Salesforce Inc.: 10-K Risk Factor Changes

As part of our business strategy, we periodically acquire complementary businesses, joint ventures, services and technologies and intellectual property rights. We continue to evaluate such opportunities and expect to make such acquisitions in the future. Acquisitions and other transactions and arrangements involve numerous risks and could create unforeseen operating difficulties and expenditures, including: •potential failure to achieve the expected benefits on a timely basis or at all; •potential identified or unknown security vulnerabilities in acquired products that expose us to additional security risks or delay our ability to integrate the product into our service offerings, as well as difficulties in increasing or maintaining the security standards for acquired technology; 14 14 14 14 14 14 Table of Contents Table of Contents Table of Contents •difficulty of transitioning the acquired technology onto our existing platforms and customer acceptance of multiple platforms on a temporary or permanent basis; •brand or reputational harm associated with our acquired companies; •challenges converting the acquired company’s revenue recognition policies and forecasting the related revenues, including both consumption- and subscription-based revenues and term software license revenue, as well as appropriate allocation of the customer consideration to the individual deliverables; •challenges entering into new markets in which we have little or no experience or where competitors may have stronger market positions; •currency and regulatory risks associated with foreign countries and potential additional cybersecurity and compliance risks resulting from entry into new markets; •operational and financial difficulties and strains on resources in integrating acquired operations, technologies, services, platforms and personnel; •regulatory challenges from antitrust or other regulatory authorities that may block, delay or impose conditions (such as divestitures, ownership or operational restrictions or other structural or behavioral remedies) on the completion of transactions or the integration of acquired operations; •failure to fully assimilate, integrate or retrain acquired employees, which may lead to retention risk with respect to both key acquired employees and our existing key employees or disruption to existing teams or our workplace culture; •challenges with maintaining the acquired company’s customers, partners and third-party service providers; •known and potential unknown liabilities associated with the acquired businesses, including due to litigation; •difficulties in managing, or potential write-offs of, acquired assets, and potential financial and credit risks associated with acquired customers; •negative impact to our results of operations because of the depreciation and amortization of acquired intangible assets, fixed assets and operating lease right-of-use assets; •difficulties in and financial costs of addressing acquired compensation structures inconsistent with our compensation structure; •additional stock-based compensation issued or assumed in connection with the acquisition, including the impact on stockholder dilution and our results of operations; •ineffective or inadequate controls, procedures and policies at the acquired company; and •the tax effects related to integration and business operation changes, realizability of our deferred tax assets, and uncertain tax liabilities. Any of these risks could harm our business or negatively impact our results of operations. In addition, to facilitate acquisitions, we may seek additional equity or debt financing, which may not be available on terms favorable to us or at all, which may affect our ability to complete subsequent acquisitions, and which may affect the risks of owning our common stock. For example, if we finance acquisitions by issuing equity or convertible or other debt securities or loans, our existing stockholders may be diluted, or we could face constraints related to the terms of, and repayment obligation related to, the incurrence of indebtedness that could affect the market price of our common stock. Our ability to acquire other businesses or technologies, or integrate acquired businesses effectively, may be impaired by trade tensions and increased global scrutiny of foreign investments and acquisitions in the technology sector. For example, several countries, including the United States and countries in Europe and the Asia-Pacific region, are considering or have adopted restrictions of varying kinds on transactions involving foreign investments and acquisitions. Antitrust authorities in a number of countries have also reviewed acquisitions in the technology industry with increased scrutiny. Governments may continue to adopt or tighten restrictions of this nature, some of which may apply to acquisitions or integrations of businesses by us, and such restrictions or government actions could negatively impact our business and financial results.

As part of our business strategy, we periodically acquire complementary businesses, joint ventures, services and technologies and intellectual property rights. We continue to evaluate such opportunities and expect to make such acquisitions in the future. Acquisitions and other transactions and arrangements involve numerous risks and could create unforeseen operating difficulties and expenditures, including: 15 15 15 Table of Contents Table of Contents •potential failure to achieve the expected benefits on a timely basis or at all; •potential identified or unknown security vulnerabilities in acquired products that expose us to additional security risks or delay our ability to integrate the product into our service offerings; •difficulties in increasing or maintaining the security standards for acquired technology consistent with our other services, and related costs; •difficulty of transitioning the acquired technology onto our existing platforms and customer acceptance of multiple platforms on a temporary or permanent basis; •augmenting the acquired technologies and platforms to the levels that are consistent with our brand and reputation; •brand or reputational harm associated with our acquired companies; •challenges converting the acquired company’s revenue recognition policies and forecasting the related revenues, including subscription-based revenues and software license revenue, as well as appropriate allocation of the customer consideration to the individual deliverables; •division of financial and managerial resources from existing operations; •challenges entering into new markets in which we have little or no experience or where competitors may have stronger market positions; •currency and regulatory risks associated with foreign countries and potential additional cybersecurity and compliance risks resulting from entry into new markets; •difficulties and strain on resources in integrating acquired operations, technologies, services, platforms and personnel; •regulatory challenges from antitrust or other regulatory authorities that may block, delay or impose conditions (such as divestitures, ownership or operational restrictions or other structural or behavioral remedies) on the completion of transactions or the integration of acquired operations; •failure to fully assimilate, integrate or retrain acquired employees, which may lead to retention risk with respect to both key acquired employees and our existing key employees or disruption to existing teams; •differences between our values and those of our acquired companies, as well as disruptions to our workplace culture; •inability to generate sufficient revenue to offset acquisition costs; •challenges with the acquired company’s customers and partners, including the inability to maintain such relationships and changes to perception of the acquired business as a result of the acquisition; •challenges with the acquired company’s third-party service providers, including those that are required for ongoing access to third-party data; •potential for acquired products to impact the profitability of existing products; •unanticipated expenses related to acquired technology and its integration into our existing technology; •known and potential unknown liabilities associated with the acquired businesses, including due to litigation; •difficulties in managing, or potential write-offs of, acquired assets, and potential financial and credit risks associated with acquired customers; •negative impact to our results of operations because of the depreciation and amortization of acquired intangible assets, fixed assets and operating lease right-of-use assets; •the loss of acquired unearned revenue and unbilled unearned revenue; •difficulties in and financial costs of addressing acquired compensation structures inconsistent with our compensation structure; •additional stock-based compensation issued or assumed in connection with the acquisition, including the impact on stockholder dilution and our results of operations; •delays in customer purchases due to uncertainty related to any acquisition; •ineffective or inadequate controls, procedures and policies at the acquired company; •in the case of foreign acquisitions, challenges caused by integrating operations over distance, and across different languages, cultures and political environments; and •the tax effects of any such acquisitions including related integration and business operation changes, and assessment of the impact on the realizability of our future tax assets or liabilities. Any of these risks could harm our business or negatively impact our results of operations. In addition, to facilitate acquisitions, we may seek additional equity or debt financing, which may not be available on terms favorable to us or at all, which may affect our ability to complete subsequent acquisitions, and which may affect the risks of owning our common stock. For example, if we finance acquisitions by issuing equity or convertible or other debt securities or loans, our existing 16 16 16 Table of Contents Table of Contents stockholders may be diluted, or we could face constraints related to the terms of, and repayment obligation related to, the incurrence of indebtedness that could affect the market price of our common stock. Our ability to acquire other businesses or technologies, or integrate acquired businesses effectively, may be impaired by trade tensions and increased global scrutiny of foreign investments and acquisitions in the technology sector. For example, several countries, including the United States and countries in Europe and the Asia-Pacific region, are considering or have adopted restrictions of varying kinds of transactions involving foreign investments and acquisitions. Antitrust authorities in a number of countries have also reviewed acquisitions in the technology industry with increased scrutiny. Governments may continue to adopt or tighten restrictions of this nature, some of which may apply to acquisitions or integrations of businesses by us, and such restrictions or government actions could negatively impact our business and financial results.

