DOCU: 10-K Risk Factor Changes

We fund our operations through payments by our customers for use of our product offerings and related services. In addition, as of January 31, 2024, we had available borrowing capacity of $500.0 million under our credit facility. We cannot be certain when or if our operations will generate sufficient cash to fund our ongoing operations or the growth of our business. Based upon our current operating plan, we believe that our existing cash, cash equivalents and investments are sufficient to fund our current operating expenses and capital expenditure requirements based on historical forecasts. We have based this assessment on assumptions that may prove to be wrong, and it is possible that we could use our capital resources sooner than we currently expect. This estimate does not reflect the possibility that we may not be able to access a material portion of our existing cash, cash equivalents and investments due to market conditions. For example, if banks or financial institutions wind down and liquidate, enter receivership or become insolvent in the future in response to financial conditions affecting the banking system and financial markets, our ability to access our existing cash, cash equivalents and investments may be threatened and could have a material adverse effect on our business and financial condition. We also intend to continue to make investments to support our business and, in the future, we may require additional funds. Additional financing may not be available on favorable terms, if at all. In addition, in the event that we incur additional debt, including under the credit facility, the debt holders would have rights senior to holders of common stock to make claims on our assets. Additionally, the credit facility restricts our ability to pay dividends on common stock and the terms of any future debt could restrict our operations. Further, if we issue additional equity securities, stockholders will experience dilution, and the new equity securities could have rights senior to those of our common stock. If adequate funds are not available on acceptable terms when we require it, we may be unable to invest in future growth opportunities, which could harm our business, operating results and financial condition.

We fund our operations through payments by our customers for use of our product offerings and related services. In addition, as of January 31, 2023, we had outstanding $37.1 million aggregate principal amount of the 2023 Notes, $690.0 million aggregate principal amount of the 2024 Notes (the 2023 Notes together with the 2024 Notes, the “Notes”) and available borrowing capacity of $500.0 million under our credit facility. We cannot be certain when or if our operations will generate sufficient cash to fund our ongoing operations or the growth of our business. Based upon our current operating plan, we believe that our existing cash, cash equivalents and investments are sufficient to fund our current operating expenses and capital expenditure requirements based on historical forecasts. We have based this assessment on assumptions that may prove to be wrong, and it is possible that we could use our capital resources sooner than we currently expect. This estimate does not reflect the possibility that we may not be able to access a material portion of our existing cash, cash equivalents and investments due to market conditions. For example, on March 10, 2023, the Federal Deposit Insurance Corporation (“FDIC”) was appointed receiver of Silicon Valley Bank (“SVB”), and SVB’s parent company subsequently filed for Chapter 11 protection. Our cash and cash equivalents are distributed across several large financial institutions, and our exposure to SVB was immaterial. However, if other banks and financial institutions wind down and liquidate, enter receivership or become insolvent in the future in response to financial conditions affecting the banking system and financial markets, our ability to access our existing cash, cash equivalents and investments may be threatened and could have a material adverse effect on our business and financial condition. We also intend to continue to make investments to support our business and, in the future, we may require additional funds. Additional financing may not be available on favorable terms, if at all. In addition, in the event that we incur additional debt, including under the credit facility, the debt holders would have rights senior to holders of common stock to make claims on our assets. Additionally, the credit facility restricts our ability to pay dividends on common stock and the terms of any future debt could restrict our operations. Further, if we issue additional equity securities, stockholders will experience dilution, and the new equity securities could have rights senior to those of our common stock. If adequate funds are not available on acceptable terms when we require it, we may be unable to invest in future growth opportunities, which could harm our business, operating results and financial condition.

•Any volatility in the market price of our common stock. •Any future sales of our common stock in the public market may cause our common stock price to decline. •Securities analysts publishing unfavorable or inaccurate research about us, or not publishing research.

•Any actual or perceived failure to comply with laws and regulations affecting our business. •Legal proceedings against us by third parties for various claims, including any current or future legal proceedings. •Any failure to adequately protect our proprietary rights, including intellectual property rights. •The implementation of AI in our business and challenges with properly governing its use.

•Any actual or perceived failure to comply with laws and regulations affecting our business. •Legal proceedings against us by third parties for various claims, including any current or future legal proceedings. •Any failure to adequately protect our proprietary rights, including intellectual property rights.

