# Palantir Technologies Inc.: 10-K Risk Factor Changes 2026 vs 2025 > Source: U.S. Securities and Exchange Commission (EDGAR) > Generated: 2026-05-05 > All data extracted directly from official filings. No hallucinated content. ## Summary | Status | Count | |--------|-------| | New risks added | 19 | | Risks removed | 19 | | Risks modified | 63 | | Unchanged | 44 | --- ## New Risk: Our sales efforts involve considerable time and expense, and our sales cycle is often long and unpredictable. Our results of operations may fluctuate, in part, because of the intensive nature of our sales efforts and the length and unpredictability of our sales cycle. As part of our standard sales efforts, we invest considerable time and expense evaluating the specific organizational needs of our potential customers and educating these potential customers about the technical capabilities and value of our platforms and services. We often also provide our platforms to potential customers (including individual users 13 13 13 13 13 13 --- ## New Risk: We anticipate our operating expenses will continue to increase and we may not be able to maintain profitability in the future. While we remain focused on operating efficiently, we anticipate that our operating expenses will continue to increase in the future. As we continue to expand our business, industry verticals, and the breadth of our operations, upgrade our infrastructure, 15 15 15 15 15 15 --- ## New Risk: Seasonality may cause fluctuations in our results of operations and financial position. Historically, the first quarter of our year generally has relatively lower sales, and sales generally increase in each subsequent quarter with substantial increases during our third and fourth quarters ending September 30 and December 31, respectively. We believe that this seasonality results from a number of factors, including: •the fiscal year end procurement cycle of our government customers, and in particular U.S. government customers which have a fiscal year end of September 30; •the fiscal year budgeting process for our commercial customers, many of which have a fiscal year end of December 31; •seasonal reductions in business activity during the summer months in the United States, Europe, and certain other regions; and •timing of projects and our customers' evaluation of our work progress. This seasonality has historically impacted and may in the future continue to impact the timing of collections and recognized revenue. Because a significant portion of our customer contracts are typically finalized near the end of the year, and we typically invoice customers shortly after entering into a contract, we may receive a portion of our customer payments near the end of the year and record such payment as an increase in deferred revenue or customer deposits ("contract liabilities"), while the revenue from our customer contracts is generally recognized over the contract term. While we have historically billed and 17 17 17 17 17 17 --- ## New Risk: Table of Contents Our relationships with government customers and customers that are engaged in certain sensitive industries, including organizations whose products or activities are or are perceived to be harmful, have resulted in public criticism, including from political and social activists; unfavorable coverage in the media; engagement on these issues from investors and potential customers; and increased security risks. These relationships could also result in exposure to congressional, regulatory, or other government investigations or inquiries, as well as lawsuits from private parties. Activists have also engaged, and may continue to engage, in public protests at our properties and other locations. Actions we may take in response to media coverage, activism, investigations, inquiries, litigation, or to protect from security risks, may divert resources and our management's attention, increase certain operating and other expenses, and further affect our public perception. Activist criticism and government or regulatory inquiries of our relationships with customers could potentially engender dissatisfaction among potential and existing customers, investors, and employees with how we address political and social concerns in our business activities. Conversely, being perceived as yielding to activism targeted at certain customers could damage our relationships with certain customers, including governments and government agencies with which we do business, whose views may or may not be aligned with those of political and social activists. Actions we take in response to the activities of our customers, up to and including terminating our contracts or refusing a particular product use case could harm our brand and reputation. In either case, the resulting harm to our reputation could: •cause certain customers to cease doing business with us; •impair our ability to attract new customers, or to expand our relationships with existing customers; •diminish our ability to recruit, hire, or retain employees; •undermine our standing in professional communities to which we contribute and from which we receive expert knowledge; •trigger additional external scrutiny or litigation; or •prompt us to cease doing business with certain customers. Any of these factors could adversely impact our business, financial condition, and results of operations. --- ## New Risk: Table of Contents our revenue growth. If we are unable to attract, hire, develop, retain, and motivate qualified sales personnel, if our new sales personnel are unable to achieve sufficient sales productivity levels in a reasonable period of time or at all, if our marketing programs are not effective or if we are unable to effectively build, expand, and manage our sales organization and operations, our sales and revenue may grow more slowly than expected or materially decline, and our business may be significantly harmed. --- ## New Risk: Table of Contents including in important customer-facing roles as project managers, development leads, and product managers. Larger competitors, such as defense contractors, system integrators, and large software and service companies that traditionally target large enterprises typically have more sizable direct sales forces staffed by individuals with significantly more industry experience than our customer-facing personnel, which may negatively impact our ability to compete with these larger competitors. We have historically operated with a relatively flat reporting and organization structure and have few formal promotions. As our business grows and becomes more complex, the staffing of customer-facing personnel, some of whom may have limited industry experience, may result in unintended outcomes or in decisions that are poorly received by customers or other stakeholders. For example, in many cases we launch, at our expense, pilot deployments with customers without a long-term contract in place, and some of those deployments have not resulted in the customer's adoption or expansion of its use of our platforms and services, or the generation of significant, or any, revenue or payments. In addition, as we continue to grow, including geographically, we may find it difficult to maintain our culture. Our culture also prioritizes customer outcomes over short-term financial results, and we frequently make service and product decisions that may reduce our short-term revenue or cash flow if we believe that the decisions are consistent with our mission and responsive to our customers' goals and thereby have the potential to improve our financial performance over the long term. These decisions may not produce the long-term benefits and results that we expect or may be poorly received in the short term by the public markets, in which case our customer growth and our business, financial condition, and results of operations may be harmed. --- ## New Risk: Table of Contents Historically, we have funded our operations and capital expenditures primarily through cash flows from operations, equity issuances, and proceeds from option exercises. Although we currently anticipate that our cash flows generated from operations, available funds, and access to financing sources, including our undrawn credit facility, will be sufficient to meet our cash needs for at least the next twelve months, we may require additional financing, and we may not be able to obtain debt or equity financing on favorable terms, if at all. If we raise equity financing to fund operations or on an opportunistic basis, our stockholders may experience significant dilution of their ownership interests. Additionally, tightening of portions of the credit markets and fluctuating interest rates continue to negatively impact the capital raising environment. If adequate funds are not available on acceptable terms, or at all, we may be unable to, among other things: •develop new platforms, products, features, capabilities, and enhancements; •continue to expand our product development, sales, and marketing organizations; •recruit, hire, train, and retain employees; •respond to competitive pressures or unanticipated working capital requirements; or •pursue acquisitions or other growth or investment opportunities. Our inability to take any of these actions because adequate funds are not available on acceptable terms could have an adverse impact on our business, financial condition, results of operations, and growth prospects. --- ## New Risk: Table of Contents and limit user access to data sets and develop, deploy, and manage more effective and responsible AI capabilities. However, if these controls are not properly implemented by, or for, our customers, or if we enable or offer AI solutions that are controversial or problematic because of their purported or real impact on fundamental rights, privacy, employment, or other societal issues, we may experience brand or reputational harm, as well as regulatory or legal scrutiny. There can be no assurance that the technologies and business practices we have designed will sufficiently mitigate the risks presented by the growing use of AI in our platforms and business. --- ## New Risk: Table of Contents could also result in our having to stop using technology, branding or marks found to be in violation of a third party's rights and any necessary rebranding could result in the loss of goodwill. We could be required to seek a license for the intellectual property, which may not be available on commercially reasonable terms or at all. Even if a license were available, we could be required to pay significant royalties, which would increase our expenses. As a result, we could be required to develop alternative non-infringing technology, branding or marks, which could require significant effort and expense. If we cannot license rights or develop technology for any infringing aspect of our business, we would be forced to limit or stop sales of one or more of our platforms or features, we could lose existing customers, and we may be unable to compete effectively. Any of these results would harm our business, financial condition, and results of operations. Further, our agreements with customers and other third parties generally include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of third-party claims of intellectual property infringement, misappropriation, or other violations of intellectual property rights, damages caused by us to property or persons, or other liabilities relating to or arising from our platforms, services, or other contractual obligations. Large indemnity payments could harm our business, financial condition, and results of operations. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business and results of operations. --- ## New Risk: Table of Contents using our platforms, it may be difficult to identify the sources of these problems, and we may receive blame for a security, access control, or other compliance breach that was the result of the failure of one of the other elements in a customer's or another vendor's IT, security, or compliance infrastructure. The occurrence of software or errors in data, whether or not caused by our platforms, could delay or reduce market acceptance of our platforms and have an adverse effect on our business and financial performance, and any necessary revisions may cause us to incur significant expenses. The occurrence of any such problems could harm our business, financial condition, and results of operations. If an actual or perceived breach of information correctness, auditability, integrity, or availability occurs in one of our customers' systems, regardless of whether the breach is attributable to our platforms, the market perception of the effectiveness of our platforms could be harmed. Alleviating any of these problems could require additional significant expenditures of our capital and other resources and could cause interruptions, delays, or cessation of our product licensing, which could cause us to lose existing or potential customers and could adversely affect our business, financial condition, results of operations, and growth prospects. --- ## New Risk: Table of Contents to make the necessary revisions to our software, including modifications to address security vulnerabilities, which could impact our ability to mitigate cybersecurity risks or fulfill our contractual obligations to our customers. We may also face claims from copyright owners seeking to enforce the terms of an open source license governing the software, including by demanding release of the open source software, derivative works or our proprietary source code that was developed using such software. Such claims, with or without merit, could result in litigation, could be time-consuming and expensive to settle or litigation, including copyright infringement claims, could divert our management's attention and other resources, could require us to lease some of our proprietary code, or could require us to devote additional research and development resources to change our software, any of which could adversely affect our business. Additionally, we have intentionally made certain proprietary software available on an open source basis, both by contributing modifications back to existing open source projects, and by making certain internally developed tools available pursuant to open source licenses, and we plan to continue to do so in the future. While we have established procedures, including a review process for any such contributions, which is designed to protect any code that may be competitively sensitive, we cannot guarantee that this process has always been applied consistently. Even when applied, because any software source code we contribute to open source projects is publicly available, our ability to protect our intellectual property rights with respect to such software source code may be limited or lost entirely, and we may be unable to prevent our competitors or others from using such contributed software source code for competitive purposes, or for commercial or other purposes beyond what we intended. Many of these risks associated with usage of open source software could be difficult to eliminate or manage, and could, if not properly addressed, negatively affect the performance of our offerings and our business. --- ## New Risk: Table of Contents We cannot yet fully assess the impact of these laws and other new laws or regulations on our business or operations, but developments regarding these and other privacy and data protection laws and regulations around the world may require us to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to maintain compliance on an ongoing basis. Outside of the United States, virtually every jurisdiction in which we operate has established its own legal framework relating to privacy, data protection, and information security matters with which we and/or our customers must comply. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, retention, disclosure, security, transfer, and other processing of data that identifies or may be used to identify or locate an individual. Some countries and regions, including the EU, are considering or have passed legislation that imposes significant obligations in connection with privacy, data protection, and information security that could increase the cost and complexity of delivering our platforms and services, including the European General Data Protection Regulation ("GDPR") which took effect in May 2018; the EU AIA, which entered into force in August 2024 but continues to be phased in and establishes a risk-based framework for AI systems; and the Network and Information Security Directive 2 ("NIS2"), which replaced the original NIS Directive as of October 2024, and imposes additional cybersecurity risk management and incident reporting obligations. The EU also implemented the Digital Operational Resilience Act ("DORA"), which introduces new standards for Information and Communication Technology risk management and incident reporting for financial and insurance entities, and the European Union's Data Act (the "Data Act") became applicable on September 12, 2025. Among other things, the Data Act may affect some customers' ability to terminate service agreements with us or our competitors, and compliance with the Data Act may require us to adjust contract terms and technical measures for data portability for customers in the EU. These changes may impact the duration of customer relationships in the EU and result in additional compliance and operational costs, which may affect our business. Forthcoming EU regulatory developments, envisioned under the recently published European Commission's Digital Omnibus Package initiative, while aimed at streamlining regulatory obligations, may introduce further considerations or challenges for us or our customers in addressing EU digital compliance frameworks. Complying with the GDPR, EU AIA, NIS2, DORA, the Data Act, or other EU laws, directives, and regulations as they emerge may cause us to incur substantial operational costs, lead to challenges for our customers' implementation and use of our platform, or require us to modify our data handling practices on an ongoing basis. Non-compliance with the GDPR specifically may result in administrative fines or monetary penalties of up to 4% of worldwide annual revenue in the preceding financial year or €20 million (whichever is higher) for the most serious infringements and non-compliance with the EU AIA may result in penalties up to €35 million or 7% of worldwide annual turnover (whichever is higher), each of which could result in proceedings against us by governmental entities or other related parties and may otherwise adversely impact our business, financial condition, and results of operations. Additionally, post-Brexit updates to United Kingdom ("U.K.") data protection laws and regulations, such as the Data (Use and Access) Act 2025, while largely conforming to EU GDPR standards paving the way for a 2021 European Commission adequacy determination for export of personal data from the European Economic Area to the U.K., may change over time as the U.K. and its regulator, the Information Commissioner's Office, continue to examine its global market standing. In December 2025, the European Commission renewed the U.K. adequacy decisions originally adopted in 2021, subject to a term of six years and set to expire in December 2031; however, it also committed to a mid-point review of the decisions after four years to evaluate ongoing adequacy. Modifications in the standards for valid data transfer to the U.S. from the U.K., the EU, Switzerland, and other countries using standard contractual clauses or similar mechanisms may further require us to change our product and business practices, as well as to update client agreements in ways that introduce additional costs to our business. The overarching complexity of laws and regulations relating to privacy, data protection, and information security around the world pose a compliance challenge that could manifest in costs, damages, or liability in other forms as a result of failure to implement proper programmatic controls, failure to adhere to those controls or to the commitments we make, or the malicious or inadvertent breach of applicable legal, regulatory, or contractual privacy, data protection, or information security requirements by us, our employees, our business partners, or our customers. In addition to government regulation, self-regulatory standards and other industry standards may legally or contractually apply to us, be argued to apply to us, or we may elect to comply with such standards or to facilitate our customers' compliance with such standards. Because privacy, data protection, and information security are critical competitive factors in our industry, we may make statements on our website, in marketing materials, or in other settings about our data security measures and our compliance with, or our ability to facilitate our customers' compliance with, these standards. We also expect that there will continue to be new proposed laws and regulations concerning privacy, data protection, and information security, and we cannot yet determine the impact such future laws, regulations and standards, or amendments to or re-interpretations of existing laws and regulations, industry standards, or other obligations may have on our business. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, and contractual and other obligations may require us to incur additional costs and restrict our business operations. As these legal regimes relating to privacy, data protection, and information security continue to evolve, they may result in ever-increasing public scrutiny and escalating levels of enforcement and sanctions. Furthermore, because the interpretation and application of laws, standards, contractual obligations and other obligations relating to privacy, data protection, and information security are uncertain, these laws, standards, and contractual and other obligations may be interpreted and applied in a manner that is, or is alleged to be, inconsistent with our data 40 40 40 40 40 40 --- ## New Risk: Table of Contents The number and significance of our legal disputes and inquiries may increase as we continue to grow larger, as our business expands in employee headcount, scope, and geographic reach, and as our platforms and services become more complex. Additionally, if customers fail to pay us under the terms of our agreements, we may be adversely affected due to the cost of enforcing the terms of our contracts through litigation. Litigation or other proceedings can be expensive and time consuming and can divert our resources and leadership's attention from our primary business operations. The results of our litigation also cannot be predicted with certainty. If we are unable to prevail in litigation, we could incur payments of substantial monetary damages or fines, or undesirable changes to our platforms or business practices, and accordingly, our business, financial condition, or results of operations could be materially and adversely affected. Furthermore, if we accrue a loss contingency for pending litigation and determine that it is probable, any disclosures, estimates, and reserves we reflect in our financial statements with regard to these matters may not reflect the ultimate disposition or financial impact of litigation or other such matters. These proceedings could also result in negative publicity, which could harm customer and public perception of our business, regardless of whether the allegations are valid or whether we are ultimately found liable. Additional information regarding certain of the lawsuits we are involved in is described further in Note 8. Commitments and Contingencies in our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. --- ## New Risk: Governmental trade controls, including export and import controls, sanctions, customs requirements, and related regimes, could subject us to liability or loss of contracting privileges or limit our ability to compete in certain markets. Our offerings are subject to U.S. export controls, and we incorporate encryption technology into certain of our offerings. Our controlled software offerings and the underlying technology may be exported outside of the United States only with the required export authorizations, which may include license requirements in some circumstances. Additionally, our current or future products may be classified under the Commerce Department Export Administration Regulations ("EAR") or as defense articles subject to the United States International Traffic in Arms Regulations ("ITAR"). Most of our products, including our core software platforms, have been classified under the EAR and are generally exportable without needing a specific license, under an EAR exception for encrypted software. If a product, or component of a product, is classified under the ITAR, or is ineligible for the EAR encryption exception, then those products could be exported outside the United States only if we obtain the applicable export license or qualify for a different license exemption or exception. In certain contexts, the services we 44 44 44 44 44 44 --- ## New Risk: Table of Contents our stock ownership, some of which are outside of our control, could result in an ownership change under Section 382 of the Code. If our existing NOLs are subject to limitations arising from an ownership change, our ability to utilize NOLs could be limited by Section 382 of the Code, and a certain amount of our prior year NOLs could expire without benefit. Changes in the law may also impact our ability to use our NOLs and tax credit carryforwards. In addition, there is also a risk that the expiration of our existing NOLs or tax credits or a limitation on their use to offset future income tax liabilities could result from statutory or regulatory changes. For these reasons, we may not be able to utilize a material portion of our NOLs, which could potentially result in increased future tax liabilities to us and could adversely affect our results of operations. For additional information, see Note 11. Taxes in our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. --- ## New Risk: Table of Contents thereon if the record date for determining the stockholders entitled to vote to approve such transaction occurs prior to the Final Class F Conversion Date; •certain transactions prior to the Final Class F Conversion Date, that would require disclosure pursuant to Item 404(a) of Regulation S-K, between any of our Founders (or their controlled affiliates), on the one hand, and us, on the other, in which consideration exchanges hands between our Founders (or their controlled affiliates) and us, and such consideration has a fair market value in excess of $50.0 million as determined in accordance with our amended and restated bylaws will require approval by either (i) the holders of at least 66 2/3% of the voting power of all of the outstanding shares of our capital stock, voting together as a single class, or (ii) an Independent Committee (as defined in our amended and restated bylaws); •the acquisition of our equity securities by our Founders (including their controlled affiliates), prior to the Final Class F Conversion Date, in a "Rule 13e-3 transaction" (as defined in Rule 13e-3 under the Exchange Act) will be conditioned on approval by (i) an Independent Committee and (ii) the holders of a majority of the voting power of our capital stock that is held by our stockholders other than the Founders (including their controlled affiliates) and any holder of the Class F Common Stock; •vacancies on our Board of Directors will be able to be filled only by our Board of Directors and not by stockholders; •our directors may only be removed as provided in the Delaware General Corporation Law; •a special meeting of our stockholders may only be called by the chairperson of our Board of Directors, our Chief Executive Officer, our President, or our Board of Directors pursuant to a resolution adopted by a majority of the total number of authorized directorships, whether or not there exist any vacancies or other unfilled seats in previously authorized directorships; •our amended and restated certificate of incorporation authorizes undesignated preferred stock, the terms of which may be established and shares of which may be issued without further action by our stockholders, except that any designation and issuance of preferred stock must receive the affirmative vote of a majority of the outstanding shares of our Class F common stock; and •advance notice procedures apply for stockholders to nominate candidates for election as directors or to bring matters before an annual meeting of stockholders. These provisions, alone or together, could discourage, delay or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors of their choosing and to cause us to take other corporate actions they desire, any of which, under certain circumstances, could limit the opportunity for our stockholders to receive a premium for their shares of our Class A common stock, and could also affect the price that some investors are willing to pay for our Class A common stock. --- ## New Risk: Table of Contents to act as a group. If we were a controlled company, we would be eligible, and could elect, not to comply with certain of the Nasdaq corporate governance standards. Such standards include the requirement that a majority of directors on our Board of Directors are independent directors, subject to certain phase-in periods, and the requirement that our compensation, nominating and governance committee consist entirely of independent directors. In such a case, if the interests of our stockholders differ from the group of stockholders holding a majority of the voting power, our stockholders would not have the same protection afforded to stockholders of companies that are subject to all of the Nasdaq corporate governance standards, and the ability of our independent directors to influence our business policies and corporate matters may be reduced. --- ## New Risk: The Founder Voting Trust Agreement and the Founder Voting Agreement also have the effect of concentrating voting power with our Founders and their affiliates, which will effectively eliminate your ability to influence the outcome of important transactions, including a change in control. All shares of our Class F common stock are held in a voting trust (the "Founder Voting Trust"), established by our Founders pursuant to a voting trust agreement (the "Founder Voting Trust Agreement") with Wilmington Trust, National Association as trustee (the "Trustee"). Our Founders are also currently party to the Founder Voting Agreement. Our Founders have agreed 55 55 55 55 55 55 --- ## New Risk: Table of Contents have significant voting power and increase Mr. Thiel or his affiliates' relative voting power compared to the other Founders. The shares identified by Mr. Thiel as Designated Founders' Excluded Shares represented less than 5% of the voting power of our outstanding capital stock as of February 10, 2026. In the future, Mr. Thiel or our other Founders could designate additional shares as Designated Founders' Excluded Shares. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* certain customer segments relative to other markets or customer segments. Many factors may contribute to declines or variability in our revenue growth, including macroeconomic factors, increased competition, slowing demand for our platforms from existing and new customers, a failure by us to continue capitalizing on growth opportunities, terminations of existing contracts or failure to exercise existing options by our customers, and the maturation of our business, among others. If our revenue growth or revenue growth rate declines overall, or with respect to certain areas of our business, our business, financial condition, and results of operations could be adversely affected. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the trading price of our Class A common stock could fall, and we could face costly lawsuits. We and certain of our officers and directors were sued in purported class action lawsuits and derivative lawsuits, which could result in substantial costs and a diversion of our management's attention and resources. For additional information see Note 8. Commitments and Contingencies in our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* who obtain access and use of our platforms. Similarly, our platforms sometimes are used by customers with smaller or less sophisticated IT departments, potentially resulting in sub-optimal performance at a level lower than anticipated by the customer. Because our customers rely on our platforms and services to address important business goals and challenges, the incorrect or improper use or configuration of our platforms and O&M services, failure to properly train customers on how to efficiently and effectively use our platforms, or failure to properly provide implementation or analytical or maintenance services to our customers may result in contract terminations or non-renewals, reduced customer payments, negative publicity, or legal claims against us. For example, as we continue to expand our customer base, any failure by us to properly provide these services may result in lost opportunities for follow-on expansion sales of our platforms and services. Furthermore, if customer personnel are not well trained in the use of our platforms, customers may defer the deployment of our platforms and services, may deploy them in a more limited manner than originally anticipated, or may not deploy them at all. If there is substantial turnover of the Company or customer personnel responsible for procurement and use of our platforms, our platforms may go unused or be adopted less broadly, and our ability to make additional sales may be substantially limited, which could negatively impact our business, results of operations, and growth prospects. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* growing companies with global operations in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth, our business, financial condition, and results of operations would be harmed. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* •undermine our standing in professional communities to which we contribute and from which we receive expert knowledge; or •prompt us to cease doing business with certain customers. Any of these factors could adversely impact our business, financial condition, and results of operations. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* and services at all or generate any particular level of revenue for us. Even if the market in which we compete meets the size estimates and growth forecasts, our business could fail to grow at the levels we expect or at all for a variety of reasons outside our control, including competition in our industry. Further, if we or other data management and analytics providers experience security breaches or incidents, loss, corruption, or unavailability of or unauthorized access to customer data, disruptions in delivery, or other problems, this market as a whole, including our platforms, may be negatively affected. If software for the challenges that we address does not achieve widespread adoption, or there is a reduction in demand caused by a lack of customer acceptance, technological challenges, weakening economic conditions (including due to the ongoing Russia-Ukraine conflict and related economic sanctions, heightened interest rates, or monetary policy changes), security or privacy concerns, competing technologies and products, decreases in corporate spending, or otherwise, or, alternatively, if the market develops but we are unable to continue to penetrate it due to the cost, performance, and perceived value associated with our platforms, or other factors, it could result in decreased revenue and our business, financial condition, and results of operations could be adversely affected. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* acquired company choose not to work for us or if we are unable to retain key personnel, if their technology is not easily adapted to work with ours, or if we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise; •we may not realize the expected benefits of the transaction; •an acquisition may disrupt our ongoing business, divert resources, increase our expenses, result in unfavorable public perception, and distract our management; •an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company; •the potential impact on relationships with existing customers, vendors, and distributors as business partners as a result of acquiring another company or business that competes with or otherwise is incompatible with those existing relationships; •the potential that our due diligence of the applicable company or business does not identify significant problems or liabilities, or that we underestimate the costs and effects of identified liabilities; •exposure to litigation or other claims in connection with, or inheritance of claims or litigation risk as a result of, the transaction, including but not limited to claims from former employees, customers, or other third parties, which may differ from or be more significant than the risks our business faces; •potential goodwill impairment charges related to acquisitions; •we may encounter difficulties in, or may be unable to, successfully sell any acquired products; •the transaction may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions; •an acquisition may require us to comply with additional laws and regulations, or to engage in substantial remediation efforts to cause the acquired company to comply with applicable laws or regulations, or result in liabilities resulting from the acquired company's failure to comply with applicable laws or regulations; •our use of cash to pay for the transaction would limit other potential uses for our cash; •if we incur debt to fund such a transaction, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants; and •to the extent that we issue a significant amount of equity securities in connection with such transactions, existing stockholders may be diluted and earnings per share may decrease. We have accepted, and may continue to accept, securities as noncash consideration or invest in securities, including but not limited to in connection with customer contracts, partnerships, or strategic investments. For example, we have made and may continue to make strategic investments pursuant to certain approved agreements ("Investment Agreements") to purchase, or commit to purchase, shares of various entities, including special purpose acquisition companies and/or other privately-held or publicly-traded entities (each, an "Investee," and such purchases, the "Investments"); however, we do not currently anticipate entering into new Investment Agreements to purchase, or commit to purchase, securities of special purpose acquisition companies. Our ability to sell or transfer, or realize value from noncash consideration and our investments may be limited by applicable securities laws and regulations, including the requirement that offers or sales of securities must be registered with the SEC pursuant to applicable laws or qualify for an exemption from such registration, and our ability to liquidate and realize value from our equity securities may be negatively and materially impacted by any delays or limitations on our ability to offer, sell, or transfer such equity securities. In addition, certain of our equity securities are speculative in nature and may be volatile or decline in value or be entirely lost. We have realized, and may continue to realize, losses related to these equity securities, which could have a negative impact on our future financial position, results of operations, earnings per share, and cash flows. Additionally, in connection with approving and signing the Investment Agreements, we and each Investee or an associated entity entered into a commercial contract for access to our products and services (collectively, the "Strategic Commercial Contracts"). The total value of Strategic Commercial Contracts, which is calculated as the sum of the cumulative revenue recognized from Strategic Commercial Contracts and the remaining deal value of such contracts, was $340.6 million, inclusive of $10.4 million of contractual options, as of December 31, 2024. Strategic Commercial Contracts with remaining deal value as of December 31, 2024 have original contract terms, including contractual options, ranging from five to seven years, and are subject to termination for cause provisions. When determining the total value of these Strategic Commercial Contracts, we assess customers' financial condition, including the consideration of their ability and intention to pay, and whether all or some portion of the value of the contracts continue to meet the criteria for revenue recognition, among other factors. Certain companies with which we have entered into commercial contracts have been, and may continue to be, unable to generate sufficient revenues or profitability or to access any necessary financing or funding in a timely manner or on favorable terms to 30 30 30 --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* confidentiality and privacy commitments, we may legally challenge law enforcement or other government requests to provide information, to obtain encryption keys, or to modify or weaken encryption. To the extent that we do not provide assistance to or comply with requests from government entities, or if we challenge those requests publicly or in court, we may experience adverse political, business, and reputational consequences among certain customers or portions of the public. Conversely, to the extent that we do provide such assistance, or do not challenge those requests publicly in court, we may experience adverse political, business, and reputational consequences from other customers or portions of the public arising from concerns over privacy or the government's activities. --- ## Removed Risk: Real or perceived errors, failures, defects, or bugs in our platforms could adversely affect our results of operations and growth prospects. *This risk factor was present in the 2025 filing and has been removed.* Because we offer very complex technology platforms, various errors, defects, failures, or bugs have occurred and may in the future occur, especially when platforms, products or capabilities are introduced, configured or reconfigured, or when upgrades, new versions or other product or infrastructure updates are deployed, installed, configured, or released. Our platforms are often installed and used in large-scale computing environments with different operating systems, software products and equipment, and data source and network configurations, which may cause errors or failures in our platforms or may expose undetected errors, failures, or bugs in our platforms. Despite our internal systems and processes, errors, failures, or bugs may not be found 36 36 36 --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* operations. Moreover, the inclusion in our platforms of software or other intellectual property licensed from third parties on a nonexclusive basis could limit our ability to differentiate our platforms from products of our competitors and could inhibit our ability to provide the current level of service to existing customers. In addition, any data that we license from third parties for potential use in our platforms may contain errors or defects, which could negatively impact the analytics that our customers perform on or with such data. This may have a negative impact on how our platforms are perceived by our current and potential customers and could materially damage our reputation and brand. Changes in or the loss of third-party licenses could lead to our platforms becoming inoperable or the performance of our platforms being materially reduced resulting in our potentially needing to incur additional research and development costs to ensure continued performance of our platforms or a material increase in the costs of licensing, and we may experience decreased demand for our platforms. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* ensure compliance with these laws and policies, there can be no assurance that all of our employees, contractors, partners, and agents will comply with these laws and policies. Violations of laws or key control policies by our employees, contractors, partners, or agents could result in delays in revenue recognition, financial reporting misstatements, governmental sanctions, fines, penalties, or the prohibition of the importation or exportation of our platforms. In addition, responding to any action may result in a significant diversion of management's attention and resources and an increase in professional fees. Enforcement actions and sanctions or failure to prevail in any possible civil or criminal litigation could harm our business, reputation, financial condition, and results of operations. Also, we are expanding operations, including our work with existing commercial customers, into countries in Asia, Europe, the Middle East, and elsewhere, which may place restrictions on the transfer of data and potentially the import and use of foreign encryption technology. Any of these risks could harm our non-U.S. operations and reduce our non-U.S. sales, adversely affecting our business, results of operations, financial condition, and growth prospects. Some of our business partners also have non-U.S. operations and are subject to the risks described above. Even if we are able to successfully manage the risks of our own non-U.S. operations, our business may be adversely affected if our business partners are not able to successfully manage these risks. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* reputation, which could negatively affect our business, results of operations, financial condition, and growth prospects. In addition, responding to any enforcement action may result in a significant diversion of management's attention and resources and significant defense costs and other professional fees. Our exposure for violating these laws increases as our non-U.S. presence expands and as we increase sales and operations in foreign jurisdictions. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* should the conflict further escalate. Any new export restrictions, new legislation, changes in economic sanctions, or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons, or technologies targeted by such regulations, could result in decreased use of our platforms by existing customers with non-U.S. operations, declining adoption of our platforms by new customers with non-U.S. operations, limitation of our expansion into new markets, and decreased revenue. --- ## Removed Risk: There are no guarantees that our Share Repurchase Program will result in increased shareholder value. *This risk factor was present in the 2025 filing and has been removed.