18 18 18 18 18 18 Table of Contents Table of Contents Table of Contents The market for enterprise applications and platform services is highly competitive, rapidly evolving, fragmented and subject to changing technology, low barriers to entry, shifting customer needs and frequent introductions of new products and services. Many prospective customers have invested substantial personnel and financial resources to implement and integrate their current enterprise software into their businesses and therefore may be reluctant or unwilling to migrate away from their current solution to a different enterprise software service. Additionally, third-party developers may be reluctant to build application services on our platform since they have invested in other competing technology platforms. Our current competitors include: •vendors of packaged business software, as well as companies offering enterprise applications delivered through on-premises offerings from enterprise software application vendors and cloud computing application service providers, either individually or with others; •software companies that provide their product or service free of charge as a single product or when bundled with other offerings, or only charge a premium for advanced features and functionality, as well as companies that offer solutions that are sold without a direct sales organization; •vendors who offer software tailored to specific services, industries or market segments, as opposed to our full suite of service offerings, including suppliers of traditional business intelligence and data preparation products, integration software vendors, marketing vendors, e-commerce solutions vendors or AI software and service vendors; •productivity tool and email providers, unified communications providers and consumer application companies that have entered the business software market; and •traditional platform development environment companies and cloud computing development platform companies who may develop toolsets and products that allow customers to build new applications, including AI-augmented applications, that run on the customers’ current infrastructure or as hosted services, as well as would-be customers who may develop enterprise applications for internal use. In addition, we may face more competition as we expand our product offerings. Some of our current and potential competitors may have competitive advantages, such as greater name recognition, longer operating histories, more significant installed bases, broader geographic scope, broader suites of service offerings and larger marketing budgets, as well as substantially greater financial, technical, personnel and other resources. In addition, many of our current and potential competitors have established marketing relationships and access to larger customer bases, and have major distribution agreements with consultants, system integrators and resellers. We also experience competition from smaller, younger competitors that may be more agile in responding to customers’ demands and offer more targeted and simplified solutions. Our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards or customer requirements, or provide competitive pricing, more flexible contracts or faster implementations. Additionally, as we continue to increase building AI into many of our offerings, we face more competition as AI technologies are increasingly integrated into the markets in which we compete. New AI offerings may disrupt workforce needs and negatively impact demand for our offerings, or our competitors may be able to incorporate AI into their offerings more efficiently or successfully than we are able to and achieve greater and faster adoption. Even if our services are more effective than the products and services that our competitors offer, potential customers might select competitive products and services in lieu of purchasing our services. For all of these reasons, we may not be able to compete successfully against our competitors, which could negatively impact our future sales and harm our business.

The market for enterprise applications and platform services is highly competitive, rapidly evolving, fragmented and subject to changing technology, low barriers to entry, shifting customer needs and frequent introductions of new products and services. Many prospective customers have invested substantial personnel and financial resources to implement and integrate their current enterprise software into their businesses and therefore may be reluctant or unwilling to migrate away from their current solution to an enterprise cloud computing application service. Additionally, third-party developers may be reluctant to build application services on our platform since they have invested in other competing technology platforms. Our current competitors include: •vendors of packaged business software, as well as companies offering enterprise apps delivered through on-premises offerings from enterprise software application vendors and cloud computing application service providers, either individually or with others; •software companies that provide their product or service free of charge as a single product or when bundled with other offerings, or only charge a premium for advanced features and functionality, as well as companies that offer solutions that are sold without a direct sales organization; 20 20 20 Table of Contents Table of Contents •vendors who offer software tailored to specific services, industries or market segments, as opposed to our full suite of service offerings, including suppliers of traditional business intelligence and data preparation products, integration software vendors, marketing vendors or e-commerce solutions vendors; •productivity tool and email providers, unified communications providers and consumer application companies that have entered the business software market; and •traditional platform development environment companies and cloud computing development platform companies who may develop toolsets and products that allow customers to build new apps that run on the customers’ current infrastructure or as hosted services, as well as would-be customers who may develop enterprise applications for internal use. In addition, we may face more competition as we expand our product offerings. Some of our current and potential competitors may have competitive advantages, such as greater name recognition, longer operating histories, more significant installed bases, broader geographic scope, broader suites of service offerings and larger marketing budgets, as well as substantially greater financial, technical, personnel and other resources. In addition, many of our current and potential competitors have established marketing relationships and access to larger customer bases, and have major distribution agreements with consultants, system integrators and resellers. We also experience competition from smaller, younger competitors that may be more agile in responding to customers’ demands and offer more targeted and simplified solutions. These competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards or customer requirements, or provide competitive pricing, more flexible contracts or faster implementations. As a result, even if our services are more effective than the products and services that our competitors offer, potential customers might select competitive products and services in lieu of purchasing our services. For all of these reasons, we may not be able to compete successfully against our current and future competitors, which could negatively impact our future sales and harm our business.

Our services involve the storage and transmission of our customers’ and our customers’ customers’ proprietary and other sensitive data, including financial, health and other personal information. Our services and underlying infrastructure may in the future be materially breached or compromised as a result of the following: •third-party attempts to fraudulently induce our employees, partners or customers to disclose sensitive information to gain access to our customers’ data or IT systems, or our data or our IT systems; •efforts by hackers or sophisticated groups, such as criminal organizations, state-sponsored organizations or nation-states, to launch coordinated cyberattacks on internally built infrastructure or on third-party cloud-computing platform providers, including ransomware, destructive malware and distributed denial-of-service attacks; •third-party attempts to abuse our marketing, advertising, messaging or social products and functionalities to impersonate persons or organizations and disseminate information that is false, misleading or malicious; •vulnerabilities existing within new technologies and infrastructures, including those from acquired companies, or resulting from enhancements and updates to our existing service offerings; •vulnerabilities in the products or components across the broad ecosystem that our services operate in conjunction with and are dependent on; •attacks on, or vulnerabilities in, the many different underlying networks and services that power the Internet that our products depend on, most of which are not under our control or the control of our vendors, partners or customers; and 12 12 12 12 12 12 Table of Contents Table of Contents Table of Contents •employee or contractor errors or intentional acts that compromise our security systems. These risks are mitigated, to the extent possible, by our ability to maintain and improve business and data governance policies and enhance processes and internal security controls, including our ability to escalate and respond to known and potential risks. We can provide no assurances that our security measures, including implemented systems and processes designed to protect our customers’ and our customers’ customers’ proprietary and other sensitive data, will provide absolute security or otherwise be effective or that a material breach will not occur. For example, our ability to mitigate these risks may be impacted by the following: •evolving techniques used to breach or sabotage IT systems and infrastructure, including as a result of the increased use of AI technologies by bad actors, which are generally not recognized until launched against a target, and could result in our being unable to anticipate or implement adequate measures to prevent such techniques; •the increasing complexity of our internal IT systems as we incorporate and secure IT environments from acquired companies and early adoption of new technologies and new ways of sharing data; and •our limited control over our customers or third-party technology providers (including those authorized by customers to access their data), or the processing of data by third-party technology providers, which may not allow us to maintain the integrity or security of such transmissions or processing. In the normal course of business, we are and have been the target of malicious cyberattacks and have experienced other security incidents. Although, to date, such identified security events have not had a material financial impact, there can be no assurance that future cyberattacks will not be material or significant. Additionally, as our market presence grows, we may face increased risks of cyberattacks or security threats, and as AI technologies, including generative AI models, develop rapidly, threat actors are using these technologies to create new sophisticated attack methods that are increasingly automated, targeted and coordinated and more difficult to defend against. A security breach or incident could result in unauthorized parties obtaining access to, or the denial of authorized access to, our IT systems or data, or our customers’ systems or data, including intellectual property and proprietary, sensitive or other confidential information. We have contractual and other legal obligations to notify relevant stakeholders of security breaches. For example, SEC rules require disclosure on Form 8-K of the nature, scope and timing of any material cybersecurity incident and the reasonably likely impact of any such incident. A security breach or resulting mandatory disclosure could result in a loss of confidence in the security of our services, damage our reputation, negatively impact our future sales, disrupt our business and lead to increases in insurance premiums and legal, regulatory and financial exposure and liability. Further, there can be no assurance that our insurance coverage will be sufficient to cover the financial, legal, business, or reputational losses that may result from a cybersecurity incident or breach of our IT systems. Finally, the detection, prevention and remediation of known or potential security vulnerabilities, including determining whether a cybersecurity incident is notifiable or reportable, may not be straightforward and may result in additional financial burdens due to additional direct and indirect costs to respond to or alleviate problems caused by the actual or perceived security breach, such as additional infrastructure capacity spending to mitigate any system degradation and the reallocation of resources from development activities.