Our revenue grew from $2.5 billion in the fiscal year ended January 31, 2023 to $2.8 billion in the fiscal year ended January 31, 2024. We expect that, in the future, as our revenue increases, our revenue growth rate could decline as the scale of our business increases. While we experienced an increase in paying customers and revenue in the past, in part due to macro-economic conditions, including the pandemic, there is no assurance that we will experience a continued increase in paying customers or that new or existing customers will utilize our products at similar levels as businesses continue to return to more normalized, hybrid or in-person work environments. Additionally, future revenue growth rates may fail to meet the expectations of investors or securities analysts, particularly if measured against periods of accelerated revenue growth such as those experienced during the earlier phases of the COVID-19 pandemic and the resulting increased adoption of remote work and reduced seasonality experienced during such periods. We believe that future growth of our revenue depends on a number of factors, including our ability to: ▪price our products and solutions effectively so that we are able to attract and retain customers; ▪attract new customers, increase our existing customers’ use of our products and solutions and provide our customers with excellent customer support; ▪expand our product offerings for our customers, including our ability to successfully implement such product offerings and ensure successful adoption of new or enhanced product offerings by our customers; ▪effectively implement our sales strategies, including the expansion of self-serve capabilities; ▪continue to introduce our products and solutions to new markets outside of the U.S.; ▪mitigate and effectively manage the increased pace of the digital transformation of business and the costs of monitoring and complying with evolving governmental mandates; ▪hire, retain, train, and integrate our employee base including our sales force, customer success, research and development teams and key employees; ▪successfully identify and develop, acquire or invest in businesses, products or technologies that we believe could complement or expand our products and solutions; and ▪increase global awareness of our brand. We may not successfully accomplish any of these objectives. We expect to continue to expend substantial financial and other resources on: ▪product development and innovation; ▪sales, including our omni channel: direct, self-serve and partners; ▪marketing to expand brand awareness both in the U.S. and internationally; ▪our technology infrastructure, including information technology systems, systems architecture, management tools, scalability, availability, performance and security, as well as disaster recovery measures; ▪acquisitions or strategic investments; ▪international expansion; and ▪general administration, including legal and accounting expenses. In addition to growth in revenue, we have also experienced significant growth in the number of our customers and users, the number and complexity of the transactions we handle, and the amount of data that our infrastructure supports. Our growth has placed and may continue to place significant demands on our management and our operational and financial resources. Finally, our business is becoming more complex as we increase our product offerings, expand internationally and acquire complementary companies, products and technologies. In connection with this increased complexity, we are working to improve our operational, financial and management controls as well as our reporting systems and procedures, including streamlining or automating manual processes, all of which requires capital expenditures and management attention. Failure to effectively manage our growth and operations could have an adverse effect on our business, operating results and financial condition.

Our revenue grew from $2.1 billion in the fiscal year ended January 31, 2022 to $2.5 billion in the fiscal year ended January 31, 2023. We expect that, in the future, as our revenue increases, our revenue growth rate will decline as the scale of our business increases. While we experienced an increase in paying customers and revenue in the past, in part due to macro-economic conditions, including the pandemic, there is no assurance that we will experience a continued increase in paying customers or that new or existing customers will utilize our products at similar levels as businesses continue to return to more normalized, hybrid or in-person work environments. Additionally, future revenue growth rates may fail to meet the expectations of investors or securities analysts, particularly if measured against periods of accelerated revenue growth such as those experienced during the earlier phases of the COVID-19 pandemic and the resulting increased adoption of remote work and reduced seasonality experienced during such periods. We believe that future growth of our revenue depends on a number of factors, including our ability to: ▪price our products and solutions effectively so that we are able to attract and retain customers; ▪attract new customers, increase our existing customers’ use of our products and solutions and provide our customers with excellent customer support; ▪expand our DocuSign product offerings for our customers; ▪effectively implement our sales strategies, including the expansion of self-serve capabilities; ▪continue to introduce our products and solutions to new markets outside of the U.S.; ▪mitigate and effectively manage the increased pace of the digital transformation of business and the costs of monitoring and complying with evolving governmental mandates; ▪hire, retain, train, and integrate our employee base including our sales force, research and development teams and key employees; ▪successfully identify and develop, acquire or invest in businesses, products or technologies that we believe could complement or expand our products and solutions; and ▪increase global awareness of our brand. We may not successfully accomplish any of these objectives. We expect to continue to expend substantial financial and other resources on: ▪product development and innovation; ▪sales, including our omni channel: direct, self-serve and partners; ▪marketing to expand brand awareness both in the U.S. and internationally; ▪our technology infrastructure, including information technology systems, systems architecture, management tools, scalability, availability, performance and security, as well as disaster recovery measures; ▪acquisitions or strategic investments; ▪international expansion; and ▪general administration, including legal and accounting expenses. In addition to growth in revenue, we have also experienced significant growth in the number of our customers and users, the number and complexity of the transactions we handle, and the amount of data that our infrastructure supports. Our growth has placed and may continue to place significant demands on our management and our operational and financial resources. Finally, our business is becoming more complex as we increase our product offerings, expand internationally and acquire complementary companies, products and technologies. In connection with this increased complexity, we are working to improve our operational, financial and management controls as well as our reporting systems and procedures, including streamlining or automating manual processes, all of which requires capital expenditures and management attention. Failure to effectively manage our growth and operations could have an adverse effect on our business, operating results and financial condition.