* In August 2023, our Board of Directors authorized a stock repurchase program of up to $1.0 billion of our outstanding shares of Class A common stock (the "Share Repurchase Program"). We have repurchased, and may continue to repurchase, shares of Class A common stock from time to time, as authorized by our Board of Directors, through open market purchases, in privately negotiated transactions or by other means, including through the use of trading plans intended to qualify under Rule 10b5-1 under the Exchange Act, in accordance with applicable securities laws and other restrictions. The timing and the amount of stock repurchases in the Share Repurchase Program will be determined by Palantir's management, based on its evaluation of factors including business and market conditions, corporate and regulatory requirements, and other considerations. There are a number of ways in which the Share Repurchase Program could fail to result in enhanced shareholder value. For example, any failure to repurchase stock after we have announced our intention to do so may negatively impact our stock price. The existence of the Share Repurchase Program could also cause our stock price to trade higher than it otherwise would and could potentially reduce the market liquidity for our stock. The market price of our common stock could decline below the levels at which we repurchased shares and short-term stock price fluctuations could reduce the effectiveness of this program. Additionally, repurchasing our Class A common stock will reduce the amount of cash, cash equivalents and marketable securities we have available to fund working capital, capital expenditures, capital preserving investments, strategic acquisitions or business opportunities, and other general corporate purposes, and there are no guarantees that the Share Repurchase Program will result in increased shareholder value. Furthermore, the timing and amount of repurchases have been, and will in the future be, subject to liquidity, market and economic conditions, compliance with applicable legal requirements, and other relevant factors. 52 52 52 --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* such matter is the applicable voting standard (as applicable, "49.999999% of the Voting Power"). Accordingly, subject to limited exceptions described in our amended and restated certificate of incorporation and amended and restated bylaws, such Founders will effectively control all matters submitted to the stockholders for the foreseeable future, including the election of directors, amendments of our organizational documents, compensation matters, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval. Our Founders and their affiliates also hold the substantial majority of our outstanding Class B common stock. Because of the ten-to-one voting ratio between our Class B and Class A common stock, even without regard to the voting power of the Class F common stock, our Founders and their affiliates collectively control a significant portion of the voting power of our capital stock based on their current ownership and may significantly increase their ownership of Class B common stock in the future due to the exercise of currently outstanding stock options or the settlement of RSUs. The Founders may have interests that differ from yours and may vote in a way with which you disagree, and which may be adverse to your interests. This concentration of voting power is likely to have the effect of limiting the likelihood of an unsolicited merger proposal, unsolicited tender offer, or proxy contest for the removal of directors. As a result, our governance structure, including the provisions of our amended and restated certificate of incorporation, may have the effect of depriving our stockholders of an opportunity to sell their shares at a premium over prevailing market prices and make it more difficult to replace our directors and management. --- ## Removed Risk: In certain circumstances in the future, the Founders and their affiliates could have voting power that exceeds 49.999999% of the Voting Power. *This risk factor was present in the 2025 filing and has been removed.* If the voting power of shares of Class A common stock and Class B common stock held by the Founders or their affiliates that are subject to the Founder Voting Agreement or are Designated Founders' Excluded Shares collectively equals greater than 49.999999% of the Voting Power with respect to a matter submitted to our stockholders, then the Class F common stock will have zero votes with respect to such matter. In this case, although the shares of our Class F common stock would generally be 55 55 55 --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* decision of a majority in number of the Founders who are then party to the Founder Voting Agreement, regardless of such Founders' relative ownership of any class of our common stock. In August 2020, we granted two of our Founders, Mr. Karp, our Chief Executive Officer and a member of our Board of Directors, and Mr. Cohen, our President and a member of our Board of Directors, options and RSUs for an aggregate of 207.0 million shares of our Class B common stock (collectively, the "Founder Grants"), the substantial majority of which remain subject to vesting, exercise, and/or settlement upon the future satisfaction of service conditions and certain other conditions. These awards are expected to contribute to the Founders' ability to meet the Ownership Threshold on the applicable record date at least until the sale of such shares by Mr. Karp and Mr. Cohen. --- ## Removed Risk: Table of Contents *This risk factor was present in the 2025 filing and has been removed.* the S&P 500 index in September 2024. Any such existing or new policies may depress our valuation compared to those of other similar companies that do not have multi-class governance structures. --- ## Removed Risk: We may face exposure to foreign currency exchange rate fluctuations. *This risk factor was present in the 2025 filing and has been removed.* Our results of operations and cash flows are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, Japanese yen ("JPY"), and British pound sterling ("GBP"). We expect our non-U.S. operations 59 59 59 --- ## Modified Risk: If we fail to manage future growth effectively, our business could be harmed. **Key changes:** - Updated: "As we continue to grow, we face challenges of integrating, developing, retaining, and motivating our employee base of 4,429 full-time employees as of December 31, 2025 in various countries around the world." - Updated: "As our organization continues to grow and operate as a public company, we may find it increasingly difficult to maintain the benefits of our traditional company culture, including our ability to quickly respond to customers, and avoid unnecessary delays that may be associated with a formal corporate structure." - Updated: "We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies with global operations in rapidly changing industries." **Prior (2025):** Since our founding in 2003, we have experienced rapid growth. We operate in a growing market and have experienced, and may continue to experience, significant expansion of our operations. This growth has placed, and may continue to place, a strain on our employees, management systems, operational, financial, and other resources. As we have grown, we have increasingly managed larger and more complex deployments of our platforms and services with a broader base of government and commercial customers. As we continue to grow, we face challenges of integrating, developing, retaining, and motivating our employee base in various countries around the world. For example, our headcount has grown from 313 full-time employees as of December 31, 2010 to 3,936 full-time employees as of December 31, 2024, with employees located both in the United States and outside the United States. In the event of continued growth of our operations, our operational resources, including our information technology systems, our employee base, or our internal controls and procedures may not be adequate to support our operations and deployments. Managing our growth may require significant expenditures and allocation of valuable management resources, improving our operational, financial, and management processes and systems, and effectively expanding, training, and managing our employee base. If we fail to achieve the necessary level of efficiency in our organization as it grows, our business, financial condition, and results of operations would be harmed. As our organization continues to grow, we may find it increasingly difficult to maintain the benefits of our traditional company culture, including our ability to quickly respond to customers, and avoid unnecessary delays that may be associated with a formal corporate structure. This could negatively affect our business performance or ability to hire or retain personnel in the near- or long-term. In addition, our prior rapid growth may make it difficult to evaluate our future prospects. Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by 19 19 19 **Current (2026):** Since our founding in 2003, we have experienced rapid growth. We operate in a growing market and have experienced, and may continue to experience, significant expansion of our operations. This growth has placed, and may continue to place, a strain on our employees, management systems, operational, financial, and other resources. As we have grown, we have increasingly managed larger and more complex deployments of our platforms and services with a broader base of government and commercial customers. As we continue to grow, we face challenges of integrating, developing, retaining, and motivating our employee base of 4,429 full-time employees as of December 31, 2025 in various countries around the world. In the event of continued growth of our operations, our operational resources, including our information technology systems, our employee base, or our internal controls and procedures may not be adequate to support our operations and deployments. Managing our growth may require significant expenditures and allocation of valuable management resources, improving our operational, financial, and management processes and systems, and effectively expanding, training, and managing our employee base. As our organization continues to grow and operate as a public company, we may find it increasingly difficult to maintain the benefits of our traditional company culture, including our ability to quickly respond to customers, and avoid unnecessary delays that may be associated with a formal corporate structure. In addition, our prior rapid growth may make it difficult to evaluate our future prospects. Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies with global operations in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth, our business, financial condition, and results of operations would be harmed. This could negatively affect our business performance or ability to hire or retain personnel in the near- or long-term. --- ## Modified Risk: We could be subject to additional tax liabilities. **Key changes:** - Updated: "Moreover, we are subject to the examination of our income tax returns by tax authorities in the United States and various foreign jurisdictions, which have disagreed, and may in the future disagree, with our calculation of research and development tax credits, cross-jurisdictional transfer pricing, or other matters and have assessed, and may continue to assess, additional taxes, interest or penalties." - Updated: "Many countries are beginning to implement legislation and other guidance to align their international tax rules with the Organisation for Economic Co-operation and Development's ("OECD") Base Erosion and Profit Shifting ("BEPS") recommendations and action plan that aim to standardize and modernize global corporate tax policy, including changes to cross-border tax, transfer pricing documentation rules, and nexus-based tax incentive practices." - Updated: "We have considered the impact of the currently enacted Pillar Two rules and determined that we became subject to certain rules starting January 1, 2024 in some jurisdictions, and it did not have a material impact on our financial condition or results of operations for the year ended December 31, 2025." **Prior (2025):** We are subject to federal, state, and local income taxes in the United States and numerous foreign jurisdictions. Determining our provision for income taxes requires management judgment, and the ultimate tax outcome may be uncertain. In addition, our provision for income taxes is subject to volatility and could be adversely affected by many factors, including, among other things, changes to our operating or holding structure, changes in the amounts of earnings in jurisdictions with differing statutory tax rates, changes in the valuation of deferred tax assets and liabilities, and changes in U.S. and foreign tax laws. Moreover, we are subject to the examination of our income tax returns by tax authorities in the United States and various foreign jurisdictions, which may disagree with our calculation of research and development tax credits, cross-jurisdictional transfer pricing, or other matters and assess additional taxes, interest or penalties. While we regularly assess the likely outcomes of these examinations to determine the adequacy of our provision for income taxes and we believe that our financial statements reflect adequate reserves to cover any such contingencies, there can be no assurance that the outcomes of such examinations will not have a material impact on our results of operations and cash flows. If U.S. or other foreign tax authorities change applicable tax laws, our overall taxes could increase, and our financial condition or results of operations may be adversely impacted. Many countries are beginning to implement legislation and other guidance to align their international tax rules with the Organisation for Economic Co-operation and Development's ("OECD") Base Erosion and Profit Shifting recommendations and action plan that aim to standardize and modernize global corporate tax policy, including changes to cross-border tax, transfer pricing documentation rules, and nexus-based tax incentive practices. The OECD is also continuing discussions surrounding fundamental changes in allocation of profits among tax jurisdictions in which companies do business, as well as the implementation of a global minimum tax (namely the "Pillar One" and "Pillar Two" proposals). Many countries have enacted or begun the process of enacting laws based on Pillar Two proposals, which may adversely impact our provision for income taxes, net income, and cash flows. We have considered the impact of Pillar Two rules and determined that we became subject to such rules starting January 1, 2024 in some jurisdictions, but we do not believe that such developments will have a material impact on our financial condition or results of operations in the future. As a result of the heightened scrutiny of corporate taxation policies, prior decisions by tax authorities regarding treatments and positions of corporate income taxes could be subject to enforcement activities, and legislative investigation and inquiry, which could also result in changes in tax policies or prior tax rulings. Any substantial changes in domestic or international corporate tax policies, regulations or guidance, enforcement activities or legislative initiatives may materially adversely affect our business, the amount of taxes we are required to pay and our financial condition and results of operations generally. 45 45 45 **Current (2026):** We are subject to federal, state, and local income taxes in the United States and numerous foreign jurisdictions. Determining our provision for income taxes requires management judgment, and the ultimate tax outcome may be uncertain. In addition, our provision for income taxes is subject to volatility and could be adversely affected by many factors, including, among other things, changes to our operating or holding structure, changes in the amounts of earnings in jurisdictions with differing statutory tax rates, changes in the valuation of deferred tax assets and liabilities, and changes in U.S. and foreign tax laws. Moreover, we are subject to the examination of our income tax returns by tax authorities in the United States and various foreign jurisdictions, which have disagreed, and may in the future disagree, with our calculation of research and development tax credits, cross-jurisdictional transfer pricing, or other matters and have assessed, and may continue to assess, additional taxes, interest or penalties. While we regularly assess the likely outcomes of these examinations to determine the adequacy of our provision for income taxes and we believe that our financial statements reflect adequate reserves to cover any such contingencies, there can be no assurance that the outcomes of such examinations will not have a material impact on our results of operations and cash flows. If U.S. or other foreign tax authorities change applicable tax laws, our overall taxes could increase, and our financial condition or results of operations may be adversely impacted. Many countries are beginning to implement legislation and other guidance to align their international tax rules with the Organisation for Economic Co-operation and Development's ("OECD") Base Erosion and Profit Shifting ("BEPS") recommendations and action plan that aim to standardize and modernize global corporate tax policy, including changes to cross-border tax, transfer pricing documentation rules, and nexus-based tax incentive practices. The OECD is also continuing discussions surrounding fundamental changes in allocation of profits among tax jurisdictions in which companies do business, as well as the implementation of a global minimum tax (namely the "Pillar One" and "Pillar Two" proposals). Many countries have enacted or begun the process of enacting laws based on Pillar Two proposals, which may adversely impact our provision for income taxes, net income, and cash flows. We have considered the impact of the currently enacted Pillar Two rules and determined that we became subject to certain rules starting January 1, 2024 in some jurisdictions, and it did not have a material impact on our financial condition or results of operations for the year ended December 31, 2025. Furthermore, in response to trade negotiations with the United States, the Group of 7 countries (the "G7") announced a joint understanding to exempt U.S.-parented multinational corporations from Pillar Two by adopting a "side-by-side" system between Pillar Two and the existing U.S. global minimum tax provisions, and the OECD released "Tax Challenges Arising from the Digitalisation of the Economy - Global Anti-Base Erosion Model Rules (Pillar Two), Side-by-Side Package: Inclusive Framework on BEPS" on January 5, 2026, to this effect, which reduces the impact of Pillar Two rules on us. We continue to monitor developments and evaluate impacts, if any, of these provisions on our financial condition or results of operations in the future. As a result of the heightened scrutiny of corporate taxation policies, prior decisions by tax authorities regarding treatments and positions of corporate income taxes could be subject to enforcement activities, and legislative investigation and inquiry, which could also result in changes in tax policies or prior tax rulings. Any substantial changes in domestic or international corporate tax policies, regulations or guidance, enforcement activities or legislative initiatives may materially adversely affect our business, the amount of taxes we are required to pay and our financial condition and results of operations generally. --- ## Modified Risk: Although we currently are not considered to be a "controlled company" under The Nasdaq Stock Market LLC ("Nasdaq") corporate governance rules, we may in the future become a controlled company due to the concentration of voting power among our Founders and their affiliates. **Key changes:** - Updated: "In the event that our Founders and their affiliates or other stockholders acquire more than 50% of the voting power of the Company, we may in the future be able to rely on the "controlled company" exemptions under the Nasdaq corporate governance rules due to this concentration of voting power and the ability of our Founders and their affiliates 54 54 54 54 54 54" **Prior (2025):** Although we currently are not considered to be a "controlled company" under the Nasdaq corporate governance rules, we may in the future become a controlled company due to the concentration of voting power among our Founders and their affiliates resulting from the issuance of our Class F common stock. See "Risks Related to the Multiple Class Structure of our Common Stock, the Founder Voting Trust Agreement, and the Founder Voting Agreement" below. A "controlled company" pursuant to the Nasdaq corporate governance rules is a company of which more than 50% of the voting power is held by an individual, group, or another company. In the event that our Founders and their affiliates or other stockholders acquire more than 50% of the voting power of the Company, we may in the future be able to rely on the "controlled company" exemptions under the Nasdaq corporate governance rules due to this concentration of voting power and the ability of our Founders and their affiliates to act as a group. If we were a controlled company, we would be eligible, and could elect, not to comply with certain of the Nasdaq corporate governance standards. Such standards include the requirement that a majority of directors on our Board of Directors are independent directors, subject to certain phase-in periods, and the requirement that our compensation, nominating and governance committee consist entirely of independent directors. In such a case, if the interests of our stockholders differ from the group of stockholders holding a majority of the voting power, our stockholders would not have the same protection afforded to stockholders of companies that are subject to all of the Nasdaq corporate governance standards, and the ability of our independent directors to influence our business policies and corporate matters may be reduced. **Current (2026):** Although we currently are not considered to be a "controlled company" under the Nasdaq corporate governance rules, we may in the future become a controlled company due to the concentration of voting power among our Founders and their affiliates resulting from the issuance of our Class F common stock. See "Risks Related to the Multiple Class Structure of our Common Stock, the Founder Voting Trust Agreement, and the Founder Voting Agreement" below. A "controlled company" pursuant to the Nasdaq corporate governance rules is a company of which more than 50% of the voting power is held by an individual, group, or another company. In the event that our Founders and their affiliates or other stockholders acquire more than 50% of the voting power of the Company, we may in the future be able to rely on the "controlled company" exemptions under the Nasdaq corporate governance rules due to this concentration of voting power and the ability of our Founders and their affiliates 54 54 54 54 54 54 --- ## Modified Risk: Changes in accounting principles or their application to us could result in unfavorable accounting charges or effects, which could adversely affect our results of operations and growth prospects. **Key changes:** - Updated: "We prepare our consolidated financial statements in accordance with Generally Accepted Accounting Principles ("GAAP") in the United States." **Prior (2025):** We prepare our consolidated financial statements in accordance with GAAP. In particular, we make certain estimates and assumptions related to the adoption and interpretation of these principles including related to the recognition of our revenue. If these assumptions turn out to be incorrect, our financial results and position could materially differ from our expectations and could be materially adversely affected. A change in any of these principles or guidance, or in their interpretations or application to us, may have a significant effect on our reported results, as well as our processes and related controls, and may retroactively affect previously reported results or our forecasts, which may negatively impact our financial statements. **Current (2026):** We prepare our consolidated financial statements in accordance with Generally Accepted Accounting Principles ("GAAP") in the United States. In particular, we make certain estimates and assumptions related to the adoption and interpretation of these principles including related to the recognition of our revenue. If these assumptions turn out to be incorrect, our financial results and position could materially differ from our expectations and could be materially adversely affected. A change in any of these principles or guidance, or in their interpretations or application to us, may have a significant effect on our reported results, as well as our processes and related controls, and may retroactively affect previously reported results or our forecasts, which may negatively impact our financial statements. 45 45 45 45 45 45 --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "conflict resulting from Hamas' attack on Israel and the ongoing conflict in the Middle East, and regional instability, and any resulting uncertainty or changes in policy or priorities and resultant funding; •changes in the government's attitude towards the capabilities that we offer, especially in the areas of national defense, cybersecurity, and critical infrastructure, including the financial, energy, telecommunications, and healthcare sectors; •changes in the government's attitude towards us as a company or our platforms as viable or acceptable software solutions; •appeals, disputes, or litigation relating to government procurement, including but not limited to bid protests by unsuccessful bidders on potential or actual awards of contracts to us or our partners by the government; •the adoption of new laws or regulations or changes to existing laws or regulations, including as may relate to the implementation of AI by federal agencies; •budgetary constraints, including automatic reductions as a result of "sequestration" or similar measures and constraints imposed by any lapses in appropriations for the federal government or certain of its departments and agencies, for example in connection with an extended federal government shutdown, including the federal government's shutdown in the third quarter of 2025; •influence by, or competition from, third parties with respect to pending, new, or existing contracts with government customers; •changes in political or social attitudes with respect to security or data privacy issues; •potential delays or changes in the government appropriations or procurement processes, including as a result of events such as war, incidents of terrorism, natural disasters, and public health concerns or epidemics; and •increased or unexpected costs or unanticipated delays caused by other factors outside of our control, such as performance failures of our subcontractors." **Prior (2025):** •ability to achieve or maintain one or more government certifications, including, but not limited to, our existing FedRAMP, IL2, IL4, IL5, and IL6 authorizations; •changes in the political environment, including before or after a change to the leadership within the government administration, or due to ongoing conflicts such as the Russia-Ukraine conflict and related economic sanctions or the conflict resulting from Hamas' attack on Israel, and regional instability, and any resulting uncertainty or changes in policy or priorities and resultant funding; •changes in the government's attitude towards the capabilities that we offer, especially in the areas of national defense, cybersecurity, and critical infrastructure, including the financial, energy, telecommunications, and healthcare sectors; •changes in the government's attitude towards us as a company or our platforms as viable or acceptable software solutions; •appeals, disputes, or litigation relating to government procurement, including but not limited to bid protests by unsuccessful bidders on potential or actual awards of contracts to us or our partners by the government; •the adoption of new laws or regulations or changes to existing laws or regulations, including as may relate to the implementation of AI by federal agencies; •budgetary constraints, including automatic reductions as a result of "sequestration" or similar measures and constraints imposed by any lapses in appropriations for the federal government or certain of its departments and agencies, for example in connection with an extended federal government shutdown; •influence by, or competition from, third parties with respect to pending, new, or existing contracts with government customers; •changes in political or social attitudes with respect to security or data privacy issues; •potential delays or changes in the government appropriations or procurement processes, including as a result of events such as war, incidents of terrorism, natural disasters, and public health concerns or epidemics, such as the COVID-19 pandemic; and •increased or unexpected costs or unanticipated delays caused by other factors outside of our control, such as performance failures of our subcontractors. Such events or activities, among others, have caused and could continue to cause governments and governmental agencies to delay or refrain from purchasing our platforms and services in the future, reduce the size or payment amounts of purchases from existing or new government customers, or otherwise have an adverse effect on our business, results of operations, financial condition, and growth prospects. **Current (2026):** conflict resulting from Hamas' attack on Israel and the ongoing conflict in the Middle East, and regional instability, and any resulting uncertainty or changes in policy or priorities and resultant funding; •changes in the government's attitude towards the capabilities that we offer, especially in the areas of national defense, cybersecurity, and critical infrastructure, including the financial, energy, telecommunications, and healthcare sectors; •changes in the government's attitude towards us as a company or our platforms as viable or acceptable software solutions; •appeals, disputes, or litigation relating to government procurement, including but not limited to bid protests by unsuccessful bidders on potential or actual awards of contracts to us or our partners by the government; •the adoption of new laws or regulations or changes to existing laws or regulations, including as may relate to the implementation of AI by federal agencies; •budgetary constraints, including automatic reductions as a result of "sequestration" or similar measures and constraints imposed by any lapses in appropriations for the federal government or certain of its departments and agencies, for example in connection with an extended federal government shutdown, including the federal government's shutdown in the third quarter of 2025; •influence by, or competition from, third parties with respect to pending, new, or existing contracts with government customers; •changes in political or social attitudes with respect to security or data privacy issues; •potential delays or changes in the government appropriations or procurement processes, including as a result of events such as war, incidents of terrorism, natural disasters, and public health concerns or epidemics; and •increased or unexpected costs or unanticipated delays caused by other factors outside of our control, such as performance failures of our subcontractors. Such events or activities, among others, have caused and could continue to cause governments and governmental agencies to delay or refrain from purchasing or paying for our platforms and services in the future, reduce the size or payment amounts of purchases from existing or new government customers, or otherwise have an adverse effect on our business, results of operations, financial condition, and growth prospects. --- ## Modified Risk: Historically, existing customers have expanded their relationships with us, which has resulted in a limited number of customers accounting for a substantial portion of our revenue. If existing customers do not make subsequent purchases from us or renew their contracts with us, or if our relationships with our largest customers are impaired or terminated, our revenue could decline, and our results of operations would be adversely impacted. **Key changes:** - Updated: "Our top three customers together accounted for 16% and 17% of our revenue for the years ended December 31, 2025 and 2024, respectively." - Updated: "Our customers have no obligation to renew, upgrade, or expand their agreements with us after the terms of their existing agreements have expired." **Prior (2025):** We derive a significant portion of our revenue from existing customers that expand their relationships with us. Increasing the size and number of the deployments of our existing customers is a major part of our growth strategy. We may not be effective in executing this or any other aspect of our growth strategy. Our top three customers together accounted for 17% and 18% of our revenue for the years ended December 31, 2024 and 2023, respectively. Our top three customers by revenue for the year ended December 31, 2024, have been with us for an average of nine years as of December 31, 2024. Certain of our customers, including customers that represent a significant portion of our business, have in the past reduced, and others may choose in the future to reduce, their spend with us or terminated their agreements with us, which has reduced our anticipated future payments or revenue from these customers, and which has required us to refund some previously paid amounts to these customers. It is not possible for us to predict the future level of demand from our larger customers for our platforms and applications. While we generally offer contract terms of one to five years in length, our customers sometimes enter into shorter-term contracts which may not provide for automatic renewal and may require the customer to opt-in to extend the term. Our customers have no obligation to renew, upgrade, or expand their agreements with us after the terms of their existing agreements 14 14 14 **Current (2026):** We derive a significant portion of our revenue from existing customers that expand their relationships with us. Increasing the size and number of the deployments of our existing customers is a major part of our growth strategy. We may not be effective in executing this or any other aspect of our growth strategy. Our top three customers together accounted for 16% and 17% of our revenue for the years ended December 31, 2025 and 2024, respectively. Our top three customers by revenue for the year ended December 31, 2025, have been with us for an average of ten years as of December 31, 2025. Certain of our customers, including customers that represent a significant portion of our business, have in the past reduced, and others may choose in the future to reduce, their spend with us or terminated their agreements with us, which has reduced our anticipated future payments or revenue from these customers, and which has required us to refund some previously paid amounts to these customers. It is not possible for us to predict the future level of demand from our larger customers for our platforms and applications. While we generally offer contract terms of one to five years in length, our customers sometimes enter into shorter-term contracts which may not provide for automatic renewal and may require the customer to opt-in to extend the term. Our customers have no obligation to renew, upgrade, or expand their agreements with us after the terms of their existing agreements have expired. In addition, many of our customer contracts permit the customer to terminate their contracts with us with notice periods of varying lengths. If one or more of our customers terminate their contracts with us, whether for convenience, for default in the event of a breach by us, or for other reasons specified in our contracts, as applicable; if our customers elect not to renew their contracts with us; if our customers renew their contractual arrangements with us for shorter contract lengths or for a reduced scope; or if our customers otherwise seek to renegotiate terms of their existing agreements on terms less favorable to us, our business and results of operations could be adversely affected. This adverse impact would be even more pronounced for customers that represent a material portion of our revenue or business operations. Our ability to renew or expand our customer relationships may decrease or vary as a result of a number of factors, including our customers' satisfaction or dissatisfaction with our platforms and services, the frequency and severity of software and implementation errors, our platforms' reliability, our pricing, the effects of general economic conditions, competitive offerings or alternatives, or reductions in our customers' spending levels. If our customers do not renew or expand their agreements with 14 14 14 14 14 14 --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "through the Founder Voting Trust Agreement and Founder Voting Agreement that all of the shares of Class F common stock and all of the shares of our capital stock over which they and their affiliates have granted a proxy under the Founder Voting Agreement will be voted in the manner instructed by a majority of our Founders who are then party to the Founder Voting Agreement." **Prior (2025):** All shares of our Class F common stock are held in a voting trust (the "Founder Voting Trust"), established by our Founders pursuant to a voting trust agreement (the "Founder Voting Trust Agreement") with Wilmington Trust, National Association as trustee (the "Trustee"). Our Founders are also currently party to the Founder Voting Agreement. Our Founders have agreed through the Founder Voting Trust Agreement and Founder Voting Agreement that all of the shares of Class F common stock and all of the shares of our capital stock over which they and their affiliates have granted a proxy under the Founder Voting Agreement will be voted in the manner instructed by a majority of our Founders who are then party to the Founder Voting Agreement. Accordingly, together with the multiple class structure of our common stock and subject to limited exceptions described in our amended and restated certificate of incorporation and amended and restated bylaws, such Founders will effectively control all matters submitted to the stockholders for the foreseeable future, including the election of directors, amendments of our organizational documents, compensation matters, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval. Upon the withdrawal or removal of any of our Founders from the Founder Voting Agreement, including upon their death or disability, the remaining Founders or Founder, as the case may be, will determine the manner in which the shares of our Class F common stock as well as the shares subject to the Founder Voting Agreement are voted. In such cases, the voting power of our outstanding capital stock will be further concentrated among the remaining Founders, which may be as few as one. Further, if there are only two Founders who are party to the Founder Voting Agreement, one Founder will be able to effectively defeat any stockholder action, except for the election of directors or other matters that are decided by a plurality of votes, if his instruction to vote the shares of Class F common stock differs from the other Founder. The Founders who are then party to the Founder Voting Agreement will retain the right to direct the voting of the Class F common stock without regard to their employment status with us. All shares of our Class F common stock are held in the Founder Voting Trust and voted pursuant to the Founder Voting Trust Agreement. Accordingly, our Founders who are then party to the Founder Voting Agreement will control any vote that requires the affirmative vote of the holders of a majority of our Class F common stock, including action of our stockholders by written consent, the designation or issuance by us of shares of preferred stock, and certain amendments to our amended and restated certificate of incorporation relating to our preferred stock. Although we are a third-party beneficiary of the Founder Voting Agreement and the Founder Voting Trust Agreement, we do not have a general consent right with respect to amendments thereto, and either agreement may be amended or modified in the future in a manner that is adverse to our stockholders, which may include increasing the ability of one or more of our Founders to exercise control over matters submitted to a vote of our stockholders. **Current (2026):** through the Founder Voting Trust Agreement and Founder Voting Agreement that all of the shares of Class F common stock and all of the shares of our capital stock over which they and their affiliates have granted a proxy under the Founder Voting Agreement will be voted in the manner instructed by a majority of our Founders who are then party to the Founder Voting Agreement. Accordingly, together with the multiple class structure of our common stock and subject to limited exceptions described in our amended and restated certificate of incorporation and amended and restated bylaws, such Founders will effectively control all matters submitted to the stockholders for the foreseeable future, including the election of directors, amendments of our organizational documents, compensation matters, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval. Upon the withdrawal or removal of any of our Founders from the Founder Voting Agreement, including upon their death or disability, the remaining Founders or Founder, as the case may be, will determine the manner in which the shares of our Class F common stock as well as the shares subject to the Founder Voting Agreement are voted. In such cases, the voting power of our outstanding capital stock will be further concentrated among the remaining Founders, which may be as few as one. Further, if there are only two Founders who are party to the Founder Voting Agreement, one Founder will be able to effectively defeat any stockholder action, except for the election of directors or other matters that are decided by a plurality of votes, if his instruction to vote the shares of Class F common stock differs from the other Founder. The Founders who are then party to the Founder Voting Agreement will retain the right to direct the voting of the Class F common stock without regard to their employment status with us. All shares of our Class F common stock are held in the Founder Voting Trust and voted pursuant to the Founder Voting Trust Agreement. Accordingly, our Founders who are then party to the Founder Voting Agreement will control any vote that requires the affirmative vote of the holders of a majority of our Class F common stock, including action of our stockholders by written consent, the designation or issuance by us of shares of preferred stock, and certain amendments to our amended and restated certificate of incorporation relating to our preferred stock. Although we are a third-party beneficiary of the Founder Voting Agreement and the Founder Voting Trust Agreement, we do not have a general consent right with respect to amendments thereto, and either agreement may be amended or modified in the future in a manner that is adverse to our stockholders, which may include increasing the ability of one or more of our Founders to exercise control over matters submitted to a vote of our stockholders. --- ## Modified Risk: A significant portion of our business depends on sales to the public sector, and our failure to receive and maintain government contracts or changes in the contracting or fiscal policies of the public sector has adversely affected and could continue to adversely affect our business, results of operations, financial condition, and growth prospects. **Key changes:** - Updated: "Accordingly, our business, financial condition, results of operations, and growth prospects may be adversely affected by certain events or activities, including, but not limited to: •changes in fiscal or contracting policies or decreases in available government funding, including as a result of efforts by the federal government to analyze and enhance its operational efficiency or enforce executive orders and other administration priorities; •changes in government programs or applicable requirements; •restrictions in the grant of personnel security clearances to our employees; •ability to maintain facility clearances required to perform on classified contracts for U.S." **Prior (2025):** We derive a significant portion of our revenue from contracts with federal, state, local, and foreign governments and government agencies, and we believe that the success and growth of our business will continue to depend on our successful procurement of government contracts. For example, we have historically derived, and expect to continue to derive, a significant portion of our revenue from sales to agencies of the U.S. federal government, either directly by us or through other government contractors. Our perceived relationship with the U.S. government could adversely affect our business prospects in certain non-U.S. geographies or with certain non-U.S. governments. Sales to such government agencies are subject to a number of challenges and risks. Selling to government agencies can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. We also must comply with laws and regulations relating to the formation, administration, and performance of contracts, which provide public sector customers rights, many of which are not typically found in commercial contracts. Accordingly, our business, financial condition, results of operations, and growth prospects may be adversely affected by certain events or activities, including, but not limited to: •changes in fiscal or contracting policies or decreases in available government funding; •changes in government programs or applicable requirements; •restrictions in the grant of personnel security clearances to our employees; •ability to maintain facility clearances required to perform on classified contracts for U.S. federal government and foreign government agencies; 46 46 46 **Current (2026):** We derive a significant portion of our revenue from contracts with federal, state, local, and foreign governments and government agencies, and we believe that the success and growth of our business will continue to depend on our successful procurement of government contracts. For example, we have historically derived, and expect to continue to derive, a significant portion of our revenue from sales to agencies of the U.S. federal government, either directly by us or through other government contractors. Our perceived relationship with the U.S. government could adversely affect our business prospects in certain non-U.S. geographies or with certain non-U.S. governments. Sales to such government agencies are subject to a number of challenges and risks. Selling to government agencies can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. We also must comply with laws and regulations relating to the formation, administration, and performance of contracts, which provide public sector customers rights, many of which are not typically found in commercial contracts. Accordingly, our business, financial condition, results of operations, and growth prospects may be adversely affected by certain events or activities, including, but not limited to: •changes in fiscal or contracting policies or decreases in available government funding, including as a result of efforts by the federal government to analyze and enhance its operational efficiency or enforce executive orders and other administration priorities; •changes in government programs or applicable requirements; •restrictions in the grant of personnel security clearances to our employees; •ability to maintain facility clearances required to perform on classified contracts for U.S. federal government and foreign government agencies; •ability to achieve or maintain one or more government certifications, including, but not limited to, our existing FedRAMP, IL2, IL4, IL5, and IL6 authorizations; •changes in the political environment, including before or after a change to the leadership or overall composition within the government, or due to ongoing conflicts such as the Russia-Ukraine conflict and related economic sanctions, the 47 47 47 47 47 47 --- ## Modified Risk: The multiple class structure of our common stock has the effect of concentrating voting power with certain stockholders, in particular, our Founders and their affiliates, which will effectively eliminate your ability to influence the outcome of important transactions, including a change in control. **Key changes:** - Updated: "Assuming that the Founders and certain of their affiliates collectively meet the Ownership Threshold (as defined below) on the applicable record date for a vote of the stockholders (except as provided in our amended and restated certificate of incorporation), shares of Class F common stock will generally have a number of votes per share in respect of a matter submitted to our stockholders that would cause the total votes of all shares of Class F common stock, together with the votes attributable to shares of Class A common stock and Class B common stock held by our Founders and their affiliates that are subject to the voting agreement among our Founders and Wilmington Trust, National Association (the "Founder Voting Agreement") and the votes attributable to shares of Class A common stock and Class B common stock held by our Founders and their affiliates that are designated as Designated Founders' Excluded Shares (as defined in our amended and restated certificate of incorporation), in each case entitled to vote on such matter, to equal, with respect to such matter, 49.999999% of the voting power of (i) all of the outstanding shares of capital stock of the Company entitled to vote on such matter (including in the case of the election of directors); or (ii) the shares present in person or represented by proxy and entitled to vote on such matter only if a majority of the shares present in person or represented by proxy and entitled to vote on such matter is the applicable voting standard (as applicable, "49.999999% of the Voting Power")." **Prior (2025):** Our Class A common stock has one (1) vote per share, and our Class B common stock has ten (10) votes per share with respect to each matter submitted to our stockholders. Assuming that the Founders and certain of their affiliates collectively meet the Ownership Threshold (as defined below) on the applicable record date for a vote of the stockholders (except as provided in our amended and restated certificate of incorporation), shares of Class F common stock will generally have a number of votes per share in respect of a matter submitted to our stockholders that would cause the total votes of all shares of Class F common stock, together with the votes attributable to shares of Class A common stock and Class B common stock held by our Founders and their affiliates that are subject to the voting agreement among our Founders and Wilmington Trust, National Association (the "Founder Voting Agreement") and the votes attributable to shares of Class A common stock and Class B common stock held by our Founders and their affiliates that are designated as Designated Founders' Excluded Shares (as defined in our amended and restated certificate of incorporation), in each case entitled to vote on such matter, to equal, with respect to such matter, 49.999999% of the voting power of (i) all of the outstanding shares of capital stock of the Company entitled to vote on such matter (including in the case of the election of directors); or (ii) the shares present in person or represented by proxy and entitled to vote on such matter only if a majority of the shares present in person or represented by proxy and entitled to vote on 54 54 54 **Current (2026):** Our Class A common stock has one (1) vote per share, and our Class B common stock has ten (10) votes per share with respect to each matter submitted to our stockholders. Assuming that the Founders and certain of their affiliates collectively meet the Ownership Threshold (as defined below) on the applicable record date for a vote of the stockholders (except as provided in our amended and restated certificate of incorporation), shares of Class F common stock will generally have a number of votes per share in respect of a matter submitted to our stockholders that would cause the total votes of all shares of Class F common stock, together with the votes attributable to shares of Class A common stock and Class B common stock held by our Founders and their affiliates that are subject to the voting agreement among our Founders and Wilmington Trust, National Association (the "Founder Voting Agreement") and the votes attributable to shares of Class A common stock and Class B common stock held by our Founders and their affiliates that are designated as Designated Founders' Excluded Shares (as defined in our amended and restated certificate of incorporation), in each case entitled to vote on such matter, to equal, with respect to such matter, 49.999999% of the voting power of (i) all of the outstanding shares of capital stock of the Company entitled to vote on such matter (including in the case of the election of directors); or (ii) the shares present in person or represented by proxy and entitled to vote on such matter only if a majority of the shares present in person or represented by proxy and entitled to vote on such matter is the applicable voting standard (as applicable, "49.999999% of the Voting Power"). Accordingly, subject to limited exceptions described in our amended and restated certificate of incorporation and amended and restated bylaws, such Founders will effectively control all matters submitted to the stockholders for the foreseeable future, including the election of directors, amendments of our organizational documents, compensation matters, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval. Our Founders and their affiliates also hold the substantial majority of our outstanding Class B common stock. Because of the ten-to-one voting ratio between our Class B and Class A common stock, even without regard to the voting power of the Class F common stock, our Founders and their affiliates collectively control a significant portion of the voting power of our capital stock based on their current ownership and may significantly increase their ownership of Class B common stock in the future due to the exercise of currently outstanding stock options or the settlement of RSUs. The Founders may have interests that differ from yours and may vote in a way with which you disagree, and which may be adverse to your interests. This concentration of voting power is likely to have the effect of limiting the likelihood of an unsolicited merger proposal, unsolicited tender offer, or proxy contest for the removal of directors. As a result, our governance structure, including the provisions of our amended and restated certificate of incorporation, may have the effect of depriving our stockholders of an opportunity to sell their shares at a premium over prevailing market prices and make it more difficult to replace our directors and management. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "stockholders, or other employees." **Prior (2025):** employees, which may discourage lawsuits with respect to such claims against us and our current and former directors, officers, stockholders, or other employees. Our stockholders will not be deemed to have waived our compliance with the federal securities laws and the rules and regulations thereunder as a result of our exclusive forum provisions. Further, in the event a court finds either exclusive forum provision contained in our amended and restated bylaws to be unenforceable or inapplicable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our results of operations. **Current (2026):** stockholders, or other employees. Our stockholders will not be deemed to have waived our compliance with the federal securities laws and the rules and regulations thereunder as a result of our exclusive forum provisions. Further, in the event a court finds either exclusive forum provision contained in our amended and restated bylaws to be unenforceable or inapplicable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our results of operations. --- ## Modified Risk: If any of the systems of any third parties upon which we rely, our customers' systems, locations, or environments, or our internal systems, are breached or if unauthorized access to customer, third-party, or our data is otherwise obtained, public perception of our platforms and O&M services may be harmed, and we may lose business and incur losses or liabilities. **Key changes:** - Removed: "In such locations or environments, we may not have full control over how our platforms and products are deployed, managed, or secured, our standards for information security may not be met, and our ability to deploy certain security features and controls may be limited." - Removed: "These locations and environments may be more vulnerable to cybersecurity attacks, phishing attacks, viruses, malware, ransomware, and hacking, or similar breaches and incidents, including those from nation-state actors or affiliated actors, and such attacks could harm our customers' ability to operate and perform their obligations under our contracts, or result in increased costs or liabilities, a perceived or actual security breach of our platforms, or harm to our business and reputation." - Removed: "Moreover, if our platforms and products are not appropriately deployed, managed, and secured in these locations or environments, or such locations or environments are not appropriately secured or experience cybersecurity attacks or other security breaches or incidents, our platforms and products could be compromised, inappropriately accessed or acquired, or undergo unauthorized use, copying, and distribution, and reverse engineering of our intellectual property, which could adversely affect our business, financial condition, and results of operations." - Removed: "Further, certain of our platforms and services now allow customers to deploy their own applications in our environments, for example via our FedStart offering." - Removed: "These third-party applications have been built outside of our platforms or environments utilizing security procedures, techniques, and controls that may not meet our standards for information security, or may contain exploitable defects, errors, or bugs that could result in failures, disruptions, cybersecurity attacks, or other security breaches or incidents." **Prior (2025):** Our success depends in part on our ability to provide effective data security protection in connection with our technology platforms and services, and we rely on information technology networks and systems to securely store, transmit, index, and otherwise process electronic information. Because our platforms and services are used by our customers to store, transmit, index, or otherwise process and analyze large data sets that often contain proprietary, confidential, and/or sensitive information (including in some instances personal or identifying information, personal health information, government classified information, and other information subject to regulatory or statutory control or requirements), our software is perceived as an attractive target for attacks by computer hackers or others seeking unauthorized access, and our software faces threats of unintended exposure, exfiltration, alteration, deletion, loss, or unavailability of data. Additionally, because many of our customers use our platforms to store, transmit, and otherwise process proprietary, confidential, or sensitive information, and complete mission critical tasks, they have a lower risk tolerance for security vulnerabilities in our platforms and services than for vulnerabilities in other, less critical, software products and services. Our platforms and services operate in conjunction with, and we are dependent upon, third-party products and components across a broad ecosystem, including our customer environments. There have been and may continue to be significant attacks on certain third-party providers, and we cannot guarantee that our or any third-party providers' systems, networks, products, or components have not been breached or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support or otherwise interface with us and our platforms and services. Furthermore, changes such as configurations, updates or upgrades of third-party products or services have introduced and may in the future introduce or exacerbate vulnerabilities that may compromise our systems or those of our customers. If there is a security vulnerability, error, or other bug in one of these products or components and if there is a security exploit targeting them, we could face increased costs, claims, liability, reduced revenue, and harm to our reputation or competitive position. The natural sunsetting or phasing out of third-party products and operating systems that we use requires that our infrastructure teams reallocate time and attention to migration and updates, during which period potential security vulnerabilities could be exploited. In addition, the locations or environments in which our software is deployed have expanded, and may continue to expand, including on customer networks, on-premises at customer sites, on edge devices, on mobile devices, in data centers, in colocation spaces or in other locations or environments that we do not maintain or operate. In such locations or environments, we may not have full control over how our platforms and products are deployed, managed, or secured, our standards for information security may not be met, and our ability to deploy certain security features and controls may be limited. These locations and environments may be more vulnerable to cybersecurity attacks, phishing attacks, viruses, malware, ransomware, and hacking, or similar breaches and incidents, including those from nation-state actors or affiliated actors, and such attacks could harm our customers' ability to operate and perform their obligations under our contracts, or result in increased costs or liabilities, a perceived or actual security breach of our platforms, or harm to our business and reputation. Moreover, if our platforms and products are not appropriately deployed, managed, and secured in these locations or environments, or such locations or environments are not appropriately secured or experience cybersecurity attacks or other security breaches or incidents, our platforms and products could be compromised, inappropriately accessed or acquired, or undergo unauthorized use, copying, and distribution, and reverse engineering of our intellectual property, which could adversely affect our business, financial condition, and results of operations. Further, certain of our platforms and services now allow customers to deploy their own applications in our environments, for example via our FedStart offering. These third-party applications have been built outside of our platforms or environments utilizing security procedures, techniques, and controls that may not meet our standards for information security, or may contain exploitable defects, errors, or bugs that could result in failures, disruptions, cybersecurity attacks, or other security breaches or incidents. Further, as we increase the number of customers we serve on our cloud environment, the likelihood increases that some usage of our products may occur that violates 31 31 31 **Current (2026):** Our success depends in part on our ability to provide effective data security protection in connection with our technology platforms and services, and we rely on information technology networks and systems to securely store, transmit, index, and otherwise process electronic information. Because our platforms and services are used by our customers to store, transmit, index, or otherwise process and analyze large data sets that often contain proprietary, confidential, and/or sensitive information (including in some instances personal or identifying information, personal health information, government classified information, and other information subject to regulatory or statutory control or requirements), our software is perceived as an attractive target for attacks by computer hackers or others seeking unauthorized access, and our software faces threats of unintended exposure, exfiltration, alteration, deletion, loss, or unavailability of data. Additionally, because many of our customers use our platforms to store, transmit, and otherwise process proprietary, confidential, or sensitive information, and complete mission critical tasks, they have a lower risk tolerance for security vulnerabilities in our platforms and services than for vulnerabilities in other, less critical, software products and services. Our platforms and services operate in conjunction with, and we are dependent upon, third-party products and components across a broad ecosystem, including our customer environments. There have been and may continue to be significant attacks on certain third-party providers, and we cannot guarantee that our or any third-party providers' systems, networks, products, or components have not been breached or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support or otherwise interface with us and our platforms and services. Furthermore, changes such as configurations, updates or upgrades of third-party products or services have introduced and may in the future introduce or exacerbate vulnerabilities that may compromise our systems or those of our customers. If there is a security vulnerability, error, or other bug in one of these products or components and if there is a security exploit targeting them, we could face increased costs, claims, liability, reduced revenue, and harm to our reputation or competitive position. The natural sunsetting or phasing out of third-party products and operating systems that we use requires that our infrastructure teams reallocate time and attention to migration and updates, during which period potential security vulnerabilities could be exploited. In addition, the locations or environments in which our software is deployed have expanded, and may continue to expand, including on customer networks, on-premises at customer sites, on edge devices, on mobile devices, in data centers, in colocation spaces or in other locations or environments that we do not maintain or operate. In 31 31 31 31 31 31 --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "•litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors; •actual or perceived privacy or security breaches or other incidents; •developments or disputes concerning our intellectual property or other proprietary rights; •announced or completed acquisitions of businesses, services or technologies by us or our competitors; •changes in our management, including any departures of one of our Founders; •new laws, regulations, or government policies, as well as public expectations about or new interpretations or enforcement of the aforementioned, as applicable to our business; •changes in accounting standards, policies, guidelines, interpretations, or principles; •any significant change in our management; •other events or factors, including those resulting from war, including the ongoing Russia-Ukraine and Middle East conflicts, incidents of terrorism, such as Hamas' attack against Israel, pandemics, or responses to these events; and •general macroeconomic conditions, such as fluctuating interest rates, the potential or actual imposition of tariffs or other impacts on trade relations, and slow or negative growth of our markets." **Prior (2025):** •actual or anticipated developments in our business, our competitors' businesses, or the competitive landscape generally; •litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors; •actual or perceived privacy or security breaches or other incidents; •developments or disputes concerning our intellectual property or other proprietary rights; •announced or completed acquisitions of businesses, services or technologies by us or our competitors; •changes in our management, including any departures of one of our Founders; •new laws or regulations, public expectations regarding new laws or regulations or new interpretations of existing laws or regulations applicable to our business; •changes in accounting standards, policies, guidelines, interpretations, or principles; •any significant change in our management; •other events or factors, including those resulting from war, including the ongoing Russia-Ukraine conflict, incidents of terrorism, such as Hamas' attack against Israel, pandemics, or responses to these events; and •general macroeconomic conditions, such as heightened interest rates and slow or negative growth of our markets. In addition, stock markets, and the market for technology companies in particular, have experienced price and volume fluctuations that have affected and continue to affect the trading prices of equity securities of many companies. Stock prices of many companies, including technology companies, have fluctuated in a manner often unrelated to the operating performance of those companies. In the past, following periods of volatility in the overall market and the trading price of a particular company's securities, securities class action litigation has often been instituted against these companies. Such litigation, including the purported class action lawsuits and derivative lawsuits filed against us and certain of our officers and directors, could result in substantial costs and a diversion of our management's attention and resources and harm our business, financial condition, and results of operations. Further, in the future, we may be the target of additional litigation of this type. **Current (2026):** •litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors; •actual or perceived privacy or security breaches or other incidents; •developments or disputes concerning our intellectual property or other proprietary rights; •announced or completed acquisitions of businesses, services or technologies by us or our competitors; •changes in our management, including any departures of one of our Founders; •new laws, regulations, or government policies, as well as public expectations about or new interpretations or enforcement of the aforementioned, as applicable to our business; •changes in accounting standards, policies, guidelines, interpretations, or principles; •any significant change in our management; •other events or factors, including those resulting from war, including the ongoing Russia-Ukraine and Middle East conflicts, incidents of terrorism, such as Hamas' attack against Israel, pandemics, or responses to these events; and •general macroeconomic conditions, such as fluctuating interest rates, the potential or actual imposition of tariffs or other impacts on trade relations, and slow or negative growth of our markets. In addition, stock markets, and the market for technology companies in particular, have experienced price and volume fluctuations that have affected and continue to affect the trading prices of equity securities of many companies. Stock prices of many companies, including technology companies, have fluctuated in a manner often unrelated to the operating performance of those companies. In the past, following periods of volatility in the overall market and the trading price of a particular company's securities, securities class action litigation has often been instituted against these companies. Such litigation, including the purported class action lawsuits and derivative lawsuits filed against us and certain of our officers and directors, could result in substantial costs and a diversion of our management's attention and resources and harm our business, financial condition, and results of operations. Further, in the future, we may be the target of additional litigation of this type. --- ## Modified Risk: We have been, and may in the future be, subject to intellectual property rights claims, which are extremely costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies. **Key changes:** - Updated: "These claims 36 36 36 36 36 36" **Prior (2025):** Our success and ability to compete also depends in part on our ability to operate without infringing, misappropriating or otherwise violating the intellectual property or other proprietary rights of third parties. Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks and trade secrets and frequently pursue litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. In addition, many of these companies have the capability to dedicate substantial resources to enforce their intellectual property rights and to defend claims that may be brought against them. Such litigation also may involve non-practicing patent assertion entities or companies who use their patents as a means to extract license fees by threatening costly litigation or that have minimal operations or relevant product revenue and against whom our patents may provide little or no deterrence or protection. We have received notices, and may continue to receive notices in the future, that claim we have infringed, misappropriated, misused or otherwise violated other parties' intellectual property rights, and, to the extent we have made or will make more information about our platforms publicly available and become exposed to greater visibility, we face a higher risk of being the subject of intellectual property infringement, misappropriation or other violation claims, which is not uncommon with respect to software technologies in particular. There may be third-party intellectual property rights, including issued patents or pending patent applications, that cover significant aspects of our technologies, or business methods. There may also be third-party intellectual property rights, including trademark registrations and pending applications, that cover the goods and services that we offer in certain regions. We may also be exposed to increased risk of being the subject of intellectual property infringement, misappropriation, or other violation claims as a result of acquisitions and our incorporation of open source and other third-party software into, or new branding for, our technology platforms, as, among other things, we have a lower level of visibility into the development process with respect to such technology or the care taken to safeguard against infringement, misappropriation, or other violation risks. In addition, former employers of our current, former, or future employees may assert claims that such employees have improperly disclosed to us confidential or proprietary information of these former employers. Any intellectual property claims, with or without merit, are difficult to predict, could be very time-consuming and expensive to settle or litigate, could divert our management's attention and other resources, and may not be covered by the insurance that we carry. These claims could subject us to significant liability for damages, potentially including treble damages if we are found to have willfully infringed a third party's intellectual property rights. These claims could also result in our having to stop using technology, branding or marks found to be in violation of a third party's rights and any necessary rebranding could result in the loss of goodwill. We could be required to seek a license for the intellectual property, which may not be available on commercially reasonable terms or at all. Even if a license were available, we could be required to pay significant royalties, which would increase our expenses. As a result, we could be required to develop alternative non-infringing technology, branding or marks, which could require significant effort and expense. If we cannot license rights or develop technology for any infringing aspect of our business, we would be forced to limit or stop sales of one or more of our platforms or features, we could lose existing customers, and we may be unable to compete effectively. Any of these results would harm our business, financial condition, and results of operations. Further, our agreements with customers and other third parties generally include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of third-party claims of intellectual property infringement, misappropriation, or other violations of intellectual property rights, damages caused by us to property or persons, or other liabilities relating to or arising from our platforms, services, or other contractual obligations. Large indemnity payments could harm our business, financial condition, and results of operations. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business and results of operations. **Current (2026):** Our success and ability to compete also depends in part on our ability to operate without infringing, misappropriating or otherwise violating the intellectual property or other proprietary rights of third parties. Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks and trade secrets and frequently pursue litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. In addition, many of these companies have the capability to dedicate substantial resources to enforce their intellectual property rights and to defend claims that may be brought against them. Such litigation also may involve non-practicing patent assertion entities or companies who use their patents as a means to extract license fees by threatening costly litigation or that have minimal operations or relevant product revenue and against whom our patents may provide little or no deterrence or protection. We have received notices, and may continue to receive notices in the future, that claim we have infringed, misappropriated, misused or otherwise violated other parties' intellectual property rights, and, to the extent we have made or will make more information about our platforms publicly available and become exposed to greater visibility, we face a higher risk of being the subject of intellectual property infringement, misappropriation or other violation claims, which is not uncommon with respect to software technologies in particular. There may be third-party intellectual property rights, including issued patents or pending patent applications, that cover significant aspects of our technologies, or business methods. There may also be third-party intellectual property rights, including trademark registrations and pending applications, that cover the goods and services that we offer in certain regions. We may also be exposed to increased risk of being the subject of intellectual property infringement, misappropriation, or other violation claims as a result of acquisitions and our incorporation of open source and other third-party software into, or new branding for, our technology platforms, as, among other things, we have a lower level of visibility into the development process with respect to such technology or the care taken to safeguard against infringement, misappropriation, or other violation risks. In addition, former employers of our current, former, or future employees may assert claims that such employees have improperly disclosed to us confidential or proprietary information of these former employers. Any intellectual property claims, with or without merit, are difficult to predict, could be very time-consuming and expensive to settle or litigate, could divert our management's attention and other resources, and may not be covered by the insurance that we carry. These claims could subject us to significant liability for damages, potentially including treble damages if we are found to have willfully infringed a third party's intellectual property rights. These claims 36 36 36 36 36 36 --- ## Modified Risk: We rely on the availability of licenses to third-party technology that may be difficult to replace or that may cause errors or delay implementation of our platforms and services should we not be able to continue or obtain a commercially reasonable license to such technology. **Key changes:** - Updated: "The loss of, or inability to obtain, certain third-party licenses or other rights or to obtain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could result in product roll-backs, delays in product releases until equivalent technology can be identified, licensed or developed, if at all, and integrated into our platforms, and may have a material adverse effect on our business, financial condition, and results of operations." **Prior (2025):** Our technology platforms include software or other intellectual property licensed from third parties. It may be necessary in the future to renew licenses relating to various aspects of these platforms or to seek new licenses for existing or new platforms or other products. There can be no assurance that the necessary licenses would be available on commercially acceptable terms, if at all. Third parties may terminate their licenses with us for a variety of reasons, including actual or perceived failures or breaches of security or privacy, or reputational concerns, or they may choose not to renew their licenses with us. In addition, we may be subject to liability if third-party software that we license is found to infringe, misappropriate, or otherwise violate intellectual property or privacy rights of others. The loss of, or inability to obtain, certain third-party licenses or other rights or to obtain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could result in product roll-backs, delays in product releases until equivalent technology can be identified, licensed or developed, if at all, and integrated into our platforms, and may have a material adverse effect on our business, financial condition, and results of 37 37 37 **Current (2026):** Our technology platforms include software or other intellectual property licensed from third parties. It may be necessary in the future to renew licenses relating to various aspects of these platforms or to seek new licenses for existing or new platforms or other products. There can be no assurance that the necessary licenses would be available on commercially acceptable terms, if at all. Third parties may terminate their licenses with us for a variety of reasons, including actual or perceived failures or breaches of security or privacy, or reputational concerns, or they may choose not to renew their licenses with us. In addition, we may be subject to liability if third-party software that we license is found to infringe, misappropriate, or otherwise violate intellectual property or privacy rights of others. The loss of, or inability to obtain, certain third-party licenses or other rights or to obtain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could result in product roll-backs, delays in product releases until equivalent technology can be identified, licensed or developed, if at all, and integrated into our platforms, and may have a material adverse effect on our business, financial condition, and results of operations. Moreover, the inclusion in our platforms of software or other intellectual property licensed from third parties on a nonexclusive basis could limit our ability to differentiate our platforms from products of our competitors and could inhibit our ability to provide the current level of service to existing customers. In addition, any data that we license from third parties for potential use in our platforms may contain errors or defects, which could negatively impact the analytics that our customers perform on or with such data. This may have a negative impact on how our platforms are perceived by our current and potential customers and could materially damage our reputation and brand. Changes in or the loss of third-party licenses could lead to our platforms becoming inoperable or the performance of our platforms being materially reduced resulting in our potentially needing to incur additional research and development costs to ensure continued performance of our platforms or a material increase in the costs of licensing, and we may experience decreased demand for our platforms. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "would be typical of a smaller organization." **Prior (2025):** •customer IT departments may perceive that our platforms and services pose a threat to their internal control and advocate for legacy or internally developed solutions over our platforms; •resources may be spent on a potential customer that ultimately elects not to purchase our platforms and services; •challenges in successfully identifying, evaluating, and collaborating or teaming with one or more third-party partners or suppliers in order to jointly pursue, secure, and perform under large or complex customer contracts, including certain government procurement programs; •more stringent requirements in our service contracts, including stricter service response times, and increased penalties for any failure to meet service requirements; •increased competition from larger competitors, such as defense contractors, system integrators, or large software and service companies that traditionally target large enterprises and government entities and that may already have purchase commitments from those customers; and •less predictability in completing some of our sales than we do with smaller customers. Large enterprises and government entities often undertake a significant evaluation process that results in a lengthy sales cycle, in some cases over twelve months, requiring approvals of multiple management personnel and more technical personnel than would be typical of a smaller organization. Due to the length, size, scope, and stringent requirements of these evaluations, we typically provide short-term pilot deployments of our platforms, or one or more bootcamps, to prospective customers at no or low cost initially. We sometimes spend substantial time, effort, and money in our sales efforts without producing any sales. The success of the investments that we make in the earlier stages of our sales cycle depends on factors such as our ability to identify potential customers for which our platforms have an opportunity to add significant value to the customer's organization, our ability to identify and agree with the potential customer on an appropriate pilot deployment to demonstrate the value of our platforms, and whether we successfully execute on such pilot deployment. Even if the pilot deployment is successful, we or the customer could choose not to enter into a larger contract for a variety of reasons. For example, product purchases by large enterprises and government entities are frequently subject to budget constraints, leadership changes, multiple approvals, and unplanned administrative, processing, and other delays, any of which could significantly delay or entirely prevent our realization of sales. Finally, large enterprises and government entities typically (i) have longer implementation cycles, (ii) require greater product functionality and scalability and a broader range of services, including design services, (iii) demand that vendors take on a larger share of risks, (iv) sometimes require acceptance provisions that can lead to a delay in revenue recognition, (v) typically have more complex IT and data environments, and (vi) expect greater payment flexibility from vendors. Customers, and sometimes we, may also engage third parties to be the users of, or to integrate their products and services with, our platforms, which may result in contractual complexities and risks, require additional investment of time and human resources to train or work with the third parties and allow third parties (who may be building competitive projects or engaging in other competitive activities, or may not have appropriate organizational or technical expertise) to influence our customers' perception of our platforms. All these factors can add further risk to business conducted with these customers. If sales expected from a large customer for a particular quarter are not realized in that quarter or at all, our business, financial condition, results of operations, and growth prospects could be materially and adversely affected. In addition, part of our growth strategy involves supporting a broader set of potential customers. Sales to such customers involve risks that vary from those present with sales to large or otherwise established organizations, due to their limited operating history, limited resources for adopting new technologies, and uncertain resources for future operations, among other things. Accordingly, we will continue to refine our business strategy and pricing structures to attract and retain such customers, as well as existing and larger customers across the potential customer base. There is no guarantee that our existing or proposed business strategies, including subscription-based or usage-based pricing structures, will achieve broad adoption by current or prospective customers or be appropriately structured to attract and retain other potential customers across the customer base. If we are not successful in executing our sales strategy, our business, financial condition, results of operations, and growth prospects could be adversely affected. **Current (2026):** would be typical of a smaller organization. Due to the length, size, scope, and stringent requirements of these evaluations, we typically provide short-term pilot deployments of our platforms, or one or more bootcamps, to prospective customers at no or low cost initially. We sometimes spend substantial time, effort, and money in our sales efforts without producing any sales. The success of the investments that we make in the earlier stages of our sales cycle depends on factors such as our ability to identify potential customers for which our platforms have an opportunity to add significant value to the customer's organization, our ability to identify and agree with the potential customer on an appropriate pilot deployment to demonstrate the value of our platforms, and whether we successfully execute on such pilot deployment. Even if the pilot deployment is successful, we or the customer could choose not to enter into a larger contract for a variety of reasons. For example, product purchases by large enterprises and government entities are frequently subject to budget constraints, leadership changes, multiple approvals, and unplanned administrative, processing, and other delays, any of which could significantly delay or entirely prevent our realization of sales. Finally, large enterprises and government entities typically (i) have longer implementation cycles, (ii) require greater product functionality and scalability and a broader range of services, including design services, (iii) demand that vendors take on a larger share of risks, (iv) sometimes require acceptance provisions that can lead to a delay in revenue recognition, (v) typically have more complex IT and data environments, and (vi) expect greater payment flexibility from vendors. Customers, and sometimes we, may also engage third parties to be the users of, or to integrate their products and services with, our platforms, which may result in contractual complexities and risks, require additional investment of time and human resources to train or work with the third parties and allow third parties (who may be building competitive projects or engaging in other competitive activities, or may not have appropriate organizational or technical expertise) to influence our customers' perception of our platforms. All these factors can add further risk to business conducted with these customers. If sales expected from a large customer for a particular quarter are not realized in that quarter or at all, our business, financial condition, results of operations, and growth prospects could be materially and adversely affected. In addition, part of our growth strategy involves supporting a broader set of potential customers. Sales to such customers involve risks that vary from those present with sales to large or otherwise established organizations, due to their limited operating history, limited resources for adopting new technologies, and uncertain resources for future operations, among other things. Accordingly, we will continue to refine our business strategy and pricing structures to attract and retain such customers, as well as existing and larger customers across the potential customer base. There is no guarantee that our existing or proposed business strategies, including subscription-based or usage-based pricing structures, will achieve broad adoption by current or prospective customers or be appropriately structured to attract and retain other potential customers across the customer base. If we are not successful in executing our sales strategy, our business, financial condition, results of operations, and growth prospects could be adversely affected. --- ## Modified Risk: Our business could be adversely affected if our employees cannot obtain and maintain required personnel security clearances or we cannot establish and maintain a required facility security clearance. **Key changes:** - Updated: "If our employees are unable to obtain security clearances in a timely manner, or at all, or if our employees who hold security clearances are unable to maintain their clearances or terminate employment with us, then we may be unable to comply with relevant U.S." **Prior (2025):** Certain government contracts may require our employees to maintain various levels of security clearances and may require us to maintain a facility security clearance to comply with U.S. and international government agency requirements. Many governments have strict security clearance requirements for personnel who perform work in support of classified programs. Obtaining and maintaining security clearances for employees typically involves a lengthy process, and it can be difficult to identify, recruit, and retain employees who already hold security clearances. If our employees are unable to obtain security clearances in a timely manner, or at all, or if our employees who hold security clearances are unable to maintain their clearances 47 47 47 **Current (2026):** Certain government contracts may require our employees to maintain various levels of security clearances and may require us to maintain a facility security clearance to comply with U.S. and international government agency requirements. Many governments have strict security clearance requirements for personnel who perform work in support of classified programs. Obtaining and maintaining security clearances for employees typically involves a lengthy process, and it can be difficult to identify, recruit, and retain employees who already hold security clearances. If our employees are unable to obtain security clearances in a timely manner, or at all, or if our employees who hold security clearances are unable to maintain their clearances or terminate employment with us, then we may be unable to comply with relevant U.S. and international government agency requirements, or our customers requiring classified work could choose to terminate or decide not to renew one or more contracts requiring employees to obtain or maintain security clearances upon expiration. To the extent we are not able to obtain or maintain a facility security clearance, we may not be able to bid on or win new classified contracts, and existing contracts 48 48 48 48 48 48 --- ## Modified Risk: If we are unable to hire, retain, train, and motivate qualified personnel and senior management, including Alexander Karp, one of our founders and our Chief Executive Officer, and deploy our personnel and resources to meet customer demand around the world, our business could suffer. **Key changes:** - Updated: "It is also possible that remote work arrangements may have a negative impact on our ability to recruit, train, manage, and retain employees; our operations; our information, data security and cybersecurity; consumer privacy and the risk of fraud; the execution of our business plans; our ability to maintain and strengthen our company culture; the 20 20 20 20 20 20" **Prior (2025):** Our ability to compete in the highly competitive technology industry depends upon our ability to attract, motivate, and retain qualified personnel. We are highly dependent on the continued contributions and customer relationships of our management, and particularly on the services of Alexander Karp, our Chief Executive Officer. Mr. Karp was part of our founding team and has been integral to our growth since our founding. We believe that Mr. Karp's management experience would be difficult to replace. All of our executive officers and many key personnel are at-will employees and may terminate their employment relationship with us at any time. The loss of the services of our key personnel and any of our other executive officers, and our inability to find suitable replacements, could result in a decline in sales, delays in product development, and harm to our business and operations. At times, we have experienced, and we may continue to experience, difficulty in hiring and retaining personnel with appropriate qualifications, and we may not be able to fill positions in a timely manner or at all. Our recruiting personnel, methodology, and approach may need to be altered to address a changing candidate pool and profile. We may not be able to identify or implement such changes in a timely manner. In addition, we may incur significant costs to attract and recruit skilled personnel, and we may lose new personnel to our competitors or other technology companies before we realize the benefit of our investment in recruiting and training them. As we move into new geographies, we will need to attract and recruit skilled personnel in those geographic areas, but it may be challenging for us to compete with traditional local employers in these regions for talent. If we fail to attract new personnel or fail to retain and motivate our current personnel who are capable of meeting our growing technical, operational, and managerial requirements on a timely basis or at all, our business may be harmed. In addition, certain personnel may be required to receive various security clearances and substantial training in order to work on certain customer engagements or to perform certain tasks. Necessary security clearances may be delayed or unsuccessful, which may negatively impact our ability to perform on our U.S. and non-U.S. government contracts in a timely manner or at all. Further, potential employees may request to work entirely or partially remotely. For example, though many of our current employees have returned to their offices following the COVID-19 pandemic, some continue to work remotely. There is no guarantee that we will realize any anticipated benefits to our business from this model, including cost savings, operational efficiencies, or productivity. It is also possible that remote work arrangements may have a negative impact on our ability to recruit, train, manage, and retain employees; our operations; our information, data security and cybersecurity; consumer privacy and the risk of fraud; the execution of our business plans; our ability to maintain and strengthen our company culture; the productivity and availability of key personnel and other employees necessary to conduct our business; and on third-party service providers who perform critical services for us, or otherwise cause operational failures due to changes in our normal business practices. Our success depends on our ability to effectively source and staff people with the right mix of skills and experience to perform services for our customers, including our ability to transition personnel to new assignments on a timely basis. If we are unable to effectively utilize our personnel on a timely basis to fulfill the needs of our customers, our business could suffer. Further, if we are not able to recruit, hire, or retain the talent we need because of increased regulation of immigration or work visas, including limitations placed on the number of visas granted, limitations on the type of work performed or location in which the work can be performed, and new or higher minimum salary requirements, it could be more difficult to staff our personnel on customer engagements and could increase our costs. We face intense competition for qualified personnel, especially engineering personnel, in major U.S. markets, where a large portion of our personnel are based, as well as in other non-U.S. markets where we have expanded or expect to expand our non-U.S. operations. We incur costs related to attracting, relocating, and retaining qualified personnel in these highly competitive markets, including leasing real estate in prime areas in these locations. Further, many of the companies with which we compete for qualified personnel have greater resources than we have. If the perceived value of our equity awards declines, or if the mix of equity and cash compensation or the structure and terms of the compensation that we offer is less attractive than that of our competitors, it may adversely affect our ability to recruit and retain highly skilled personnel. Additionally, laws and regulations, such as restrictive immigration laws, may limit our ability to recruit outside of the United States. We seek to retain and motivate existing personnel through our compensation practices, company culture, and career development opportunities. If we fail to attract new personnel or to retain our current personnel, our business and operations could be harmed. 