Our services involve the storage and transmission of our customers’ and our customers’ customers’ proprietary and other sensitive data, including financial, health and other personal information. Our services and underlying infrastructure may in the future be materially breached or compromised as a result of the following: •third-party attempts to fraudulently induce our employees, partners or customers to disclose sensitive information such as user names, passwords or other information to gain access to our customers’ data or IT systems, or our data or our IT systems; •efforts by individuals or groups of hackers and sophisticated organizations, such as state-sponsored organizations or nation-states, to launch coordinated attacks, including ransomware, destructive malware and distributed denial-of-service attacks; •third-party attempts to abuse our marketing, advertising, messaging or social products and functionalities to impersonate persons or organizations and disseminate information that is false, misleading or malicious; •cyberattacks on our internally built infrastructure on which many of our service offerings operate, or on third-party cloud-computing platform providers; •vulnerabilities resulting from enhancements and updates to our existing service offerings; •vulnerabilities in the products or components across the broad ecosystem that our services operate in conjunction with and are dependent on; •vulnerabilities existing within new technologies and infrastructures, including those from acquired companies; •attacks on, or vulnerabilities in, the many different underlying networks and services that power the Internet that our products depend on, most of which are not under our control or the control of our vendors, partners or customers; and •employee or contractor errors or intentional acts that compromise our security systems. These risks are mitigated, to the extent possible, by our ability to maintain and improve business and data governance policies, enhanced processes and internal security controls, including our ability to escalate and respond to known and potential risks. Our Board of Directors (“Board”), Cybersecurity and Privacy Committee and executive management are regularly briefed on our cybersecurity policies and practices and ongoing efforts to improve security, as well as updates on cybersecurity events. We can provide no assurances that our security measures, including implemented systems and processes designed to protect our customers’ and our customers’ customers’ proprietary and other sensitive data, will provide absolute security or otherwise be 13 13 13 Table of Contents Table of Contents effective or that a material breach will not occur. For example, our ability to mitigate these risks may be impacted by the following: •frequent changes to, and growth in complexity of, the techniques used to breach, obtain unauthorized access to, or sabotage IT systems and infrastructure, including as a result of the increased use of AI technologies by bad actors, which are generally not recognized until launched against a target, and could result in our being unable to anticipate or implement adequate measures to prevent such techniques; •the continued evolution of our internal IT systems as we early adopt new technologies and new ways of sharing data and communicating internally and with partners and customers, which increases the complexity of our IT systems; •the acquisition of new companies, requiring us to incorporate and secure different or more complex IT environments; •authorization by our customers to third-party technology providers to access their customer data, which may lead to our customers’ inability to protect their data that is stored on our servers; and •our limited control over our customers or third-party technology providers, or the processing of data by third-party technology providers, which may not allow us to maintain the integrity or security of such transmissions or processing. In the normal course of business, we are and have been the target of malicious cyberattack attempts and have experienced other security incidents. Although, to date, such identified security events have not been material or significant to us, including to our reputation or business operations, or had a material financial impact, there can be no assurance that future cyberattacks will not be material or significant. Additionally, as our market presence grows, we may face increased risks of cyberattack attempts or security threats, and as AI technologies, including generative AI models, develop rapidly, threat actors may use these technologies to create new sophisticated attack methods that are increasingly automated, targeted and coordinated and more difficult to defend against. A security breach or incident could result in unauthorized parties obtaining access to, or the denial of authorized access to, our IT systems or data, or our customers’ systems or data, including intellectual property and proprietary, sensitive or other confidential information. A security breach could also result in a loss of confidence in the security of our services, damage our reputation, negatively impact our future sales, disrupt our business and lead to increases in insurance premiums and legal, regulatory and financial exposure and liability. Further, there can be no assurance that our insurance coverage will be sufficient to cover the financial, legal, business, or reputational losses that may result from a cybersecurity incident or breach of our IT systems. Finally, the detection, prevention and remediation of known or potential security vulnerabilities, including those arising from third-party hardware or software, may result in additional financial burdens due to additional direct and indirect costs, such as additional infrastructure capacity spending to mitigate any system degradation and the reallocation of resources from development activities. For example, in April 2022, we learned a threat actor had obtained unauthorized access to several databases on Heroku, a Salesforce platform-as-a-service. The threat actor downloaded stored customer security credentials and passwords for logging into GitHub, a third-party code hosting service used by both Heroku and Heroku customers. The threat actor was also able to download passwords for a subset of customer user accounts and access the encryption key. While we do not believe this incident materially affected our business or financial results, there is no assurance that such circumstances or other similar incidents in the future could not result in a material adverse effect on our business.

We sell our services throughout the world and are subject to risks and challenges associated with international business. We intend to seek to continue to expand our international sales efforts. The risks and challenges associated with sales to customers outside the United States or those that can affect international operations generally, include: •regional economic and political conditions, natural disasters, acts of war, terrorism and actual or threatened public health emergencies; •localization of our services, including translation into foreign languages and associated expenses; •regulatory frameworks or business practices favoring local competitors; 16 16 16 16 16 16 Table of Contents Table of Contents Table of Contents •pressure on the creditworthiness of sovereign nations, where we have customers and a balance of our cash, cash equivalents and marketable securities; •foreign currency fluctuations and controls, which may make our services more expensive for international customers and could add volatility to or negatively impact our operating results; •compliance with complex and evolving governmental laws and regulations, including employment, tax, anti-corruption, import/export, customs, anti-boycott, sanctions and embargoes, antitrust, cybersecurity, sustainability and industry-specific laws and regulations, including rules related to compliance by our third-party resellers; •liquidity issues or political actions by sovereign nations, including nations with a controlled currency environment, could result in decreased values of these balances or potential difficulties protecting our foreign assets or satisfying local obligations; •vetting and monitoring our third-party resellers in new and evolving markets to confirm they maintain standards consistent with our brand and reputation; •treatment of revenue from international sources, evolving domestic and international tax environments and changes to tax codes, including being subject to and paying withholding taxes under foreign tax laws; •uncertainty regarding the imposition of and changes in trade policies, including trade wars, tariffs or other trade restrictions or the threat of such actions, or other geopolitical events, including the evolving relations between the United States and China, the United States and Russia, and ongoing conflicts, such as the war in Ukraine and the regional conflict in the Middle East; •perceptions of regions or governments in the regions where we operate or plan to operate, resulting in negative publicity or reputational harm; •regional data privacy laws and other regulatory requirements that apply to outsourced service providers and to the transmission of our customers’ data across international borders; •different pricing environments; •difficulties in staffing and managing foreign operations; •different or lesser protection of our intellectual property, including increased risk of theft of our proprietary technology and other intellectual property, and more prevalent cybersecurity risks, particularly in jurisdictions in which we have historically chosen not to operate; and •longer accounts receivable payment cycles and other collection difficulties. Any of these factors could negatively impact our business and results of operations. The above factors may also negatively impact our ability to successfully expand into emerging market countries, where we have little or no operating experience, where it can be costly and challenging to establish and maintain operations, including hiring and managing required personnel, and difficult to promote our brand, and where we may not benefit from any first-to-market advantage or otherwise succeed.

