduced or delayed, including in connection with an extended federal government shutdown. Further, if we or our partners are successful in receiving a competitive contract award, that award could be challenged by one or more competitive bidders in a legal action known as a bid protest. Bid protests may result in an increase in expenses related to obtaining or preserving contract awards or an unfavorable modification or loss of an award. In the event a bid protest is unsuccessful, the resulting delay in the startup and funding of the work under these contracts may cause our actual results to differ materially and adversely from those anticipated. As a result of these lengthy and uncertain sales cycles, it is difficult for us to predict the timing of entering into customer agreements with government entities or with our distribution and reseller partners in the government market.

73For example, as part of our pursuit of business from the U.S. public sector, we acquired Night Shift, a data analytics firm that services the U.S. national security community, in September 2024. Obtaining and maintaining national security clearances within a global enterprise will require significant operational investments and the successful implementation of new processes and controls. In addition, unlike our standard commercial offering, we anticipate delivering our platform and other offerings, including Night Shifts legacy offering, into customer environments, which presents risks and challenges arising from having less visibility into and control over the operation and security of our platform.

Table of ~~Contents~~of Conte n ts

In addition, public sector customers may have contractual, statutory, or regulatory rights to terminate current contracts with us or our third-party distributors or resellers for convenience or default. If a contract is terminated for convenience, we may only be able to collect fees for platform consumption prior to termination and settlement expenses. If a contract is terminated due to a default, we may be liable for excess costs incurred by the customer for procuring alternative products or services or be precluded from doing further business with government entities. Further, entities providing products or services to governments, whether directly or indirectly, are required to comply with a variety of complex laws, regulations, and contractual provisions relating to the formation, administration, and performance of government contracts. Such laws, regulations, and contractual provisions impose compliance obligations that are more burdensome than those typically encountered in commercial contracts, and they often give customers in the government market substantial rights and remedies, many of which are not typically found in commercial contracts. These rights and remedies may relate to intellectual property, price protection, the accuracy of information provided to the government, incident notification, and termination rights. In addition, governments may use procurement requirements as an alternative to lawmaking, and impose stricter requirements than would apply to the commercial sector in areas that are not directly related to the purchase. For example, in October 2024, the White House Office of Management and Budget released Memorandum M-24-18, Advancing the Responsible Acquisition of Artificial Intelligence in Government, providing detailed new guidance and requirements for federal agency procurement of artificial intelligence. These rules and requirements may apply to us or third-party resellers or distributors whose practices we may not control. Such parties non-compliance could result in repercussions for us with respect to contractual and customer satisfaction issues.

In addition, federal, state, and local governments and regulators routinely investigate and audit contractors for compliance with applicable laws, regulations, and contractual provisions. If, as a result of an audit or investigation, it is determined that we have failed to comply with applicable requirements, we may be subject to civil and criminal penalties and administrative sanctions, including termination of contracts, forfeiture of profits or payments we have received, costs associated with the triggering of price reduction clauses, fines, loss of a government certification or clearance, and suspensions or debarment from future government business, and we may suffer reputational harm.

Further, we are increasingly investing in doing business with customers and partners in heavily regulated commercial industries, such as the financial services and health care industries. Existing and prospective customers, such as those in these industries, may be required to comply with more stringent regulations in connection with using and implementing our platform or services or particular regulations regarding third-party vendors that may be interpreted differently by different customers. In addition, regulatory agencies may impose requirements toward third-party vendors of regulated entities generally, or our company in particular, that we may not be able to, or may choose not to, meet. We may make special compliance commitments that are more expensive to satisfy than we anticipate, or that we are unable to satisfy. In addition, customers in these heavily regulated areas and their regulators often have a right to conduct audits of our systems, products, and practices. In the event that one or more customers or their regulators determine that some aspect of our business does not meet regulatory requirements, we may be limited in our ability to continue or expand our business.

Our customers also include a number of non-U.S. governments, to which similar procurement, budgetary, contract, and audit risks of U.S. government contracting also apply, particularly in certain emerging markets where our customer base is less established. Such sales may also heighten our exposure to liabilities under anti-corruption laws. In addition, compliance with complex regulations, security certifications, and contracting provisions in a variety of jurisdictions can be expensive and consume significant financial and management resources. In certain jurisdictions, our ability to win business may be constrained by political and other factors unrelated to our competitive position in the market. Further, our business and results of operations could be harmed if our efforts to do business with governments and heavily regulated organizations do not generate the anticipated increases in revenue. Each of these difficulties could materially adversely affect our business and results of operations.

Table of ~~Contents~~of Conte n ts

Natural disasters, public health crises, and other catastrophic events could have an adverse impact on our business, operations, and the markets and communities in which we, our partners, and our customers operate.

Our platform and the public cloud infrastructure on which our platform relies are vulnerable to damage or interruption from catastrophic events, such as earthquakes, floods, fires, power loss, telecommunication failures, cyber attacks, military conflict or war, terrorist attacks, criminal acts, sabotage, other intentional acts of vandalism and misconduct, geopolitical events, and epidemics, pandemics or other public health crises, such as the COVID-19 pandemic. Some of our U.S. corporate offices in which we operate and certain of the public cloud data centers on which our platform runs are located in the San Francisco Bay Area and Pacific Northwest, regions known for seismic activity. Despite any precautions we may take, the occurrence of a natural disaster or other unanticipated problems at our facilities or the facilities of our public cloud providers could result in disruptions, outages, and other performance and quality problems.

Our customers are also subject to the risk of catastrophic events. If those events occur, demand for our platform may decrease.

If we are unable to develop and maintain adequate plans to ensure that our business functions continue to operate during and after a catastrophic event and to execute successfully on those plans if such an event occurs, our business could be seriously harmed.

Our current operations are international in scope, and we plan further geographic expansion, creating a variety of operational challenges.

A component of our growth strategy involves the further expansion of our operations and customer base internationally. Customer accounts outside the United States generated 24% of our revenue for each of the three and ~~six~~nine months ended ~~July~~October 31, 2024. We are continuing to adapt to and develop strategies to address international markets, but there is no guarantee that such efforts will have the desired effect. For example, we anticipate that we will need to establish relationships with new partners in order to expand into certain countries, including China, and if we fail to identify, establish, and maintain such relationships, we may be unable to execute on our expansion plans. We expect that our international activities will continue to grow for the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant dedication of management attention and financial resources.