We operate globally and are subject to taxes in the U.S. and numerous other jurisdictions throughout the world, and the tax regimes we are subject to or operate under, including income and non-income taxes, are unsettled and may be subject to significant change. The U.S., other jurisdictions or governmental bodies, such as the European Commission of the European Union, and intergovernmental economic organizations, such as the Organization for Economic Cooperation and Development, have made or could make unprecedented assertions about how taxation is determined and, in some cases, have proposed or enacted new laws that are contrary to the way in which rules and regulations have historically been interpreted and applied. Additionally, our corporate structure and associated transfer pricing policies contemplate future growth into international markets, and consider the functions, risks and assets of the various entities involved in the intercompany transactions. We may be subject to taxation in international jurisdictions with increasingly complex tax laws and precedents which could have an adverse effect on our liquidity and operating results. The amount of taxes we pay in these different jurisdictions may depend on the application of the tax laws of those jurisdictions, including the U.S., to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. Furthermore, tax authorities in the jurisdictions in which we operate may challenge our transfer pricing policies and intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency. In addition, the authorities in these jurisdictions could review our tax returns and impose additional tax, interest and penalties, and the authorities could claim that various withholding requirements apply to us or to our subsidiaries or assert that benefits of tax treaties are not available to us or our subsidiaries which could have a material impact on us and the results of our operations.

We operate globally and are subject to taxes in the U.S. and numerous other jurisdictions throughout the world, and the tax regimes we are subject to or operate under, including income and non-income taxes, are unsettled and may be subject to significant change. Changes in tax laws (including provisions of the recently enacted federal tax legislation titled the Inflation Reduction Act (the “IRA”)), certain Organization for Economic Co-operation and Development (“OECD”) proposals, regulations, or rulings, changes in interpretations of existing laws and regulations, or changes in accounting principles could negatively and materially affect our financial position and results of operations. Additionally, our corporate structure and associated transfer pricing policies contemplate future growth into international markets, and consider the functions, risks and assets of the various entities involved in the intercompany transactions. We may be subject to taxation in international jurisdictions with increasingly complex tax laws and precedents which could have an adverse effect on our liquidity and operating results. The amount of taxes we pay in these different jurisdictions may depend on the application of the tax laws of those jurisdictions, including the U.S., to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. Furthermore, tax authorities in the jurisdictions in which we operate may challenge our transfer pricing policies and intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency. In addition, the authorities in these jurisdictions could review our tax returns and impose additional tax, interest and penalties, and the authorities could claim that various withholding requirements apply to us or to our subsidiaries or assert that benefits of tax treaties are not available to us or our subsidiaries which could have a material impact on us and the results of our operations. Further, in August 2022, President Biden signed into law the IRA, which includes a 15% corporate alternative minimum tax for companies with modified GAAP net income in excess of $1 billion, a 1% excise tax on certain stock repurchases. We are not currently subject to the corporate alternative minimum tax, and do not currently expect the IRA provisions to have a material impact on our results of operations. Such changes, however, could result in an increase in the effective tax rate applicable to all or a portion of our income, which would negatively affect our financial results.