We sell our services throughout the world and are subject to risks and challenges associated with international business. We intend to seek to continue to expand our international sales efforts. The risks and challenges associated with sales to customers outside the United States or those that can affect international operations generally, include: •regional economic and political conditions, natural disasters, acts of war, terrorism and actual or threatened public health emergencies; •localization of our services, including translation into foreign languages and associated expenses; •regulatory frameworks or business practices favoring local competitors; •pressure on the creditworthiness of sovereign nations, where we have customers and a balance of our cash, cash equivalents and marketable securities; •foreign currency fluctuations and controls, which may make our services more expensive for international customers and could add volatility to or negatively impact our operating results, including, for example, the impact of Argentina’s 2023 amendments to foreign exchange controls; •compliance with multiple, conflicting, ambiguous or evolving governmental laws and regulations, including employment, tax, privacy, anti-corruption, import/export, customs, anti-boycott, sanctions and embargoes, antitrust, data privacy, transfer, storage and protection, cybersecurity, ESG and industry-specific laws and regulations, including rules related to compliance by our third-party resellers and our ability to identify and respond timely to compliance issues when they occur; •liquidity issues or political actions by sovereign nations, including nations with a controlled currency environment, could result in decreased values of these balances or potential difficulties protecting our foreign assets or satisfying local obligations; •vetting and monitoring our third-party resellers in new and evolving markets to confirm they maintain standards consistent with our brand and reputation; 18 18 18 Table of Contents Table of Contents •treatment of revenue from international sources, evolving domestic and international tax environments and changes to tax codes, including being subject to foreign tax laws and being liable for paying withholding taxes in foreign jurisdictions; •uncertainty regarding the imposition of and changes in the United States’ and other governments’ trade regulations, trade wars, tariffs, other restrictions or other geopolitical events, including the evolving relations between the United States and China, the United States and Russia, and ongoing conflicts, such as the war in Ukraine and the Israel-Hamas war; •changes in the public perception of governments in the regions where we operate or plan to operate; •regional data privacy laws and other regulatory requirements that apply to outsourced service providers and to the transmission of our customers’ data across international borders, which grow more complex as we scale, expand into new markets and enhance the breadth of our service offerings; •different pricing environments; •difficulties in staffing and managing foreign operations; •different or lesser protection of our intellectual property, including increased risk of theft of our proprietary technology and other intellectual property, and more prevalent cybersecurity risks, particularly in jurisdictions in which we have historically chosen not to operate; and •longer accounts receivable payment cycles and other collection difficulties. Any of these factors could negatively impact our business and results of operations. The above factors may also negatively impact our ability to successfully expand into emerging market countries, where we have little or no operating experience, where it can be costly and challenging to establish and maintain operations, including hiring and managing required personnel, and difficult to promote our brand, and where we may not benefit from any first-to-market advantage or otherwise succeed.

The trading prices of the securities of technology companies have historically been highly volatile. Accordingly, the market price of our common stock has been and is likely to continue to be subject to wide fluctuations. Factors affecting the market price of our common stock include: •variations in our financial results and how those results compare to analyst expectations; •variations in, and limitations of, the various financial and other metrics and modeling used by analysts in their research and reports about our business; •forward-looking guidance to industry and financial analysts related to future operating results, the accuracy of which may be impacted by various factors, many of which are beyond our control; •our ability to meet or exceed forward-looking guidance we have given or to meet or exceed the expectations of investors, analysts or others; our ability to give forward-looking guidance consistent with past practices; •changes to previous guidance or long-range targets, in the estimates of our operating results or in recommendations by securities analysts that elect to follow our common stock; •announcements or rumors of technological innovations, new services or service enhancements, strategic alliances, mergers or other strategic acquisitions or significant agreements by us or within our industry; •announcements of customer additions and customer cancellations or delays in customer purchases; •the coverage of our common stock by the financial media; •recruitment or departure of key personnel; •disruptions in our service due to computer hardware, software, network or data center problems; •the economy as a whole, geopolitical conditions, including global trade and health concerns, market conditions in our industry and the industries of our customers, and financial institution instability; •trading activity or positions by a limited number of stockholders who together beneficially own a significant portion of our outstanding common stock, as well as other institutional or activist investors; •our ability to execute on our Share Repurchase Program as planned, including whether we meet internal or external expectations around the timing or price of share repurchases, and any changes to the program; •issuance of equity, debt or other convertible securities; •any increase to or reduction, suspension or elimination of dividend payments; •the inability to conclude that our internal controls over financial reporting are effective; •changes to our credit ratings; and •issues impacting our reputation. In addition, if the market for technology stocks or the greater securities market in general experience uneven investor confidence, the market price of our common stock has and could in the future decline for reasons unrelated to us, including as a reaction to events that affect other companies within, or outside, our industry. Some companies that have experienced volatility 29 29 29 29 29 29 Table of Contents Table of Contents Table of Contents in the trading price of their stock have been the subject of securities class action litigation, such as the securities litigation against Slack that was brought before our acquisition. Such litigation, whether against us or an acquired subsidiary, could result in substantial costs and a diversion of management’s attention and resources and any liability resulting from or the settlement of such litigation could result in material adverse impacts to our operating cash flows or results of operations for a given period.

The trading prices of the securities of technology companies have historically been highly volatile. Accordingly, the market price of our common stock has been and is likely to continue to be subject to wide fluctuations. Factors affecting the market price of our common stock include: 31 31 31 Table of Contents Table of Contents •variations in our operating results, including operating margin, earnings per share, cash flows from operating activities, unearned revenue, remaining performance obligation, year-over-year growth rates for individual service offerings and other financial and non-financial metrics, and how those results compare to analyst expectations; •variations in, and limitations of, the various financial and other metrics and modeling used by analysts in their research and reports about our business; •forward-looking guidance to industry and financial analysts related to, for example, future revenue, current remaining performance obligation, cash flows from operating activities, operating margin and earnings per share, the accuracy of which may be impacted by various factors, many of which are beyond our control, including general economic and market conditions and unanticipated delays in the integration of acquired companies as a result of regulatory review; •our ability to meet or exceed forward-looking guidance we have given or to meet or exceed the expectations of investors, analysts or others; our ability to give forward-looking guidance consistent with past practices; and changes to or withdrawal of previous guidance or long-range targets; •changes in the estimates of our operating results or changes in recommendations by securities analysts that elect to follow our common stock; •announcements of technological innovations, new services or service enhancements, strategic alliances or significant agreements by us or by our competitors; •announcements by us or by our competitors of mergers or other strategic acquisitions, or rumors of such transactions involving us or our competitors; •announcements of customer additions and customer cancellations or delays in customer purchases; •the coverage of our common stock by the financial media, including television, radio and press reports and blogs; •recruitment or departure of key personnel; •disruptions in our service due to computer hardware, software, network or data center problems; •the economy as a whole, geopolitical conditions, including global trade and health concerns, market conditions in our industry and the industries of our customers, and financial institution instability; •trading activity or positions by a limited number of stockholders who together beneficially own a significant portion of our outstanding common stock, as well as other institutional or activist investors; •the issuance of shares of common stock by us, whether in connection with an acquisition or a capital-raising transaction; •our ability to execute on our Share Repurchase Program as planned, including whether we meet internal or external expectations around the timing or price of share repurchases, and any reductions or discontinuances of repurchases thereunder; •issuance of debt or other convertible securities; •the declaration of a dividend, or any increases or decreases to a previously declared dividend program; •the inability to conclude that our internal controls over financial reporting are effective; •changes to our credit ratings; and •ESG and other issues impacting our reputation. In addition, if the market for technology stocks or the greater securities market in general experience uneven investor confidence, the market price of our common stock has and could in the future decline for reasons unrelated to our business, operating results or financial condition, including as a reaction to events that affect other companies within, or outside, our industry. Some companies that have experienced volatility in the trading price of their stock have been the subject of securities class action litigation, such as the securities litigation against Slack that was brought before our acquisition. Such litigation, whether against Salesforce or an acquired subsidiary, could result in substantial costs and a diversion of management’s attention and resources and liability resulting from or the settlement of such litigation could result in material adverse impacts to our operating cash flows or results of operations for a given period.

We manage a portfolio of strategic investments in both privately held and publicly traded companies focused primarily on enterprise cloud companies, technology startups and system integrators. While we invest in companies that we believe are digitally transforming their industries, advancing responsible generative AI, improving customer experiences, helping us expand our solution ecosystem or supporting other corporate initiatives, we may still experience unforeseen brand or reputational harm associated with our investments. Our investments range from early to late stage companies, including investments made concurrent with a company’s initial public offering. Investments in early stage companies are inherently speculative, as these companies may not yet be revenue-generating and could still be in the process of developing their products and services at the time of our investment. The financial success of our investment in any company is typically dependent on a liquidity event, such as a public offering, acquisition or other favorable market event reflecting appreciation to the cost of our initial investment. Our investments may face challenges from regulatory authorities, including antitrust authorities, potentially resulting in unexpected costs, delays, or unfavorable conditions imposed on transactions involving our investment portfolio. In certain cases, our ability to sell these investments may be impacted by contractual obligations to hold the securities for a set period of time after a public offering. All of our investments are subject to a risk of partial or total loss of invested capital. We are exposed to volatility in our operating results due to changes in market prices, observable price changes and impairments of our strategic investments. The measurement of our non-marketable equity and debt securities at fair value is inherently subjective and requires management judgment and estimation. The resulting gains or losses could be material depending on market conditions and events, particularly in periods with economic uncertainty, inflation, geopolitical conflict, volatile public equity markets or unsettled global market conditions.