Our current and future international business and operations involve a variety of risks, including:

slower than anticipated public cloud adoption by international businesses;

changes in a specific countrys or regions political, economic, or legal and regulatory environment, including the effects of pandemics, tariffs, trade wars, sanctions, or long-term environmental risks;

the need to adapt and localize our platform for China, Saudi Arabia, and other countries, including as a result of data sovereignty requirements, and the engineering and related costs that we may incur when making those changes;

greater difficulty collecting accounts receivable and longer payment cycles;

unexpected changes in, or the selective application of, trade relations, regulations, or laws;

new, evolving, and more stringent regulations relating to privacy and data security, data localization, and the unauthorized use of, or access to, commercial and personal information;

Table of Conte n ts

new, evolving, and potentially more stringent regulations relating to AI Technology;

differing and potentially more onerous labor regulations that are generally more advantageous to employees as compared to the United States, including regulations governing terminations in locations that do not permit at-will employment and deemed hourly wage and overtime regulations;

challenges inherent in efficiently managing, and the increased costs associated with, an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs that are specific to each jurisdiction;

~~Table of~~ ~~Contents~~

difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems;

increased travel, real estate, infrastructure, and legal compliance costs associated with international operations, including increased costs associated with changing and potentially conflicting environmental regulations and requirements;

currency exchange rate fluctuations and the resulting effect on our revenue, RPO, and expenses, and the cost and risk of utilizing mitigating derivative transactions and entering into hedging transactions to the extent we do so in the future;

limitations on, or charges or taxes associated with, our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries;

laws and business practices favoring local competitors or general market preferences for local vendors;

limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting, or enforcing our intellectual property rights, including our trademarks and patents;

political instability, military conflict or war, or terrorist activities;

exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended (FCPA), U.S. bribery laws, the U.K. Bribery Act, and similar laws and regulations in other jurisdictions;

burdens of complying with laws and regulations related to taxation; and

regulations, adverse tax burdens, and foreign exchange controls that could make it difficult or costly to repatriate earnings and cash.

We expect to invest substantial time and resources to further expand our international operations, and, if we are unable to do so successfully and in a timely manner, our business and results of operations could suffer.

As we ~~prepare to offer~~are offering our platform through a Chinese-owned operating partner to Chinese affiliates of certain multi-national customers, risks associated with economic, political, and social events in China could negatively affect our business, financial condition, results of operations and growth prospects.

We are currently offering our platform to Chinese affiliates of certain multi-national customers. Under Chinese law, we must offer our platform through a Chinese-owned operating partner, which must assume control and management of certain aspects of our platform and serve as the seller of record. This requires a new operating and go-to-market model, and there is a risk that functionality or customer experience may suffer and that we may incur liability or brand impairment arising from the operating partners actions or inactions. In addition, developing and operationalizing this new model is a significant investment and may not generate expected returns.

We may also encounter the following risks:

uncertainty regarding the validity, enforceability, and scope of protection for intellectual property rights in China and the practical difficulties of enforcing such rights;

inability to secure our intellectual property and other proprietary information located in China from unauthorized access or theft;

Table of Conte n ts

heightened risks of cyber incidents, which could lead to the unauthorized access to or exposure of customer data;

inability to comply with extensive and evolving Chinese laws that are often ambiguous or inconsistently enforced;

changes in tax regulations that may impact the economics of our China operating model;

economic or political instability;

a slowdown in Chinas economy; and

~~Table of~~ ~~Contents~~

a government-controlled foreign exchange rate and capital controls, including limitations on the convertibility of the Chinese yuan to other currencies.

Further, geopolitical and national security tensions between China and the United States or other countries could lead to further restrictions on our ability to operate in China, increased scrutiny of our business operations in China, or unwillingness of certain customers to do business with us, including the U.S. federal government.

Due to these and other risks, our operations in China may be more expensive or difficult than anticipated or they may fail, which could have an adverse effect on our business, financial condition, results of operations, and growth prospects.

We may require additional capital to support the growth of our business, and this capital might not be available on acceptable terms, if at all.

We have funded our operations since inception primarily through equity ~~financings, including our IPO,~~and debt financings and payments received from our customers. We cannot be certain if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business. We intend to continue to make investments to support our business, which may require us to engage in further equity or debt financings to secure additional funds. Additional financing may not be available on terms favorable to us, if at all, particularly during times of market volatility and general economic instability. If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, operating results, and financial condition. IfAny debt we incur ~~debt,~~could give the debt holders would have rights senior to holders of common stock to make claims on our assets, and the terms of any debt could restrict our operations, including our ability to repurchase stock and pay dividends on our common stock. Furthermore, if we issue additional equity securities, stockholders will experience dilution, and the new equity securities couldrights senior to our stockholders to make claims on our assets and could involve covenants relating to our capital raising activities and other financial and operational matters, which may limit our ability to obtain additional capital, pursue business opportunities and strategic transactions, repurchase stock and pay dividends on our common stock. For example, the holders of our 0% convertible senior notes due 2027 and 0% convertible senior notes due 2029 (collectively, the Notes) have rights senior to holders of our common stock to make claims on our assets, and the indentures governing each series of the Notes, as supplemented (each an Indenture and together, the Indentures), include customary covenants for us, such as covenants to make payment of principal and special interest (if any) and remain current in our reporting obligations with the SEC (though no financial or operating covenants or restrictions on us paying dividends or issuing or repaying, prepaying or repurchasing our other securities or indebtedness). Furthermore, if we issue additional equity securities, including shares of common stock issued upon conversion of the Notes, stockholders will experience dilution, and in some cases we may issue new equity securities that have rights senior to those of our common stock. Because our decision to issue securities in the future will depend on numerous considerations, including factors beyond our control, we cannot predict or estimate the amount, timing, or nature of any future issuances of debt or equity securities. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our common stock and diluting their interests.

Servicing our debt requires a significant amount of cash, and we may not have sufficient cash flow from our business to pay our substantial debt.

Our ability to make scheduled payments of the principal of, to pay special interest, if any, on or to refinance the Notes depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Our business may not continue to generate sufficient cash flow from operations to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt, or obtaining additional equity capital on terms that may be onerous or highly dilutive. Our ability to refinance the Notes will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations.

Table of Conte n ts

We may not have enough available cash or the ability to raise the funds necessary to pay cash upon conversion of the Notes or to repurchase the Notes upon a fundamental change, and any future debt may contain limitations on our ability to do so.

Holders of each series of the Notes will have the right, subject to certain conditions and limited exceptions, to require us to repurchase all or any portion of their Notes upon the occurrence of a fundamental change prior to the maturity date of such series of the Notes (as defined and described in the applicable Indenture). Upon any conversion of Notes, we will be required to make cash payments to settle such conversion unless we elect to fully settle it by delivering shares of our common stock (other than any cash paid in lieu of delivering fractional shares). We may not have enough available cash or be able to obtain financing at the time if we are required to repurchase surrendered Notes or settle the conversion of Notes in cash. In addition, our ability to repurchase Notes or to pay cash upon conversions of the Notes may be limited by law, regulatory authority, or agreements governing our future indebtedness. Our failure to repurchase the Notes or to pay any cash upon future conversions of the Notes, when required by the Indentures, would constitute a default under the relevant Indenture. A default under either Indenture or the fundamental change itself could also lead to a default under agreements governing any future indebtedness. If the repayment of such future indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the Notes or make cash payments upon conversions thereof.

The conditional conversion feature of the Notes, if triggered, may adversely affect our financial condition and operating results.