As use of our products and solutions grows and as customers use them for more types of transactions, we will need to devote additional resources to improving our application architecture, integrating with third-party systems and maintaining or scaling our technology infrastructure and performance. In addition, we will need to appropriately scale our internal business systems and our services organization, including customer support and professional services, to serve our growing customer base. Any failure of or delay in these efforts could cause impaired system performance and reduced customer satisfaction. These issues make our products and solutions less attractive to customers, resulting in decreased sales to new customers, lower renewal rates by existing customers, or the issuance of service credits or refunds, which could hurt our revenue growth and our reputation. Even if we are able to upgrade our systems and expand our staff, any such expansion will be expensive and complex, requiring management time and attention. We could also face inefficiencies or operational failures as a result of our efforts to scale our infrastructure. Moreover, there are inherent risks associated with upgrading, improving and expanding our systems infrastructure. We cannot be sure that the expansion and improvements to our systems infrastructure will be effectively implemented on a timely basis, if at all. These efforts may be costly and could adversely affect our financial results. For example, in fiscal 2023, we launched a new enterprise resource planning (“ERP”) system, which is designed to accurately maintain our financial records, enhance the flow of financial information, improve data management, and provide timely information to our management team. ERP system implementations are complex projects that require significant investment of capital and human resources, the reengineering of many business processes and the attention of many employees who would otherwise be focused on other aspects of our business. Our failure to improve our systems and processes or their failure to operate in the intended manner, could harm our business, financial condition, and operating results. Additionally, if the ERP system does not operate as intended, the effectiveness of our internal control over financial reporting could be adversely affected. Additionally, from time to time, we realign our resources and talent to implement stage-appropriate business strategies, which could include furloughs, layoffs and reductions in force. For more information on reductions in force, see the risk factor above “We rely on the performance of highly skilled personnel, including our management and other key employees, and failing to attract, integrate, or retain such employees could harm our business.” If there are unforeseen expenses associated with such realignments in our business strategies, and we incur unanticipated charges or liabilities, then we may not be able to effectively realize the expected cost savings or other benefits of such actions. Failure to manage any growth or any scaling back of our operations could have an adverse effect on our business, operating results, and financial condition.

As use of our products and solutions grows and as customers use them for more types of transactions, we will need to devote additional resources to improving our application architecture, integrating with third-party systems and maintaining or scaling our technology infrastructure and performance. In addition, we will need to appropriately scale our internal business systems and our services organization, including customer support and professional services, to serve our growing customer base. Any failure of or delay in these efforts could cause impaired system performance and reduced customer satisfaction. These issues make our products and solutions less attractive to customers, resulting in decreased sales to new customers, lower renewal rates by existing customers, or the issuance of service credits or refunds, which could hurt our revenue growth and our reputation. Even if we are able to upgrade our systems and expand our staff, any such expansion will be expensive and complex, requiring management time and attention. We could also face inefficiencies or operational failures as a result of our efforts to scale our infrastructure. Moreover, there are inherent risks associated with upgrading, improving and expanding our systems infrastructure. We cannot be sure that the expansion and improvements to our systems infrastructure will be effectively implemented on a timely basis, if at all. These efforts may be costly and could adversely affect our financial results. For example, we recently launched a new enterprise resource planning, or ERP system, which is designed to accurately maintain our financial records, enhance the flow of financial information, improve data management, and provide timely information to our management team. ERP system implementations are complex projects that require significant investment of capital and human resources, the reengineering of many business processes and the attention of many employees who would otherwise be focused on other aspects of our business. While we have implemented our new ERP system, we may experience difficulties as part of this transition, which could disrupt our operations, the management of our finances and the reporting of our financial results. Our failure to improve our systems and processes or complete such system implementations or enhancements on a timely basis, or their failure to operate in the intended manner, could harm our business, financial condition, and operating results. Additionally, if the ERP system does not operate as intended, the effectiveness of our internal control over financial reporting could be adversely affected. Additionally, from time to time, we realign our resources and talent to implement stage-appropriate business strategies, which could include furloughs, layoffs and reductions in force. For example, in September 2022, in response to changing economic conditions and in an effort to support our growth, scale and profitability objectives, reduce our operational costs and improve our organizational efficiency, we authorized a restructuring plan, which included a restructuring and reduction of the current workforce by approximately 9%. The execution of this restructuring plan was substantially completed at the end of fiscal 2023. Additionally, in February 2023, in an effort to support our growth, scale and profitability objectives, we authorized an additional restructuring plan which included a restructuring and reduction of the current workforce by approximately 10%, primarily in our sales organization. We expect that the execution of this additional restructuring plan will be substantially completed by the end of the second quarter of fiscal 2024. If there are unforeseen expenses associated with such realignments in our business strategies, and we incur unanticipated charges or liabilities, then we may not be able to effectively realize the expected cost savings or other benefits of such actions. Failure to manage any growth or any scaling back of our operations could have an adverse effect on our business, operating results, and financial condition.