20 20 20 **Current (2026):** Our ability to compete in the highly competitive technology industry depends upon our ability to attract, motivate, and retain qualified personnel. We are highly dependent on the continued contributions and customer relationships of our management, and particularly on the services of Alexander Karp, our Chief Executive Officer. Mr. Karp was part of our founding team and has been integral to our growth since our founding. We believe that Mr. Karp's management experience would be difficult to replace. All of our executive officers and many key personnel are at-will employees and may terminate their employment relationship with us at any time. The loss of the services of our key personnel and any of our other executive officers, and our inability to find suitable replacements, could result in a decline in sales, delays in product development, and harm to our business and operations. At times, we have experienced, and we may continue to experience, difficulty in hiring and retaining personnel with appropriate qualifications, and we may not be able to fill positions in a timely manner or at all. Our recruiting personnel, methodology, and approach may need to be altered to address a changing candidate pool and profile. We may not be able to identify or implement such changes in a timely manner. In addition, we may incur significant costs to attract and recruit skilled personnel, and we may lose new personnel to our competitors or other technology companies before we realize the benefit of our investment in recruiting and training them. As we move into new geographies, we will need to attract and recruit skilled personnel in those geographic areas, but it may be challenging for us to compete with traditional local employers in these regions for talent. If we fail to attract new personnel or fail to retain and motivate our current personnel who are capable of meeting our growing technical, operational, and managerial requirements on a timely basis or at all, our business may be harmed. In addition, certain personnel may be required to receive various security clearances and substantial training in order to work on certain customer engagements or to perform certain tasks. Necessary security clearances may be delayed or unsuccessful, which may negatively impact our ability to perform on our U.S. and non-U.S. government contracts in a timely manner or at all. Further, potential employees may request to work entirely or partially remotely. For example, though many of our current employees have returned to their offices following the COVID-19 pandemic, some continue to work remotely. There is no guarantee that we will realize any anticipated benefits to our business from this model, including cost savings, operational efficiencies, or productivity. It is also possible that remote work arrangements may have a negative impact on our ability to recruit, train, manage, and retain employees; our operations; our information, data security and cybersecurity; consumer privacy and the risk of fraud; the execution of our business plans; our ability to maintain and strengthen our company culture; the 20 20 20 20 20 20 --- ## Modified Risk: Failure to adequately obtain, maintain, protect and enforce our intellectual property and other proprietary rights could adversely affect our business. **Key changes:** - Updated: "Even if our patent 35 35 35 35 35 35" **Prior (2025):** Our success and ability to compete depends in part on our ability to protect proprietary methods and technologies that we develop under a combination of patent and other intellectual property and proprietary rights in the United States and other jurisdictions outside the United States so that we can prevent others from using our inventions and proprietary information and technology. Despite our efforts, third parties have and may attempt to disclose, obtain, copy, or use our intellectual property or other proprietary information or technology without our authorization or coerce or enlist our employees, partners, or suppliers to do the same, and our efforts to protect our intellectual property and other proprietary rights may not prevent such unauthorized disclosure or use, misappropriation, infringement, reverse engineering or other violation of our intellectual property or other proprietary rights. Effective protection of our rights may not be available to us in every country in which our technology platforms or services are available. The laws of some countries may not be as protective of intellectual property and other proprietary rights as those in the United States, and mechanisms for enforcement of intellectual property and other proprietary rights may be inadequate. Also, our involvement in standard setting activity or the need to obtain licenses from others may require us to license our intellectual property. Accordingly, despite our efforts, we may be unable to prevent third parties from using our intellectual property or other proprietary information or technology. In addition, we may be the subject of intellectual property infringement or misappropriation claims, which could be very time-consuming and expensive to settle or litigate and could divert our management's attention and other resources. These claims could also subject us to significant liability for damages if we are found to have infringed patents, copyrights, trademarks, or other intellectual property rights, or breached trademark co-existence agreements or other intellectual property licenses and could require us to cease using or to rebrand all or portions of our platforms. Any of our patents, copyrights, trademarks, or other intellectual property rights may be challenged by others or invalidated through administrative process or litigation. While we have issued patents and patent applications pending, we may be unable to obtain patent protection for the technology covered in our patent applications or such patent protection may not be obtained quickly enough to meet our business needs. Furthermore, the patent prosecution process is expensive, time-consuming, and complex, and we may not be able to prepare, file, prosecute, maintain, and enforce all necessary or desirable patent applications at a reasonable cost or in a timely manner. The scope of patent protection also can be reinterpreted after issuance and issued patents may be invalidated. Even if our patent applications do issue as patents, they may not issue in a form that is sufficiently broad to protect our technology, prevent competitors or other third parties from competing with us or otherwise provide us with any competitive advantage. Even if our patents issue in a form that covers our technology, enforcing patents against suspected infringers is time consuming, expensive, and involves risks associated with litigation, including the risk the suspected infringers file counterclaims against us. In addition, any of our patents, copyrights, trademarks, or other intellectual property or proprietary rights may be challenged, narrowed, invalidated, held unenforceable, or circumvented in litigation or other proceedings, including, where applicable, opposition, re-examination, inter partes review, post-grant review, interference, nullification and derivation proceedings, and equivalent proceedings in foreign jurisdictions, and such intellectual property or other proprietary rights may be lost or no longer provide us meaningful competitive advantages. Such proceedings may result in substantial cost and require significant time from our management, even if the eventual outcome is favorable to us. Third parties also may legitimately and independently develop products, services, and technology similar to or duplicative of our platforms. In addition to protection under intellectual property laws, we rely on confidentiality or license agreements that we generally enter into with our corporate partners, employees, consultants, advisors, vendors, and customers, and generally limit access to and distribution of our proprietary information. However, we cannot be certain that we have entered into such agreements with all parties who may have or have had access to our confidential information or that the agreements we have entered into will not be breached or challenged, or that such breaches will be detected. Furthermore, non-disclosure provisions can be difficult to enforce, and even if successfully enforced, may not be entirely effective. Additionally, as more information about us and our platforms is made or becomes publicly available, it may be more difficult to manage actions by third parties with respect to, or other use of, such information. We cannot guarantee that any of the measures we have taken will prevent infringement, misappropriation, or other violation of our technology or other intellectual property or proprietary rights. Because we may be an attractive target for cyberattacks and espionage, we also may have a heightened risk of unauthorized access to, and misappropriation of, our proprietary and competitively sensitive information. We may be required to spend significant resources to monitor and protect our intellectual property and other proprietary rights, and we may conclude that in at least some instances the benefits of 35 35 35 **Current (2026):** Our success and ability to compete depends in part on our ability to protect proprietary methods and technologies that we develop under a combination of patent and other intellectual property and proprietary rights in the United States and other jurisdictions outside the United States so that we can prevent others from using our inventions and proprietary information and technology. Despite our efforts, third parties have and may attempt to disclose, obtain, copy, or use our intellectual property or other proprietary information or technology without our authorization or coerce or enlist our employees, partners, or suppliers to do the same, and our efforts to protect our intellectual property and other proprietary rights may not prevent such unauthorized disclosure or use, misappropriation, infringement, reverse engineering or other violation of our intellectual property or other proprietary rights. Effective protection of our rights may not be available to us in every country in which our technology platforms or services are available. The laws of some countries may not be as protective of intellectual property and other proprietary rights as those in the United States, and mechanisms for enforcement of intellectual property and other proprietary rights may be inadequate. Also, our involvement in standard setting activity or the need to obtain licenses from others may require us to license our intellectual property. Accordingly, despite our efforts, we may be unable to prevent third parties from using our intellectual property or other proprietary information or technology. In addition, we may be the subject of intellectual property infringement or misappropriation claims, which could be very time-consuming and expensive to settle or litigate and could divert our management's attention and other resources. These claims could also subject us to significant liability for damages if we are found to have infringed patents, copyrights, trademarks, or other intellectual property rights, or breached trademark co-existence agreements or other intellectual property licenses and could require us to cease using or to rebrand all or portions of our platforms. Any of our patents, copyrights, trademarks, or other intellectual property rights may be challenged by others or invalidated through administrative process or litigation. While we have issued patents and patent applications pending, we may be unable to obtain patent protection for the technology covered in our patent applications or such patent protection may not be obtained quickly enough to meet our business needs. Furthermore, the patent prosecution process is expensive, time-consuming, and complex, and we may not be able to prepare, file, prosecute, maintain, and enforce all necessary or desirable patent applications at a reasonable cost or in a timely manner. The scope of patent protection also can be reinterpreted after issuance and issued patents may be invalidated. Even if our patent 35 35 35 35 35 35 --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "These competitive pressures in our market, or our failure to compete effectively, may result in fewer orders, reduced revenue and margins, and loss of market share." **Prior (2025):** customers' perceptions of the viability of smaller or even mid-size software firms and consequently customers' willingness to purchase from such firms. We may not compete successfully against our current or potential competitors. If we are unable to compete successfully, or if competing successfully requires us to take costly actions in response to the actions of our competitors, our business, financial condition and results of operations could be adversely affected. In addition, companies competing with us may have an entirely different pricing or distribution model. Increased competition could result in fewer customer orders, price reductions, reduced margins, and loss of market share, any of which could harm our business and results of operations. **Current (2026):** quickly than we do. These competitive pressures in our market, or our failure to compete effectively, may result in fewer orders, reduced revenue and margins, and loss of market share. In addition, it is possible that industry consolidation may impact customers' perceptions of the viability of smaller or even mid-size software firms and consequently customers' willingness to purchase from such firms. We may not compete successfully against our current or potential competitors. If we are unable to compete successfully, or if competing successfully requires us to take costly actions in response to the actions of our competitors, our business, financial condition and results of operations could be adversely affected. In addition, companies competing with us may have an entirely different pricing or distribution model. Increased competition could result in fewer customer orders, price reductions, reduced margins, and loss of market share, any of which could harm our business and results of operations. --- ## Modified Risk: Failure to comply with laws, regulations, or contractual provisions applicable to our business could cause us to lose government customers or our ability to contract with the U.S. and other governments. **Key changes:** - Updated: "These laws and regulations may impose other added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, and termination of contracts and suspension or debarment from government contracting for a period of time with government agencies." **Prior (2025):** As a government contractor, we must comply with laws, regulations, and contractual provisions relating to the formation, administration, and performance of government contracts and inclusion on government contract vehicles, which affect how we and our partners do business with government agencies. As a result of actual or perceived noncompliance with government contracting laws, regulations, or contractual provisions, we may be subject to audits and internal investigations which may prove costly to our business financially, divert management time, or limit our ability to continue selling our platforms and services to our government customers. These laws and regulations may impose other added costs on our business, and failure to 48 48 48 **Current (2026):** As a government contractor, we must comply with laws, regulations, and contractual provisions relating to the formation, administration, and performance of government contracts and inclusion on government contract vehicles, which affect how we and our partners do business with government agencies. As a result of actual or perceived noncompliance with government contracting laws, regulations, or contractual provisions, we may be subject to audits and internal investigations which may prove costly to our business financially, divert management time, or limit our ability to continue selling our platforms and services to our government customers. These laws and regulations may impose other added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, and termination of contracts and suspension or debarment from government contracting for a period of time with government agencies. Any such damages, penalties, disruption, or limitation in our ability 49 49 49 49 49 49 --- ## Modified Risk: If we fail to maintain an effective system of internal controls, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired. **Key changes:** - Added: "Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business." - Added: "Further, we have identified in the past, and may identify in the future, deficiencies in our controls." - Added: "Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods." - Added: "Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports." - Added: "Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which could have a negative effect on the trading price of our Class A common stock." **Prior (2025):** We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the Nasdaq listing standards. The requirements of these rules and regulations may continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We have developed and refined our financial reporting and other disclosure controls and procedures, and will continue to do so. Our controls are designed to ensure that information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. We are also continuing to improve our internal control over financial reporting as our business continues to grow in size and complexity. We expect to continue to hire and integrate additional accounting and financial staff with appropriate company experience and technical accounting knowledge, as well as implement and integrate new technological systems. In order to maintain and improve the effectiveness of our financial statement and disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight. 60 60 60 **Current (2026):** We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the Nasdaq listing standards. The requirements of these rules and regulations may continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We have developed and refined our financial reporting and other disclosure controls and procedures, and will continue to do so. Our controls are designed to ensure that information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. We are also continuing to improve our internal control over financial reporting as our business continues to grow in size and complexity. We expect to continue to hire and integrate additional accounting and financial staff with appropriate company experience and technical accounting knowledge, as well as implement and integrate new technological systems. In order to maintain and improve the effectiveness of our financial statement and disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight. Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, we have identified in the past, and may identify in the future, deficiencies in our controls. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which could have a negative effect on the trading price of our Class A common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on Nasdaq. We are required to annually comply with the SEC rules that implement Section 404 of the Sarbanes-Oxley Act and are therefore required to make a formal assessment of the effectiveness of our internal control over financial reporting for that purpose. 61 61 61 61 61 61 --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "•negative publicity or negative private statements about the security, performance, or effectiveness of our platforms or product enhancements; •delays in releasing to the market our new offerings or enhancements to our existing offerings, including new product modules; •introduction or anticipated introduction of competing platforms or functionalities by our competitors; •inability of our platforms or product enhancements to scale and perform to meet customer demands or needs; •receiving qualified or adverse opinions in connection with security or penetration testing, certifications or audits, such as those related to IT controls and security standards and frameworks or compliance; •poor business conditions for our customers, causing them to delay software purchases; •reluctance of customers to purchase proprietary software products; •reluctance of our customers to purchase products hosted by our vendors and/or service interruption from such providers; •reluctance of customers to purchase products incorporating AI; and •reluctance of customers to purchase products incorporating open source software." **Prior (2025):** •receiving qualified or adverse opinions in connection with security or penetration testing, certifications or audits, such as those related to IT controls and security standards and frameworks or compliance; •poor business conditions for our customers, causing them to delay software purchases; •reluctance of customers to purchase proprietary software products; •reluctance of our customers to purchase products hosted by our vendors and/or service interruption from such providers; •reluctance of customers to purchase products incorporating generative AI; and •reluctance of customers to purchase products incorporating open source software. If we are not able to continue to identify challenges faced by our customers and develop, license, or acquire new features and capabilities to our platforms in a timely and cost-effective manner, or if such enhancements do not achieve market acceptance, our business, financial condition, results of operations, and prospects may suffer and our anticipated revenue growth may not be achieved. Because we derive, and expect to continue to derive, substantially all of our revenue from customers purchasing our platforms and products, market acceptance of these platforms and products, and any enhancements or changes thereto, is critical to our success. **Current (2026):** •negative publicity or negative private statements about the security, performance, or effectiveness of our platforms or product enhancements; •delays in releasing to the market our new offerings or enhancements to our existing offerings, including new product modules; •introduction or anticipated introduction of competing platforms or functionalities by our competitors; •inability of our platforms or product enhancements to scale and perform to meet customer demands or needs; •receiving qualified or adverse opinions in connection with security or penetration testing, certifications or audits, such as those related to IT controls and security standards and frameworks or compliance; •poor business conditions for our customers, causing them to delay software purchases; •reluctance of customers to purchase proprietary software products; •reluctance of our customers to purchase products hosted by our vendors and/or service interruption from such providers; •reluctance of customers to purchase products incorporating AI; and •reluctance of customers to purchase products incorporating open source software. If we are not able to continue to identify challenges faced by our customers and develop, license, or acquire new features and capabilities to our platforms in a timely and cost-effective manner, or if such enhancements do not achieve market acceptance, our business, financial condition, results of operations, and prospects may suffer and our anticipated revenue growth may not be achieved. Because we derive, and expect to continue to derive, substantially all of our revenue from customers purchasing our platforms and products, market acceptance of these platforms and products, and any enhancements or changes thereto, is critical to our success. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "provide might be classified as defense services subject to the ITAR separately from the products we provide." - Updated: "For example, following Russia's invasion of Ukraine, and as the conflict has continued, the United States and other countries have imposed economic sanctions and severe export control restrictions against Russia, Belarus, and certain regions of Ukraine, and the United States and other countries could continue to impose wider sanctions and export restrictions and take other actions should the conflict further escalate." **Prior (2025):** Our offerings are subject to U.S. export controls, and we incorporate encryption technology into certain of our offerings. Our controlled software offerings and the underlying technology may be exported outside of the United States only with the required export authorizations, which may include license requirements in some circumstances. Additionally, our current or future products may be classified under the Commerce Department Export Administration Regulations ("EAR") or as defense articles subject to the United States International Traffic in Arms Regulations ("ITAR"). Most of our products, including our core software platforms, have been classified under the EAR and are generally exportable without needing a specific license, under an EAR exception for encrypted software. If a product, or component of a product, is classified under the ITAR, or is ineligible for the EAR encryption exception, then those products could be exported outside the United States only if we obtain the applicable export license or qualify for a different license exemption or exception. In certain contexts, the services we provide might be classified as defense services subject to the ITAR separately from the products we provide. Compliance with the EAR, ITAR, and other applicable regulatory requirements regarding the export of our products, including new releases of our products and/or the performance of services, may create delays in the introduction of our products in non-U.S. markets, prevent our customers with non-U.S. operations from deploying our products throughout their global systems or, in some cases, prevent the export of our products to some countries altogether. Furthermore, our activities are subject to the economic sanctions, laws and regulations of the United States and other jurisdictions. Such controls prohibit the shipment or transfer of certain products and services without the required export authorizations or export to countries, governments, and persons targeted by applicable sanctions. We take precautions to prevent our offerings from being exported in violation of these laws, including: (i) seeking to proactively classify our platforms and obtain authorizations for the export and/or import of our platforms where appropriate, (ii) implementing certain technical controls and screening practices to reduce the risk of violations, and (iii) requiring compliance with U.S. export control and sanctions obligations in customer and vendor contracts. However, we cannot guarantee the precautions we take will prevent violations of export control and sanctions laws. As discussed above, if we misclassify a product or service, export or provide access to a product or service in violation of applicable restrictions, or otherwise fail to comply with export regulations, we may be denied export privileges or subjected to significant per violation fines or other penalties, and our platforms may be denied entry into other countries. Any decreased use of our platforms or limitation on our ability to export or sell our platforms would likely adversely affect our business, results of operations and financial condition. Violations of U.S. sanctions or export control laws can result in fines or penalties, including civil penalties of over $300,000 or twice the value of the transaction, whichever is greater, per EAR violation and a civil penalty of over $1,000,000 or twice the value of the transaction, whichever is greater, per ITAR violation. In the event of criminal knowing and willful violations of these laws, fines of up to $1,000,000 per violation and possible incarceration for responsible employees and managers could be imposed. We also note that if we or our business partners or counterparties, including licensors and licensees, prime contractors, subcontractors, sublicensors, vendors, customers, shipping partners, or contractors, fail to obtain appropriate import, export, or re-export licenses or permits, notwithstanding regulatory requirements or contractual commitments to do so, or if we fail to secure such contractual commitments where necessary, we may also be adversely affected, through reputational harm as well as other negative consequences, including government investigations and penalties. For instance, violations of U.S. sanctions or export control laws can result in fines or penalties, including significant civil and criminal penalties per violation, depending on the circumstances of the violation or violations. Negative consequences for violations or apparent violations of trade control requirements may include the absolute loss of the right to sell our platforms or services to the government of the United States, or to other public bodies, or a reduction in our ability to compete for such sales opportunities. Further, complying with export control and sanctions regulations for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities. Also, various countries, in addition to the United States, regulate the import and export of certain encryption and other technology, including import and export permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our platforms or could limit our customers' abilities to implement our platforms in those countries. For example, following Russia's invasion of Ukraine, and as the conflict has continued, the United States and other countries have imposed economic sanctions and severe export control restrictions against Russia, Belarus, and certain regions of Ukraine, and the United States and other countries could continue to impose wider sanctions and export restrictions and take other actions 44 44 44 **Current (2026):** provide might be classified as defense services subject to the ITAR separately from the products we provide. Compliance with the EAR, ITAR, and other applicable regulatory requirements regarding the export of our products, including new releases of our products and/or the performance of services, may create delays in the introduction of our products in non-U.S. markets, prevent our customers with non-U.S. operations from deploying our products throughout their global systems or, in some cases, prevent the export of our products to some countries altogether. Furthermore, our activities are subject to the economic sanctions, laws and regulations of the United States and other jurisdictions. Such controls prohibit the shipment or transfer of certain products and services without the required export authorizations or export to countries, governments, and persons targeted by applicable sanctions. We take precautions to prevent our offerings from being exported in violation of these laws, including: (i) seeking to proactively classify our platforms and obtain authorizations for the export and/or import of our platforms where appropriate, (ii) implementing certain technical controls and screening practices to reduce the risk of violations, and (iii) requiring compliance with U.S. export control and sanctions obligations in customer and vendor contracts. However, we cannot guarantee the precautions we take will prevent violations of export control and sanctions laws. As discussed above, if we misclassify a product or service, export or provide access to a product or service in violation of applicable restrictions, or otherwise fail to comply with export regulations, we may be denied export privileges or subjected to significant per violation fines or other penalties, and our platforms may be denied entry into other countries. Any decreased use of our platforms or limitation on our ability to export or sell our platforms would likely adversely affect our business, results of operations and financial condition. Violations of U.S. sanctions or export control laws can result in fines or penalties, including civil penalties of over $300,000 or twice the value of the transaction, whichever is greater, per EAR violation and a civil penalty of over $1,000,000 or twice the value of the transaction, whichever is greater, per ITAR violation. In the event of criminal knowing and willful violations of these laws, fines of up to $1,000,000 per violation and possible incarceration for responsible employees and managers could be imposed. We also note that if we or our business partners or counterparties, including licensors and licensees, prime contractors, subcontractors, sublicensors, vendors, customers, shipping partners, or contractors, fail to obtain appropriate import, export, or re-export licenses or permits, notwithstanding regulatory requirements or contractual commitments to do so, or if we fail to secure such contractual commitments where necessary, we may also be adversely affected, through reputational harm as well as other negative consequences, including government investigations and penalties. For instance, violations of U.S. sanctions or export control laws can result in fines or penalties, including significant civil and criminal penalties per violation, depending on the circumstances of the violation or violations. Negative consequences for violations or apparent violations of trade control requirements may include the absolute loss of the right to sell our platforms or services to the government of the United States, or to other public bodies, or a reduction in our ability to compete for such sales opportunities. Further, complying with export control and sanctions regulations for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities. Also, various countries, in addition to the United States, regulate the import and export of certain encryption and other technology, including import and export permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our platforms or could limit our customers' abilities to implement our platforms in those countries. For example, following Russia's invasion of Ukraine, and as the conflict has continued, the United States and other countries have imposed economic sanctions and severe export control restrictions against Russia, Belarus, and certain regions of Ukraine, and the United States and other countries could continue to impose wider sanctions and export restrictions and take other actions should the conflict further escalate. Any new export restrictions, new legislation, changes in economic sanctions, or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons, or technologies targeted by such regulations, could result in decreased use of our platforms by existing customers with non-U.S. operations, declining adoption of our platforms by new customers with non-U.S. operations, limitation of our expansion into new markets, and decreased revenue. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "such locations or environments, we may not have full control over how our platforms and products are deployed, managed, or secured, our standards for information security may not be met, and our ability to deploy certain security features and controls may be limited." - Updated: "Such zones are subject to, among other things, political uncertainty, geopolitical tensions, and military actions, such as those associated with the ongoing Russia-Ukraine, and Israel and broader Middle East conflicts." - Updated: "If an actual or perceived breach of security measures, unauthorized access to our system or the systems of the third-party vendors that we rely upon, or any other cybersecurity attack, threat, or incident occurs, we may face direct or indirect liability, costs, or damages, including expenses related to responding and/or alleviating an actual or perceived breach or other incident, contract termination, our reputation in the industry and with current and potential customers may be compromised, our ability to 32 32 32 32 32 32" **Prior (2025):** our terms of service or is otherwise improper or perceived as improper, which could cause reputational damage and adversely affect our business, financial condition, and results of operations. We, and the third-party vendors upon which we rely, have experienced, and may in the future experience, cybersecurity attacks and threats, including threats or attempts to disrupt our information technology infrastructure and unauthorized attempts to gain access to sensitive or confidential information. Our and our third-party vendors' technology systems have been, and in the future may be, damaged, disrupted, or compromised by harmful events, including malicious activities, natural occurrences, inadvertent errors, cybersecurity incidents or cyberattacks (including computer viruses, ransomware, and other malicious and destructive code, phishing attacks, and denial of service attacks), physical or electronic security breaches and incidents, natural disasters, fire, power loss, telecommunications failures, personnel misconduct, and human error. Such attacks or security breaches or incidents may be perpetrated by internal bad actors, such as employees or contractors, or by third parties (including traditional computer hackers, persons involved with organized crime, or foreign state or foreign state-supported actors). Cybersecurity threats can employ a wide variety of methods and techniques, may include the use of social engineering techniques or supply-chain attacks, are constantly evolving, and have become increasingly complex and sophisticated, all of which increase the difficulty of detecting and successfully defending against them. Furthermore, because the techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until after they are launched against a target, we and our third-party vendors may not have the capacity to immediately detect such efforts, may be unable to anticipate these techniques, or may be unable to implement adequate preventative measures. Although prior known cyberattacks directed at us have not had a material impact on our financial results, and we are continuing to bolster our threat detection and mitigation processes and procedures, our security measures may be circumvented and we cannot guarantee that past, future, or ongoing cyberattacks or other security breaches or incidents against us or a third party, if successful, will not have a material impact on our business or financial results, whether directly or indirectly. Further, the practical security prioritization decisions we make based on our assessment of potential risks may not be successful in identifying or mitigating cyberattacks or other security breaches or incidents that could result in material impacts. We have provided, and may continue to provide, our platforms, products, personnel, and services to support operations in conflict zones. Such zones are subject to, among other things, political uncertainty, geopolitical tensions, and military actions, such as those associated with the ongoing Russia-Ukraine and Israel conflicts. As a result, we and our third-party vendors have been vulnerable to a heightened risk of, and have been exposed to, cybersecurity attacks, phishing attacks, viruses, malware, ransomware, hacking or similar breaches and incidents, including increasingly sophisticated threats, from nation-state actors or affiliated actors, including attacks that could materially disrupt our systems and operations, supply chain, and ability to produce, sell, and distribute our products and services. While we have security measures in place to protect our information and our customers' information and to prevent data loss and other security breaches and incidents, we have not always been able to do so and there can be no assurance that in the future we will be able to anticipate or prevent security breaches or incidents, or intentional or unintentional action or inaction by employees or third parties, which may result in unauthorized access of our information technology systems or the information technology systems of the third-party vendors upon which we rely. Despite our implementation of network security measures and internal information security policies, data stored on personnel computer systems is also vulnerable to similar security breaches and incidents, unauthorized tampering, bad actors, or human error. If an actual or perceived breach of security measures, unauthorized access to our system or the systems of the third-party vendors that we rely upon, or any other cybersecurity attack, threat, or incident occurs, we may face direct or indirect liability, costs, or damages, including expenses related to responding and/or alleviating an actual or perceived breach or other incident, contract termination, our reputation in the industry and with current and potential customers may be compromised, our ability to attract new customers could be negatively affected, our management's attention could be diverted, and our business, financial condition, and results of operations could be materially and adversely affected. Further, unauthorized access to our or our third-party vendors' information technology systems or data or other security breaches or incidents could result in the loss, corruption, or unavailability of information; significant remediation costs; litigation, disputes, regulatory action, or investigations that could result in damages, material fines, and penalties; indemnity obligations; interruptions in the operation of our business, including our ability to provide new product features, new platforms, or services to our customers; damage to our operation technology networks and information technology systems; and other liabilities. Moreover, our remediation efforts may not be successful. Any or all of these issues, or the perception that any of them have occurred, could negatively affect our ability to attract new customers, cause existing customers to terminate or not renew their agreements, hinder our ability to obtain and maintain required or desirable cybersecurity certifications, and result in reputational damage, any of which could materially adversely affect our results of operations, financial condition, and future prospects. There can be no assurance that any limitations of liability provisions in our license arrangements with customers or in our agreements with vendors, partners, or others would be enforceable, applicable, or adequate or would otherwise protect us from any such liabilities or damages with respect to any particular claim. We maintain cybersecurity insurance and other types of insurance, subject to applicable deductibles and policy limits, but our insurance may not be sufficient to cover all costs associated with a potential data security incident. We also cannot be sure that 32 32 32 **Current (2026):** such locations or environments, we may not have full control over how our platforms and products are deployed, managed, or secured, our standards for information security may not be met, and our ability to deploy certain security features and controls may be limited. These locations and environments may be more vulnerable to cybersecurity attacks, phishing attacks, viruses, malware, ransomware, and hacking, or similar breaches and incidents, including those from nation-state actors or affiliated actors, and such attacks could harm our customers' ability to operate and perform their obligations under our contracts, or result in increased costs or liabilities, a perceived or actual security breach of our platforms, or harm to our business and reputation. Moreover, if our platforms and products are not appropriately deployed, managed, and secured in these locations or environments, or such locations or environments are not appropriately secured or experience cybersecurity attacks or other security breaches or incidents, our platforms and products could be compromised, inappropriately accessed or acquired, or undergo unauthorized use, copying, and distribution, and reverse engineering of our intellectual property, which could adversely affect our business, financial condition, and results of operations. Further, certain of our platforms and services now allow customers to deploy their own applications in our environments, for example via our FedStart offering. These third-party applications have been built outside of our platforms or environments utilizing security procedures, techniques, and controls that may not meet our standards for information security, or may contain exploitable defects, errors, or bugs that could result in failures, disruptions, cybersecurity attacks, or other security breaches or incidents. Further, as we increase the number of customers we serve on our cloud environment, the likelihood increases that some usage of our products may occur that violates our terms of service or is otherwise improper or perceived as improper, which could cause reputational damage and adversely affect our business, financial condition, and results of operations. We, and the third-party vendors upon which we rely, have experienced, and may in the future experience, cybersecurity attacks and threats, including threats or attempts to disrupt our information technology infrastructure and unauthorized attempts to gain access to sensitive or confidential information. Our and our third-party vendors' technology systems have been, and in the future may be, damaged, disrupted, or compromised by harmful events, including malicious activities, natural occurrences, inadvertent errors, cybersecurity incidents or cyberattacks (including computer viruses, ransomware, and other malicious and destructive code, phishing attacks, and denial of service attacks), physical or electronic security breaches and incidents, natural disasters, fire, power loss, telecommunications failures, personnel misconduct, and human error. Such attacks or security breaches or incidents may be perpetrated by internal bad actors, such as employees or contractors, or by third parties (including traditional computer hackers, persons involved with organized crime, or foreign state or foreign state-supported actors). Cybersecurity threats can employ a wide variety of methods and techniques, may include the use of social engineering techniques or supply-chain attacks, are constantly evolving, and have become increasingly complex and sophisticated, all of which increase the difficulty of detecting and successfully defending against them. Furthermore, because the techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until after they are launched against a target, we and our third-party vendors may not have the capacity to immediately detect such efforts, may be unable to anticipate these techniques, or may be unable to implement adequate preventative measures. Although prior known cyberattacks directed at us have not had a material impact on our financial results, and we are continuing to bolster our threat detection and mitigation processes and procedures, our security measures may be circumvented and we cannot guarantee that past, future, or ongoing cyberattacks or other security breaches or incidents against us or a third party, if successful, will not have a material impact on our business or financial results, whether directly or indirectly. Further, the practical security prioritization decisions we make based on our assessment of potential risks may not be successful in identifying or mitigating cyberattacks or other security breaches or incidents that could result in material impacts. We have provided, and may continue to provide, our platforms, products, personnel, and services to support operations in conflict zones. Such zones are subject to, among other things, political uncertainty, geopolitical tensions, and military actions, such as those associated with the ongoing Russia-Ukraine, and Israel and broader Middle East conflicts. As a result, we and our third-party vendors have been vulnerable to a heightened risk of, and have been exposed to, cybersecurity attacks, phishing attacks, viruses, malware, ransomware, hacking or similar breaches and incidents, including increasingly sophisticated threats, from nation-state actors or affiliated actors, including attacks that could materially disrupt our systems and operations, supply chain, and ability to produce, sell, and distribute our products and services. While we have security measures in place to protect our information and our customers' information and to prevent data loss and other security breaches and incidents, we have not always been able to do so and there can be no assurance that in the future we will be able to anticipate or prevent security breaches or incidents, or intentional or unintentional action or inaction by employees or third parties, which may result in unauthorized access of our information technology systems or the information technology systems of the third-party vendors upon which we rely. Despite our implementation of network security measures and internal information security policies, data stored on personnel computer systems is also vulnerable to similar security breaches and incidents, unauthorized tampering, bad actors, or human error. If an actual or perceived breach of security measures, unauthorized access to our system or the systems of the third-party vendors that we rely upon, or any other cybersecurity attack, threat, or incident occurs, we may face direct or indirect liability, costs, or damages, including expenses related to responding and/or alleviating an actual or perceived breach or other incident, contract termination, our reputation in the industry and with current and potential customers may be compromised, our ability to 32 32 32 32 32 32 --- ## Modified Risk: Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may discourage certain types of transactions that may involve an actual or threatened acquisition of the Company, which will likely depress the trading price of our Class A common stock. **Key changes:** - Updated: "Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that may make the acquisition of our company more difficult, including the following: •our multi-class common stock structure, which provides our Founders and their affiliates with the ability to effectively control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the shares of our outstanding common stock; •prior to the Final Class F Conversion Date (as defined in our amended and restated certificate of incorporation), the holders of our common stock will only be able to take action by written consent if the action also receives the affirmative consent of a majority of the outstanding shares of our Class F common stock, and after such point the holders of our common stock will only be able to take action at a meeting of the stockholders and will not be able to take action by written consent for any matter; •from and after the Final Class F Conversion Date, our Board of Directors will be classified into three classes of directors with staggered three-year terms; •our amended and restated certificate of incorporation does not provide for cumulative voting; •certain transactions, other than restructuring transactions or transactions that otherwise do not involve a Change of Control (as defined in our amended and restated certificate of incorporation), which transactions require, pursuant to Section 251(c) or Section 271(a) of the Delaware General Corporation Law, the approval of the holders of a majority of the voting power of all of the outstanding shares of our capital stock entitled to vote thereon, will require approval by the holders of at least 55.0% of the voting power of all of the outstanding shares of our capital stock entitled to vote 53 53 53 53 53 53" **Prior (2025):** Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that may make the acquisition of our company more difficult, including the following: •our multi-class common stock structure, which provides our Founders and their affiliates with the ability to effectively control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the shares of our outstanding common stock; •prior to the Final Class F Conversion Date (as defined in our amended and restated certificate of incorporation), the holders of our common stock will only be able to take action by written consent if the action also receives the affirmative consent of a majority of the outstanding shares of our Class F common stock, and after such point the holders of our common stock will only be able to take action at a meeting of the stockholders and will not be able to take action by written consent for any matter; •from and after the Final Class F Conversion Date, our Board of Directors will be classified into three classes of directors with staggered three-year terms; •our amended and restated certificate of incorporation does not provide for cumulative voting; •certain transactions, other than restructuring transactions or transactions that otherwise do not involve a Change of Control (as defined in our amended and restated certificate of incorporation), which transactions require, pursuant to Section 251(c) or Section 271(a) of the Delaware General Corporation Law, the approval of the holders of a majority of the voting power of all of the outstanding shares of our capital stock entitled to vote thereon, will require approval by the holders of at least 55.0% of the voting power of all of the outstanding shares of our capital stock entitled to vote thereon if the record date for determining the stockholders entitled to vote to approve such transaction occurs prior to the Final Class F Conversion Date; •certain transactions prior to the Final Class F Conversion Date, that would require disclosure pursuant to Item 404(a) of Regulation S-K, between any of our Founders (or their controlled affiliates), on the one hand, and us, on the other, in which consideration exchanges hands between our Founders (or their controlled affiliates) and us, and such consideration has a fair market value in excess of $50.0 million as determined in accordance with our amended and restated bylaws will require approval by either (i) the holders of at least 66 2/3% of the voting power of all of the outstanding shares of our capital stock, voting together as a single class, or (ii) an Independent Committee (as defined in our amended and restated bylaws); •the acquisition of our equity securities by our Founders (including their controlled affiliates), prior to the Final Class F Conversion Date, in a "Rule 13e-3 transaction" (as defined in Rule 13e-3 under the Exchange Act) will be conditioned on approval by (i) an Independent Committee and (ii) the holders of a majority of the voting power of our capital stock that is held by our stockholders other than the Founders (including their controlled affiliates) and any holder of the Class F Common Stock; •vacancies on our Board of Directors will be able to be filled only by our Board of Directors and not by stockholders; •our directors may only be removed as provided in the Delaware General Corporation Law; •a special meeting of our stockholders may only be called by the chairperson of our Board of Directors, our Chief Executive Officer, our President, or our Board of Directors pursuant to a resolution adopted by a majority of the total number of authorized directorships, whether or not there exist any vacancies or other unfilled seats in previously authorized directorships; •our amended and restated certificate of incorporation authorizes undesignated preferred stock, the terms of which may be established and shares of which may be issued without further action by our stockholders, except that any designation and issuance of preferred stock must receive the affirmative vote of a majority of the outstanding shares of our Class F common stock; and •advance notice procedures apply for stockholders to nominate candidates for election as directors or to bring matters before an annual meeting of stockholders. These provisions, alone or together, could discourage, delay or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors of their choosing and to cause us to take other corporate actions they desire, any of which, under certain circumstances, could limit the opportunity for our stockholders to receive a premium for their shares of our Class A common stock, and could also affect the price that some investors are willing to pay for our Class A common stock. 53 53 53 **Current (2026):** Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that may make the acquisition of our company more difficult, including the following: •our multi-class common stock structure, which provides our Founders and their affiliates with the ability to effectively control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the shares of our outstanding common stock; •prior to the Final Class F Conversion Date (as defined in our amended and restated certificate of incorporation), the holders of our common stock will only be able to take action by written consent if the action also receives the affirmative consent of a majority of the outstanding shares of our Class F common stock, and after such point the holders of our common stock will only be able to take action at a meeting of the stockholders and will not be able to take action by written consent for any matter; •from and after the Final Class F Conversion Date, our Board of Directors will be classified into three classes of directors with staggered three-year terms; •our amended and restated certificate of incorporation does not provide for cumulative voting; •certain transactions, other than restructuring transactions or transactions that otherwise do not involve a Change of Control (as defined in our amended and restated certificate of incorporation), which transactions require, pursuant to Section 251(c) or Section 271(a) of the Delaware General Corporation Law, the approval of the holders of a majority of the voting power of all of the outstanding shares of our capital stock entitled to vote thereon, will require approval by the holders of at least 55.0% of the voting power of all of the outstanding shares of our capital stock entitled to vote 53 53 53 53 53 53 --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "opportunities and access to a wider base of potential customers and pool of qualified subcontractor personnel that we can call upon to enhance and augment our implementation and engineering services." **Prior (2025):** business strategy. Joint ventures, channel sales relationships, platform partnerships, strategic alliances, and other similar arrangements involve significant investments of both time and resources, and there can be no assurances that they will be successful. They may present significant challenges and risks, including that they may not advance our business strategy, we may get an unsatisfactory return on our investment or lose some or all of our investment, they may distract management and divert resources from our core business, including our business development and product development efforts, they may expose us to additional or unexpected liabilities, including as a result of partnering with entities in new or unfamiliar territories or markets, they may conflict with our sales hiring and direct sales strategy, or we may choose a partner that does not cooperate as we expect them to and that fails to meet its obligations or that has economic, business, or legal interests or goals that are inconsistent with ours. For example, in November 2019, we created a jointly controlled entity in Japan with SOMPO Holdings, Inc., in which we subsequently obtained a controlling interest in November 2022. For more information see Note 14. Business Combinations in the consolidated financial statements in our Annual Report on Form 10-K for the year ended December 31, 2023, which was filed with the SEC on February 20, 2024. We also created a jointly-owned entity in South Korea with HD Hyundai Co. Ltd. in December 2022 in which we have a controlling interest. We believe these arrangements offer our business strategic operational advantages within Japanese and Korean markets, but they also limit our ability to independently sell our platforms, provide certain services, engage certain customers, or compete in Japanese and Korean markets or related industry verticals, which in turn limits our opportunities for growth in Japan and Korea and, depending on the success of each respective entity, may negatively impact our results. Furthermore, since 2020, we have entered into channel sales relationships and strategic alliances with various global system integrators that we believe provide us with more diverse go-to-market opportunities and access to a wider base of potential customers and pool of qualified subcontractor personnel that we can call upon to enhance and augment our implementation and engineering services. When we enter into such relationships, our partners may be required to undertake some portion of sales, marketing, implementation services, engineering services, or software configuration that we would otherwise provide. In such cases, our partner may be less successful than we would have otherwise been absent the arrangement and our ability to influence, or have visibility into, the sales, marketing, and related efforts of our partners may be limited. In the event we enter into an arrangement with a particular partner, we may be less likely (or unable) to work with one or more direct competitors of our partner with which we would have worked absent the arrangement. We may have interests that are different from our partners and/or which may affect our ability to successfully collaborate with a given partner. In addition, customer satisfaction with our products provided in connection with these arrangements may be less favorable than anticipated, negatively impacting anticipated revenue growth and results of operations of arrangements in question. Further, some of our strategic partners offer competing products and services or work with our competitors. As a result of these and other factors, many of the companies with which we have or are seeking joint ventures, channel sales relationships, platform partnerships, or strategic alliances may choose to pursue alternative technologies and develop alternative products and services in addition to or in lieu of our platforms, either on their own or in collaboration with others, including our competitors. If we are unsuccessful in establishing or maintaining our relationships with these partners, our ability to compete in a given marketplace, secure certain customer contracts (including contracts for large or complex government procurement programs), or to grow our revenue would be impaired, and our results of operations may suffer. Even if we are successful in establishing and maintaining these relationships with our partners, we cannot assure you that these relationships will result in increased customer usage of our platforms or increased revenue. Additionally, if our partners' brand, reputation, or products are negatively impacted in any way, that could impact our expected outcomes in those markets. Entry into certain joint ventures, channel sales relationships, platform partnerships, or strategic alliances now or in the future may be subject to government regulation, including review by U.S. or foreign government entities related to foreign direct investment. If a joint venture or similar arrangement were subject to regulatory review, such regulatory review might limit our ability to enter into the desired strategic alliance and thus our ability to carry out our long-term business strategy. As our joint ventures, channel sales relationships, platform partnerships, and strategic alliances come to an end or terminate, we may be unable to renew or replace them on comparable terms, or at all. Furthermore, one or more of our partners in such a relationship may independently suffer a bankruptcy or other economic hardship that negatively affects its ability to continue as a going concern or successfully perform on its obligation under the arrangement. Winding down joint ventures, channel sales relationships, platform partnerships, or other strategic alliances can result in additional costs, litigation, and negative publicity. Any of these events could adversely affect our business, financial condition, results of operations, and growth prospects. **Current (2026):** opportunities and access to a wider base of potential customers and pool of qualified subcontractor personnel that we can call upon to enhance and augment our implementation and engineering services. When we enter into such relationships, our partners may be required to undertake some portion of sales, marketing, implementation services, engineering services, or software configuration that we would otherwise provide. In such cases, our partner may be less successful than we would have otherwise been absent the arrangement and our ability to influence, or have visibility into, the sales, marketing, and related efforts of our partners may be limited. In the event we enter into an arrangement with a particular partner, we may be less likely (or unable) to work with one or more direct competitors of our partner with which we would have worked absent the arrangement. We may have interests that are different from our partners and/or which may affect our ability to successfully collaborate with a given partner. In addition, customer satisfaction with our products provided in connection with these arrangements may be less favorable than anticipated, negatively impacting anticipated revenue growth and results of operations of arrangements in question. Further, some of our strategic partners offer competing products and services or work with our competitors. As a result of these and other factors, many of the companies with which we have or are seeking joint ventures, channel sales relationships, platform partnerships, or strategic alliances may choose to pursue alternative technologies and develop alternative products and services in addition to or in lieu of our platforms, either on their own or in collaboration with others, including our competitors. If we are unsuccessful in establishing or maintaining our relationships with these partners, our ability to compete in a given marketplace, secure certain customer contracts (including contracts for large or complex government procurement programs), or to grow our revenue would be impaired, and our results of operations may suffer. Even if we are successful in establishing and maintaining these relationships with our partners, we cannot assure you that these relationships will result in increased customer usage of our platforms or increased revenue. Additionally, if our partners' brand, reputation, or products are negatively impacted in any way, that could impact our expected outcomes in those markets. Entry into certain joint ventures, channel sales relationships, platform partnerships, or strategic alliances now or in the future may be subject to government regulation, including review by U.S. or foreign government entities related to foreign direct investment. If a joint venture or similar arrangement were subject to regulatory review, such regulatory review might limit our ability to enter into the desired strategic alliance and thus our ability to carry out our long-term business strategy. As our joint ventures, channel sales relationships, platform partnerships, and strategic alliances come to an end or terminate, we may be unable to renew or replace them on comparable terms, or at all. Furthermore, one or more of our partners in such a relationship may independently suffer a bankruptcy or other economic hardship that negatively affects its ability to continue as a going concern or successfully perform on its obligation under the arrangement. Winding down joint ventures, channel sales relationships, platform partnerships, or other strategic alliances can result in additional costs, litigation, and negative publicity. Any of these events could adversely affect our business, financial condition, results of operations, and growth prospects. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "at such customers) at no or low cost initially to them for evaluation purposes through short-term pilot deployments of our platforms, including at bootcamps, and there is no guarantee that we will be able to convert customers from these short-term pilot deployments to longer-term revenue-generating contracts." - Updated: "Our results of operations depend on sales to enterprise customers, which make product purchasing decisions based in part or entirely on factors, or perceived factors, not directly related to the features of the platforms, including, among others, that customer's projections of business growth, uncertainty about macroeconomic conditions (including as a result of the ongoing Russia-Ukraine conflict and related economic sanctions, the conflict resulting from Hamas' attack on Israel and the ongoing conflict in the Middle East, fluctuating interest rates, monetary policy changes, foreign currency fluctuations, or the potential or actual imposition of tariffs or other impacts on trade relations), capital budgets, anticipated cost savings from the implementation of our platforms, potential preference for such customer's internally-developed software solutions, perceptions about our business and platforms, more favorable terms offered by potential competitors, and previous technology investments." - Updated: "If our sales efforts to a potential customer do not result in sufficient revenue to justify our investments, including our investments in sales and marketing, our business, financial condition, and results of operations could be adversely affected." **Prior (2025):** Our results of operations may fluctuate, in part, because of the intensive nature of our sales efforts and the length and unpredictability of our sales cycle. As part of our standard sales efforts, we invest considerable time and expense evaluating the specific organizational needs of our potential customers and educating these potential customers about the technical capabilities and value of our platforms and services. We often also provide our platforms to potential customers (including individual users at such customers) at no or low cost initially to them for evaluation purposes through short-term pilot deployments of our platforms, including at bootcamps, and there is no guarantee that we will be able to convert customers from these short-term pilot deployments to longer-term revenue-generating contracts. We may continue to modify and update our sales efforts to meet market demand and the organizational needs of our potential customers, including to implement new go-to-market mechanisms or self-service models, or to collaborate with third party service providers, and any of these changes may not be successful and could increase our operating expenses. In addition, we have grown and may continue to grow our direct sales force, and our sales efforts have historically depended on the significant involvement of our senior management team. The length of our sales cycle, from initial demonstration of our platforms to sale of our platforms and services, tends to be long and varies substantially from customer to customer. Our sales cycle often lasts six to nine months but can extend to a year or more for some customers. Because decisions to purchase our platforms involve significant financial commitments, potential customers generally evaluate our platforms at multiple levels within their organization, each of which often have specific requirements, and typically involve their senior management. Our results of operations depend on sales to enterprise customers, which make product purchasing decisions based in part or entirely on factors, or perceived factors, not directly related to the features of the platforms, including, among others, that customer's projections of business growth, uncertainty about macroeconomic conditions (including as a result of the ongoing Russia-Ukraine conflict and related economic sanctions, the conflict resulting from Hamas' attack on Israel, heightened interest rates, monetary policy changes, or foreign currency fluctuations), capital budgets, anticipated cost savings from the implementation of our platforms, potential preference for such customer's internally-developed software solutions, perceptions about our business and platforms, more favorable terms offered by potential competitors, and previous technology investments. In addition, certain decision makers and other stakeholders within our potential customers tend to have vested interests in the continued use of internally developed or existing software, which may make it more difficult for us to sell our platforms and services. As a result of these and other factors, our sales efforts typically require an extensive effort throughout a customer's organization, a significant investment of human resources, expense and time, including by our senior management, and there can be no assurances that we will be successful in making a sale to a potential customer. If our sales efforts to a potential customer do not result in sufficient revenue to justify our investments, including in our growing direct sales force, our business, financial condition, and results of operations could be adversely affected. **Current (2026):** at such customers) at no or low cost initially to them for evaluation purposes through short-term pilot deployments of our platforms, including at bootcamps, and there is no guarantee that we will be able to convert customers from these short-term pilot deployments to longer-term revenue-generating contracts. We may continue to modify and update our sales efforts to meet market demand and the organizational needs of our potential customers, including to implement new go-to-market mechanisms or self-service models, or to collaborate with third party service providers, and any of these changes may not be successful and could increase our operating expenses. In addition, we have grown and may continue to grow our direct sales force, and our sales efforts have historically depended on the significant involvement of our senior management team. The length of our sales cycle, from initial demonstration of our platforms to sale of our platforms and services, tends to be long and varies substantially from customer to customer. Our sales cycle often lasts six to nine months but can extend to a year or more for some customers. Because decisions to purchase our platforms involve significant financial commitments, potential customers generally evaluate our platforms at multiple levels within their organization, each of which often have specific requirements, and typically involve their senior management. Our results of operations depend on sales to enterprise customers, which make product purchasing decisions based in part or entirely on factors, or perceived factors, not directly related to the features of the platforms, including, among others, that customer's projections of business growth, uncertainty about macroeconomic conditions (including as a result of the ongoing Russia-Ukraine conflict and related economic sanctions, the conflict resulting from Hamas' attack on Israel and the ongoing conflict in the Middle East, fluctuating interest rates, monetary policy changes, foreign currency fluctuations, or the potential or actual imposition of tariffs or other impacts on trade relations), capital budgets, anticipated cost savings from the implementation of our platforms, potential preference for such customer's internally-developed software solutions, perceptions about our business and platforms, more favorable terms offered by potential competitors, and previous technology investments. In addition, certain decision makers and other stakeholders within our potential customers tend to have vested interests in the continued use of internally developed or existing software, which may make it more difficult for us to sell our platforms and services. As a result of these and other factors, our sales efforts typically require an extensive effort throughout a customer's organization, a significant investment of human resources, expense and time, including by our senior management, and there can be no assurances that we will be successful in making a sale to a potential customer. If our sales efforts to a potential customer do not result in sufficient revenue to justify our investments, including our investments in sales and marketing, our business, financial condition, and results of operations could be adversely affected. --- ## Modified Risk: Real or perceived errors, failures, defects, or bugs in our platforms could adversely affect our results of operations and growth prospects. **Key changes:** - Updated: "Because we offer very complex technology platforms, various errors, defects, failures, or bugs have occurred and may in the future occur, especially when platforms, products, or capabilities are introduced, configured, or reconfigured, or when upgrades, new versions, or other product or infrastructure updates are deployed, installed, configured, or released." - Updated: "As a result, when problems occur for a customer 37 37 37 37 37 37" **Prior (2025):** or may not be properly mitigated or remediated in configured, reconfigured, upgraded or new software or other releases until after commencement of commercial shipments. Errors, failures, defects, and bugs have affected the performance of our platforms and can also delay the development or release of new platforms, products, or capabilities or upgrades or new versions of platforms, adversely affect our reputation and our customers' willingness to buy platforms from us, and adversely affect market acceptance or perception of our platforms. Many of our customers use our platforms in applications that are critical to their businesses or missions and may have a lower risk tolerance to errors, failures, defects, or bugs in our platforms than in other, less critical, software products. Any errors or delays in releasing new software or new versions of platforms, allegations of unsatisfactory performance, real or perceived errors, defects, or failures, such as data loss, or untimely or ineffective upgrades, patches, or other fixes to address errors, failures, defects, or bugs, could increase the risk of security vulnerabilities, cause us to lose revenue or market share, increase our service costs, cause us to incur substantial costs in redesigning the software, cause us to lose significant customers, cause us to issue credits or refunds, subject us to liability for damages and divert our resources from other tasks, any one of which could materially and adversely affect our business, results of operations and financial condition. In addition, our platforms could be perceived to be ineffective for a variety of reasons outside of our control. Hackers or other malicious parties could circumvent our or our customers' security measures, and customers may misuse our platforms resulting in a security breach or perceived product failure. Real or perceived errors, failures, or bugs in our platforms and services, or dissatisfaction with our services and outcomes, could result in customer terminations and/or claims by customers for losses sustained by them. In such an event, we may be required, or we have chosen, or in the future may choose, for customer relations or other reasons, to expend additional resources in order to help correct any such errors, failures, or bugs. Although we have limitation of liability provisions in our standard software licensing and service agreement terms and conditions, these provisions may not be enforceable in some circumstances, may vary in levels of protection across our agreements, or may not fully or effectively protect us from such claims and related liabilities and costs. We generally provide a warranty for our software products and services and an SLA for our performance of software operations. In the event that there is a failure of warranties in such agreements, we are generally obligated to correct the product or service to conform to the warranty provision, or, if we are unable to do so, the customer is entitled to seek a refund of the purchase price of the product and service (generally prorated over the contract term). In the event of a violation of an SLA, some customers may be entitled to seek a refund of a portion of the applicable monthly fee, with such portion determined by the magnitude of SLA violation, subject to a cap of a portion of total monthly fees, as applicable. The sale and support of our products also entail the risk of product liability claims. We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and divert management's time and other resources. In addition, our platforms integrate a wide variety of other elements, and our platforms must successfully interoperate with products from other vendors and our customers' internally developed software. As a result, when problems occur for a customer using our platforms, it may be difficult to identify the sources of these problems, and we may receive blame for a security, access control, or other compliance breach that was the result of the failure of one of the other elements in a customer's or another vendor's IT, security, or compliance infrastructure. The occurrence of software or errors in data, whether or not caused by our platforms, could delay or reduce market acceptance of our platforms and have an adverse effect on our business and financial performance, and any necessary revisions may cause us to incur significant expenses. The occurrence of any such problems could harm our business, financial condition, and results of operations. If an actual or perceived breach of information correctness, auditability, integrity, or availability occurs in one of our customers' systems, regardless of whether the breach is attributable to our platforms, the market perception of the effectiveness of our platforms could be harmed. Alleviating any of these problems could require additional significant expenditures of our capital and other resources and could cause interruptions, delays, or cessation of our product licensing, which could cause us to lose existing or potential customers and could adversely affect our business, financial condition, results of operations, and growth prospects. **Current (2026):** Because we offer very complex technology platforms, various errors, defects, failures, or bugs have occurred and may in the future occur, especially when platforms, products, or capabilities are introduced, configured, or reconfigured, or when upgrades, new versions, or other product or infrastructure updates are deployed, installed, configured, or released. Our platforms are often installed and used in large-scale computing environments with different operating systems, software products and equipment, and data source and network configurations, which may cause errors or failures in our platforms or may expose undetected errors, failures, or bugs in our platforms. Despite our internal systems and processes, errors, failures, or bugs may not be found or may not be properly mitigated or remediated in configured, reconfigured, upgraded or new software or other releases until after commencement of commercial shipments. Errors, failures, defects, and bugs have affected the performance of our platforms and can also delay the development or release of new platforms, products, or capabilities or upgrades or new versions of platforms, adversely affect our reputation and our customers' willingness to buy platforms from us, and adversely affect market acceptance or perception of our platforms. Many of our customers use our platforms in applications that are critical to their businesses or missions and may have a lower risk tolerance to errors, failures, defects, or bugs in our platforms than in other, less critical, software products. Any errors or delays in releasing new software or new versions of platforms, allegations of unsatisfactory performance, real or perceived errors, defects, or failures, such as data loss, or untimely or ineffective upgrades, patches, or other fixes to address errors, failures, defects, or bugs, could increase the risk of security vulnerabilities, cause us to lose revenue or market share, increase our service costs, cause us to incur substantial costs in redesigning the software, cause us to lose significant customers, cause us to issue credits or refunds, subject us to liability for damages and divert our resources from other tasks, any one of which could materially and adversely affect our business, results of operations and financial condition. In addition, our platforms could be perceived to be ineffective for a variety of reasons outside of our control. Hackers or other malicious parties could circumvent our or our customers' security measures, and customers may misuse our platforms resulting in a security breach or perceived product failure. Real or perceived errors, failures, or bugs in our platforms and services, or dissatisfaction with our services and outcomes, could result in customer terminations and/or claims by customers for losses sustained by them. In such an event, we may be required, or we have chosen, or in the future may choose, for customer relations or other reasons, to expend additional resources in order to help correct any such errors, failures, or bugs. Although we have limitation of liability provisions in our standard software licensing and service agreement terms and conditions, these provisions may not be enforceable in some circumstances, may vary in levels of protection across our agreements, or may not fully or effectively protect us from such claims and related liabilities and costs. We generally provide a warranty for our software products and services and an SLA for our performance of software operations. In the event that there is a failure of warranties in such agreements, we are generally obligated to correct the product or service to conform to the warranty provision, or, if we are unable to do so, the customer is entitled to seek a refund of the purchase price of the product and service (generally prorated over the contract term). In the event of a violation of an SLA, some customers may be entitled to seek a refund of a portion of the applicable monthly fee, with such portion determined by the magnitude of SLA violation, subject to a cap of a portion of total monthly fees, as applicable. The sale and support of our products also entail the risk of product liability claims. We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and divert management's time and other resources. In addition, our platforms integrate a wide variety of other elements, and our platforms must successfully interoperate with products from other vendors and our customers' internally developed software. As a result, when problems occur for a customer 37 37 37 37 37 37 --- ## Modified Risk: Our results of operations and our key business measures are likely to fluctuate significantly on a quarterly basis in future periods and may not fully reflect the underlying performance of our business, which makes our future results difficult to predict and could cause our results of operations to fall below expectations. **Key changes:** - Updated: "The timing of customer billing and payment varies from contract to contract." **Prior (2025):** Our quarterly results of operations, including cash flows, have fluctuated significantly in the past and are likely to continue to do so in the future. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our quarterly results, financial position, and operations are likely to fluctuate as a result of a variety of factors, many of which are outside of our control, and as a result, may not fully reflect the underlying performance of our business. Fluctuation in quarterly results may also negatively impact the value of our Class A common stock. We typically close a large portion of our sales in the last several weeks of a quarter, which impacts our ability to plan and manage margins and cash flows. Our sales cycle is often long, and it is difficult to predict exactly when, or if, we will actually make a sale with a potential customer, particularly large government and commercial customers. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. The loss or delay of one or more large sales transactions in a quarter would impact our results of operations and cash flow for that quarter and any future quarters in which revenue from that transaction is lost or delayed. In addition, downturns in new sales may not be immediately reflected in our revenue because we generally recognize revenue over the term of our contracts. The timing of 15 15 15 **Current (2026):** Our quarterly results of operations, including cash flows, have fluctuated significantly in the past and are likely to continue to do so in the future. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our quarterly results, financial position, and operations are likely to fluctuate as a result of a variety of factors, many of which are outside of our control, and as a result, may not fully reflect the underlying performance of our business. Fluctuation in quarterly results may also negatively impact the value of our Class A common stock. We typically close a large portion of our sales in the last several weeks of a quarter, which impacts our ability to plan and manage margins and cash flows. Our sales cycle is often long, and it is difficult to predict exactly when, or if, we will actually make a sale with a potential customer, particularly large government and commercial customers. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. The loss or delay of one or more large sales transactions in a quarter would impact our results of operations and cash flow for that quarter and any future quarters in which revenue from that transaction is lost or delayed. In addition, downturns in new sales may not be immediately reflected in our revenue because we generally recognize revenue over the term of our contracts. The timing of customer billing and payment varies from contract to contract. A delay in the timing of receipt of such collections, or a default on a large contract, may negatively impact our liquidity for the period and in the future. Because a substantial portion of our expenses are relatively fixed in the short term and require time to adjust, our results of operations and liquidity would suffer if revenue fell below our expectations in a particular period. Other factors that may cause fluctuations in our quarterly results of operations and financial position include, without limitation, those listed below: •the success of our sales and marketing efforts, including the success of our pilot deployments (including bootcamps); •our ability to increase our contribution margins; •the timing of expenses and revenue recognition, including from changes in accounting assumptions or estimates; •the timing and amount of payments received from our customers; •termination of one or more large contracts by customers, including for convenience; •the time and cost-intensive nature of our sales efforts and the length and variability of sales cycles; •the amount and timing of operating expenses related to the development, maintenance, and expansion of our business and operations; •the timing and effectiveness of new sales and marketing initiatives; •changes in our pricing policies or those of our competitors; •the timing and success of new platforms, products, features, and functionality introduced by us or our competitors; •interruptions or delays in our operations and maintenance ("O&M") services; •cyberattacks and other actual or perceived data, privacy, cyber, or physical security breaches or incidents, and related expenses; 16 16 16 16 16 16 --- ## Modified Risk: We have previously been, and are currently, or in the future may become, involved in a number of legal, regulatory, and administrative inquiries and proceedings, and unfavorable outcomes in litigation or other of these matters could negatively impact our business, financial conditions, and results of operations. **Key changes:** - Removed: "The number and significance of our legal disputes and inquiries may increase as we continue to grow larger, as our business expands in employee headcount, scope, and geographic reach, and as our platforms and services become more complex." - Removed: "Additionally, if customers fail to pay us under the terms of our agreements, we may be adversely affected due to the cost of enforcing the terms of our contracts through litigation." - Removed: "Litigation or other proceedings can be expensive and time consuming and can divert our resources and leadership's attention from our primary business operations." - Removed: "The results of our litigation also cannot be predicted with certainty." - Removed: "If we are unable to prevail in litigation, we could incur payments of substantial monetary damages or fines, or undesirable changes to our platforms or business practices, and accordingly, our business, financial condition, or results of operations could be materially and adversely affected." **Prior (2025):** We have previously been, and are currently, and from time to time going forward may become involved in and subject to regulatory or other governmental inquiries or investigations, or government or private-party litigation or proceedings for a variety of claims or disputes. These claims, lawsuits, and proceedings have involved, and could in the future involve, labor and employment, discrimination and harassment, commercial disputes, intellectual property rights (including patent, trademark, copyright, trade secret, and other proprietary rights), class actions, general contract, tort, defamation, data privacy rights, antitrust, common law fraud, government regulation, or compliance, alleged federal and state securities and "blue sky" law violations or other investor claims, and other matters. Derivative claims, lawsuits, and proceedings involving breach of fiduciary duty, failure of oversight, corporate waste claims, and other matters have been, and may in the future be, asserted against our officers and directors by our stockholders. In addition, we and certain of our officers and directors were sued in purported class action lawsuits and derivative lawsuits. Our business and results may be adversely affected by the outcome of any currently pending or any future legal, regulatory, and/or administrative claims or proceedings, including through monetary damages or injunctive relief. The number and significance of our legal disputes and inquiries may increase as we continue to grow larger, as our business expands in employee headcount, scope, and geographic reach, and as our platforms and services become more complex. Additionally, if customers fail to pay us under the terms of our agreements, we may be adversely affected due to the cost of enforcing the terms of our contracts through litigation. Litigation or other proceedings can be expensive and time consuming and can divert our resources and leadership's attention from our primary business operations. The results of our litigation also cannot be predicted with certainty. If we are unable to prevail in litigation, we could incur payments of substantial monetary damages or fines, or undesirable changes to our platforms or business practices, and accordingly, our business, financial condition, or results of operations could be materially and adversely affected. Furthermore, if we accrue a loss contingency for pending litigation and determine that it is probable, any disclosures, estimates, and reserves we reflect in our financial statements with regard to these matters may not reflect the ultimate disposition or financial impact of litigation or other such matters. These proceedings could also result in negative publicity, which could harm customer and public perception of our business, regardless of whether the allegations are valid or whether we are ultimately found liable. Additional information regarding certain of the lawsuits we are involved in is described further in Note 8. Commitments and Contingencies in our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. **Current (2026):** We have previously been, and are currently, and from time to time going forward may become involved in and subject to regulatory or other governmental inquiries or investigations, or government or private-party litigation or proceedings for a variety of claims or disputes. These claims, lawsuits, and proceedings have involved, and could in the future involve, labor and employment, discrimination and harassment, commercial disputes, intellectual property rights (including patent, trademark, copyright, trade secret, and other proprietary rights), class actions, general contract, tort, defamation, data privacy rights, antitrust, common law fraud, government regulation, or compliance, alleged federal and state securities and "blue sky" law violations or other investor claims, and other matters. Derivative claims, lawsuits, and proceedings involving breach of fiduciary duty, failure of oversight, corporate waste claims, and other matters have been, and may in the future be, asserted against our officers and directors by our stockholders. In addition, we and certain of our officers and directors were sued in purported class action lawsuits and derivative lawsuits. Our business and results may be adversely affected by the outcome of any currently pending or any future legal, regulatory, and/or administrative claims or proceedings, including through monetary damages or injunctive relief. 43 43 43 43 43 43 --- ## Modified Risk: Table of Contents **Key changes:** - Removed: "associated with operating the platforms and delivering support, training, and documentation in languages other than English and providing services across expanded time-zones." - Removed: "If we are unable to provide efficient O&M services globally at scale, our ability to grow our operations may be harmed, and we may need to hire additional services personnel or partner with third party organizations, which could increase our expenses, and negatively impact our business, financial condition, and results of operations." **Prior (2025):** associated with operating the platforms and delivering support, training, and documentation in languages other than English and providing services across expanded time-zones. If we are unable to provide efficient O&M services globally at scale, our ability to grow our operations may be harmed, and we may need to hire additional services personnel or partner with third party organizations, which could increase our expenses, and negatively impact our business, financial condition, and results of operations. Our customers typically need training in the proper use of and the variety of benefits that can be derived from our platforms to maximize the potential of our platforms. If we do not effectively deploy, update, or upgrade our platforms, succeed in helping our customers quickly resolve post-deployment issues, and provide effective ongoing services, our ability to sell additional products and services to existing customers could be adversely affected, we may face negative publicity, and our reputation with potential customers could be damaged. Many enterprise and government customers require higher levels of service than smaller customers. If we fail to meet the requirements of the larger customers, it may be more difficult to execute on our strategy to increase our penetration with larger customers. As a result, our failure to maintain high quality services may have a material adverse effect on our business, financial condition, results of operations, and growth prospects. **Current (2026):** Our customers typically need training in the proper use of and the variety of benefits that can be derived from our platforms to maximize the potential of our platforms. If we do not effectively deploy, update, or upgrade our platforms, succeed in helping our customers quickly resolve post-deployment issues, and provide effective ongoing services, our ability to sell additional products and services to existing customers could be adversely affected, we may face negative publicity, and our reputation with potential customers could be damaged. Many enterprise and government customers require higher levels of service than smaller customers. If we fail to meet the requirements of the larger customers, it may be more difficult to execute on our strategy to increase our penetration with larger customers. As a result, our failure to maintain high quality services may have a material adverse effect on our business, financial condition, results of operations, and growth prospects. --- ## Modified Risk: We may not be able to utilize a significant portion of our net operating loss carryforwards and tax credits, which could adversely affect our results of operations. **Key changes:** - Updated: "Future changes in 46 46 46 46 46 46" **Prior (2025):** We record an asset for the future tax benefits from unused U.S. federal, state, and foreign net operating losses ("NOLs") and tax credits subject to a full valuation allowance. Federal, state, and foreign taxing bodies often place limitations on NOLs and tax credit carryforward benefits. As a result, we may not be able to utilize our NOLs and tax credits. In general, under Section 382 of the United States Internal Revenue Code of 1986, as amended (the "Code"), a corporation that undergoes an ownership change is subject to limitations on its ability to utilize its pre-change NOLs to offset future taxable income. Future changes in our stock ownership, some of which are outside of our control, could result in an ownership change under Section 382 of the Code. If our existing NOLs are subject to limitations arising from an ownership change, our ability to utilize NOLs could be limited by Section 382 of the Code, and a certain amount of our prior year NOLs could expire without benefit. Changes in the law may also impact our ability to use our NOLs and tax credit carryforwards. In addition, there is also a risk that the expiration of our existing NOLs or tax credits or a limitation on their use to offset future income tax liabilities could result from statutory or regulatory changes. For these reasons, we may not be able to utilize a material portion of our NOLs, which could potentially result in increased future tax liabilities to us and could adversely affect our results of operations. For additional information, see Note 11. Income Taxes in our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. **Current (2026):** We record an asset for the future tax benefits from unused U.S. federal, state, and foreign net operating losses ("NOLs") and tax credits subject to a full valuation allowance. Federal, state, and foreign taxing bodies often place limitations on NOLs and tax credit carryforward benefits. As a result, we may not be able to utilize our NOLs and tax credits. In general, under Section 382 of the United States Internal Revenue Code of 1986, as amended (the "Code"), a corporation that undergoes an ownership change is subject to limitations on its ability to utilize its pre-change NOLs to offset future taxable income. Future changes in 46 46 46 46 46 46 --- ## Modified Risk: Our platforms are complex and may have a lengthy implementation process, and any failure of our platforms to satisfy our customers or perform as desired could harm our business, results of operations, and financial condition. **Key changes:** - Updated: "The inability to meet the unique needs of our customers may result in customer dissatisfaction and/or damage to our reputation, which could materially harm our business." - Updated: "It is possible that our platforms may also be intentionally misused or abused by customers or their employees or third parties who obtain access and use of our platforms." **Prior (2025):** Our platforms and services are complex and are deployed in a wide variety of network environments. Implementing our platforms can be a complex and lengthy process since we often configure our existing platforms for a customer's unique environment. Inability to meet the unique needs of our customers may result in customer dissatisfaction and/or damage to our reputation, which could materially harm our business. Further, the proper use of our platforms may require training of the customer and the initial or ongoing services of our technical personnel as well as O&M services over the contract term. If training and/or ongoing services require more of our expenditures than we originally estimated, our margins will be lower than projected. In addition, if our customers do not use our platforms correctly or as intended, inadequate performance or outcomes may result. It is possible that our platforms may also be intentionally misused or abused by customers or their employees or third parties 17 17 17 **Current (2026):** Our platforms and services are complex and are deployed in a wide variety of network environments. Implementing our platforms can be a complex and lengthy process since we often configure our existing platforms for a customer's unique environment. The inability to meet the unique needs of our customers may result in customer dissatisfaction and/or damage to our reputation, which could materially harm our business. Further, the proper use of our platforms may require training of the customer and the initial or ongoing services of our technical personnel as well as O&M services over the contract term. If training and/or ongoing services require more of our expenditures than we originally estimated, our margins will be lower than projected. In addition, if our customers do not use our platforms correctly or as intended, inadequate performance or outcomes may result. It is possible that our platforms may also be intentionally misused or abused by customers or their employees or third parties who obtain access and use of our platforms. Similarly, our platforms sometimes are used by customers with smaller or less sophisticated IT departments, potentially resulting in sub-optimal performance at a level lower than anticipated by the customer. Because our customers rely on our platforms and services to address important business goals and challenges, the incorrect or improper use or configuration of our platforms and O&M services, failure to properly train customers on how to efficiently and effectively use our platforms, or failure to properly provide implementation or analytical or maintenance services to our customers may result in contract terminations or non-renewals, reduced customer payments, negative publicity, or legal claims against us. For example, as we continue to expand our customer base, any failure by us to properly provide these services may result in lost opportunities for follow-on expansion sales of our platforms and services. Furthermore, if customer personnel are not well trained in the use of our platforms, customers may defer the deployment of our platforms and services, may deploy them in a more limited manner than originally anticipated, or may not deploy them at all. If there is substantial turnover of the Company or customer personnel responsible for procurement and use of our platforms, our platforms may go unused or be adopted less broadly, and our ability to make additional sales may be substantially limited, which could negatively impact our business, results of operations, and growth prospects. --- ## Modified Risk: Risk Factor Summary **Key changes:** - Updated: "These risks are described more fully below and include, but are not limited to, risks relating to the following: •we may not be able to sustain our revenue growth; •our sales efforts involve considerable time and expense and our sales cycle is often long and unpredictable; •a limited number of customers account for a substantial portion of our revenue; •we may not realize the full deal value of our customer contracts; •we anticipate our operating expenses will continue to increase and we may not be able to maintain profitability in the future; •our results of operations and our key business measures are likely to fluctuate significantly on a quarterly basis; •seasonality may cause fluctuations in our results of operations and financial position; •we may not successfully develop and deploy new technologies (such as technologies incorporating AI) to address the needs of our customers; •we may not be able to maintain and enhance our brand and reputation; •our reputation and business may be harmed by news or social media coverage or other external scrutiny of Palantir or our leadership; •we may be unable to hire, retain, train, and motivate qualified personnel and senior management and deploy our personnel and resources to meet customer demand; •we may be unable to successfully build, expand, and deploy our marketing and sales organization; •our platforms are complex and may have a lengthy implementation process; •exclusive arrangements or unique terms with customers or partners may result in significant risks or liabilities to us; •we face intense competition in our markets; •our platforms must operate with third-party products and services; •the market for our platforms and services may develop more slowly than we expect; •we may be unable to maintain or properly manage our culture as we grow; •we may not enter into relationships with potential customers if we consider their activities to be inconsistent with our organizational mission or values; 12 12 12 12 12 12" **Prior (2025):** Our business is subject to numerous risks and uncertainties that you should consider before investing in our Class A common stock. These risks are described more fully below and include, but are not limited to, risks relating to the following: •until recent quarters, we had a history of incurring net losses, and we anticipate our operating expenses will continue to increase, and we may not be able to maintain profitability in the future; •we may not be able to sustain our revenue growth; •our sales efforts involve considerable time and expense and our sales cycle is often long and unpredictable; •a limited number of customers account for a substantial portion of our revenue; •our results of operations and our key business measures are likely to fluctuate significantly on a quarterly basis; •seasonality may cause fluctuations in our results of operations and financial position; •our platforms are complex and may have a lengthy implementation process; •we may not successfully develop and deploy new technologies (such as technologies incorporating AI) to address the needs of our customers; •our platforms must operate with third-party products and services; •we may be unable to hire, retain, train, and motivate qualified personnel and senior management and deploy our personnel and resources to meet customer demand; •we may be unable to successfully build, expand, and deploy our marketing and sales organization; •we may not be able to maintain and enhance our brand and reputation; •unfavorable news or social media coverage may harm our reputation and business; •exclusive arrangements or unique terms with customers or partners may result in significant risks or liabilities to us; •we face intense competition in our markets; •we may be unable to maintain or properly manage our culture as we grow; •we may not enter into relationships with potential customers if we consider their activities to be inconsistent with our organizational mission or values; •joint ventures, channel sales relationships, platform partnerships, and strategic alliances may be unsuccessful; •we may not be successful in executing our strategy to increase our sales to larger customers; •breach of the systems of any third parties upon which we rely, our customers' systems, locations, or environments, or our internal systems or unauthorized access to data; •the market for our platforms and services may develop more slowly than we expect; •we have made and may continue to make strategic investments to support key business initiatives, including in privately-held and publicly-traded companies, as well as alternative investments, and we may not realize a return on these investments; •issues raised by the use of AI (including machine learning and large language models) in our platforms and business may result in reputational harm or liability; •we depend on computing infrastructure of third parties and they may experience errors, disruption, performance problems, or failure; 12 12 12 **Current (2026):** Our business is subject to numerous risks and uncertainties that you should consider before investing in our Class A common stock. These risks are described more fully below and include, but are not limited to, risks relating to the following: •we may not be able to sustain our revenue growth; •our sales efforts involve considerable time and expense and our sales cycle is often long and unpredictable; •a limited number of customers account for a substantial portion of our revenue; •we may not realize the full deal value of our customer contracts; •we anticipate our operating expenses will continue to increase and we may not be able to maintain profitability in the future; •our results of operations and our key business measures are likely to fluctuate significantly on a quarterly basis; •seasonality may cause fluctuations in our results of operations and financial position; •we may not successfully develop and deploy new technologies (such as technologies incorporating AI) to address the needs of our customers; •we may not be able to maintain and enhance our brand and reputation; •our reputation and business may be harmed by news or social media coverage or other external scrutiny of Palantir or our leadership; •we may be unable to hire, retain, train, and motivate qualified personnel and senior management and deploy our personnel and resources to meet customer demand; •we may be unable to successfully build, expand, and deploy our marketing and sales organization; •our platforms are complex and may have a lengthy implementation process; •exclusive arrangements or unique terms with customers or partners may result in significant risks or liabilities to us; •we face intense competition in our markets; •our platforms must operate with third-party products and services; •the market for our platforms and services may develop more slowly than we expect; •we may be unable to maintain or properly manage our culture as we grow; •we may not enter into relationships with potential customers if we consider their activities to be inconsistent with our organizational mission or values; 12 12 12 12 12 12 --- ## Modified Risk: If the market for our platforms and services develops more slowly than we expect, our growth may slow or stall, and our business, financial condition, and results of operations could be harmed. **Key changes:** - Updated: "The estimates and assumptions that are used to calculate our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of the organizations covered by our market opportunity estimates will pay for our platforms and services at all or generate any particular level of revenue for us." **Prior (2025):** The market for our platforms is rapidly evolving. Our future success will depend in large part on the growth and expansion of this market, which is difficult to predict and relies on a number of factors, including customer adoption, customer demand, changing customer needs, the entry of competitive products, the success of existing competitive products, potential customers' willingness to adopt an alternative approach to data collection, storage, and processing and their willingness to invest in new software after significant prior investments in legacy data collection, storage, and processing software. The estimates and assumptions that are used to calculate our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of the organizations covered by our market opportunity estimates will pay for our platforms 27 27 27 **Current (2026):** The market for our platforms is rapidly evolving. Our future success will depend in large part on the growth and expansion of this market, which is difficult to predict and relies on a number of factors, including customer adoption, customer demand, changing customer needs, the entry of competitive products, the success of existing competitive products, potential customers' willingness to adopt an alternative approach to data collection, storage, and processing and their willingness to invest in new software after significant prior investments in legacy data collection, storage, and processing software. The estimates and assumptions that are used to calculate our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of the organizations covered by our market opportunity estimates will pay for our platforms and services at all or generate any particular level of revenue for us. Even if the market in which we compete meets the size estimates and growth forecasts, our business could fail to grow at the levels we expect or at all for a variety of reasons outside our control, including competition in our industry. Further, if we or other data management and analytics providers experience security breaches or incidents, loss, corruption, or unavailability of or unauthorized access to customer data, disruptions in delivery, or other problems, this market as a whole, including our platforms, may be negatively affected. If software for the challenges that we address does not achieve widespread adoption, or there is a reduction in demand caused by a lack of customer acceptance, technological challenges, weakening economic conditions (including due to ongoing global conflicts and related economic sanctions, fluctuating interest rates, monetary policy changes, or the potential or actual imposition of tariffs or other impacts on trade relations), security or privacy concerns, competing technologies and products, decreases in corporate spending, or otherwise, or, alternatively, if the market develops but we are unable to continue to penetrate it due to the cost, performance, and perceived value associated with our platforms, or other factors, it could result in decreased revenue and our business, financial condition, and results of operations could be adversely affected. --- ## Modified Risk: Our policies regarding customer confidential information and support for individual privacy and civil liberties could cause us to experience adverse business and reputational consequences. **Key changes:** - Updated: "In light of our confidentiality, privacy, and customer digital sovereignty commitments, we may legally challenge law enforcement or other government requests to provide information, to obtain encryption keys, or to modify or weaken encryption." **Prior (2025):** We strive to protect our customers' confidential information and individuals' privacy interests consistent with applicable laws, directives, and regulations. Consequently, we do not provide information about our customers to third parties without legal process. From time to time, government entities may seek our assistance with obtaining information about our customers or could request that we modify our technology platforms in a manner to permit access or monitoring. In light of our 34 34 34 **Current (2026):** We strive to protect our customers' confidential information and individuals' privacy interests consistent with applicable laws, directives, and regulations. Consequently, we do not provide information about our customers to third parties without legal process. From time to time, government entities may seek our assistance with obtaining information about our customers or could request that we modify our technology platforms in a manner to permit access or monitoring. In light of our confidentiality, privacy, and customer digital sovereignty commitments, we may legally challenge law enforcement or other government requests to provide information, to obtain encryption keys, or to modify or weaken encryption. To the extent that we do not provide assistance to or comply with requests from government entities, or if we challenge those requests publicly or in court, we may experience adverse political, business, and reputational consequences among certain customers or portions of the public. Conversely, to the extent that we do provide such assistance in accordance with applicable law, or do not challenge those requests publicly in court, we may experience adverse political, business, and reputational consequences from other customers or portions of the public arising from concerns over privacy or the government's activities. --- ## Modified Risk: Our non-U.S. sales and operations subject us to additional risks and regulations that can adversely affect our results of operations. **Key changes:** - Updated: "Our successes to date have primarily come from customers in relatively stable and developed countries, but we have entered, and may continue to enter, new and emerging markets in non-U.S." - Updated: "operations, including but not limited to compliance with local employment laws and other applicable laws and regulations; •longer payment cycles, greater difficulty in enforcing contracts, difficulties in collecting accounts receivable, especially in emerging markets, and the likelihood that revenue from non-U.S." **Prior (2025):** Our successes to date have primarily come from customers in relatively stable and developed countries, but we are in the process of entering new and emerging markets in non-U.S. countries, including with law enforcement, national security, and other government agencies, as part of our growth strategy. These new and emerging markets may involve uncertain business, technology, and economic risks and may be difficult or impossible for us to penetrate, even if we were to commit significant resources to do so. We currently have sales personnel and sales and services operations in the United States and certain countries around the world. To the extent that we experience difficulties in recruiting, training, managing, or retaining non-U.S. staff, and specifically sales management and sales personnel staff, we may experience difficulties in sales productivity in, or market penetration of, non-U.S. markets. Our ability to convince customers to expand their use of our platforms or renew their subscription, license, or maintenance and service agreements with us is correlated to, among other things, our direct engagement with the customer. To the extent we are restricted or unable to engage with non-U.S. customers effectively with our limited sales force and services capacity, we may be unable to grow sales to existing customers to the same degree we have experienced in the United States. Our non-U.S. operations subject us to a variety of risks and challenges, including: •increased management, travel, infrastructure, and legal and financial compliance costs and time associated with having multiple non-U.S. operations, including but not limited to compliance with local employment laws and other applicable laws and regulations; 40 40 40 **Current (2026):** Our successes to date have primarily come from customers in relatively stable and developed countries, but we have entered, and may continue to enter, new and emerging markets in non-U.S. countries, including with customers in law enforcement, national security, and other government agencies, as part of our growth strategy. These new and emerging markets may involve uncertain business, technology, and economic risks and may be difficult or impossible for us to penetrate, even if we were to commit significant resources to do so. We currently have sales personnel and sales and services operations in the United States and certain countries around the world. To the extent that we experience difficulties in recruiting, training, managing, or retaining non-U.S. staff, and specifically sales management and sales personnel staff, we may experience difficulties in sales productivity in, or market penetration of, non-U.S. markets. Our ability to convince customers to expand their use of our platforms or renew their subscription, license, or maintenance and service agreements with us is correlated to, among other things, our direct engagement with the customer. To the extent we are restricted or unable to engage with non-U.S. customers effectively with our limited sales force and services capacity, we may be unable to grow sales to existing customers to the same degree we have experienced in the United States. Our non-U.S. operations subject us to a variety of risks and challenges, including: •increased management, travel, infrastructure, and legal and financial compliance costs and time associated with having multiple non-U.S. operations, including but not limited to compliance with local employment laws and other applicable laws and regulations; •longer payment cycles, greater difficulty in enforcing contracts, difficulties in collecting accounts receivable, especially in emerging markets, and the likelihood that revenue from non-U.S. system integrators, government contractors, and customers may need to be recognized when cash is received, at least until satisfactory payment history has been established, or upon confirmation of certain acceptance criteria or milestones; •the need to adapt our platforms for non-U.S. customers, whether to accommodate customer preferences or local law; •changes to U.S. laws, regulations, or government enforcement practices which could impact the countries we operate in and, as a result, affect our ability to legally work in those countries or with their governments; •differing regulatory and legal requirements and possible enactment of additional regulations or restrictions on the use, import, or re-export of our platforms or the provision of services, which could delay, restrict, or prevent the sale or use of our platforms and services in some jurisdictions; •compliance with multiple and new or changing foreign laws and regulations, including those governing employment, privacy, data protection, information security, data transfer, AI, and the risks and costs of non-compliance with such laws and regulations; •new and different sources of competition not present in the United States; 41 41 41 41 41 41 --- ## Modified Risk: We may not be able to sustain our revenue growth in the future. **Key changes:** - Updated: "Our revenue growth rate has fluctuated in the past, and may continue to fluctuate in future periods." **Prior (2025):** Although our revenue has increased in recent periods, there can be no assurances that our revenue will continue to grow or do so at current rates, and you should not rely on the revenue of any prior quarterly or annual period as an indication of our future performance. Our revenue growth rate has declined in certain recent periods, and may continue to decline in future periods. In addition, as we continue to expand our platform and product offerings, or experience greater adoption of certain of our platform and product offerings, we have and may continue to experience variability in our revenue growth in certain markets or with 13 13 13 **Current (2026):** Although our revenue has increased in recent periods, there can be no assurances that our revenue will continue to grow or do so at current rates, and you should not rely on the revenue of any prior quarterly or annual period as an indication of our future performance. Our revenue growth rate has fluctuated in the past, and may continue to fluctuate in future periods. In addition, as we continue to expand our platform and product offerings, or experience greater adoption of certain of our platform and product offerings, we have and may continue to experience variability in our revenue growth in certain markets or with certain customer segments relative to other markets or customer segments. Many factors may contribute to declines or variability in our revenue growth, including macroeconomic factors, increased competition, slowing demand for our platforms from existing and new customers, a failure by us to continue capitalizing on growth opportunities, terminations of existing contracts or failure to exercise existing options by our customers, and the maturation of our business, among others. If our revenue growth or revenue growth rate declines overall, or with respect to certain areas of our business, our business, financial condition, and results of operations could be adversely affected. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "•heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may cause us to withdraw from particular markets, or impact financial results and result in restatements of financial statements and irregularities in financial statements; •volatility in non-U.S." - Updated: "dollar denominated customers, which may make doing business with us less appealing to such customers; •management and employee communication and integration problems resulting from language differences, cultural differences, and geographic dispersion; •difficulties in repatriating or transferring funds from, or converting currencies in, certain countries; •potentially adverse tax consequences, including multiple and possibly overlapping tax regimes, the complexities of foreign value-added tax systems, and changes in tax laws; •lack of familiarity with local laws, customs, and practices, and laws and business practices favoring local competitors or partners; and •interruptions to our business operations and our customers' business operations subject to events such as war, incidents of terrorism, natural disasters, public health concerns or epidemics, shortages or failures of power, internet, telecommunications, or hosting service providers, cyberattacks or malicious acts, or responses to these events." - Updated: "In addition, although we have implemented policies and procedures designed to ensure compliance with these laws and policies, there can be no assurance that all of our employees, contractors, partners, and agents will comply with these laws and policies." **Prior (2025):** •longer payment cycles, greater difficulty in enforcing contracts, difficulties in collecting accounts receivable, especially in emerging markets, and the likelihood that revenue from non-U.S. system integrators, government contractors, and customers may need to be recognized when cash is received, at least until satisfactory payment history has been established, or upon confirmation of certain acceptance criteria or milestones; •the need to adapt our platforms for non-U.S. customers whether to accommodate customer preferences or local law; •changes to U.S. laws, regulations, or government enforcement practices which could impact the countries we operate in and, as a result, affect our ability to legally work in those countries or with their governments; •differing regulatory and legal requirements and possible enactment of additional regulations or restrictions on the use, import, or re-export of our platforms or the provision of services, which could delay, restrict, or prevent the sale or use of our platforms and services in some jurisdictions; •compliance with multiple and changing foreign laws and regulations, including those governing employment, privacy, data protection, information security, data transfer, AI, and the risks and costs of non-compliance with such laws and regulations; •new and different sources of competition not present in the United States; •heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may cause us to withdraw from particular markets, or impact financial results and result in restatements of financial statements and irregularities in financial statements; •volatility in non-U.S. political and economic environments, including by way of examples, the potential effects of the ongoing Russia-Ukraine conflict, as well as economic sanctions the United States and other countries have imposed on Russia, and the conflict resulting from Hamas' attack on Israel; •weaker protection of intellectual property rights in some countries and the risk of potential theft, copying, or other compromises of our technology, data, or intellectual property in connection with our non-U.S. operations, whether by state-sponsored malfeasance or other foreign entities or individuals; •volatility and fluctuations in currency exchange rates, including that, because many of our non-U.S. contracts are denominated in U.S. dollars, an increase in the strength of the U.S. dollar in the past has made our products more expensive for non-U.S. dollar denominated customers, which may make doing business with us less appealing to such customers; •management and employee communication and integration problems resulting from language differences, cultural differences, and geographic dispersion; •difficulties in repatriating or transferring funds from, or converting currencies in, certain countries; •potentially adverse tax consequences, including multiple and possibly overlapping tax regimes, the complexities of foreign value-added tax systems, and changes in tax laws; •lack of familiarity with local laws, customs, and practices, and laws and business practices favoring local competitors or partners; and •interruptions to our business operations and our customers' business operations subject to events such as war, incidents of terrorism, natural disasters, public health concerns or epidemics (such as the COVID-19 pandemic), shortages or failures of power, internet, telecommunications, or hosting service providers, cyberattacks or malicious acts, or responses to these events. In addition to the factors above, foreign governments may take administrative, legislative, or regulatory action that could materially interfere with our ability to sell our platforms in certain countries. For example, foreign governments may require a percentage of prime contracts be fulfilled by local contractors or provide special incentives to government-backed local customers to buy from local competitors, even if their products are inferior to ours. Moreover, both the U.S. government and foreign governments may regulate the acquisition of or import of our technologies or our entry into certain foreign markets or partnership with foreign third parties through investment screening or other regulations. Such regulations may apply to certain non-U.S. joint ventures, platform partnerships, and strategic alliances that may be integral to our long-term business strategy. Compliance with laws and regulations applicable to our non-U.S. operations increases our cost of doing business in foreign jurisdictions. We may be unable to keep current with changes in foreign government requirements and laws as they change from time to time. Failure to comply with these regulations could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, injunctions, or other collateral consequences. In many foreign countries, it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. In addition, although we have implemented policies and procedures designed to 41 41 41 **Current (2026):** •heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may cause us to withdraw from particular markets, or impact financial results and result in restatements of financial statements and irregularities in financial statements; •volatility in non-U.S. political and economic environments, including by way of examples, the potential effects of the ongoing Russia-Ukraine conflict, as well as economic sanctions the United States and other countries have imposed on Russia, the conflict resulting from Hamas' attack on Israel, and the ongoing conflict in the Middle East; •weaker protection of intellectual property rights in some countries and the risk of potential theft, copying, or other compromises of our technology, data, or intellectual property in connection with our non-U.S. operations, whether by state-sponsored malfeasance or other foreign entities or individuals; •volatility and fluctuations in currency exchange rates, including that, because many of our non-U.S. contracts are denominated in U.S. dollars, an increase in the strength of the U.S. dollar in the past has made our products more expensive for non-U.S. dollar denominated customers, which may make doing business with us less appealing to such customers; •management and employee communication and integration problems resulting from language differences, cultural differences, and geographic dispersion; •difficulties in repatriating or transferring funds from, or converting currencies in, certain countries; •potentially adverse tax consequences, including multiple and possibly overlapping tax regimes, the complexities of foreign value-added tax systems, and changes in tax laws; •lack of familiarity with local laws, customs, and practices, and laws and business practices favoring local competitors or partners; and •interruptions to our business operations and our customers' business operations subject to events such as war, incidents of terrorism, natural disasters, public health concerns or epidemics, shortages or failures of power, internet, telecommunications, or hosting service providers, cyberattacks or malicious acts, or responses to these events. In addition to the factors above, foreign governments may take administrative, legislative, or regulatory action that could materially interfere with our ability to sell our platforms in certain countries. For example, foreign governments may require a percentage of prime contracts be fulfilled by local contractors or provide special incentives to government-backed local customers to buy from local competitors, even if their products are inferior to ours. Moreover, both the U.S. government and foreign governments may regulate the acquisition of or import of our technologies or our entry into certain foreign markets or partnership with foreign third parties through investment screening or other regulations. Such regulations may apply to certain non-U.S. joint ventures, platform partnerships, and strategic alliances that may be integral to our long-term business strategy. Compliance with laws and regulations applicable to our non-U.S. operations increases our cost of doing business in foreign jurisdictions. We may be unable to keep current with changes in foreign government requirements and laws as they change from time to time. Failure to comply with these regulations could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, injunctions, or other collateral consequences. In many foreign countries, it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. In addition, although we have implemented policies and procedures designed to ensure compliance with these laws and policies, there can be no assurance that all of our employees, contractors, partners, and agents will comply with these laws and policies. Violations of laws or key control policies by our employees, contractors, partners, or agents could result in delays in revenue recognition, financial reporting misstatements, governmental sanctions, fines, penalties, or the prohibition of the importation or exportation of our platforms. In addition, responding to any action may result in a significant diversion of management's attention and resources and an increase in professional fees. Enforcement actions and sanctions or failure to prevail in any possible civil or criminal litigation could harm our business, reputation, financial condition, and results of operations. Also, we are expanding operations, including our work with existing commercial customers, into countries in Asia, Europe, the Middle East, and elsewhere, which may place restrictions on the transfer of data and potentially the import and use of foreign encryption technology. Any of these risks could harm our non-U.S. operations and reduce our non-U.S. sales, adversely affecting our business, results of operations, financial condition, and growth prospects. Some of our business partners also have non-U.S. operations and are subject to the risks described above. Even if we are able to successfully manage the risks of our own non-U.S. operations, our business may be adversely affected if our business partners are not able to successfully manage these risks. 