If the conditional conversion feature of a series of the Notes is triggered, holders of such Notes will be entitled to elect to convert their Notes at any time during specified periods, as described in the applicable Indenture. If one or more holders elect to convert their Notes, we would be required to settle a portion or all of our conversion obligation through the payment of cash, unless we elect to fully settle such conversion by delivering shares of our common stock (other than any cash paid in lieu of delivering fractional shares), which could adversely affect our liquidity. In addition, even if holders do not elect to convert their Notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the relevant series of Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our results of operations and our ability to invest and hold our cash.

Our sales are currently denominated in U.S. dollars, Euros, British pounds, Australian dollars, Canadian dollars, and Brazilian reals, and will likely be denominated in other currencies in the future. Because we report our results of operations and revenue in U.S. dollars, we currently face exposure to foreign currency translation risk and may in the future face other foreign currency risks. If we are not able to successfully hedge against the risks associated with currency fluctuations, our results of operations could be adversely affected. For example, a strengthening of the U.S. dollar could increase the real cost of our platform to international customers, which could adversely affect our results of operations. In addition, as our international operations expand, an increasing portion of our operating expenses is incurred outside the United States. These operating expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates. Exposure to these risks and fluctuations could adversely affect our financial position, results of operations, and cash flows.

If our estimates or judgments relating to our critical accounting estimates prove to be incorrect, our results of operations could be adversely affected.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our condensed consolidated financial statements and accompanying notes appearing elsewhere herein. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled Managements Discussion and Analysis of Financial Condition and Results of OperationsCritical Accounting Estimates. The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, revenue, costs and expenses, and related disclosures. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock.

~~Risks Related to Our Intellectual Property~~

Table of ~~Contents~~of Conte n ts

Risks Related to Our Intellectual Property

Our intellectual property rights may not protect our business or provide us with a competitive advantage.

To be successful, we must protect our business, technology and brand in the United States and other jurisdictions through trademarks, trade secrets, patents, copyrights, service marks, invention assignments, contractual restrictions, and other intellectual property rights and confidentiality procedures. Despite our efforts to implement these protections, they may not protect our business or provide us with a competitive advantage for a variety of reasons, including:

the failure by us to obtain patents and other intellectual property rights for important innovations or maintain appropriate confidentiality and other protective measures to establish and maintain our trade secrets;

to the extent a customer or partner owns any intellectual property created through a professional services or other engagement, our inability to use or monetize that intellectual property as part of our business;

uncertainty in, and evolution of, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights;

potential invalidation of our intellectual property rights through administrative processes or litigation;

our inability to detect and protect against infringement or other misappropriation of our intellectual property rights by third parties;

uncertainty regarding the applicability of intellectual property protections to AI Technology (including outputs generated from AI Technology); and

other practical, resource, or business limitations on our ability to enforce our rights.

Further, the laws of certain foreign countries, particularly certain developing countries, do not provide the same level of protection of corporate proprietary information and assets, such as intellectual property, trademarks, trade secrets, know-how, and records, as the laws of the United States. As a result, we may encounter significant problems in protecting and defending our intellectual property or proprietary rights abroad. We may also be exposed to material risks of theft or unauthorized reverse engineering of our proprietary information and other intellectual property, including technical data, data sets, or other sensitive information. Our efforts to enforce our intellectual property rights in such foreign countries may be inadequate to obtain a significant commercial advantage from the intellectual property that we develop, which could have a material adverse effect on our business, financial condition, and results of operations. Moreover, if we are unable to prevent the disclosure of our trade secrets to third parties, or if our competitors independently develop any of our trade secrets, we may not be able to establish or maintain a competitive advantage in our market, which could seriously harm our business.

Litigation may be necessary to enforce our intellectual property or proprietary rights, protect our trade secrets, or determine the validity and scope of proprietary rights claimed by others. Any litigation, whether or not resolved in our favor, could result in significant expense to us, divert the efforts of our technical and management personnel, and result in counterclaims with respect to infringement of intellectual property rights by us. If we are unable to prevent third parties from infringing upon or misappropriating our intellectual property or are required to incur substantial expenses defending our intellectual property rights, our business, financial condition, and results of operations may be materially adversely affected.

We may become subject to intellectual property disputes, which are costly and may subject us to significant liability and increased costs of doing business.

We compete in markets where there are a large number of patents, copyrights, trademarks, trade secrets, and other intellectual and proprietary rights, as well as disputes regarding infringement of these rights. In addition, many of the holders of patents, copyrights, trademarks, trade secrets, and other intellectual and proprietary rights have extensive intellectual property portfolios and greater resources than we do to enforce their rights. As compared to our large competitors, our patent portfolio is relatively undeveloped and may not provide a material deterrent to such assertions or provide us with a strong basis to counterclaim or negotiate settlements. Further, to the extent assertions are made against us by entities that hold patents but are not operating companies, our patent portfolio may not provide deterrence because such entities are not concerned with counterclaims.

7886

Table of ~~Contents~~of Conte n ts

Any intellectual property litigation to which we become a party may require us to do one or more of the following:

cease selling, licensing, or using products, features, or data sets that incorporate the intellectual property rights that we allegedly infringe, misappropriate, or violate;

require us to change the name of our products or services;

make substantial payments for legal fees, settlement payments, or other costs or damages, including indemnification of third parties;

obtain a license or enter into a royalty agreement, either of which may not be available on reasonable terms or at all, in order to obtain the right to sell or use the relevant intellectual property; or

redesign the allegedly infringing products to avoid infringement, misappropriation, or violation, which could be costly, time-consuming, or impossible.

Intellectual property litigation is typically complex, time consuming, and expensive to resolve and would divert the time and attention of our management and technical personnel. It may also result in adverse publicity, which could harm our reputation and ability to attract or retain employees, customers, or partners. As we grow, we may experience a heightened risk of allegations of intellectual property infringement. An adverse result in any litigation claims against us could have a material adverse effect on our business, financial condition, and results of operations.

If we use open-source software inconsistent with our policies and procedures or the license terms applicable to such software, we could be subject to legal expenses, damages, or costly remediation or disruption to our business.

We use open-source software in our platform and in our professional service engagements. From time to time, companies that use third-party open-source software have faced claims challenging the use of such open-source software and their compliance with the terms of the applicable open-source license. We may be subject to suits by parties claiming ownership of what we believe to be open-source software or claiming non-compliance with the applicable open-source licensing terms. Additionally, despite our policies and procedures designed to govern our use of open-source software, we may incorporate open-source software with onerous licensing terms, including the obligation to make our source code available for others to use or modify without compensation to us, or inadvertently use third-party open-source software in a manner that exposes us to claims of non-compliance with the applicable terms of such license, including claims for infringement of intellectual property rights or for breach of contract. If we receive an allegation that we have violated an open-source license, we may incur significant legal expenses, be subject to damages, be required to redesign our product to remove the open-source software or publicly release certain portions of our proprietary source code, or be required to comply with onerous license restrictions, any of which could have a material impact on our business. Even in the absence of a claim, if we discover the use of open-source software inconsistent with our policies, we could expend significant time and resources to replace the open-source software or obtain a commercial license, if available. All of these risks are heightened by the fact that the ownership of open-source software can be uncertain, leading to litigation, that many of the licenses applicable to open-source software have not been interpreted by courts, and that these licenses could be construed to impose unanticipated conditions or restrictions on our ability to commercialize our products. Any use of open-source software inconsistent with our policies or licensing terms could harm our business and financial position.