We currently serve our customers from third-party data center hosting facilities and cloud service providers. Our customers need to be able to access our products at any time, without interruption or degradation of performance. In some cases, third-party cloud providers run their own platforms that we access, and we are, therefore, vulnerable to their service interruptions. As a result, we depend, in part, on our providers’ ability to protect our service supply chain against damage or interruption, including from natural disasters, regional or global conflicts, power or telecommunications failures, criminal acts and similar events. In the event that our data center and service arrangements are terminated, or if there are any lapses of service or damage to a data center, we could experience lengthy interruptions in our service as well as delays and additional expenses in arranging new facilities and services. Even with current and planned disaster recovery arrangements, our disaster recovery planning may not account for all eventualities and our business could be harmed. In addition to third-party data centers and cloud service providers, we also rely on our own technical operations infrastructure to support and serve our increasing customer base. We must maintain sufficient excess capacity in our operations infrastructure to ensure that our products and solutions are accessible within an acceptable load time. Design and mechanical errors, spikes in usage volume and failure to follow system protocols and procedures could cause our systems to fail, resulting in interruptions in our products and solutions. Any interruptions or delays in our service, whether or not caused by our products, whether as a result of third-party error, our own error, natural disasters and the effects of climate change, operational disruptions related to labor shortages, public health crises, or security breaches, whether accidental or willful, could harm our relationships with customers and cause our revenue to decrease and/or our expenses to increase. Also, in the event of damage or interruption, our insurance policies may not adequately compensate us for any losses that we may incur. These factors in turn could further reduce our revenue, subject us to liability and cause us to issue credits or cause customers to fail to renew their subscriptions, any of which could adversely affect our business.

We currently serve our customers from third-party data center hosting facilities. Our customers need to be able to access our products at any time, without interruption or degradation of performance. In some cases, third-party cloud providers run their own platforms that we access, and we are, therefore, vulnerable to their service interruptions. As a result, we depend, in part, on our data center providers’ ability to protect these facilities against damage or interruption, including from natural disasters, regional or global conflicts, power or telecommunications failures, criminal acts and similar events. In the event that our data center arrangements are terminated, or if there are any lapses of service or damage to a data center, we could experience lengthy interruptions in our service as well as delays and additional expenses in arranging new facilities and services. Even with current and planned disaster recovery arrangements, our disaster recovery planning may not account for all eventualities and our business could be harmed. In addition to third-party data centers and cloud providers, we also rely on our own technical operations infrastructure to support and serve our rapidly growing customer base. We must maintain sufficient excess capacity in our operations infrastructure to ensure that our products and solutions are accessible within an acceptable load time. Design and mechanical errors, spikes in usage volume and failure to follow system protocols and procedures could cause our systems to fail, resulting in interruptions in our products and solutions. Any interruptions or delays in our service, whether or not caused by our products, whether as a result of third-party error, our own error, natural disasters and the effects of climate change, operational disruptions related to labor shortages or public health crises, including the COVID-19 pandemic, or security breaches, whether accidental or willful, could harm our relationships with customers and cause our revenue to decrease and/or our expenses to increase. Also, in the event of damage or interruption, our insurance policies may not adequately compensate us for any losses that we may incur. These factors in turn could further reduce our revenue, subject us to liability and cause us to issue credits or cause customers to fail to renew their subscriptions, any of which could adversely affect our business.

We began operations in 2003 and, until recently, we have historically experienced net losses. We generated net income of $74.0 million in the year ended January 31, 2024 and a net loss of $97.5 million and $70.0 million in the years ended January 31, 2023 and 2022, respectively. As of January 31, 2024, we had an accumulated deficit of $1.7 billion. We will need to continue to generate and sustain increased revenue levels in future periods to become or remain profitable and, even in periods in which we generate net income, we may not be able to maintain or increase our level of profitability. We intend to continue to incur significant expenses to support growth, further develop and enhance our products and solutions, expand our infrastructure and technology, incentivize and enable our sales organization and marketing activities, and grow our international operations and customer base. Our efforts to grow our business may be costlier than we expect, and we may not be able to increase our revenue enough to offset our increased operating expenses. We may incur significant losses in the future for a number of reasons, including the other risks described in this “Risk Factors” section, and unforeseen expenses, difficulties, complications and delays and other unknown events. If we are unable to achieve or sustain profitability in the future, the value of our business and common stock may significantly decrease.