42 42 42 42 42 42 --- ## Modified Risk: Our culture emphasizes rapid innovation and advancement of successful hires who may in some cases have limited prior industry expertise and prioritizes customer outcomes over short-term financial results, and if we cannot maintain or properly manage our culture as we grow, our business may be harmed. **Key changes:** - Updated: "Successful entry-level hires are often quickly advanced and rewarded with significant responsibilities, 25 25 25 25 25 25" **Prior (2025):** We have a culture that encourages employees to quickly develop and launch key technologies and platforms intended to solve our customers' most important problems and prioritizes the advancement of employees to positions of significant responsibility based on merit despite, in some cases, limited prior work or industry experience. Much of our hiring into technical roles comes through our internship program or from candidates joining us directly from undergraduate or graduate engineering programs rather than industry hires. Successful entry-level hires are often quickly advanced and rewarded with significant responsibilities, including in important customer-facing roles as project managers, development leads, and product managers. Larger competitors, such as defense contractors, system integrators, and large software and service companies that traditionally target large enterprises typically have more sizeable direct sales forces staffed by individuals with significantly more industry experience than our customer-facing personnel, which may negatively impact our ability to compete with these larger competitors. We have historically operated with a relatively flat reporting and organization structure and have few formal promotions. As our business grows and becomes more complex, the staffing of customer-facing personnel, some of whom may have limited industry experience, may result in unintended outcomes or in decisions that are poorly received by customers or other stakeholders. For example, in many cases we launch, at our expense, pilot deployments with customers without a long-term contract in place, and some of those deployments have not resulted in the customer's adoption or expansion of its use of our platforms and services, or the generation of significant, or any, revenue or payments. In addition, as we continue to grow, including geographically, we may find it difficult to maintain our culture. Our culture also prioritizes customer outcomes over short-term financial results, and we frequently make service and product decisions that may reduce our short-term revenue or cash flow if we believe that the decisions are consistent with our mission and responsive to our customers' goals and thereby have the potential to improve our financial performance over the long term. These decisions may not produce the long-term benefits and results that we expect or may be poorly received in the short term by the public markets, in which case our customer growth and our business, financial condition, and results of operations may be harmed. **Current (2026):** We have a culture that encourages employees to quickly develop and launch key technologies and platforms intended to solve our customers' most important problems and prioritizes the advancement of employees to positions of significant responsibility based on merit despite, in some cases, limited prior work or industry experience. Much of our hiring into technical roles comes through our internship program or from candidates joining us directly from undergraduate or graduate engineering programs rather than industry hires. Successful entry-level hires are often quickly advanced and rewarded with significant responsibilities, 25 25 25 25 25 25 --- ## Modified Risk: We have invested in, and may in the future acquire or invest in, companies and technologies, which may divert our management's attention, and result in additional dilution to our stockholders. We may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions or investments. We are subject to risks associated with our investments, including a partial or complete loss of invested capital. **Key changes:** - Updated: "An acquisition, investment or business relationship may result in unforeseen risks, operating difficulties and expenditures, including the following: •any such transactions may negatively affect our financial results because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to such transactions; •costs and potential difficulties associated with the requirement to test and assimilate the internal control processes of the acquired business; •we may encounter difficulties or unforeseen expenditures assimilating or integrating the businesses, technologies, infrastructure, products, personnel, or operations of the acquired companies, particularly if the key personnel of the acquired company choose not to work for us or if we are unable to retain key personnel, if their technology is not easily adapted to work with ours, or if we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise; •we may not realize the expected benefits of the transaction; •an acquisition may disrupt our ongoing business, divert resources, increase our expenses, result in unfavorable public perception, and distract our management; •an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company; •the potential impact on relationships with existing customers, vendors, and distributors as business partners as a result of acquiring another company or business that competes with or otherwise is incompatible with those existing relationships; •the potential that our due diligence of the applicable company or business does not identify significant problems or liabilities, or that we underestimate the costs and effects of identified liabilities; •exposure to litigation or other claims in connection with, or inheritance of claims or litigation risk as a result of, the transaction, including but not limited to claims from former employees, customers, or other third parties, which may differ from or be more significant than the risks our business faces; •potential goodwill impairment charges related to acquisitions; •we may encounter difficulties in, or may be unable to, successfully sell any acquired products; •the transaction may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions; •an acquisition may require us to comply with additional laws and regulations, or to engage in substantial remediation efforts to cause the acquired company to comply with applicable laws or regulations, or result in liabilities resulting from the acquired company's failure to comply with applicable laws or regulations; •our use of cash to pay for the transaction would limit other potential uses for our cash; •if we incur debt to fund such a transaction, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants; and •to the extent that we issue a significant amount of equity securities in connection with such transactions, existing stockholders may be diluted and earnings per share may decrease." **Prior (2025):** As part of our business strategy, we have engaged in strategic transactions and alternative investments in the past and expect to evaluate and consider potential strategic transactions, including acquisitions of, or investments in, businesses, technologies, services, products and other assets in the future. We also may enter into relationships with other businesses to complement or expand our products or our ability to provide services. An acquisition, investment or business relationship may result in unforeseen risks, operating difficulties and expenditures, including the following: •any such transactions may negatively affect our financial results because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to such transactions; •costs and potential difficulties associated with the requirement to test and assimilate the internal control processes of the acquired business; •we may encounter difficulties or unforeseen expenditures assimilating or integrating the businesses, technologies, infrastructure, products, personnel, or operations of the acquired companies, particularly if the key personnel of the 29 29 29 **Current (2026):** As part of our business strategy, we have engaged in strategic transactions and alternative investments in the past and expect to evaluate and consider potential strategic transactions, including acquisitions of, or investments in, businesses, technologies, services, products and other assets in the future. We also may enter into relationships with other businesses to complement or expand our products or our ability to provide services. An acquisition, investment or business relationship may result in unforeseen risks, operating difficulties and expenditures, including the following: •any such transactions may negatively affect our financial results because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to such transactions; •costs and potential difficulties associated with the requirement to test and assimilate the internal control processes of the acquired business; •we may encounter difficulties or unforeseen expenditures assimilating or integrating the businesses, technologies, infrastructure, products, personnel, or operations of the acquired companies, particularly if the key personnel of the acquired company choose not to work for us or if we are unable to retain key personnel, if their technology is not easily adapted to work with ours, or if we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise; •we may not realize the expected benefits of the transaction; •an acquisition may disrupt our ongoing business, divert resources, increase our expenses, result in unfavorable public perception, and distract our management; •an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company; •the potential impact on relationships with existing customers, vendors, and distributors as business partners as a result of acquiring another company or business that competes with or otherwise is incompatible with those existing relationships; •the potential that our due diligence of the applicable company or business does not identify significant problems or liabilities, or that we underestimate the costs and effects of identified liabilities; •exposure to litigation or other claims in connection with, or inheritance of claims or litigation risk as a result of, the transaction, including but not limited to claims from former employees, customers, or other third parties, which may differ from or be more significant than the risks our business faces; •potential goodwill impairment charges related to acquisitions; •we may encounter difficulties in, or may be unable to, successfully sell any acquired products; •the transaction may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions; •an acquisition may require us to comply with additional laws and regulations, or to engage in substantial remediation efforts to cause the acquired company to comply with applicable laws or regulations, or result in liabilities resulting from the acquired company's failure to comply with applicable laws or regulations; •our use of cash to pay for the transaction would limit other potential uses for our cash; •if we incur debt to fund such a transaction, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants; and •to the extent that we issue a significant amount of equity securities in connection with such transactions, existing stockholders may be diluted and earnings per share may decrease. We have accepted, and may continue to accept, securities as noncash consideration or invest in securities, including but not limited to in connection with customer contracts, partnerships, or strategic investments. For example, we have made, and may continue to make, strategic investments pursuant to certain approved agreements ("Investment Agreements") to purchase, or commit to purchase, shares of various entities, including special purpose acquisition companies and/or other privately-held or publicly-traded entities (each, an "Investee," and such purchases, the "Investments"); however, we do not currently anticipate entering into new Investment Agreements to purchase, or commit to purchase, securities of special purpose acquisition 30 30 30 30 30 30 --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "collected payments for multiple contract years from certain customers in advance, we have shifted, and may continue to shift, to collecting payments on an annual or other basis, including in arrears." **Prior (2025):** Historically, the first quarter of our year generally has relatively lower sales, and sales generally increase in each subsequent quarter with substantial increases during our third and fourth quarters ending September 30 and December 31, respectively. We believe that this seasonality results from a number of factors, including: •the fiscal year end procurement cycle of our government customers, and in particular U.S. government customers which have a fiscal year end of September 30; •the fiscal year budgeting process for our commercial customers, many of which have a fiscal year end of December 31; •seasonal reductions in business activity during the summer months in the United States, Europe, and certain other regions; and •timing of projects and our customers' evaluation of our work progress. This seasonality has historically impacted and may in the future continue to impact the timing of collections and recognized revenue. Because a significant portion of our customer contracts are typically finalized near the end of the year, and we typically invoice customers shortly after entering into a contract, we may receive a portion of our customer payments near the end of the year and record such payment as an increase in deferred revenue or customer deposits ("contract liabilities"), while the revenue from our customer contracts is generally recognized over the contract term. While we have historically billed and collected payments for multiple contract years from certain customers in advance, we have shifted, and may continue to shift, to collecting payments on an annual or other basis, including in arrears. While this has been the historical seasonal pattern of our quarterly sales, we believe that our customers' required timing for certain new government or commercial programs requiring new software may outweigh the nature or magnitude of seasonal factors that might have influenced our business to date. As a result, we may experience future growth from additional government or commercial mandates that do not follow the seasonal purchasing and evaluation decisions by our customers that we have historically observed. For example, increased government spending on technology aimed at national defense, financial or policy regulation, cybersecurity, or healthcare mandates may drive customer demand at different times throughout our year, the timing of which we may not be able to anticipate and may cause fluctuations in our results of operations. The timing of our fiscal quarters and the U.S. federal government's September 30 fiscal year end also may impact sales to governmental agencies in the third quarter of our year, offsetting, at least in part, the otherwise seasonal downturn we have historically observed in later summer months. Our rapid growth in recent years may obscure the extent to which seasonality trends have affected our business and may continue to affect our business. We expect that seasonality will continue to materially impact our business in the future and may become more pronounced over time. The seasonality of our business may cause continued or increased fluctuations in our results of operations and cash flows, which may prevent us from achieving our quarterly or annual forecasts or meeting or exceeding the expectations of research analysts or investors, which in turn may cause a decline in the trading price of our Class A common stock. **Current (2026):** collected payments for multiple contract years from certain customers in advance, we have shifted, and may continue to shift, to collecting payments on an annual or other basis, including in arrears. While this has been the historical seasonal pattern of our quarterly sales, we believe that our customers' required timing for certain new government or commercial programs requiring new software may outweigh the nature or magnitude of seasonal factors that might have influenced our business to date. As a result, we may experience future growth from additional government or commercial mandates that do not follow the seasonal purchasing and evaluation decisions by our customers that we have historically observed. For example, increased government spending on technology aimed at national defense, financial or policy regulation, cybersecurity, or healthcare mandates may drive customer demand at different times throughout our year, the timing of which we may not be able to anticipate and may cause fluctuations in our results of operations. The timing of our fiscal quarters and the U.S. federal government's September 30 fiscal year end also may impact sales to governmental agencies in the third quarter of our year, offsetting, at least in part, the otherwise seasonal downturn we have historically observed in later summer months. Our rapid growth in recent years may obscure the extent to which seasonality trends have affected our business and may continue to affect our business. We expect that seasonality will continue to materially impact our business in the future and may become more pronounced over time. The seasonality of our business may cause continued or increased fluctuations in our results of operations and cash flows, which may prevent us from achieving our quarterly or annual forecasts or meeting or exceeding the expectations of research analysts or investors, which in turn may cause a decline in the trading price of our Class A common stock. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "management practices, our policies or procedures, or the features of our platforms, or we may simply fail to properly develop or implement our practices, policies, procedures, or features in compliance with such obligations." **Prior (2025):** or inadvertent breach of applicable legal, regulatory, or contractual privacy, data protection, or information security requirements by us, our employees, our business partners, or our customers. In addition to government regulation, self-regulatory standards and other industry standards may legally or contractually apply to us, be argued to apply to us, or we may elect to comply with such standards or to facilitate our customers' compliance with such standards. Because privacy, data protection, and information security are critical competitive factors in our industry, we may make statements on our website, in marketing materials, or in other settings about our data security measures and our compliance with, or our ability to facilitate our customers' compliance with, these standards. We also expect that there will continue to be new proposed laws and regulations concerning privacy, data protection, and information security, and we cannot yet determine the impact such future laws, regulations and standards, or amendments to or re-interpretations of existing laws and regulations, industry standards, or other obligations may have on our business. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, and contractual and other obligations may require us to incur additional costs and restrict our business operations. As these legal regimes relating to privacy, data protection, and information security continue to evolve, they may result in ever-increasing public scrutiny and escalating levels of enforcement and sanctions. Furthermore, because the interpretation and application of laws, standards, contractual obligations and other obligations relating to privacy, data protection, and information security are uncertain, these laws, standards, and contractual and other obligations may be interpreted and applied in a manner that is, or is alleged to be, inconsistent with our data management practices, our policies or procedures, or the features of our platforms, or we may simply fail to properly develop or implement our practices, policies, procedures, or features in compliance with such obligations. If so, in addition to the possibility of fines, lawsuits, investigations, and other claims or proceedings, we could be required to fundamentally change our business activities and practices or modify our platforms, which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to fulfill existing obligations, make enhancements, or develop new platforms and features could be limited. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our platforms. These existing and proposed laws and regulations can be costly to comply with and can make our platforms and services less effective or valuable, delay or impede the development of new products, result in negative publicity, increase our operating costs, require us to modify our data handling practices, limit our operations, impose substantial fines and penalties, require significant management time and attention, or put our data or technology at risk. Any failure or perceived failure by us or our platforms to comply with the laws, regulations, directives, policies, industry standards, or legal obligations of the United States, EU, or other governmental or non-governmental bodies at the regional, national, or supra-national level relating to privacy, data protection, or information security, or any security incident that results in actual or suspected loss of or the unauthorized access to, or acquisition, use, release, or transfer of, personal information, personal data, or other customer or sensitive data or information may result in governmental investigations, inquiries, enforcement actions and prosecutions, private claims and litigation, indemnification or other contractual obligations, other remedies, including fines or demands that we modify or cease existing business practices, or adverse publicity, and related costs and liabilities, which could significantly and adversely affect our business and results of operations. **Current (2026):** management practices, our policies or procedures, or the features of our platforms, or we may simply fail to properly develop or implement our practices, policies, procedures, or features in compliance with such obligations. If so, in addition to the possibility of fines, lawsuits, investigations, and other claims or proceedings, we could be required to fundamentally change our business activities and practices or modify our platforms, which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to fulfill existing obligations, make enhancements, or develop new platforms and features could be limited. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our platforms. These existing and proposed laws and regulations can be costly to comply with and can make our platforms and services less effective or valuable, delay or impede the development of new products, result in negative publicity, increase our operating costs, require us to modify our data handling practices, limit our operations, impose substantial fines and penalties, require significant management time and attention, or put our data or technology at risk. Any failure or perceived failure by us or our platforms to comply with the laws, regulations, directives, policies, industry standards, or legal obligations of the United States, EU, or other governmental or non-governmental bodies at the regional, national, or supra-national level relating to privacy, data protection, or information security, or any security incident that results in actual or suspected loss of or the unauthorized access to, or acquisition, use, release, or transfer of, personal information, personal data, or other customer or sensitive data or information may result in governmental investigations, inquiries, enforcement actions and prosecutions, private claims and litigation, indemnification or other contractual obligations, other remedies, including fines or demands that we modify or cease existing business practices, or adverse publicity, and related costs and liabilities, which could significantly and adversely affect our business and results of operations. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "•joint ventures, channel sales relationships, platform partnerships, and strategic alliances may be unsuccessful; •we may not be successful in executing our strategy to increase our sales to larger customers; •breach of the systems of any third parties upon which we rely, our customers' systems, locations, or environments, or our internal systems or unauthorized access to data; •we have made and may continue to make strategic investments to support key business initiatives, including in privately-held and publicly-traded companies, as well as alternative investments, and we may not realize a return on these investments; •issues raised by the use of AI (including machine learning, large language, and other generative or agentic AI models and applications, and software functionality to operationalize the foregoing) in our platforms and business may result in reputational harm or liability; •we depend on computing infrastructure of third parties and they may experience errors, disruption, performance problems, or failure; •we may fail to adequately obtain, maintain, protect, and enforce our intellectual property and other proprietary rights; •we may be subject to intellectual property rights claims; •there may be real or perceived errors, failures, defects, or bugs in our platforms; •we rely on the availability of third-party technology that may be difficult to replace or that may cause errors; •our business is subject to complex and evolving U.S." - Updated: "sales and operations subject us to additional risks and regulations; •we may encounter unfavorable outcomes in legal, regulatory, and administrative inquiries and proceedings; •we may fail to receive and maintain government contracts or there may be changes in the contracting or fiscal policies of the public sector; •many of our customer contracts may be terminated by the customer at any time for convenience and may contain other provisions permitting the customer to discontinue contract performance; •there may be a decline in the U.S." **Prior (2025):** •we may fail to adequately obtain, maintain, protect, and enforce our intellectual property and other proprietary rights; •we may be subject to intellectual property rights claims; •there may be real or perceived errors, failures, defects, or bugs in our platforms; •we rely on the availability of third-party technology that may be difficult to replace or that may cause errors; •our business is subject to complex and evolving U.S. and non-U.S. laws and regulations regarding privacy, data protection and security, technology protection, and other matters; •our non-U.S. sales and operations subject us to additional risks and regulations; •we may encounter unfavorable outcomes in legal, regulatory, and administrative inquiries and proceedings; •we may fail to receive and maintain government contracts or there may be changes in the contracting or fiscal policies of the public sector; •many of our customer contracts may be terminated by the customer at any time for convenience and may contain other provisions permitting the customer to discontinue contract performance; •we may not realize the full deal value of our customer contracts; •there may be a decline in the U.S. and other government budgets, changes in spending or budgetary priorities, or delays in contract awards; •there are no guarantees that our Share Repurchase Program (as defined below) will result in increased shareholder value; and •the multi-class structure of our common stock, the Founder Voting Trust Agreement, and the Founder Voting Agreement concentrate voting power with certain stockholders, in particular, Stephen Cohen, Alexander Karp, and Peter Thiel (our "Founders") and their affiliates. **Current (2026):** •joint ventures, channel sales relationships, platform partnerships, and strategic alliances may be unsuccessful; •we may not be successful in executing our strategy to increase our sales to larger customers; •breach of the systems of any third parties upon which we rely, our customers' systems, locations, or environments, or our internal systems or unauthorized access to data; •we have made and may continue to make strategic investments to support key business initiatives, including in privately-held and publicly-traded companies, as well as alternative investments, and we may not realize a return on these investments; •issues raised by the use of AI (including machine learning, large language, and other generative or agentic AI models and applications, and software functionality to operationalize the foregoing) in our platforms and business may result in reputational harm or liability; •we depend on computing infrastructure of third parties and they may experience errors, disruption, performance problems, or failure; •we may fail to adequately obtain, maintain, protect, and enforce our intellectual property and other proprietary rights; •we may be subject to intellectual property rights claims; •there may be real or perceived errors, failures, defects, or bugs in our platforms; •we rely on the availability of third-party technology that may be difficult to replace or that may cause errors; •our business is subject to complex and evolving U.S. and non-U.S. laws and regulations regarding privacy, data protection and security, technology protection, and other matters; •our non-U.S. sales and operations subject us to additional risks and regulations; •we may encounter unfavorable outcomes in legal, regulatory, and administrative inquiries and proceedings; •we may fail to receive and maintain government contracts or there may be changes in the contracting or fiscal policies of the public sector; •many of our customer contracts may be terminated by the customer at any time for convenience and may contain other provisions permitting the customer to discontinue contract performance; •there may be a decline in the U.S. and other government budgets, changes in spending or budgetary priorities, or delays in contract awards; and •the multi-class structure of our common stock, the Founder Voting Trust Agreement, and the Founder Voting Agreement concentrate voting power with certain stockholders, in particular, Stephen Cohen, Alexander Karp, and Peter Thiel (our "Founders") and their affiliates. --- ## Modified Risk: We depend on computing infrastructure operated by Amazon Web Services ("AWS"), Microsoft, and other third parties to support some of our customers and any errors, disruption, performance problems, or failure in their or our operational infrastructure could adversely affect our business, financial condition, and results of operations. **Key changes:** - Updated: "If any of these third-party services experience errors, disruptions, security issues, or other performance deficiencies, if they are updated such that our platforms become incompatible, if these services, software, or hardware fail or become unavailable due to extended outages, interruptions, defects, or otherwise, or if they are no longer available on commercially reasonable terms or prices (or at all), these issues could result in errors or defects in our platforms, cause our platforms to fail, our revenue and margins could decline, or our reputation and brand could be damaged, we could be exposed to legal or contractual liability, our expenses could increase, our ability to manage our operations could be interrupted, and our processes for managing our sales and servicing our customers could be impaired until equivalent services or technology, if available, are identified, procured, and implemented, all of which may take significant time and resources, increase our costs, and could adversely affect our business." **Prior (2025):** We rely on the technology, infrastructure, and software applications, including software-as-a-service offerings, of certain third parties, such as AWS and Microsoft Azure, in order to host or operate some or all of certain key technology platform features or functions of our business, including our cloud-based services (including Palantir Cloud, as defined in the section titled "Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations - Components of Results of Operations"), customer relationship management activities, billing and order management, cybersecurity program, and financial accounting services. Additionally, we rely on computer hardware purchased in order to deliver our platforms and services. We do not have control over the operations of the facilities of the third parties that we use. If any of these third-party services experience errors, disruptions, security issues, or other performance deficiencies, if they are updated such that our platforms become incompatible, if these services, software, or hardware fail or become unavailable due to extended outages, interruptions, defects, or otherwise, or if they are no longer available on commercially reasonable terms or prices (or at all), these issues could result in errors or defects in our platforms, cause our platforms to fail, our revenue and margins could decline, or our reputation and brand could be damaged, we could be exposed to legal or contractual liability, our expenses could increase, our ability to manage our operations could be interrupted, and our processes for managing our sales and servicing our 33 33 33 **Current (2026):** We rely on the technology, infrastructure, and software applications, including software-as-a-service offerings, of certain third parties, such as AWS and Microsoft Azure, in order to host or operate some or all of certain key technology platform features or functions of our business, including our cloud-based services (including Palantir Cloud, as defined in the section titled "Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations - Components of Results of Operations"), customer relationship management activities, billing and order management, cybersecurity program, and financial accounting services. Additionally, we rely on computer hardware purchased in order to deliver our platforms and services. We do not have control over the operations of the facilities of the third parties that we use. If any of these third-party services experience errors, disruptions, security issues, or other performance deficiencies, if they are updated such that our platforms become incompatible, if these services, software, or hardware fail or become unavailable due to extended outages, interruptions, defects, or otherwise, or if they are no longer available on commercially reasonable terms or prices (or at all), these issues could result in errors or defects in our platforms, cause our platforms to fail, our revenue and margins could decline, or our reputation and brand could be damaged, we could be exposed to legal or contractual liability, our expenses could increase, our ability to manage our operations could be interrupted, and our processes for managing our sales and servicing our customers could be impaired until equivalent services or technology, if available, are identified, procured, and implemented, all of which may take significant time and resources, increase our costs, and could adversely affect our business. Many of these third-party providers attempt to impose limitations on their liability for such errors, disruptions, defects, performance deficiencies, or failures, and if enforceable, we may have additional liability to our customers which may not be compensated by our third-party providers which are responsible for the liability. We have experienced, and may in the future experience, disruptions, failures, data loss, corruption, unavailability, outages, and other performance problems with our infrastructure or cloud-based offerings due to a variety of factors, which have included or may in the future include infrastructure changes, introductions of new functionality, human or software errors, employee misconduct, capacity constraints, denial of service attacks, phishing attacks, computer viruses, ransomware, and other malicious or destructive code, or other security-related incidents, and our disaster recovery planning may not be sufficient for all situations. If we experience disruptions, failures, data loss, outages, or other performance problems, our business, financial condition, and results of operations could be adversely affected. Our systems and the third-party systems upon which we and our customers rely are also vulnerable to damage or interruption from catastrophic occurrences such as earthquakes, floods, fires, power loss, telecommunication failures, cybersecurity threats, terrorist attacks, such as the conflict resulting from Hamas' attack on Israel, natural disasters, public health crises, geopolitical tensions such as those that may be caused by the ongoing Russia-Ukraine conflict, or acts of misconduct. Moreover, we have business operations in the San Francisco Bay Area, which is a seismically active region. Despite any precautions we may take, the occurrence of a catastrophic event or other unanticipated problems at our or our third-party vendors' hosting facilities, or within our systems or the systems of third parties upon which we rely, could result in interruptions, performance problems, or failure of our infrastructure, technology, or platforms, which may adversely impact our business. In addition, our ability to conduct normal business operations could be severely affected. In the event of significant physical damage to one of these facilities, it may take a significant period of time to achieve full resumption of our services, and our disaster recovery planning may not account for all eventualities. In addition, any negative publicity arising from these disruptions could harm our reputation and brand and adversely affect our business. Furthermore, our platforms are in many cases important or essential to our customers' operations, including in some cases, their cybersecurity or oversight and compliance programs, and subject to service level agreements ("SLAs"). Any interruption in our service, whether as a result of an internal or third-party issue, could damage our brand and reputation, cause our customers to terminate or not renew their contracts with us or decrease use of our platforms and services, require us to indemnify our customers against certain losses, result in our issuing credit or paying penalties or fines, subject us to other losses or liabilities, cause our platforms to be perceived as unreliable or unsecure, and prevent us from gaining new or additional business from current or future customers, any of which could harm our business, financial condition, and results of operations. Moreover, to the extent that we do not effectively address capacity constraints, upgrade our systems as needed, and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology, our business, 34 34 34 34 34 34 --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "•our ability to hire and retain employees, in particular, those responsible for operations and maintenance of and the selling or marketing of our platforms, and develop and retain talented sales personnel who are able to achieve desired productivity levels in a reasonable period of time and provide sales leadership in areas in which we are expanding our sales and marketing efforts; •the amount and timing of our stock-based compensation expenses; •the amount and timing of employer payroll taxes related to stock-based compensation resulting from increases in our stock price; •changes in the way we organize and compensate our employees; •changes in the way we operate and maintain our platforms; •unforeseen negative results in operations from our partnerships; •changes in the competitive dynamics of our industry; •the cost of and potential outcomes of existing and future claims or litigation, which could have a material adverse effect on our business; •changes in laws and regulations that impact our business, such as the FASA or the European Union ("EU") AI Act ("EU AIA"); •indemnification payments to our customers or other third parties; •ability to scale our business with increasing demands; •the timing of expenses related to any future acquisitions; and •general economic, regulatory, and market conditions, including the impacts of ongoing conflicts, such as those in Russia-Ukraine, and Israel and the broader Middle East, and any related economic sanctions and regional instability, fluctuating interest rates, monetary policy changes, foreign currency fluctuations, or the potential or actual imposition of tariffs or other impacts on trade relations." - Updated: "The variability and unpredictability of our quarterly results of operations, cash flows, or other operating metrics could result in our failure to meet our expectations or those of analysts that cover us or investors with respect to revenue or other key metrics for a particular period." **Prior (2025):** customer billing and payment varies from contract to contract. A delay in the timing of receipt of such collections, or a default on a large contract, may negatively impact our liquidity for the period and in the future. Because a substantial portion of our expenses are relatively fixed in the short term and require time to adjust, our results of operations and liquidity would suffer if revenue fell below our expectations in a particular period. Other factors that may cause fluctuations in our quarterly results of operations and financial position include, without limitation, those listed below: •the success of our sales and marketing efforts, including the success of our pilot deployments (including bootcamps); •our ability to increase our contribution margins; •the timing of expenses and revenue recognition, including from changes in accounting assumptions or estimates; •the timing and amount of payments received from our customers; •termination of one or more large contracts by customers, including for convenience; •the time and cost-intensive nature of our sales efforts and the length and variability of sales cycles; •the amount and timing of operating expenses related to the development, maintenance, and expansion of our business and operations; •the timing and effectiveness of new sales and marketing initiatives; •changes in our pricing policies or those of our competitors; •the timing and success of new platforms, products, features, and functionality introduced by us or our competitors; •interruptions or delays in our operations and maintenance ("O&M") services; •cyberattacks and other actual or perceived data or security breaches or incidents; •our ability to hire and retain employees, in particular, those responsible for operations and maintenance of and the selling or marketing of our platforms, and develop and retain talented sales personnel who are able to achieve desired productivity levels in a reasonable period of time and provide sales leadership in areas in which we are expanding our sales and marketing efforts; •the amount and timing of our stock-based compensation expenses; •the amount and timing of employer payroll taxes related to stock-based compensation resulting from increases in our stock price; •changes in the way we organize and compensate our employees; •changes in the way we operate and maintain our platforms; •unforeseen negative results in operations from our partnerships; •changes in the competitive dynamics of our industry; •the cost of and potential outcomes of existing and future claims or litigation, which could have a material adverse effect on our business; •changes in laws and regulations that impact our business, such as the FASA or the European Union ("EU") AI Act ("EU AIA"); •indemnification payments to our customers or other third parties; •ability to scale our business with increasing demands; •the timing of expenses related to any future acquisitions; and •general economic, regulatory, and market conditions, including the impacts of ongoing conflicts, such as those in Russia-Ukraine and Israel, and any related economic sanctions and regional instability, heightened interest rates, monetary policy changes, or foreign currency fluctuations. In addition, many of our contracts contain termination for convenience provisions, and we may be obligated to repay prepaid amounts or otherwise not realize anticipated future revenue should we fail to provide products or future services as anticipated. These factors make it difficult for us to accurately predict financial metrics for any particular period. The variability and unpredictability of our quarterly results of operations, cash flows, or other operating metrics could result in our failure to meet our expectations or those of analysts that cover us or investors with respect to revenue or other key metrics 16 16 16 **Current (2026):** •our ability to hire and retain employees, in particular, those responsible for operations and maintenance of and the selling or marketing of our platforms, and develop and retain talented sales personnel who are able to achieve desired productivity levels in a reasonable period of time and provide sales leadership in areas in which we are expanding our sales and marketing efforts; •the amount and timing of our stock-based compensation expenses; •the amount and timing of employer payroll taxes related to stock-based compensation resulting from increases in our stock price; •changes in the way we organize and compensate our employees; •changes in the way we operate and maintain our platforms; •unforeseen negative results in operations from our partnerships; •changes in the competitive dynamics of our industry; •the cost of and potential outcomes of existing and future claims or litigation, which could have a material adverse effect on our business; •changes in laws and regulations that impact our business, such as the FASA or the European Union ("EU") AI Act ("EU AIA"); •indemnification payments to our customers or other third parties; •ability to scale our business with increasing demands; •the timing of expenses related to any future acquisitions; and •general economic, regulatory, and market conditions, including the impacts of ongoing conflicts, such as those in Russia-Ukraine, and Israel and the broader Middle East, and any related economic sanctions and regional instability, fluctuating interest rates, monetary policy changes, foreign currency fluctuations, or the potential or actual imposition of tariffs or other impacts on trade relations. In addition, many of our contracts contain termination for convenience provisions, and we may be obligated to repay prepaid amounts or otherwise not realize anticipated future revenue should we fail to provide products or future services as anticipated. These factors make it difficult for us to accurately predict financial metrics for any particular period. The variability and unpredictability of our quarterly results of operations, cash flows, or other operating metrics could result in our failure to meet our expectations or those of analysts that cover us or investors with respect to revenue or other key metrics for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the trading price of our Class A common stock could fall, and we could face costly lawsuits. We and certain of our officers and directors were sued in purported class action lawsuits and derivative lawsuits, which could result in substantial costs and a diversion of our management's attention and resources. For additional information see Note 8. Commitments and Contingencies in our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. --- ## Modified Risk: In the future, we may not be able to secure the financing necessary to operate and grow our business as planned, or to make acquisitions. **Key changes:** - Removed: "Historically, we have funded our operations and capital expenditures primarily through cash flows from operations, equity issuances, and proceeds from option exercises." - Removed: "Although we currently anticipate that our cash flows generated from operations, available funds, and access to financing sources, including our undrawn credit facility, will be sufficient to meet our cash needs for at least the next twelve months, we may require additional financing, and we may not be able to obtain debt or equity financing on favorable terms, if at all." - Removed: "If we raise equity financing to fund operations or on an opportunistic basis, our stockholders may experience significant dilution of their ownership interests." - Removed: "Additionally, tightening of the credit markets and high interest rates continue to negatively impact the capital raising environment." - Removed: "If adequate funds are not available on acceptable terms, or at all, we may be unable to, among other things: •develop new platforms, products, features, capabilities, and enhancements; •continue to expand our product development, sales, and marketing organizations; •recruit, hire, train, and retain employees; •respond to competitive pressures or unanticipated working capital requirements; or •pursue acquisitions or other growth or investment opportunities." **Prior (2025):** In the future, we may seek to raise or borrow additional funds to expand our product or business development efforts, make acquisitions or otherwise fund or grow our business and operations. Our existing revolving credit facility, as amended, matures in March 2027 and provides for total commitments of up to $500.0 million, all of which are undrawn as of the date of this Annual Report on Form 10-K. Any interest or facility payments are generally due and payable quarterly. Additional equity or debt financing may not be available on favorable terms, or at all. Historically, we have funded our operations and capital expenditures primarily through cash flows from operations, equity issuances, and proceeds from option exercises. Although we currently anticipate that our cash flows generated from operations, available funds, and access to financing sources, including our undrawn credit facility, will be sufficient to meet our cash needs for at least the next twelve months, we may require additional financing, and we may not be able to obtain debt or equity financing on favorable terms, if at all. If we raise equity financing to fund operations or on an opportunistic basis, our stockholders may experience significant dilution of their ownership interests. Additionally, tightening of the credit markets and high interest rates continue to negatively impact the capital raising environment. If adequate funds are not available on acceptable terms, or at all, we may be unable to, among other things: •develop new platforms, products, features, capabilities, and enhancements; •continue to expand our product development, sales, and marketing organizations; •recruit, hire, train, and retain employees; •respond to competitive pressures or unanticipated working capital requirements; or •pursue acquisitions or other growth or investment opportunities. Our inability to take any of these actions because adequate funds are not available on acceptable terms could have an adverse impact on our business, financial condition, results of operations, and growth prospects. 