Risks Related to Our Legal, Regulatory, and Tax Environment

We are subject to stringent and changing obligations related to data, including data privacy and security, and the failure or perceived failure to comply with these obligations could result in significant fines and liability or otherwise result in substantial harm to our business and prospects.

We are subject to data privacy and protection laws, regulations, guidance, external and internal policies and other documentation, industry standards, certifications, and contractual and other obligations that apply to the collection, transmission, storage, use, and other processing of personal information. These obligations are rapidly evolving, extensive, complex, and include inconsistencies and uncertainties. Examples of recent and anticipated developments that have impacted or could impact our business include the following:

7987

Table of ~~Contents~~of Conte n ts

~~evolving, extensive, complex, and include inconsistencies and uncertainties. Examples of recent and anticipated developments that have impacted or could impact our business include the following:~~

The European Unions (EU) General Data Protection Regulation (GDPR) and the United Kingdoms General Data Protection Regulation established strict requirements applicable to the handling of personal information.

Indias Digital Personal Data Protection Act (DPDP Act), which was passed in August 2023, imposes strict rules regarding the collection, use, processing and storage of personal data in India. The DPDP Act will not come into effect until the Indian government provides notice of an effective date, which is expected in 2024.

The EU has proposed the Regulation on Privacy and Electronic Communications, which, if adopted, would impose new obligations on using personal information in the context of electronic communications, particularly with respect to online tracking technologies and direct marketing.

Certain other jurisdictions have enacted data localization laws and cross-border personal information transfer laws, such as Brazil and China, which could make it more difficult for us to transfer personal information across jurisdictions (such as transferring or receiving personal or other sensitive information that originates in the EU or China), or to enable our customers to transfer or replicate their data across jurisdictions using our platform. Existing mechanisms that may facilitate cross-border personal information transfers may change or be invalidated. Because our business model involves transmitting and mobilizing data across geographical areas, an inability or material limitation on our ability to transfer personal data to the United States or other countries could materially impact our business operations and revenue.

In the United States, federal, state, and local governments have enacted or proposed data privacy and security laws, including data breach notification laws, personal data privacy laws, and consumer protection laws. Additionally, in the past few years, numerous U.S. statesincluding California, Virginia, Colorado, Connecticut, and Utahhave enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data. Such rights may include the right to access, correct, or delete certain personal data, and to opt-out of certain data processing activities, such as targeted advertising, profiling, and automated decision-making and, if exercised, may adversely impact our business and ability to provide our products and services. Certain states also impose stricter requirements for processing certain personal data, including sensitive information, such as conducting data privacy impact assessments. These state laws allow for statutory fines for noncompliance. For example, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), provides increased privacy rights and protections, including the ability of individuals to opt out of specific disclosures of their personal information, and provides for fines of up to $7,500 per intentional violation and allows private litigants affected by certain data breaches to recover significant statutory damages. Other U.S. states have adopted, or are considering adopting, similar laws.

The certifications we ~~may~~ maintain and the standards that ~~may~~ apply to our ~~business~~platform (or those we may maintain or that may apply in the future), such as the U.S. Federal Risk and Authorization Management Program (FedRAMP), U.S. Department of Defense Impact Level 4 (IL4), Payment Card Industry Data Security Standards (PCI-DSS), International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001, Health Information Trust Alliance Common Security Framework (HI-TRUST CSF), StateRAMP, among others, are becoming more stringent.

We may also become subject to new laws that specifically regulate non-personal data. For example, we may become subject to certain parts of the European Unions Data Act, which imposes certain data and cloud service interoperability and switching obligations to enable users to switch between cloud service providers without undue delay or cost, as well as certain requirements concerning cross-border international transfers of, and governmental access to, non-personal data outside the European Economic Area.

8088

Table of ~~Contents~~of Conte n ts

These and other similar legal and regulatory developments could contribute to legal and economic uncertainty, increase our exposure to liability, affect how we design, market, and sell our platform, and how we operate our business, how our customers and partners process and share data, how we process and use data, and how we transfer personal data from one jurisdiction to another, any of which could increase our costs, require us to take on more onerous obligations in our contracts, impact our ability to operate in certain jurisdictions, and/or negatively impact the types of data available on or the demand for our platform. It is possible that new laws may be adopted or existing laws may be interpreted and applied in a manner that is inconsistent with our practices and our efforts to comply with the evolving data protection rules may be unsuccessful. We may incur substantial costs to comply with such laws and regulations, to meet the demands of our customers relating to their own compliance with applicable laws and regulations, and to establish and maintain internal policies, self-certifications, and third-party certifications supporting our compliance programs. Our customers may delegate certain of their GDPR compliance or other privacy law obligations to us, and we may otherwise be required to expend resources to assist our customers with such compliance obligations.

Any actual or perceived non-compliance with applicable data privacy and security obligations by us or our third-party service providers and sub-processors could result in proceedings, investigations, or claims against us by regulatory authorities, customers, or others, leading to reputational harm, higher liability and indemnity obligations, significant fines, litigation costs, additional reporting requirements or oversight, bans on processing personal information, orders to destroy or not use personal information, limitations in our ability to develop or commercialize our platform, inability to process personal information or operate in certain jurisdictions, and other damages. For example, if regulators assert that we have failed to comply with the GDPR or U.K. GDPR, we may be subject to fines of up to (i) 20.0 million Euros or 17.5 million British pounds, as applicable, or (ii) 4% of our worldwide annual revenue, whichever is greater, as well as potential data processing restrictions and penalties. In addition, private plaintiffs have become increasingly active in bringing privacy- and information security-related claims against companies, including class action claims. Some of these claims allow for the recovery of statutory damages on a per violation basis, and, if viable, carry the potential for significant statutory damages, depending on the volume of data and the number of violations. Even if we are not determined to have violated these laws and other obligations, investigations into these issues typically require the expenditure of significant resources and generate negative publicity. In addition, any failure by us or our third-party service providers and sub-processors to comply with applicable obligations could result in proceedings against us. Certain regulators, such as the FTC, may prohibit our use of certain personal information as a result of such proceedings. Any of these events could have a material adverse effect on our business, financial condition, and results of operations.

We publish privacy policies, certifications and other documentation regarding our security program and our collection, processing, use, and disclosure of personal information or other confidential information. We or our vendors may fail to comply with these policies, certifications, or documentation, or may be perceived to have failed to do so. Claims by regulators or private parties that we have not followed our published documentation or otherwise violated individuals privacy rights or failed to comply with data protection laws, even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business.