We began operations in 2003 and have experienced net losses since inception. We generated a net loss of $97.5 million, $70.0 million, and $243.3 million in the years ended January 31, 2023, 2022, and 2021, and as of January 31, 2023, we had an accumulated deficit of $1.6 billion. We will need to generate and sustain increased revenue levels in future periods to become profitable and, even if we do, we may not be able to maintain or increase our level of profitability. We intend to continue to incur significant expenses to support growth, further develop and enhance our products and solutions, expand our infrastructure and technology, increase our sales headcount and marketing activities, and grow our international operations and customer base. Our efforts to grow our business may be costlier than we expect, and we may not be able to increase our revenue enough to offset our increased operating expenses. We may incur significant losses in the future for a number of reasons, including the other risks described in this “Risk Factors” section, and unforeseen expenses, difficulties, complications and delays and other unknown events. If we are unable to achieve and sustain profitability, the value of our business and common stock may significantly decrease.

The U.S. federal government and various state and foreign governments have adopted or proposed limitations on the collection, distribution, use and storage of data relating to individuals and businesses, including the use of contact information and other data for marketing, advertising and other communications with individuals and businesses. In the U.S., various laws, and regulations and agency rules and opinions apply to the collection, processing, disclosure and security of certain types of data, including: ▪The ESIGN Act in the U.S., eIDAS in the EU and similar U.S. state laws, particularly the Uniform Electronic Transactions Act (the “UETA”), which authorize the creation of legally binding and enforceable agreements utilizing electronic signatures and records. We are particularly reliant on the UETA and the ESIGN Act, which together have solidified the legal landscape in the U.S. for use of electronic signatures and records by providing that electronic signatures and records carry the same weight and have the same legal effect as paper documents and wet ink signatures. ▪The Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, the Gramm-Leach-Bliley Act, and state laws relating to privacy and data security. ▪Additionally, the FTC and many U.S. state attorney generals are interpreting federal and state consumer protection laws as imposing standards for the online collection, use, dissemination, and security of personal information. For example, California has enacted the California Consumer Privacy Act (the “CCPA”), as amended by the California Privacy Rights Act (the “CPRA”), that subjects businesses to new regulations promulgated through a recently created enforcement agency called the California Privacy Protection Agency. Other states have passed comparable legislation, and some may pass similar legislation with potentially greater penalties, and more rigorous compliance requirements relevant to our business. ▪The Health Insurance Portability and Accountability Act (“HIPAA”) in the U.S. (as amended and supplemented by the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”)), and even more stringent state health information privacy laws, impose mandatory contractual terms and other obligations with respect to safeguarding the privacy, security and transmission of protected health information and de-identified health information. We may function as a HIPAA business associate for certain of our customers and, as such, are subject to applicable privacy and data security requirements. Failure to comply with applicable HIPAA requirements can result in significant civil monetary penalties and, in certain circumstances, criminal penalties and fines. Additionally, we are subject to various other laws and regulations affecting our business. For example, the SEC recently adopted cybersecurity risk management and disclosure rules, which require mandatory disclosure of information pertaining to cybersecurity incidents and cybersecurity risk management, strategy and governance. In March 2024, the SEC also adopted amendments that will require us to disclose certain climate-related information in our annual reports beginning with our annual report covering fiscal year ended January 31, 2026. Additionally, California recently adopted the Climate Corporate Data Accountability Act and the Climate-Related Financial Risk Act, each of which mandate certain climate-related public disclosure requirements. We expect that new laws, regulations and industry standards will continue to be proposed and enacted relating to privacy, data protection, marketing, advertising, electronic signatures, consumer communications and information security in the U.S., the EU and other jurisdictions, and we cannot determine the impact such future laws, regulations and standards may have on our business. Future laws, regulations, standards and other obligations or any changed interpretation of existing laws or regulations could impair our ability to develop and market new functionality and maintain and grow our customer base and increase revenue. For example, changes in the regulatory landscape relating to new and evolving technologies, such as generative AI, and future restrictions on the collection, use, sharing or disclosure of data, or additional requirements for the express or implied consent of our customers, partners or end consumers for the use and disclosure of such information could require us to incur additional costs or modify our products and solutions, possibly in a material manner, and could limit our ability to develop new functionality. Any actual or perceived failure to comply with these or other laws or regulations could harm our business, and result in legal liability, regulatory action, or brand and reputational harm.