We manage a portfolio of strategic investments in both privately held and publicly traded companies focused primarily on enterprise cloud companies, technology startups and system integrators. While we invest in companies that we believe are digitally transforming their industries, improving customer experiences, helping us expand our solution ecosystem or supporting other corporate initiatives, we may still experience unforeseen brand or reputational harm associated with our investments. We may also experience challenges from regulatory authorities in connection with our investments, including from antitrust authorities who are increasingly scrutinizing technology investments, and which may lead to unforeseen expenditures or which may block, delay or impose undesirable conditions on transactions involving our investment portfolio. Our investments range from early to late stage companies, including investments made concurrent with a company’s initial public offering. Investments in early stage companies are inherently speculative, as these companies may not yet be revenue-generating and could still be in the process of developing their products and services at the time of our investment. The financial success of our investment in any company is typically dependent on a liquidity event, such as a public offering, acquisition or other favorable market event reflecting appreciation to the cost of our initial investment. In certain cases, our ability to sell these investments may be impacted by contractual obligations to hold the securities for a set period of time after a public offering. All of our investments are subject to a risk of partial or total loss of invested capital. We anticipate future volatility in our consolidated statements of operations due to changes in market prices, observable price changes and impairments of our strategic investments. The resulting gains or losses could be material depending on market conditions and events, particularly in periods with economic uncertainty, inflation, geopolitical conflict, volatile public equity markets or unsettled global market conditions.

Our quarterly results are likely to fluctuate. Fluctuations have occurred due to known and unknown risks, such as the global economic impact of ongoing conflicts, including the war in Ukraine and the regional conflict in the Middle East, and uncertainty about the interest rate environment. In addition, our fiscal fourth quarter has historically been our strongest quarter for new business and renewals, and the year-over-year compounding effect of this seasonality in billing patterns and overall new business and renewal activity causes the value of invoices that we generate in the fourth quarter to continually increase in proportion to our billings in the other three quarters of our fiscal year. As a result, our fiscal first quarter has typically in the past been our largest collections and operating cash flow quarter. Additionally, some of the important factors that may cause our revenues, operating results and cash flows to fluctuate from quarter to quarter include: •general economic or geopolitical conditions, including the impacts of the war in Ukraine and the regional conflict in the Middle East; financial market conditions; uncertainty regarding the imposition of and changes in trade policies, including trade wars, tariffs or other trade restrictions or the threat of such actions; and increasing costs of operation; •our ability to retain and increase sales to existing customers, attract new customers and satisfy our customers’ requirements, including large enterprise customers; •the attrition rates for our services; •the size and productivity of our workforce, as well as the cost to recruit and train new employees; •the length of the sales cycle for our services; •new product and service introductions by our competitors; •changes in unearned revenue and remaining performance obligation; •our ability to realize benefits from strategic partnerships, acquisitions or investments; •our ability to execute and realize benefits from restructuring actions and other workforce reductions, or any similar actions taken in the future; •variations in the revenue mix of our services and growth rates of our subscription and support offerings; •the seasonality of our sales cycle, as well as timing of contract execution and term software license sales; •the lack of certainty regarding customer usage and associated costs for consumption-based product offerings; •changes in and expenses associated with our pricing policies and terms of contracts; •the seasonality of our customers’ businesses, especially our Commerce service offering customers; •fluctuations in foreign currency exchange rates; •the amount and timing of operating costs and capital expenditures related to the operations and expansion of our business; •the timing of commission, bonus and other compensation payments to employees; •the cost, timing and management effort required for the introduction of new features to our services; •the costs associated with acquiring and integrating new businesses and technologies; •expenses related to our real estate or changes in the nature or extent of our use of existing real estate, including our office leases and our data center capacity and expansion; •timing of additional investments in our enterprise cloud computing application and platform services and in our consulting services; •expenses related to significant, unusual or discrete events, which are recorded in the period in which the events occur, including litigation or other dispute-related settlement payments; 28 28 28 28 28 28 Table of Contents Table of Contents Table of Contents •income tax effects resulting from, but not limited to, tax law changes, court decisions on tax matters, global tax developments applicable to multinational corporations, changes in operations or business structures and acquisition activity; •the timing of stock awards to employees and payroll and other withholding tax expenses; •technical difficulties or service interruptions; •changes in interest rates and our mix of investments, which impact the return on our investments in cash and marketable securities; •changes in the fair value of our strategic investments, including changes due to impairments, particularly in periods of significant market fluctuations; •equity or debt issuances, including as consideration in or in conjunction with acquisitions; •evolving regulations of cloud computing, AI and cross-border data transfer restrictions and similar regulations; and •regulatory compliance and acquisition costs. Many of these factors are outside of our control, and the occurrence of one or more of them might negatively and materially impact our operating results. If we fail to meet or exceed operating results expectations or if securities analysts and investors have estimates and forecasts of our future performance that are unrealistic or that we do not meet, the market price of our common stock could decline. In addition, if one or more of the securities analysts who cover us adversely change their recommendations regarding our stock, the market price of our common stock could decline.

Our quarterly results are likely to fluctuate. Fluctuations have occurred due to known and unknown risks, such as the global economic impact of ongoing conflicts, including the war in Ukraine and the Israel-Hamas war, and rising interest rates. In addition, our fiscal fourth quarter has historically been our strongest quarter for new business and renewals, and the year-over-year compounding effect of this seasonality in billing patterns and overall new business and renewal activity causes the value of invoices that we generate in the fourth quarter to continually increase in proportion to our billings in the other three quarters of our fiscal year. As a result, our fiscal first quarter has typically in the past been our largest collections and operating cash flow quarter. Additionally, some of the important factors that may cause our revenues, operating results and cash flows to fluctuate from quarter to quarter include: •general economic or geopolitical conditions, including the impacts of the war in Ukraine and the Israel-Hamas war, financial market conditions, increasing costs of operation and foreign currency exchange rates, any of which can adversely affect either our customers’ ability or willingness to purchase additional subscriptions or upgrade their services, or delay prospective customers’ purchasing decisions, reduce the value of new subscription contracts, or affect attrition rates; •our ability to retain and increase sales to existing customers, attract new customers and satisfy our customers’ requirements; •the attrition rates for our services; •the size and productivity of our sales force; •the length of the sales cycle for our services; •new product and service introductions by our competitors; •our success in selling our services to large enterprises; •changes in unearned revenue and remaining performance obligation, due to seasonality, the timing of and compounding effects of renewals, invoice duration, size and timing, new business linearity between quarters and within a quarter, average contract term, the collectability of invoices related to multi-year agreements, the timing of license software revenue recognition, or fluctuations due to foreign currency movements, all of which may impact implied growth rates; •our ability to realize benefits from strategic partnerships, acquisitions or investments; •our ability to execute and realize benefits from the Restructuring Plan and other workforce reductions, or any similar actions taken in the future; •variations in the revenue mix of our services and growth rates of our subscription and support offerings, including the timing of software license sales and sales offerings that include an on-premise software element for which the revenue allocated to that deliverable is recognized upfront; •the seasonality of our sales cycle, including software license sales, and timing of contract execution and the corresponding impact on revenue recognized at a point in time; 30 30 30 Table of Contents Table of Contents •changes in our pricing policies and terms of contracts, whether initiated by us or as a result of competition, customer preference or other factors; •expenses associated with our pricing policies and terms of contracts, such as the costs of customer SMS text usage paid by us and the related impacts to our gross margin; •the seasonality of our customers’ businesses, especially our Commerce service offering customers, including retailers and branded manufacturers; •fluctuations in foreign currency exchange rates such as with respect to the U.S. Dollar against the Euro and British Pound Sterling; •the amount and timing of operating costs and capital expenditures related to the operations and expansion of our business; •the number of new employees, including the cost to recruit and train such employees; •the timing of commission, bonus and other compensation payments to employees, including decisions to guarantee some portion of commissions payments in connection with extraordinary events; •the cost, timing and management effort required for the introduction of new features to our services; •the costs associated with acquiring new businesses and technologies and the follow-on costs of integration and consolidating the results of acquired businesses; •expenses related to our real estate or changes in the nature or extent of our use of existing real estate, including our office leases and our data center capacity and expansion; •timing of additional investments in our enterprise cloud computing application and platform services and in our consulting services; •expenses related to significant, unusual or discrete events, which are recorded in the period in which the events occur, including litigation or other dispute-related settlement payments; •income tax effects resulting from, but not limited to, tax law changes, court decisions on tax matters, global tax developments applicable to multinational corporations, changes in operations or business structures and acquisition activity; •the timing of payroll and other withholding tax expenses, which are triggered by the payment of bonuses and when employees exercise their vested stock options; •technical difficulties or interruptions in our services; •changes in interest rates and our mix of investments, which impact the return on our investments in cash and marketable securities; •conditions, and particularly sudden changes, in the financial markets, which have impacted and may continue to impact the value and liquidity of our investment portfolio; •changes in the fair value of our strategic investments in early-to-late-stage privately held and public companies, including impairments, which could negatively and materially impact our financial results, particularly in periods of significant market fluctuations; •equity or debt issuances, including as consideration in or in conjunction with acquisitions; •the timing of stock awards to employees and the related adverse financial statement impact of having to expense those stock awards on a straight-line basis over their vesting schedules; •evolving regulations of cloud computing and cross-border data transfer restrictions and similar regulations; •regulatory compliance and acquisition costs; and •the impact of new accounting pronouncements and associated system implementations. Many of these factors are outside of our control, and the occurrence of one or more of them might cause our operating results to vary widely. If we fail to meet or exceed operating results expectations or if securities analysts and investors have estimates and forecasts of our future performance that are unrealistic or that we do not meet, the market price of our common stock could decline. In addition, if one or more of the securities analysts who cover us adversely change their recommendations regarding our stock, the market price of our common stock could decline.