Issues in the development and use of AI Technology, combined with an uncertain regulatory environment, may result in reputational harm, liability, or other adverse consequences to our business operations.

The legal and regulatory landscape applicable to AI Technology is uncertain and is evolving rapidly, which may result in new and enhanced governmental or regulatory scrutiny, litigation, confidentiality, privacy or security risks, ethical concerns, legal liability, or other complications that could adversely affect our business, reputation or financial condition, or results of operations. ~~For example, states~~States, regions, and supranational bodies, including the European Union and the United States, have passed or proposed new rules and regulations related to the use or sale of AI Technology. For example, the European Unions Artificial Intelligence Act, the first comprehensive legal framework regulating artificial intelligence, entered into force in August 2024. These regulations may impose onerous obligations related to our development, offering, and use of AI Technology and expose us to an increased risk of regulatory enforcement and litigation. If we cannot use AI Technology or that use is restricted, our business may be less efficient, or we may be at a competitive disadvantage.

8189

Table of ~~Contents~~of Conte n ts

In particular, there is significant uncertainty surrounding the applications of intellectual property and privacy laws to AI Technology. Intellectual property ownership and license rights, including copyright, surrounding AI Technology have not been fully addressed by courts or other federal or state laws or regulations, and our use of AI Technology or adoption of AI Technology into our products and services may result in disputes with respect to ownership or intellectual property, or exposure to claims of copyright or other intellectual property misappropriation. In addition, our AI Technology may involve the processing of personal and other sensitive data and may be subject to laws, policies, legal obligations, and contractual requirements related to privacy, data protection, and information security. Certain privacy laws extend rights to consumers (such as the right to obtain consent or delete certain personal data) and regulate automated decision making. An alleged or actual failure to meet these obligations may lead to regulatory investigations and fines or penalties, require us to change our business practices or retrain our algorithms, or prevent or limit our use of AI Technology. For example, the FTC has required other companies to turn over or disgorge valuable insights or trainings generated through the use of AI Technology where the FTC determined such companies violated privacy and consumer protection laws. We may also be held liable for intellectual property, privacy, or other legal violations of third-party AI Technology that we use, and that we may not have full recourse for any damages that we suffer (for example, our use of third-party AI Technology may be subject to limitations of liability or provide no liability coverage (e.g., free or open-source technology)).

The algorithms or training methodologies used in the AI Technology we use or offer may be flawed. Data sets may be overly broad, insufficient, or contain inappropriately biased information. Our generative AI Technology may also generate outputs that are inaccurate, misleading, harmful, or otherwise flawed. This may happen if the inputs that the model relied on were inaccurate, incomplete, or flawed (including if a bad actor poisons the model with bad inputs or logic), or if the logic of the algorithm is flawed (a so-called hallucination). Our customers or others may rely on or use such outputs to their detriment, or it may lead to adverse outcomes, which may expose us to brand or reputational harm, competitive harm, and/or legal liability. Finally, if we enable or offer services or technologies that draw scrutiny or controversy, we may experience brand or reputational harm, competitive harm, and/or legal liability.

We are subject to anti-corruption, anti-bribery, anti-money laundering, and similar laws, and non-compliance with such laws can subject us to criminal or civil liability and harm our business, financial condition, and results of operations.

We are subject to the FCPA, U.S. domestic bribery laws, the U.K. Bribery Act 2010, and other anti-corruption and anti-money laundering laws in the countries in which we conduct business. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. As we increase our international sales, including in China, and sales to the public sector, we may engage with business partners and third-party intermediaries to market or resell our products and to obtain necessary permits, licenses, and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities.

We may be held responsible for the actions of our employees, agents, customers, partners, suppliers and other third parties with which we do business if such actions violate our policies and applicable law. As we expand internationally and into the public sector market, our risks under these laws may increase.

Detecting, investigating, and resolving actual or alleged violations of anti-corruption, anti-bribery, or anti-money laundering laws can require a significant diversion of time, resources, and attention from senior management. In addition, noncompliance with anti-corruption, anti-bribery, or anti-money laundering laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, enforcement actions, fines, damages, other civil or criminal penalties or injunctions, suspension or debarment from contracting with certain persons, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, financial condition, and results of operations could be harmed.

8290

Table of ~~Contents~~of Conte n ts

We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate the controls.

Our platform is subject to U.S. export controls, including the U.S. Export Administration Regulations, and we incorporate encryption technology into our platform. This encryption technology may be exported outside of the United States only with the required export authorizations, including by license, a license exception, or other appropriate government authorizations, including the filing of an encryption classification request or self-classification report.

Obtaining the necessary export license or other authorization for a particular sale can be time-consuming and may result in the delay or loss of sales opportunities. Furthermore, our activities are subject to U.S. economic sanctions laws and regulations administered by various U.S. agencies, including the U.S. Treasury Departments Office of Foreign Assets Control, that prohibit the sale or supply of most products and services to embargoed jurisdictions or sanctioned parties. Violations of U.S. sanctions or export control regulations can result in significant fines or penalties and possible incarceration for responsible employees and managers.

If our channel partners fail to obtain appropriate import, export, or re-export licenses or permits, we may also be adversely affected through reputational harm, as well as other negative consequences, including government investigations and penalties.

Also, various countries, in addition to the United States, regulate the import and export of certain encryption and other technology, including import and export licensing requirements, and have enacted laws that could limit our ability to distribute our platform in those countries. Changes in our platform or future changes in export and import regulations may create delays in the introduction of our platform in international markets, prevent our customers with international operations from using our platform globally, or, in some cases, prevent the export or import of our platform to certain countries, governments, or persons altogether. From time to time, various governmental agencies have proposed additional regulation of encryption technology. Any change in export or import regulations, economic sanctions, or related legislation, increased export and import controls, or change in the countries, governments, persons, or technologies targeted by such regulations, could result in decreased use of our platform by, or our decreased ability to export or sell our platform to, existing or potential customers with international operations. Any decreased use of our platform or limitation on our ability to export or sell our platform would adversely affect our business, financial condition, and results of operations.

Our international operations may subject us to greater than anticipated tax liabilities.

We are expanding our international operations to better support our growth into international markets. Our corporate structure and associated transfer pricing policies contemplate future growth in international markets and consider the functions, risks, and assets of the various entities involved in intercompany transactions. The amount of taxes we pay in different jurisdictions ~~depend~~depends on the application of the tax laws of various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions pursuant to our intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows, and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency.

8391

Table of ~~Contents~~of Conte n ts

Changes in tax laws or tax rulings could materially affect our financial position, results of operations, and cash flows.