The U.S. federal government and various state and foreign governments have adopted or proposed limitations on the collection, distribution, use and storage of data relating to individuals and businesses, including the use of contact information and other data for marketing, advertising and other communications with individuals and businesses. In the U.S., various laws, and regulations and agency rules and opinions apply to the collection, processing, disclosure and security of certain types of data, including: ▪The ESIGN Act in the U.S., eIDAS in the EU and similar U.S. state laws, particularly the Uniform Electronic Transactions Act (the “UETA”), which authorize the creation of legally binding and enforceable agreements utilizing electronic signatures and records. We are particularly reliant on the UETA and the ESIGN Act, which together have solidified the legal landscape in the U.S. for use of electronic signatures and records by providing that electronic signatures and records carry the same weight and have the same legal effect as paper documents and wet ink signatures. ▪The Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, the Gramm Leach Bliley Act, and state laws relating to privacy and data security. ▪Additionally, the FTC and many state attorney generals are interpreting federal and state consumer protection laws as imposing standards for the online collection, use, dissemination, and security of data. For example, California has enacted the California Consumer Privacy Act (the “CCPA”), most recently amended by the California Privacy Rights Act (the “CPRA”) as of January 1, 2023, with enforcement beginning on July 1, 2023, subject to regulations promulgated through a newly created enforcement agency called the California Privacy Protection Agency. Other states have passed comparable legislation, and some may pass similar legislation with potentially greater penalties, and more rigorous compliance requirements relevant to our business. ▪The Health Insurance Portability and Accountability Act (“HIPAA”) in the U.S. (as amended and supplemented by the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”)), and even more stringent state health information privacy laws, impose mandatory contractual terms and other obligations with respect to safeguarding the privacy, security and transmission of protected health information and de-identified health information. We may function as a HIPAA business associate for certain of our customers and, as such, are subject to applicable privacy and data security requirements. Failure to comply with HIPAA can result in significant civil monetary penalties and, in certain circumstances, criminal penalties and fines. Internationally, many countries have established their own data privacy and security legal framework with which we, our customers and partners may need to comply. For example, in Europe, the General Data Protection Regulation (the “GDPR”) contains robust obligations on data controllers and processors and fulsome documentation requirements for data protection compliance programs by companies. As a result of our presence in Europe and the United Kingdom (“UK”) and our products and services being offered in the EU and the UK, we are subject to the GDPR, UK GDPR, the UK Data Protection Act 2018, and other similar regional European data protection regulations, all of which impose stringent data protection and cybersecurity requirements, and could increase the risk of non-compliance and the costs of providing our services in a compliant manner. A breach of the GDPR, UK GDPR or other such data protection regulations, could result in regulatory investigations, reputational damage, fines and sanctions, orders to cease or change our processing of our data, enforcement notices, or assessment notices (for a compulsory audit). Such penalties are in addition to any civil litigation claims by customers and data subjects. We may also face civil claims including representative actions and other class action-type litigation (where individuals have suffered harm), potentially amounting to significant compensation or damages liabilities, as well as associated costs, diversion of internal resources, and reputational harm. The GDPR in particular imposes strict rules on the transfer of personal data out of the EU to a “third country,” including the U.S. These obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other requirements or our practices. Legal developments in Europe also create complexity and uncertainty regarding transfers of personal data from the EU and the UK to the U.S. Notable recent developments include the invalidation of the EU-U.S. Privacy Shield Framework (“Privacy Shield”) on July 16, 2020, under which personal data could be transferred from the European Economic Area (“EEA”) to U.S. entities who had self-certified under the Privacy Shield scheme prior to invalidation. To safeguard data transfers from the EEA to other jurisdictions, including the U.S., we currently utilize respective Binding Corporate Rules and Standard Contractual Clauses as the approved data transfer mechanisms by the EU Commission for corresponding applicable data transfer activity. The EU Commission has also published revised Standard Contractual Clauses for data transfers from the EEA: the revised Standard Contractual Clauses must be used for relevant new data transfers since September 27, 2021; existing Standard Contractual Clauses arrangements were required to be migrated to the revised Standard Contractual Clauses by December 27, 2022. We expect that new laws, regulations and industry standards will continue to be proposed and enacted relating to privacy, data protection, marketing, advertising, electronic signatures, consumer communications and information security in the U.S., the EU and other jurisdictions, and we cannot determine the impact such future laws, regulations and standards may have on our business. Future laws, regulations, standards and other obligations or any changed interpretation of existing laws or regulations could impair our ability to develop and market new functionality and maintain and grow our customer base and increase revenue. Future restrictions on the collection, use, sharing or disclosure of data or additional requirements for the express or implied consent of our customers, partners or end consumers for the use and disclosure of such information could require us to incur additional costs or modify our products and solutions, possibly in a material manner, and could limit our ability to develop new functionality.