We have in the past and may in the future find defects in or experience disruptions to our services. Such issues may arise in a variety of circumstances, including due to our customers using our services in unanticipated ways that may cause a disruption in services for other customers attempting to access their data; as a result of employee, contractor or other third-party action or inaction; or due to the complexity of our services, which incorporate a variety of hardware, proprietary software and third-party and open-source software. Across the industry, cloud services frequently contain undetected errors when first introduced or when new versions or enhancements are released. We may also encounter difficulties integrating acquired or licensed technologies into our services and in augmenting the technologies we use to meet quality standards that are consistent with our brand and reputation, which may result in our services containing errors or defects. We have experienced and may in the future experience defects in our products that create vulnerabilities that inadvertently permit access to protected customer data. We can provide no assurance that such product defects or other vulnerabilities will not occur in the future, have a material adverse effect on our business or subject us to substantial liability. Vulnerabilities in open source or any proprietary or third-party product can persist even after security patches have been issued if customers have not installed the most recent updates, or if the attackers exploited the vulnerabilities before patching was complete. In some cases, vulnerabilities may not be immediately detected, which may make it difficult to recover critical services and lead to damaged assets. Since our customers use our services for important aspects of their business, errors, defects, disruptions in service or other performance problems have in the past adversely impacted our customers’ businesses and could do so in the future. As a result, customers could elect to not renew our services or delay or withhold payment to us. We could also lose future sales or customers may make warranty or other claims against us, which could result in an increase in our allowance for doubtful accounts, an increase in collection cycles for accounts receivable or the expense and risk of litigation. 13 13 13 13 13 13 Table of Contents Table of Contents Table of Contents

Because our services are complex and incorporate a variety of hardware, proprietary software, third-party and open-source software, our services may have errors or defects that could result in unanticipated downtime for our subscribers and harm to our reputation and our business. Our customers may also use our services in unanticipated ways that may cause a disruption in services for other customers attempting to access their data. Across the industry, cloud services frequently contain undetected errors when first introduced or when new versions or enhancements are released. We may also encounter difficulties integrating acquired or licensed technologies into our services and in augmenting the technologies to meet the quality standards that are consistent with our brand and reputation. As a result, our services may contain errors or defects resulting from the complexities of integrating new technologies. We have from time to time found defects in, and experienced disruptions to, our services and new defects or disruptions may occur in the future. Such defects could be the result of employee, contractor or other third-party acts or inaction, and could negatively affect our brand and reputation. We have experienced and may in the future experience defects in our products that created vulnerabilities that inadvertently permitted access to protected customer data. We can provide no assurance that such product defects or other vulnerabilities will not occur in the future that have a material adverse effect on our business or subject us to substantial liability. Vulnerabilities in open source or any proprietary or third-party product can persist even after security patches have been issued if customers have not installed the most recent updates, or if the attackers exploited the vulnerabilities before patching was complete. In some cases, vulnerabilities may not be immediately detected, which may make it difficult to recover critical services and lead to damaged assets. 14 14 14 Table of Contents Table of Contents Since our customers use our services for important aspects of their business, any errors, defects, disruptions in service or other performance problems could hurt our reputation and may damage our customers’ businesses. As a result, customers could elect to not renew our services or delay or withhold payment to us. We could also lose future sales or customers may make warranty or other claims against us, which could result in an increase in our allowance for doubtful accounts, an increase in collection cycles for accounts receivable or the expense and risk of litigation.

Geopolitical crises, natural disasters or other catastrophic events have in the past and may in the future cause damage or disruption to our people, operations, international commerce and the global economy, and thus could have a strong negative effect on us. Our business operations, the business operations of third-party providers or suppliers that we rely on to conduct our business and the business operations of our customers are subject to interruption by geopolitical crises, natural disasters, fire, power or water shutoffs or shortages, telecommunications failures, terrorist attacks, acts of violence, political and/or civil unrest, acts of war or other military actions, actual or threatened public health emergencies and other events beyond our control. 30 30 30 30 30 30 Table of Contents Table of Contents Table of Contents For example, the occurrence of regional conflicts, epidemics or a global pandemic have in the past and may in the future materially affect how we and our customers operate our businesses, as well as our operating results and cash flows. Although we maintain crisis management and disaster response plans, such events could make it difficult or impossible for us to deliver our services to our customers, and could decrease demand for our services. Our corporate headquarters, and a significant portion of our personnel, research and development activities and other critical business operations, are located near major seismic faults in the San Francisco Bay Area. Because we do not carry earthquake insurance for direct earthquake-related losses and significant recovery time could be required to resume operations, our financial condition and operating results could be materially and adversely affected in the event of a major earthquake or catastrophic event, and the adverse effects of any such catastrophic event would be exacerbated if experienced at the same time as another unexpected and adverse event.

Natural disasters or other catastrophic events have in the past and may in the future cause damage or disruption to our operations, international commerce and the global economy, and thus could have a strong negative effect on us. Our business operations, the business operations of third-party providers or suppliers that we rely on to conduct our business and the business operations of our customers are subject to interruption by natural disasters, fire, power shutoffs or shortages, actual or threatened public health emergencies and other events beyond our control. For example, the occurrence of regional epidemics or a global pandemic, such as COVID-19, and related public health measures have in the past and may in the future materially affect how we and our customers operate our businesses, as well as our operating results and cash flows. Although we maintain crisis management and disaster response plans, such events could make it difficult or impossible for us to deliver our services to our customers, and could decrease demand for our services. Our corporate headquarters, and a significant portion of our personnel, research and development activities and other critical business operations, are located near major seismic faults in the San Francisco Bay Area. Because we do not carry earthquake insurance for direct earthquake-related losses and significant recovery time could be required to resume operations, our financial condition and operating results could be materially and adversely affected in the event of a major earthquake or catastrophic event, and the adverse effects of any such catastrophic event would be exacerbated if experienced at the same time as another unexpected and adverse event.