The tax regimes we are subject to or operate under, including income and non-income taxes, are unsettled and may be subject to significant change. Changes in tax laws, regulations, or rulings, or changes in interpretations of existing laws and regulations, could materially affect our financial position and results of operations. ~~For example, the 2017 legislation~~Legislation informally titled the Tax ~~Act significantly reformed the Internal Revenue Code of 1986, as amended (the Code). In August 2022, the United States passed the Inflation Reduction Act, which provides for~~Cuts and Jobs Act and the Inflation Reduction Act (Inflation Act) made many significant changes to U.S. tax laws. For example, the Inflation Act includes provisions that will impact the U.S. federal income taxation of certain corporations, including a minimum tax equal to 15% of the adjusted financial statement income of certain large corporations, as well as a 1% excise tax ~~on stock repurchases~~applicable to corporations traded on an established securities market (which includes the New York Stock Exchange) on the fair market value of certain stock repurchases in excess of the fair market value of stock issuances in the same taxable year. In February 2023, our board of directors authorized the repurchase of up to $2.0 billion of our common stock through a stock repurchase program. In August 2024, our board of directors authorized the repurchase of an additional $2.5 billion of our outstanding common stock under the stock purchase program and extended the expiration date of the stock repurchase program from March 2025 to March 2027. ~~We do not expect the excise tax on repurchases under our~~Repurchases of our common stock under current or future stock repurchase program to have a material impact on our aggregate tax liability. In addition, many countries have recently proposed, recommended, or enacted changes to existing tax laws or new tax laws that could significantly increase our tax obligations in the countries where we do business or require us to change the manner in which we operate our businessprograms could result in an excise tax liability, and we are continuing to evaluate the impact that such excise tax liability, if any, may have on our aggregate tax liability. Future guidance from the Internal Revenue Service and other tax authorities with respect to such legislation may affect us, and certain aspects thereof could be repealed or modified in future legislation.

Over the last several years, the Organization for Economic Cooperation and Development has been working on a Base Erosion and Profit Shifting Project that, if implemented, would change various aspects of the existing framework under which our tax obligations are determined in many of the countries in which we do business. As of February 2024, more than 140 countries have approved a framework that imposes a minimum tax rate of 15%, among other provisions. As this framework is subject to further negotiation and implementation by each member country, the timing and ultimate impact of any such changes on our tax obligations are uncertain. Similarly, the European Commission and several countries have issued proposals that would apply to various aspects of the current tax framework under which we are taxed. These proposals include changes to the existing framework to calculate income tax, as well as proposals to change or impose new types of non-income taxes (such as taxes based on a percentage of revenue or taxes applicable to digital services), which could apply to our businessIn addition, our tax obligations and effective tax rate in the jurisdictions in which we conduct business could increase, including as a result of the base erosion and profit shifting (BEPS) project that is being led by the Organization for Economic Co-operation and Development (OECD), and other initiatives led by the OECD or the European Commission.

Due to the large and expanding scale of our international business activities, these types of changes to the taxation of our activities could increase our worldwide effective tax rate, ~~increase~~ the amount of taxes imposed on our business, and our compliance costs, and harm our financial position. Such changes may also apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our financial statements. We continue to monitor the impact of new global and U.S. legislation on our effective tax rate.

Our ability to use our net operating loss carryforwards may be limited.

We have incurred substantial losses during our history, do not expect to become profitable in the near future, and may never achieve profitability. Unused U.S. federal net operating losses (NOLs) for taxable years beginning before January 1, 2018, may be carried forward to offset future taxable income, if any, until such unused NOLs expire. Under ~~the Tax Act, as modified by 2020 legislation referred to as the CARES Act~~current U.S. federal income tax law, U.S. federal NOLs arising in taxable years beginning after December 31, 2017, can be carried forward indefinitely, but the deductibility of such U.S. federal NOLs in taxable years beginning after December 31, 2020, is limited to 80% of such years taxable income. At the state level, there may be periods during which the use of NOLs is suspended or otherwise limited, which could accelerate or permanently increase state taxes owed.

As of January 31, 2024, we had U.S. federal, state, and foreign NOL carryforwards of $6.2 billion, $5.6 billion, and $175.2 million, respectively. Of the $6.2 billion U.S. federal NOL carryforwards, $6.1 billion may be carried forward indefinitely with utilization limited to 80% of taxable income, and the remaining $0.1 billion will begin to expire in 2032. The state NOL carryforwards begin to expire in 2024. Of the $175.2 million foreign NOL carryforwards, $169.6 million may be carried forward indefinitely, and the remaining $5.6 million will begin to expire in 2027.

In addition, under Section 382 of the Internal Revenue Code of 1986, as amended, and corresponding provisions of state law, if a corporation undergoes an ownership change, which is generally defined as one or more stockholders or groups of stockholders who own at least 5% of our stock increasing their ownership by more than 50 percentage points over their lowest ownership percentage within a rolling three-year period, the corporations ability to use its pre-change NOL carryforwards to offset its post-change income or taxes may be limited. It is possible that we have experienced or may experience ownership changes as a result of shifts in our stock ownership, some of which may be outside of our control. This could limit the amount of NOLs that we can utilize annually to offset future taxable income or tax liabilities. Subsequent ownership changes and changes to the U.S. tax rules in respect of the utilization of NOLs may further affect the limitation in future years.

Table of ~~Contents~~of Conte n ts

In addition, under Section 382 of the Code, and corresponding provisions of state law, if a corporation undergoes an ownership change, which is generally defined as one or more stockholders or groups of stockholders who own at least 5% of our stock increasing their ownership by more than 50 percentage points over their lowest ownership percentage within a rolling three-year period, the corporations ability to use its pre-change NOL carryforwards to offset its post-change income or taxes may be limited. It is possible that we have experienced or may experience ownership changes as a result of shifts in our stock ownership, some of which may be outside of our control. This could limit the amount of NOLs that we can utilize annually to offset future taxable income or tax liabilities. Subsequent ownership changes and changes to the U.S. tax rules in respect of the utilization of NOLs may further affect the limitation in future years.

Changes in our effective tax rate or tax liability may have an adverse effect on our results of operations.

We are subject to income taxes in the United States and various foreign jurisdictions. The determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by management, and there are many transactions where the ultimate tax determination is uncertain. We believe that our provision for income taxes is reasonable, but the ultimate tax outcome may differ from the amounts recorded in our condensed consolidated financial statements and may materially affect our financial results in the period or periods in which such outcome is determined.

Our effective tax rate could increase due to several factors, including:

changes in the relative amounts of income before taxes in the various jurisdictions in which we operate that have differing statutory tax rates;

changes in tax laws, tax treaties, and regulations or the interpretation of them;

changes to our assessment about our ability to realize our deferred tax assets that are based on estimates of our future results, the prudence and feasibility of possible tax planning strategies, and the economic and political environments in which we do business;

the outcome of current and future tax audits, examinations, or administrative appeals; and

the effects of acquisitions and divestitures.

Any of these developments could adversely affect our results of operations.

Risks Related to the Ownership of Our Common Stock

Our stock price may be volatile, and the value of our common stock may decline.