As of January 31, 2024, we had available borrowing capacity of $500.0 million under our credit facility. If we decide to borrow a portion or the full amount under our credit facility, such indebtedness may: ▪limit our ability to borrow additional funds for working capital, capital expenditures, acquisitions or other general business purposes; ▪limit our ability to use our cash flow or obtain additional financing for future working capital, capital expenditures, acquisitions or other general business purposes; ▪require us to use a substantial portion of our cash flow from operations to make debt service payments; ▪limit our flexibility to plan for, or react to, changes in our business and industry; ▪place us at a competitive disadvantage compared to our less leveraged competitors; and ▪increase our vulnerability to the impact of adverse economic and industry conditions, including inflation and volatile interest rates, and actual or perceived instability in the global banking sector.

As of January 31, 2023, we had $37.1 million principal amount of indebtedness outstanding under our 2023 Notes, $690.0 million principal amount of indebtedness outstanding under our 2024 Notes and available borrowing capacity of $500.0 million under our credit facility. Our indebtedness may: ▪limit our ability to borrow additional funds for working capital, capital expenditures, acquisitions or other general business purposes; ▪limit our ability to use our cash flow or obtain additional financing for future working capital, capital expenditures, acquisitions or other general business purposes; ▪require us to use a substantial portion of our cash flow from operations to make debt service payments; ▪limit our flexibility to plan for, or react to, changes in our business and industry; ▪place us at a competitive disadvantage compared to our less leveraged competitors; ▪increase our vulnerability to the impact of adverse economic and industry conditions, including inflation and rising interest rates; and ▪require us to consume a portion of our liquidity to settle the Notes in the next 12 months.

Sales of subscriptions to our eSignature product account for substantially all of our subscription revenue and are the source of substantially all of our professional services revenue. Although we continue to add to our suite of products and solutions for automating the agreement process, we expect that we will be substantially dependent on our eSignature product to generate revenue for the foreseeable future. As a result, our operating results could suffer due to: ▪any decline in demand for our eSignature product; ▪the failure of our eSignature product to maintain market acceptance; ▪the market for electronic signatures failing to grow, or growing more slowly than we expect; ▪new products and technologies from our competitors that replace or represent an improvement over our eSignature product; ▪new technological innovations or standards that our eSignature product does not address; ▪changes in regulations; ▪sensitivity to our current or future pricing; ▪our inability to release enhanced versions of our eSignature product on a timely basis; and ▪macro- and micro-economic factors, including inflation, volatile interest rates, increased debt and equity market volatility, actual or perceived instability in the global banking sector, and the impact of regional or global conflicts or other public health crises. We have experienced, and may continue to experience, declines and fluctuations in the demand for our eSignature product due to a number of factors, including changing patterns of customer adoption and retention, shifts in customer spending levels, a highly competitive market, and general economic and global market conditions. We will need to maintain or increase sales of subscriptions to our eSignature product, in addition to increasing the usage and adoption of our other product offerings, in order to support our growth and operating objectives. If customer adoption and expansion of our eSignature product falls below our expectations, our business, financial condition, and operating results would be adversely affected.

Sales of subscriptions to our DocuSign eSignature product account for substantially all of our subscription revenue and are the source of substantially all of our professional services revenue. Although we continue to add to our suite of products and solutions for automating the agreement process, we expect that we will be substantially dependent on our DocuSign eSignature product to generate revenue for the foreseeable future. As a result, our operating results could suffer due to: ▪any decline in demand for our DocuSign eSignature product; ▪the failure of our DocuSign eSignature product to maintain market acceptance; ▪the market for electronic signatures failing to grow, or growing more slowly than we expect; ▪new products and technologies from our competitors that replace or represent an improvement over our DocuSign eSignature product; ▪new technological innovations or standards that our DocuSign eSignature product does not address; ▪changes in regulations; ▪sensitivity to our current or future pricing; ▪our inability to release enhanced versions of our DocuSign eSignature product on a timely basis; and ▪macro- and micro-economic factors, including inflation, rising interest rates, increased debt and equity market volatility and the impact of regional or global conflicts or other public health crises, including the COVID-19 pandemic. If we experience a material decline in sales of subscriptions to our DocuSign eSignature product, without a corresponding increase in subscriptions to our other products and solutions, our revenue and operating results would be harmed.