Our efforts to expand our current service offerings may not succeed and may reduce our revenue growth rate. In addition, the markets and monetization strategies for certain offerings, including Agentforce and Data Cloud, remain relatively new and uncertain and as a result our expansion into such offerings, and related investments, may present additional risks and challenges. For example, we offer certain products, including Agentforce and Data Cloud, through a consumption-based business model and may increase the number of products through which we do so. We have limited experience with determining optimal pricing for our consumption-based contracts. Additionally, due to customer flexibility in the timing of their consumption, we could have lower levels of customer consumption of our products than we expect which may result in suboptimal pricing for consumption-based contracts. Further, the introduction of future platform changes and upgrades may not result in long term revenue growth. If we are unable to develop enhancements to, and new features for, our existing or new services that keep pace with rapid technological developments, our business could be harmed. The success of enhancements, new features and services depends on several factors, including its timely completion, introduction and market acceptance, as well as our ability to integrate all of our product and service offerings and develop adequate selling capabilities in new markets. Failure in this regard may significantly impair our revenue growth as well as negatively impact our operating results if the additional costs are not offset by additional revenues. In addition, because our services are designed to operate over various network technologies and on a 19 19 19 19 19 19 Table of Contents Table of Contents Table of Contents variety of mobile devices, operating systems and computer hardware and software platforms, we need to continuously modify and enhance our services to keep pace with changes in these technologies, as well as continue to maintain and support our services on legacy systems. We may not be successful in either developing these modifications and enhancements or in bringing them to market timely. Additionally, if we fail to timely anticipate or identify significant technology trends and developments, or if we do not devote appropriate resources to adapting to such trends and developments, our business could be harmed. Uncertainties about the timing and nature of new network platforms or technologies, modifications to existing platforms or technologies, including text messaging capabilities, or changes in customer usage patterns thereof could increase our research and development or service delivery expenses or lead to our increased reliance on certain vendors. Any failure of our services to operate effectively with future network platforms and technologies could reduce the demand for our services, result in customer dissatisfaction and harm our business.

We derive a significant portion of our revenue from subscriptions to our CRM enterprise cloud computing application services, and we expect this will continue for the foreseeable future. Our efforts to expand our current service offerings may not succeed and may reduce our revenue growth rate. In addition, the markets for certain of our offerings, including our AI offerings, remain relatively new and it is uncertain whether our efforts, and related investments, will ever result in significant revenue for us. Further, the introduction of significant platform changes and upgrades may not result in long term revenue growth. In July 2021, we completed our acquisition of Slack, our largest acquisition to date. Slack is a relatively new category of business technology in a rapidly evolving market for software, programs and tools used by knowledge workers. We may not succeed in enhancing and improving the features, integrations and capabilities of Slack, or effectively introduce compelling new features, integrations and capabilities that reflect or anticipate the changing nature of the market which may result in an inability to attract new users and organizations and increase revenue from existing paid customers. If we are unable to develop enhancements to, and new features for, our existing or new services that keep pace with rapid technological developments, our business could be harmed. For example, we may be required to continuously enhance our AI offerings to improve the quality of content provided to our customers. The success of enhancements, new features and services depends on several factors, including the timely completion, introduction and market acceptance of the feature, service or enhancement by customers, administrators and developers, as well as our ability to integrate all of our product and service offerings and develop adequate selling capabilities in new markets. Failure in this regard may significantly impair our revenue growth as well as negatively impact our operating results if the additional costs are not offset by additional revenues. In addition, because our services are designed to operate over various network technologies and on a variety of mobile devices, operating systems and computer hardware and software platforms using a standard browser, we will need to continuously modify and enhance our services to keep pace with changes in hardware, software, communication, browser, app development platform and database technologies, as well as continue to maintain and support our services on legacy systems. We may not be successful in either developing these modifications and enhancements or in bringing them to market timely. Additionally, if we fail to anticipate or identify significant technology trends and developments early enough, or if we do not devote appropriate resources to adapting to such trends and developments, our business could be harmed. Uncertainties about the timing and nature of new network platforms or technologies, modifications to existing platforms or technologies, including text messaging capabilities, or changes in customer usage patterns thereof could increase our research and development or service delivery expenses or lead to our increased reliance on certain vendors. Any failure of our services to operate effectively with future network platforms and technologies could reduce the demand for our services, result in customer dissatisfaction and harm our business.

Contracting with federal, state, local and foreign governments or state-owned entities subjects us to various procurement regulations and other requirements relating to these contracts’ formation, administration and performance, and how we engage with government officials. We are from time to time subject to audits, inquiries and investigations relating to our government contracts, which may result in adverse perceptions of our business, reductions in utilization of our services or termination of our contracts without cause and at any time. Additionally, any violations could result in various civil and criminal penalties and administrative sanctions, including termination of contracts, refunding or suspending of payments, forfeiture of profits, payment of fines and suspension or debarment from future government business, as well as reputational harm. Additionally, our contracting with certain government entities may result in negative publicity or reputational harm. Any of these risks related to contracting with governmental entities could adversely impact our future sales, costs of doing business and operating results.

Our contracts with federal, state, local and foreign government entities are subject to various procurement regulations and other requirements relating to their formation, administration and performance. We are from time to time subject to audits and investigations relating to our government contracts, and any violations could result in various civil and criminal penalties and administrative sanctions, including termination of contracts, refunding or suspending of payments, forfeiture of profits, payment of fines and suspension or debarment from future government business. In addition, such contracts may provide for termination by the government at any time, without cause. Any of these risks related to contracting with governmental entities could adversely impact our future sales and operating results.

While we seek to mitigate our business risks associated with climate change by establishing appropriate environmental programs and partnering with organizations who are also focused on mitigating their own climate-related risks, there are inherent climate-related risks where our business is conducted. Any of our primary locations may be vulnerable to the adverse effects of climate change. For example, our offices globally have historically experienced, and are projected to continue to experience, climate-related events at an increasing frequency, including drought, water scarcity, heat waves, cold waves, flooding, wildfires and resultant air quality impacts and power shutoffs associated with climate-related events. These events in turn have impacts on inflation risks, the cost and availability of insurance, food security, water security (including for water availability for data center cooling), energy security and on our employees’ health, productivity and well-being. Furthermore, it is more difficult to mitigate the impact of these events on our employees working remotely or at client sites. Changing market dynamics, global policy developments and the increasing frequency and impact of extreme weather events on critical infrastructure in the United States and elsewhere have the potential to disrupt our business, the business of companies we invest in, the business of third-party providers or suppliers that we rely on to conduct our business and the business of our customers, and may cause us to experience higher attrition, losses and additional costs to maintain or resume operations. In particular, climate-related events, energy market volatility, and power grid disruptions may increase the operational costs related to inputs across our value chain, including for data centers. Perceived associations with data centers’ growing energy demand or data center/AI-related changes to existing environmental pledges in certain jurisdictions may also result in increased targeting of our sites and operations by activists. Additionally, failure to uphold, meet or make timely forward progress against our public commitments and goals related to climate action could adversely impact the resilience of our business to the impacts of climate-related events. 31 31 31 31 31 31 Table of Contents Table of Contents Table of Contents

While we seek to mitigate our business risks associated with climate change by establishing robust environmental programs and partnering with organizations who are also focused on mitigating their own climate-related risks, we recognize 33 33 33 Table of Contents Table of Contents that there are inherent climate-related risks wherever business is conducted. Any of our primary locations may be vulnerable to the adverse effects of climate change. For example, our offices globally have historically experienced, and are projected to continue to experience, climate-related events at an increasing frequency, including drought, water scarcity, heat waves, cold waves, flooding, wildfires and resultant air quality impacts and power shutoffs associated with climate-related events. These events in turn have impacts on inflation risks, food security, water security (including for water availability for data center cooling) and on our employees’ health and well-being. Furthermore, it is more difficult to mitigate the impact of these events on our employees working remotely or at client sites. Changing market dynamics, global policy developments and the increasing frequency and impact of extreme weather events on critical infrastructure in the United States and elsewhere have the potential to disrupt our business, the business of third-party providers or suppliers that we rely on to conduct our business and the business of our customers, and may cause us to experience higher attrition, losses and additional costs to maintain or resume operations. Additionally, failure to uphold, meet or make timely forward progress against our public commitments and goals related to climate action could adversely affect our reputation with investors, suppliers and customers, our financial performance or our ability to recruit and retain talent. 34 34 34 Table of Contents Table of Contents

•An inability to compete effectively in the intensely competitive markets in which we participate. •Any failure to expand our services and to develop and integrate our existing services in order to keep pace with technological developments. •An inability to maintain and enhance our brands. •Partial or complete loss of invested capital, or significant changes in the fair value, of our strategic investment portfolio. •Any discontinuance by third-party developers and providers in embracing our technology delivery model and enterprise cloud computing services, or customers asking us for warranties for third-party applications, integrations, data and content. •Social and ethical issues, including the use or capabilities of AI in our offerings. 11 11 11 11 11 11 Table of Contents Table of Contents Table of Contents •The evolving landscape related to ESG matters.