The market price of our common stock has been and may continue to be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, some of which are beyond our control, including:

actual or anticipated fluctuations in our financial condition or results of operations;

variance in our actual or projected financial performance from expectations of securities analysts and investors;

changes in the pricing or consumption of our platform;

updates to our projected operating and financial results;

changes in laws or regulations applicable to our business;

announcements by us or our competitors of significant business developments, acquisitions, investments, or new offerings;

rumors and market speculation involving us or other companies in our industry;

significant data breaches, disruptions to, or other incidents involving our platform or our customers;

our involvement in litigation or governmental or regulatory investigations or inquiries and the development and outcome of such litigation, investigations, or inquiries;

~~Table of~~ ~~Contents~~

changes in senior management or key personnel;

fluctuations in company valuations, particularly valuations of high-growth or cloud companies, perceived to be comparable to us;

the trading volume of our common stock;

purchase and sale of our common stock by our insiders or our other stockholders;

Table of Conte n ts

changes in the anticipated future size and growth rate of our market;

our issuance or repurchase of shares of our common stock or securities convertible into or exchangeable for share of our common stock and any derivative transactions relating to such securities; and

general political, social, economic, and market conditions.

Broad market and industry fluctuations, as well as general economic, political, regulatory, and market conditions, such as recessions, inflation, interest rate changes, or international currency fluctuations, may also negatively impact the market price of our common stock. In addition, technology stocks have historically experienced high levels of volatility. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We have been, and may be in the future, the target of this type of litigation, which could result in substantial expenses and divert our managements attention. We are currently subject to a securities class action lawsuit in federal court. See the section titled Legal Proceedings for more information.

Conversion of the Notes may dilute the ownership interest of our stockholders or may otherwise depress the price of our common stock.

The conversion of the Notes may dilute the ownership interests of our stockholders. Upon conversion of the Notes, we have the option to settle the obligation in cash, shares of our common stock, or a combination of both. If we elect to settle our conversion obligation in shares of our common stock or a combination of cash and shares of our common stock, any sales in the public market of our common stock issuable upon such conversion could adversely affect prevailing market price of our common stock. In addition, the existence of the Notes may encourage short selling by market participants because the conversion of the Notes could be used to satisfy short positions, or anticipated conversion of the Notes into shares of our common stock could depress the price of our common stock.

The capped call transactions may affect the value of the Notes and the market price of our common stock.

We entered into privately negotiated capped call transactions relating to each series of Notes with some of the initial purchasers (or their affiliates) and certain other financial institutions (collectively, the option counterparties). The capped call transactions are generally expected to reduce the potential dilution to our common stock upon any conversion of the relevant series of Notes or offset any cash payments we are required to make in excess of the principal amount of converted Notes, with such reduction or offset subject to a cap.

In connection with establishing their initial hedges of the capped call transactions, the option counterparties entered into various derivative transactions with respect to our common stock and/or purchased shares of our common stock concurrently with, or shortly after, the pricing of the Notes. They may modify their hedge positions by entering into or unwinding various derivatives with respect to our common stock and/or purchasing or selling shares of our common stock or other securities of ours in secondary market transactions prior to the maturity of the Notes, and they are likely to do so during any observation period related to a conversion of Notes or, to the extent we exercise the relevant election under the capped call transactions, following any repurchase or redemption of the Notes, in each case as described in the Indentures. This activity could also cause or avoid an increase or a decrease in the market price of our common stock or the Notes.

We are subject to counterparty risk with respect to the capped call transactions.

The option counterparties are financial institutions, and we will be subject to the risk that any or all of them might default under the capped call transactions. Our exposure to the credit risk of the option counterparties will not be secured by any collateral. Past global economic conditions have resulted in the actual or perceived failure or financial difficulties of many financial institutions and could adversely affect the option counterparties performance under the capped call transactions. If an option counterparty becomes subject to insolvency proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at that time under the capped call transactions with such option counterparty. Our exposure will depend on many factors but, generally, an increase in our exposure will be correlated to an increase in the market price and in the volatility of our common stock. In addition, upon a default by an option counterparty, we may suffer more dilution, the effect of which would not be compensated for, than we currently anticipate with respect to our common stock. We can provide no assurance as to the financial stability or viability of the option counterparties.

Table of Conte n ts

Our issuance of additional capital stock in connection with financings, acquisitions, investments, our equity incentive plans, or otherwise will dilute all other stockholders.

We expect to issue additional capital stock in the future that will result in dilution to all other stockholders, including issuance of shares of our common stock upon conversion of the Notes. We expect to grant equity awards to employees, non-employee directors, and consultants under our equity incentive plans. We may also raise capital through equity financings in the future. As part of our business strategy, we have and may continue to acquire or make investments in companies, products, or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our common stock to decline.

We may not realize the anticipated long-term stockholder value of our stock repurchase program, and any failure to repurchase our common stock after we have announced our intention to do so may negatively impact our stock price.

In February 2023, our board of directors authorized the repurchase of up to $2.0 billion of our common stock through a stock repurchase program. In August 2024, our board of directors authorized the repurchase of an additional $2.5 billion of our outstanding common stock under the stock repurchase program and extended the expiration date of the stock repurchase program from March 2025 to March 2027. Repurchases may be effected, from time to time, either on the open market (including via pre-set trading plans), in privately negotiated transactions, or through other transactions in accordance with applicable securities laws.

The timing and amount of any repurchases will be determined by management based on an evaluation of market conditions and other factors. The program does not obligate us to acquire any particular amount of common stock and may be suspended or discontinued at any time at our discretion. Any failure to repurchase stock after we have announced our intention to do so may negatively impact our reputation, investor confidence in us, or our stock price.

The existence of our stock repurchase program could cause our stock price to be higher than it otherwise would be and could potentially reduce the market liquidity for our stock. Although our stock repurchase program is intended to enhance long-term stockholder value, there is no assurance that it will do so because the market price of our common stock may decline below the levels at which we repurchase shares, and short-term stock price fluctuations could reduce the effectiveness of the program. Repurchasing our common stock reduces the amount of cash we have available to fund working capital, capital expenditures, strategic acquisitions or investments, other business opportunities, and other general corporate projects, and we may fail to realize the anticipated long-term stockholder value of any stock repurchase program. In addition, the Inflation Act imposes an excise tax of 1% on certain corporate stock repurchases.

~~Table of~~ ~~Contents~~

If securities or industry analysts publish unfavorable or inaccurate research about our business, the market price or trading volume of our common stock could decline.

The market price and trading volume of our common stock is heavily influenced by the way analysts interpret our financial information and other disclosures. We do not have control over these analysts. If securities analysts or industry analysts cease coverage of us, our stock price would be negatively affected. If securities or industry analysts downgrade our common stock or publish negative reports about our business, our stock price would likely decline. Further, investors and analysts may not understand how our consumption-based business model differs from a subscription-based business model. If one or more of these analysts cease coverage of us, publish inaccurate research about our business, or fail to publish reports on us regularly, demand for our common stock could decrease, which might cause our stock price to decline and could decrease the trading volume of our common stock.

We do not intend to pay dividends for the foreseeable future and, as a result, the ability of the holders of our common stock to achieve a return on their investment will depend on appreciation in the price of our common stock.

We have never declared or paid any cash dividends on our capital stock, and we do not intend to pay any cash dividends in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, holders of our common stock may need to rely on sales of our common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investment.

Table of Conte n ts

We incur significant costs operating as a public company, and our management is required to devote substantial time to compliance with our public company responsibilities and corporate governance practices.

As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the listing requirements of the New York Stock Exchange, and other applicable securities rules and regulations. Our management and other personnel devote a substantial amount of time to compliance with these requirements. Moreover, these rules and regulations have increased our legal and financial compliance costs and make some activities more time-consuming and costly. In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure are creating uncertainty for public companies. These laws, regulations, and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to continue to invest resources to comply with evolving laws, regulations, and standards, and this investment may result in increased general and administrative expenses and a diversion of managements time and attention from revenue-generating activities to compliance activities. If, notwithstanding our efforts, we fail to comply with evolving laws, regulations, and standards, regulatory authorities may initiate legal proceedings against us, and our business may be harmed. Failure to comply with these rules might also make it more difficult for us to obtain certain types of insurance, including director and officer liability insurance, and we might be forced to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. We cannot predict or estimate the amount of additional costs we will incur as a public company or the specific timing of such costs.

Increasing scrutiny and changing expectations from global regulations, our investors, customers, and employees with respect to ESG may impact our reputation and business.

Companies across many industries are facing increasing scrutiny related to their environmental, social and governance (ESG) practices and reporting, both in the United States and internationally. For example, new domestic and international laws and regulations relating to ESG matters, including environmental sustainability and climate change and human capital management, are under consideration or being adopted, which may include specific, target-driven disclosure requirements or obligations. Our response to increased ESG disclosure requirements may require additional investments and implementation of new practices and reporting processes, all entailing additional compliance risk and cost. To the extent we share information about our ESG practices, we could be criticized for the accuracy, adequacy, or completeness of such disclosures. In addition, we may communicate ESG goals or initiatives from time to time, which can be costly to achieve and difficult to implement. There is no assurance that we will achieve any of these goals, that our initiatives will achieve their intended outcome, and our ability to implement these ESG-related initiatives or achieve ESG-related goals may be dependent on external factors outside our control.

~~Table of~~ ~~Contents~~

Further, we may experience backlash from customers, government entities, advocacy groups, employees, or other stakeholders who disagree with our actual or perceived positions, or with our lack of position on social, environmental, governance, political, public policy, economic, geopolitical, or other sensitive issues. Any perceived lack of transparency about these matters could harm our brand and reputation, our employees engagement and retention, and the willingness of our customers and partners to do business with us.

As a result of being a public company, we are obligated to develop and maintain proper and effective internal control over financial reporting, and any failure to maintain the adequacy of these internal controls may adversely affect investor confidence in our company and, as a result, the value of our common stock.

We are required, pursuant to Section 404 of the Sarbanes-Oxley Act (Section 404), to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting as of the end of each fiscal year. This assessment includes disclosure of any material weaknesses identified by our management in our internal control over financial reporting. In addition, our independent registered public accounting firm is required to attest to the effectiveness of our internal control over financial reporting. Our compliance with Section 404 requires that we incur substantial expenses and expend significant management efforts. We have established an internal audit group, and as we continue to grow, we expect to hire additional accounting and financial staff with appropriate public company experience and technical accounting knowledge and update the system and process documentation necessary to perform the evaluation needed to comply with Section 404.

Table of Conte n ts

During the evaluation and testing process of our internal controls, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to certify that our internal control over financial reporting is effective. We cannot assure you that there will not be material weaknesses or significant deficiencies in our internal control over financial reporting in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.

Anti-takeover provisions in our charter documents, the Indentures, and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current management, and limit the market price of our common stock.

Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:

authorize our board of directors to issue, without further action by the stockholders, shares of undesignated preferred stock with terms, rights, and preferences determined by our board of directors that may be senior to our common stock;

require that any action to be taken by our stockholders be effected at a duly called annual or special meeting and not by written consent;

specify that special meetings of our stockholders can be called only by our board of directors, the chairperson of our board of directors, or our Chief Executive Officer;

establish an advance notice procedure for stockholder proposals to be brought before an annual or special meeting, including proposed nominations of persons for election to our board of directors;

establish that our board of directors is divided into three classes, with each class serving three-year staggered terms;

prohibit cumulative voting in the election of directors;

provide that our directors may only be removed for cause;

~~Table of~~ ~~Contents~~

provide that vacancies on our board of directors may be filled only by a majority of directors then in office, even though less than a quorum; and

require the approval of our board of directors or the holders of at least 66 2/3% of our outstanding shares of voting stock to amend our bylaws and certain provisions of our certificate of incorporation.

These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management. In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which generally, subject to certain exceptions, prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any interested stockholder for a period of three years following the date on which the stockholder became an interested stockholder. Any of the foregoing provisions could limit the price that investors might be willing to pay in the future for shares of our common stock, and they could deter potential acquirers of our company, thereby reducing the likelihood that holders of our common stock would receive a premium for their shares of our common stock in an acquisition.

Table of Conte n ts

In addition, certain provisions in the Indentures may make it more difficult or expensive for a third party to acquire us. For example, the Indentures will require us, except as described therein, to repurchase the Notes of the relevant series for cash upon the occurrence of a fundamental change (as defined in the Indentures) and, in certain circumstances, to increase the relevant conversion rate for a holder that converts its Notes of the relevant series in connection with a make-whole fundamental change (as defined in the Indentures). A takeover of us may trigger the requirement that we repurchase the relevant series of Notes and/or increase the relevant conversion rate, which could make it more costly for a potential acquirer to engage in such takeover. Such additional costs may have the effect of delaying or preventing a takeover of us that would otherwise be beneficial to investors.

Our amended and restated certificate of incorporation designates the Court of Chancery of the State of Delaware and, to the extent enforceable, the federal district courts of the United States of America as the exclusive forums for certain disputes between us and our stockholders, which will restrict our stockholders ability to choose the judicial forum for disputes with us or our directors, officers, or employees.

Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware is the exclusive forum for the following types of actions or proceedings under Delaware statutory or common law: any derivative action or proceeding brought on our behalf, any action asserting a breach of a fiduciary duty owed by any of our current or former directors, officers, or other employees to our company or our stockholders, any action asserting a claim against us arising out of or pursuant to the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws, any action as to which the Delaware General Corporation Law confers jurisdiction on the Court of Chancery of the State of Delaware, or any action asserting a claim against us or any of our current or former directors, officers, or other employees that is governed by the internal affairs doctrine. This choice of forum provision does not apply to suits brought to enforce a duty or liability created by the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction.

Furthermore, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all such Securities Act actions. Accordingly, both state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated certificate of incorporation provides that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our amended and restated certificate of incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions, and there can be no assurance that the provisions will be enforced by a court in those other jurisdictions. In addition, investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder.

These choice of forum provisions may limit a stockholders ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees. If a court were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving the dispute in other jurisdictions, which could seriously harm our business.

8998

Table of ~~Contents~~of Conte n ts