•An inability to compete effectively in the intensely competitive markets in which we participate. •Any failure to expand our services and to develop and integrate our existing services in order to keep pace with technological developments. •An inability to maintain and enhance our brands. •Partial or complete loss of invested capital, or significant changes in the fair value, of our strategic investment portfolio. •Any discontinuance by third-party developers and providers in embracing our technology delivery model and enterprise cloud computing services, or customers asking us for warranties for third-party applications, integrations, data and content. •Social and ethical issues, including the use or capabilities of AI in our offerings. •Risks related to our aspirations and disclosures related to ESG matters.

Our customers have no obligation to renew their subscriptions for our services after the expiration of their contractual subscription period, which is typically 12 to 36 months, and in the normal course of business, some customers have elected not to renew. In addition, our customers may renew for fewer subscriptions, renew for shorter contract lengths or switch to lower cost offerings of our services, particularly in times of general economic uncertainty. It is difficult to predict attrition rates given our varied customer base and the number of multi-year subscription contracts. Our attrition rates may increase or fluctuate as a result of various factors, including customer dissatisfaction with our services, customers’ spending levels, mix of customer base, decreases in the number of users at our customers, competition, pricing increases or changes, such as the increased prevalence of consumption-based pricing models and economic downturns. Our future success also depends in part on our ability to sell additional features and services, more subscriptions or enhanced editions of our services to our current customers. This may also require increasingly sophisticated and costly sales efforts that are targeted at senior management. Similarly, the rate at which our customers purchase new or enhanced services depends on a number of factors, including general economic conditions and customer receptiveness to any price changes related to these additional features and services. In addition, the markets and monetization strategies for certain offerings, including Agentforce and Data Cloud, remain relatively new and uncertain and as a result our expansion into such offerings, and related investments, may present additional risks and challenges. For example, we offer certain products, including Agentforce and Data Cloud, through a consumption-based business model and may increase the number of products through which we do so. We have limited experience with determining optimal pricing for our consumption-based contracts. Additionally, due to customer flexibility in the timing of their consumption, we could have lower levels of customer consumption of our products than we expect which may result in suboptimal pricing for consumption-based contracts.

Our customers have no obligation to renew their subscriptions for our services after the expiration of their contractual subscription period, which is typically 12 to 36 months, and in the normal course of business, some customers have elected not to renew. In addition, our customers may renew for fewer subscriptions, renew for shorter contract lengths or switch to lower cost offerings of our services, particularly in times of general economic uncertainty. Additionally, due to our largely subscription-based business model, the long-term impact of the COVID-19 pandemic and recent economic uncertainty may not be fully reflected in our results of operations until future periods. It is difficult to predict attrition rates given our varied customer base and the number of multi-year subscription contracts. Our attrition rates may increase or fluctuate as a result of various factors, including customer dissatisfaction with our services, customers’ spending levels, mix of customer base, decreases in the number of users at our customers, competition, pricing increases or changes and deteriorating general economic conditions. Our future success also depends in part on our ability to sell additional features and services, more subscriptions or enhanced editions of our services to our current customers. This may also require increasingly sophisticated and costly sales efforts that are targeted at senior management. Similarly, the rate at which our customers purchase new or enhanced services depends on a number of factors, including general economic conditions and customer receptiveness to any price changes related to these additional features and services. 17 17 17 Table of Contents Table of Contents If customers do not renew their subscriptions, do not purchase additional features or enhanced subscriptions or if attrition rates increase, we may not meet our revenue targets and our business could be harmed, which may adversely affect the market price of our common stock.

Equality and sustainability are core values of the Company. In furtherance of these values, we have in the past and may in the future establish and disclose quantitative and qualitative statements related to ESG matters, which are aspirational and subject to numerous risks and dependencies. The proliferation of regulations addressing climate, human capital and other ESG topics at the regional, state, national and international levels has required and may continue to require significant effort and resources, and our practices, processes and controls may not ensure compliance with evolving standards. Further, various regulations may conflict with each other, making universal compliance challenging as a multinational company, and our status as a government contractor in various jurisdictions, including but not limited to the U.S. where we are headquartered, may also result in greater exposure or differentiated obligations or requirements with which we would seek to comply. The standards and frameworks for tracking and reporting on ESG matters continue to evolve, and our use, interpretation or application of such frameworks and standards may change from time to time or differ from those of other companies, which may result in a lack of consistent or meaningful comparative data from period to period or between Salesforce and other companies. In addition, our ESG practices and disclosures may not satisfy, appropriately respond to the concerns of or be supported by all investors, customers, partners, regulators, enforcement authorities or other stakeholders (including those in support of and those in 21 21 21 21 21 21 Table of Contents Table of Contents Table of Contents opposition to various ESG practices), whose expectations and requirements are evolving and varied. Any violation of, non-compliance with or failure to meet such expectations or requirements, or negative publicity related to our ESG practices or disclosures, could result in harm to our reputation, our ability to attract or retain employees, and our attractiveness as an investment, business partner, acquiror or service provider, could expose us to increased scrutiny or criticism or to regulatory or enforcement actions or litigation, and could cause us to incur increased costs to address or defend against such actions.

We have established and publicly announced ESG goals, including our commitments to advancing racial and gender equality within our workforce and reducing greenhouse gas emissions. These statements reflect our current plans and aspirations and are not guarantees that we will be able to achieve them. Our failure to accomplish or accurately track and report on these goals on a timely basis, or at all, could adversely affect our reputation, financial performance and growth, and expose us to increased scrutiny from the investment community as well as enforcement authorities. Our ability to achieve any ESG objective is subject to numerous risks, many of which are outside of our control. Examples of such risks include: •the availability and cost of low- or non-carbon-based energy sources; •the evolving regulatory requirements affecting ESG practices and/or disclosures; •the availability of suppliers that can meet our sustainability, diversity and other ESG standards; •our ability to recruit, develop and retain diverse talent in our labor markets; and •the success of our organic growth and acquisitions, dispositions or restructuring of our businesses or operations. Standards for tracking and reporting ESG matters continue to evolve. Our use of disclosure frameworks and standards, and the interpretation or application of those frameworks and standards, may change from time to time or differ from those of others. This may result in a lack of consistent or meaningful comparative data from period to period or between Salesforce and other companies in the same industry. In addition, our processes and controls may not comply with evolving standards for identifying, measuring and reporting ESG metrics, including ESG-related disclosures that may be required of public companies by the SEC and other regulators, and such standards may change over time, which could result in significant revisions to our current goals, reported progress in achieving such goals, or ability to achieve such goals in the future. If our ESG practices do not meet evolving investor or other stakeholder expectations and standards, then our reputation, our ability to attract or retain employees, and our attractiveness as an investment, business partner, acquiror or service provider could be negatively impacted. Further, our failure or perceived failure to pursue or fulfill our goals and objectives or to satisfy various reporting standards on a timely basis, or at all, could have similar negative impacts or expose us to government enforcement actions and private litigation. For example, the state of California has adopted new climate change disclosure requirements, and compliance with such rules could require significant effort and resources and result in changes to our current ESG goals.