28 28 28 **Current (2026):** In the future, we may seek to raise or borrow additional funds to expand our product or business development efforts, make acquisitions or otherwise fund or grow our business and operations. Our existing revolving credit facility, as amended, matures in March 2027 and provides for total commitments of up to $500.0 million, all of which are undrawn as of the date of this Annual Report on Form 10-K. Any interest or facility payments are generally due and payable quarterly. Additional equity or debt financing may not be available on favorable terms, or at all. 28 28 28 28 28 28 --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "us or if they renew their contracts for shorter lengths or on other terms less favorable to us, our revenue may grow more slowly than expected or decline, and our business could suffer." **Prior (2025):** have expired. In addition, many of our customer contracts permit the customer to terminate their contracts with us with notice periods of varying lengths. If one or more of our customers terminate their contracts with us, whether for convenience, for default in the event of a breach by us, or for other reasons specified in our contracts, as applicable; if our customers elect not to renew their contracts with us; if our customers renew their contractual arrangements with us for shorter contract lengths or for a reduced scope; or if our customers otherwise seek to renegotiate terms of their existing agreements on terms less favorable to us, our business and results of operations could be adversely affected. This adverse impact would be even more pronounced for customers that represent a material portion of our revenue or business operations. Our ability to renew or expand our customer relationships may decrease or vary as a result of a number of factors, including our customers' satisfaction or dissatisfaction with our platforms and services, the frequency and severity of software and implementation errors, our platforms' reliability, our pricing, the effects of general economic conditions, competitive offerings or alternatives, or reductions in our customers' spending levels. If our customers do not renew or expand their agreements with us or if they renew their contracts for shorter lengths or on other terms less favorable to us, our revenue may grow more slowly than expected or decline, and our business could suffer. Our business, financial condition, and results of operations would also be adversely affected if we face difficulty collecting our accounts receivable from our customers or if we are required to refund customer deposits. Achieving renewal or expansion of deployments may require us to increasingly engage in sophisticated and costly sales efforts that may not result in additional sales. In addition, our customers' decisions to expand the deployment of our platforms depends on a number of factors, including general economic conditions, the functioning of our platforms, the ability of our employees to assist our customers in identifying new use cases, modernizing their data architectures, and achieving success with data-driven initiatives, and our customers' satisfaction with our services. If our efforts to expand within our existing customer base are not successful, our business may suffer. **Current (2026):** us or if they renew their contracts for shorter lengths or on other terms less favorable to us, our revenue may grow more slowly than expected or decline, and our business could suffer. Our business, financial condition, and results of operations would also be adversely affected if we face difficulty collecting our accounts receivable from our customers or if we are required to refund customer deposits. Achieving renewal or expansion of deployments may require us to increasingly engage in sophisticated and costly sales efforts that may not result in additional sales. In addition, our customers' decisions to expand the deployment of our platforms depends on a number of factors, including general economic conditions, the functioning of our platforms, the ability of our employees to assist our customers in identifying new use cases, modernizing their data architectures, and achieving success with data-driven initiatives, and our customers' satisfaction with our services. If our efforts to expand within our existing customer base are not successful, our business may suffer. --- ## Modified Risk: Our reputation and business may be harmed by news or social media coverage or other external scrutiny of Palantir or our leadership. **Key changes:** - Updated: "As our business has grown and as interest in Palantir and the technology industry overall has increased and we have engaged more actively with media and marketing efforts, we have attracted, and may continue to attract, significant attention from news and social media outlets, including unfavorable coverage and coverage that is not directly attributable to statements authorized by our leadership, that incorrectly reports on statements made by our leadership or employees and the nature of our work, that perpetuates unfounded speculation about company involvements, or that is otherwise misleading." - Removed: "Our relationships with government customers and customers that are engaged in certain sensitive industries, including organizations whose products or activities are or are perceived to be harmful, has resulted in public criticism, including from political and social activists, and unfavorable coverage in the media." - Removed: "Activists have also engaged in public protests at our properties." - Removed: "Activist criticism of our relationships with customers could potentially engender dissatisfaction among potential and existing customers, investors, and employees with how we address political and social concerns in our business activities." - Removed: "Conversely, being perceived as yielding to activism targeted at certain customers could damage our relationships with certain customers, including governments and government agencies with which we do business, whose views may or may not be aligned with those of political and social activists." **Prior (2025):** Publicly available information regarding Palantir has historically been limited, in part due to the sensitivity of our work with customers or contractual requirements limiting or preventing public disclosure of certain aspects of our work or relationships with certain customers. As our business has grown and as interest in Palantir and the technology industry overall has increased and we have engaged more actively with media and marketing efforts, we have attracted, and may continue to attract, significant attention from news and social media outlets, including unfavorable coverage and coverage that is not directly attributable to statements authorized by our leadership, that incorrectly reports on statements made by our leadership or employees and the nature of our work, perpetuates unfounded speculation about company involvements, or that is otherwise misleading. If such news or social media coverage presents, or relies on, inaccurate, misleading, incomplete, or otherwise damaging information regarding Palantir or our leadership, such coverage could damage our reputation in the industry and with current and potential customers, employees, and investors, and our business, financial condition, results of operations, and growth prospects could be adversely affected. Due to the sensitive nature of our work and our confidentiality obligations and despite our ongoing efforts to provide increased transparency into our business, operations, and product capabilities, we may be unable to or limited in our ability to respond to such harmful coverage, which could have a negative impact on our business. Our relationships with government customers and customers that are engaged in certain sensitive industries, including organizations whose products or activities are or are perceived to be harmful, has resulted in public criticism, including from political and social activists, and unfavorable coverage in the media. Activists have also engaged in public protests at our properties. Activist criticism of our relationships with customers could potentially engender dissatisfaction among potential and existing customers, investors, and employees with how we address political and social concerns in our business activities. Conversely, being perceived as yielding to activism targeted at certain customers could damage our relationships with certain customers, including governments and government agencies with which we do business, whose views may or may not be aligned with those of political and social activists. Actions we take in response to the activities of our customers, up to and including terminating our contracts or refusing a particular product use case could harm our brand and reputation. In either case, the resulting harm to our reputation could: •cause certain customers to cease doing business with us; •impair our ability to attract new customers, or to expand our relationships with existing customers; •diminish our ability to recruit, hire, or retain employees; 22 22 22 **Current (2026):** Publicly available information regarding Palantir has historically been limited, in part due to the sensitivity of our work with customers or contractual requirements limiting or preventing public disclosure of certain aspects of our work or relationships with certain customers. As our business has grown and as interest in Palantir and the technology industry overall has increased and we have engaged more actively with media and marketing efforts, we have attracted, and may continue to attract, significant attention from news and social media outlets, including unfavorable coverage and coverage that is not directly attributable to statements authorized by our leadership, that incorrectly reports on statements made by our leadership or employees and the nature of our work, that perpetuates unfounded speculation about company involvements, or that is otherwise misleading. If such news or social media coverage presents, or relies on, inaccurate, misleading, incomplete, or otherwise damaging information regarding Palantir or our leadership, such coverage could damage our reputation in the industry and with current and potential customers, employees, and investors, and our business, financial condition, results of operations, and growth prospects could be adversely affected. Due to the sensitive nature of our work and our confidentiality obligations and despite our ongoing efforts to provide increased transparency into our business, operations, and product capabilities, we may be unable to or limited in our ability to respond to such harmful coverage, which could have a negative impact on our business. 19 19 19 19 19 19 --- ## Modified Risk: Our business is subject to complex and evolving U.S. and non-U.S. laws and regulations regarding privacy, data protection and security, technology protection, and other matters. Many of these laws and regulations are subject to change and uncertain interpretation, and could result in claims, changes to our business practices, monetary penalties, increased cost of operations, or otherwise harm our business. **Key changes:** - Updated: "For example, despite the EU's adoption of an adequacy decision for the EU-U.S." - Updated: "The CPRA went into effect on January 1, 2023 instilling enforcement authority in a new dedicated regulatory body, the California Privacy Protection Agency ("CPPA")." **Prior (2025):** We are subject to a variety of local, state, national, and international laws, directives, and regulations in the United States and abroad that involve matters central to our business, including privacy and data protection, data security, data storage, retention, transfer and deletion, technology protection, and personal information. International data protection, data security, privacy, and other laws and regulations can impose different obligations or be more restrictive than those in the United States. These U.S. federal and state and foreign laws and regulations, which, depending on the regime, may be enforced by private parties or government entities, are constantly evolving and can be subject to significant change, and they are likely to continue to develop and evolve for the foreseeable future. In addition, the application, interpretation, and enforcement of these laws and regulations are often uncertain, particularly in the new and rapidly evolving software and technology industry in which we operate, and may be interpreted and applied inconsistently from country to country and inconsistently with our current policies and practices. A number of proposals are pending before U.S. federal, state, and foreign legislative and regulatory bodies that could significantly affect our business. For example, despite recent developments including the EU's adoption of an adequacy decision for the EU-U.S. Data Privacy Framework, legal challenges to the mechanisms allowing companies to transfer personal data from the European Economic Area to certain other jurisdictions, including the United States, have occurred and new legal challenges could emerge, resulting in further limitations on the ability to transfer data across borders. The California state legislature passed the California Consumer Privacy Act ("CCPA") in 2018 and California voters approved a ballot measure establishing the California Privacy Rights Act ("CPRA") in 2020. The CCPA and CPRA regulate the processing of personal information of California residents and increase the privacy and security obligations of entities handling certain personal information of California residents, including requiring covered companies to provide disclosures to California consumers, and affording such consumers abilities to opt-out of certain sales of personal information. The CCPA went into effect on January 1, 2020, and the California Attorney General may bring enforcement actions, with penalties for violations of the CCPA. The CPRA went into effect on January 1, 2023 instilling enforcement authority in a new dedicated regulatory body, the California Privacy Protection Agency. While aspects of both the CCPA and CPRA and their interpretations remain to be determined in practice, we are committed to complying with their applicable obligations. More generally, some observers have noted the CCPA could mark the beginning of a trend toward more stringent privacy legislation in the United States, as observed with the subsequent adoption of state-level comprehensive consumer privacy legislation. For example, Connecticut, Virginia, Colorado and Utah each has enacted legislation similar to the CCPA and CPRA that took effect in 2023; Florida, Montana, Oregon, and Texas each has enacted similar legislation that took effect in 2024; Tennessee, Iowa, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, and Nebraska each has enacted similar legislation that have taken, or will take, effect in 2025; and Indiana, Kentucky, and Rhode Island each has enacted similar legislation that will become effective in 2026. We cannot yet fully assess the impact of these laws and other new laws or regulations on our business or operations, but developments regarding these and all privacy and data protection laws and regulations around the world may require us to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to maintain compliance on an ongoing basis. Outside of the United States, virtually every jurisdiction in which we operate has established its own legal framework relating to privacy, data protection, and information security matters with which we and/or our customers must comply. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, retention, disclosure, security, transfer, and other processing of data that identifies or may be used to identify or locate an individual. Some countries and regions, including the EU, are considering or have passed legislation that imposes significant obligations in connection with privacy, data protection, and information security that could increase the cost and complexity of delivering our platforms and services, including the GDPR which took effect in May 2018. Complying with the GDPR or other data protection laws, directives, and regulations as they emerge may cause us to incur substantial operational costs or require us to modify our data handling practices on an ongoing basis. Non-compliance with the GDPR specifically may result in administrative fines or monetary penalties of up to 4% of worldwide annual revenue in the preceding financial year or €20 million (whichever is higher) for the most serious infringements, and could result in proceedings against us by governmental entities or other related parties and may otherwise adversely impact our business, financial condition, and results of operations. Additionally, post-Brexit updates to United Kingdom ("U.K.") data protection laws and regulations, while largely conforming to EU GDPR standards paving the way for a 2021 European Commission adequacy determination for export of personal data from the European Economic Area to the U.K., may change over time as the U.K. and its regulator, the Information Commissioner's Office, continue to examine its global market standing, and a formal sunset clause will necessitate a reassessment and renegotiated terms to carry the determination beyond June 2025. Modifications in the standards for valid data transfer to the U.S. from the U.K., the EU, Switzerland, and other countries using standard contractual clauses or similar mechanisms may further require us to change our product and business practices, as well as to update client agreements in ways that introduce additional costs to our business. The overarching complexity of laws and regulations relating to privacy, data protection, and information security around the world pose a compliance challenge that could manifest in costs, damages, or liability in other forms as a result of failure to implement proper programmatic controls, failure to adhere to those controls or to the commitments we make, or the malicious 39 39 39 **Current (2026):** We are subject to a variety of local, state, national, and international laws, directives, and regulations in the United States and abroad that involve matters central to our business, including privacy and data protection, data security, data storage, retention, transfer and deletion, technology protection, and personal information. International data protection, data security, privacy, and other laws and regulations can impose different obligations or be more restrictive than those in the United States. These U.S. federal and state and foreign laws and regulations, which, depending on the regime, may be enforced by private parties or government entities, are constantly evolving and can be subject to significant change, and they are likely to continue to develop and evolve for the foreseeable future. In addition, the application, interpretation, and enforcement of these laws and regulations are often uncertain, particularly in the new and rapidly evolving software and technology industry in which we operate, and may be interpreted and applied inconsistently from country to country and inconsistently with our current policies and practices. A number of proposals are pending before U.S. federal, state, and foreign legislative and regulatory bodies that could significantly affect our business. For example, despite the EU's adoption of an adequacy decision for the EU-U.S. Data Privacy Framework, legal challenges to the mechanisms allowing companies to transfer personal data from the European Economic Area to certain other jurisdictions, including the United States, have occurred and new legal challenges could emerge, resulting in further limitations on the ability to transfer data across borders. The California state legislature passed the California Consumer Privacy Act ("CCPA") in 2018 and California voters approved a ballot measure establishing the California Privacy Rights Act ("CPRA") in 2020. The CCPA and CPRA regulate the processing of personal information of California residents and increase the privacy and security obligations of entities handling certain personal information of California residents, including requiring covered companies to provide disclosures to California consumers, and affording such consumers abilities to opt-out of certain sales of personal information. The CCPA went into effect on January 1, 2020, and the California Attorney General may bring enforcement actions, with penalties for violations of the CCPA. The CPRA went into effect on January 1, 2023 instilling enforcement authority in a new dedicated regulatory body, the California Privacy Protection Agency ("CPPA"). In September 2025, the CPPA finalized regulations expanding compliance obligations under the CCPA, implementing requirements for businesses to conduct risk assessments and annual cybersecurity audits, as well as consumer rights related to automated decision-making technology, with compliance deadlines phased between January 2026 and April 2030. The CCPA's enactment and further expansion has marked the beginning of a trend toward more stringent privacy legislation in the United States, as observed with the expanding adoption of state-level comprehensive consumer privacy legislation. As of 2025, twenty states have enacted comprehensive consumer privacy laws, and several states have enacted significant amendments expanding coverage or enhancing enforcement authority. An additional three states, Indiana, Kentucky, and Rhode Island, each have enacted legislation that will become effective in 2026. Additionally, states have adopted other laws and regulations relating to privacy and cybersecurity such as Washington's My Health My Data Act, which includes a private right of action and applies broadly to consumer health data outside of the scope of the Health Insurance Portability and Accountability Act, and Nevada's Senate Bill No. 370, which imposes similar health data privacy legislation. 39 39 39 39 39 39 --- ## Modified Risk: We may face exposure to foreign currency exchange rate fluctuations. **Key changes:** - Updated: "Our results of operations and cash flows are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, Japanese yen ("JPY"), and British pound sterling ("GBP")." - Updated: "Fluctuations in the value of foreign currencies have resulted, and could continue to result, in the dollar equivalent of our revenues being lower, result in increased expenses for our non-U.S." **Prior (2025):** to continue to grow in the near term and we are continually monitoring our foreign currency exposure to determine if we should consider a hedging program. Today, our non-U.S. contracts are denominated in either U.S. dollars or local currency, while our non-U.S. operating expenses are often denominated in local currencies. However, as we expand our non-U.S. operations, a larger portion of our operating expenses may be denominated in local currencies and we may also hold monetary assets and liabilities in currencies other than the respective subsidiaries' functional currency. Volatility in exchange rates and global financial markets is expected to continue due to political and economic uncertainty globally. When the U.S. dollar strengthens compared to other currencies, it generally increases the real cost of our platforms to our customers outside of the United States, which could reduce demand for our platforms and adversely affect our financial condition and results of operations. Continued increases in the value of the U.S. dollar and decreases in the value of foreign currencies could result in the dollar equivalent of our revenues being lower, result in increased expenses for our non-U.S. operations, or otherwise impact our financial condition and results of operations. **Current (2026):** Our results of operations and cash flows are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, Japanese yen ("JPY"), and British pound sterling ("GBP"). We expect our non-U.S. operations to continue to grow in the near term and we are continually monitoring our foreign currency exposure to determine if we should consider a hedging program. Today, our non-U.S. contracts are denominated in either U.S. dollars or local currency, while our non-U.S. operating expenses are often denominated in local currencies. However, as we expand our non-U.S. operations, a larger portion of our operating expenses may be denominated in local currencies and we may also hold monetary assets and liabilities in currencies other than the respective subsidiaries' functional currency. Volatility in exchange rates and global financial markets is expected to continue due to political and economic uncertainty globally. When the U.S. dollar strengthens compared to other currencies, it generally increases the real cost of our platforms to our customers outside of the United States, which could reduce demand for our platforms and adversely affect our financial condition and results of operations. Fluctuations in the value of foreign currencies have resulted, and could continue to result, in the dollar equivalent of our revenues being lower, result in increased expenses for our non-U.S. operations, or otherwise impact our financial condition and results of operations. 60 60 60 60 60 60 --- ## Modified Risk: Table of Contents **Key changes:** - Removed: "Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business." - Removed: "Further, we have identified in the past, and may identify in the future, deficiencies in our controls." - Removed: "Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods." - Removed: "Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports." - Removed: "Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which could have a negative effect on the trading price of our Class A common stock." **Prior (2025):** Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, we have identified in the past, and may identify in the future, deficiencies in our controls. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which could have a negative effect on the trading price of our Class A common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on Nasdaq. We are required to annually comply with the SEC rules that implement Section 404 of the Sarbanes-Oxley Act and are therefore required to make a formal assessment of the effectiveness of our internal control over financial reporting for that purpose. Our independent registered public accounting firm must also formally attest to the effectiveness of our internal control over financial reporting annually. Any failure to maintain effective disclosure controls and internal control over financial reporting could have an adverse effect on our business, financial condition and results of operations and could cause a decline in the market price of our Class A common stock. **Current (2026):** Our independent registered public accounting firm must also formally attest to the effectiveness of our internal control over financial reporting annually. Any failure to maintain effective disclosure controls and internal control over financial reporting could have an adverse effect on our business, financial condition and results of operations and could cause a decline in the market price of our Class A common stock. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "hire additional employees, expand into new markets, invest in research and development, invest in sales and marketing, lease more real estate to accommodate our anticipated future growth, and incur costs associated with general administration, including expenses related to being a public company, we expect that our costs of revenue and operating expenses will continue to increase." - Updated: "Though we have integrated shorter, more cost-effective programs such as bootcamps, these initial deployments (including bootcamps) may result in no or minimal future revenue." **Prior (2025):** Although we have achieved profitability in accordance with U.S. generally accepted accounting principles ("GAAP") in recent quarters, we incurred net losses in each period from our inception through the third quarter of 2022. We may not maintain profitability in future periods or, if we are profitable, we may not fully achieve our profitability targets. In addition, while we remain focused on operating efficiently, we anticipate that our operating expenses will continue to increase in the future. As we continue to expand our business, industry verticals, and the breadth of our operations, upgrade our infrastructure, hire additional employees, expand into new markets, invest in research and development, invest in sales and marketing, including expanding our sales organization and related sales-based payments that may come with such expansion, lease more real estate to accommodate our anticipated future growth, and incur costs associated with general administration, including expenses related to being a public company, we expect that our costs of revenue and operating expenses will continue to increase. To the extent we are successful in increasing our customer base, we may also incur increased expenses or losses because the costs associated with acquiring and growing our customers and with research and development are generally incurred upfront, while our revenue from customer contracts is generally recognized over the contract term. Furthermore, our sales model has historically required us to spend months and invest significant resources working with customers on pilot deployments at no or low cost to them. Though we have begun to integrate shorter, more cost-effective programs such as bootcamps, these initial deployments (including bootcamps) may result in no or minimal future revenue. We may also encounter unforeseen or unpredictable factors, including adverse macroeconomic conditions, unforeseen operating expenses, or other complications or delays, which may result in increased costs, or cause us to generate less revenue from our customers than we anticipated. We may not be able to continue to increase our revenue at a rate sufficient to offset increases in our costs of revenue and operating expenses in the near term or at all, which would prevent us from maintaining profitability in the future. Any failure by us to maintain or increase profitability in the future or achieve our profitability targets could adversely affect our business, financial condition, and results of operations. **Current (2026):** hire additional employees, expand into new markets, invest in research and development, invest in sales and marketing, lease more real estate to accommodate our anticipated future growth, and incur costs associated with general administration, including expenses related to being a public company, we expect that our costs of revenue and operating expenses will continue to increase. To the extent we are successful in increasing our customer base, we may also incur increased expenses or losses because the costs associated with acquiring and growing our customers and with research and development are generally incurred upfront, while our revenue from customer contracts is generally recognized over the contract term. Furthermore, our sales model has historically required us to spend months and invest significant resources working with customers on pilot deployments at no or low cost to them. Though we have integrated shorter, more cost-effective programs such as bootcamps, these initial deployments (including bootcamps) may result in no or minimal future revenue. We may also encounter unforeseen or unpredictable factors, including adverse macroeconomic conditions, unforeseen operating expenses, or other complications or delays, which may result in increased costs, or cause us to generate less revenue from our customers than we anticipated. We may not be able to continue to increase our revenue at a rate sufficient to offset increases in our costs of revenue and operating expenses in the near term or at all, which would prevent us from maintaining profitability in the future. Any failure by us to maintain or increase profitability in the future or achieve our profitability targets could adversely affect our business, financial condition, and results of operations. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "Our ability to sell or transfer, or realize value from noncash consideration and our investments may be limited by applicable securities laws and regulations, including the requirement that offers or sales of securities must be registered with the SEC pursuant to applicable laws or qualify for an exemption from such registration, and our ability to liquidate and realize value from our equity securities may be negatively and materially impacted by any delays or limitations on our ability to offer, sell, or transfer such equity securities." - Updated: "As of December 31, 2025, the cumulative amount of revenue recognized from Strategic Commercial Contracts was $321.5 million, of which $15.3 million was recognized by us during the fiscal year ended December 31, 2025." **Prior (2025):** them, which has negatively impacted, and may continue to negatively impact, our expected revenue and collections. These companies are generally engaged in businesses that involve novel and unproven technologies, products, and services and such companies have been, and may continue to be, unable to perform all or some of their obligations under any commercial contracts that we enter into with them in a timely manner or at all. For example, some of our early-stage Investee customers filed for bankruptcy or terminated their contracts with us, and the remaining value of the commercial contracts with such customers that is not expected to be recognized as revenue has been excluded from the total value of Strategic Commercial Contracts above. As of December 31, 2024, the cumulative amount of revenue recognized from Strategic Commercial Contracts was $306.2 million, of which $52.3 million was recognized by us during the fiscal year ended December 31, 2024. The occurrence of any of these risks could have a material adverse effect on our business, results of operations, and financial condition. Moreover, we cannot assure you that we would not be exposed to unknown liabilities. **Current (2026):** companies. Our ability to sell or transfer, or realize value from noncash consideration and our investments may be limited by applicable securities laws and regulations, including the requirement that offers or sales of securities must be registered with the SEC pursuant to applicable laws or qualify for an exemption from such registration, and our ability to liquidate and realize value from our equity securities may be negatively and materially impacted by any delays or limitations on our ability to offer, sell, or transfer such equity securities. In addition, certain of our equity securities are speculative in nature and may be volatile or decline in value or be entirely lost. We have realized, and may continue to realize, losses related to these equity securities, which could have a negative impact on our future financial position, results of operations, earnings per share, and cash flows. Additionally, in connection with approving and signing the Investment Agreements, we and each Investee or an associated entity entered into a commercial contract for access to our products and services (collectively, the "Strategic Commercial Contracts"). The total value of Strategic Commercial Contracts, which is calculated as the sum of the cumulative revenue recognized from Strategic Commercial Contracts and the remaining deal value of such contracts, was $326.1 million, with no remaining contractual options, as of December 31, 2025. When determining the total value of these Strategic Commercial Contracts, we assess customers' financial condition, including the consideration of their ability and intention to pay, and whether all or some portion of the value of the contracts continue to meet the criteria for revenue recognition, among other factors. Certain companies with which we have entered into commercial contracts have been, and may continue to be, unable to generate sufficient revenues or profitability or to access any necessary financing or funding in a timely manner or on favorable terms to them, which has negatively impacted, and may continue to negatively impact, our expected revenue and collections. These companies are generally engaged in businesses that involve novel and unproven technologies, products, and services and such companies have been, and may continue to be, unable to perform all or some of their obligations under any commercial contracts that we enter into with them in a timely manner or at all. For example, some of our early-stage Investee customers filed for bankruptcy or terminated their contracts with us, and the remaining value of the commercial contracts with such customers that is not expected to be recognized as revenue has been excluded from the total value of Strategic Commercial Contracts above. As of December 31, 2025, the cumulative amount of revenue recognized from Strategic Commercial Contracts was $321.5 million, of which $15.3 million was recognized by us during the fiscal year ended December 31, 2025. The occurrence of any of these risks could have a material adverse effect on our business, results of operations, and financial condition. Moreover, we cannot assure you that we would not be exposed to unknown liabilities. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "We have entered into and may continue to enter into, in limited circumstances, unique contractual, pricing, and payment arrangements with our customers, including some that may be outside of our typical scope of business, including arrangements relating to the receipt of noncash consideration." **Prior (2025):** noncash consideration we have received, or may receive in the future, in a timely manner or at all, may be limited by, among other things, applicable securities law and regulations, and global market and macroeconomic conditions, which could adversely impact our business, financial condition, cash flows, and results of operations. **Current (2026):** We have entered into and may continue to enter into, in limited circumstances, unique contractual, pricing, and payment arrangements with our customers, including some that may be outside of our typical scope of business, including arrangements relating to the receipt of noncash consideration. Our ability to sell or transfer, convert to cash, or realize value from, any noncash consideration we have received, or may receive in the future, in a timely manner or at all, may be limited by, among other things, applicable securities law and regulations, and global market and macroeconomic conditions, which could adversely impact our business, financial condition, cash flows, and results of operations. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "financial condition, and results of operations could be adversely affected." **Prior (2025):** customers could be impaired until equivalent services or technology, if available, are identified, procured, and implemented, all of which may take significant time and resources, increase our costs, and could adversely affect our business. Many of these third-party providers attempt to impose limitations on their liability for such errors, disruptions, defects, performance deficiencies, or failures, and if enforceable, we may have additional liability to our customers which may not be compensated by our third-party providers which are responsible for the liability. We have experienced, and may in the future experience, disruptions, failures, data loss, corruption, unavailability, outages, and other performance problems with our infrastructure or cloud-based offerings due to a variety of factors, which have included or may in the future include infrastructure changes, introductions of new functionality, human or software errors, employee misconduct, capacity constraints, denial of service attacks, phishing attacks, computer viruses, ransomware, and other malicious or destructive code, or other security-related incidents, and our disaster recovery planning may not be sufficient for all situations. If we experience disruptions, failures, data loss, outages, or other performance problems, our business, financial condition, and results of operations could be adversely affected. Our systems and the third-party systems upon which we and our customers rely are also vulnerable to damage or interruption from catastrophic occurrences such as earthquakes, floods, fires, power loss, telecommunication failures, cybersecurity threats, terrorist attacks, such as the conflict resulting from Hamas' attack on Israel, natural disasters, public health crises (such as the COVID-19 pandemic), geopolitical tensions such as those that may be caused by the ongoing Russia-Ukraine conflict, or acts of misconduct. Moreover, we have business operations in the San Francisco Bay Area, which is a seismically active region. Despite any precautions we may take, the occurrence of a catastrophic event or other unanticipated problems at our or our third-party vendors' hosting facilities, or within our systems or the systems of third parties upon which we rely, could result in interruptions, performance problems, or failure of our infrastructure, technology, or platforms, which may adversely impact our business. In addition, our ability to conduct normal business operations could be severely affected. In the event of significant physical damage to one of these facilities, it may take a significant period of time to achieve full resumption of our services, and our disaster recovery planning may not account for all eventualities. In addition, any negative publicity arising from these disruptions could harm our reputation and brand and adversely affect our business. Furthermore, our platforms are in many cases important or essential to our customers' operations, including in some cases, their cybersecurity or oversight and compliance programs, and subject to service level agreements ("SLAs"). Any interruption in our service, whether as a result of an internal or third-party issue, could damage our brand and reputation, cause our customers to terminate or not renew their contracts with us or decrease use of our platforms and services, require us to indemnify our customers against certain losses, result in our issuing credit or paying penalties or fines, subject us to other losses or liabilities, cause our platforms to be perceived as unreliable or unsecure, and prevent us from gaining new or additional business from current or future customers, any of which could harm our business, financial condition, and results of operations. Moreover, to the extent that we do not effectively address capacity constraints, upgrade our systems as needed, and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology, our business, financial condition, and results of operations could be adversely affected. The provisioning of additional cloud hosting capacity or upgrading technology, infrastructure, and software applications each require lead time and resources. AWS, Microsoft Azure, and other third parties have no obligation to renew their agreements with us on commercially reasonable terms, or at all. In addition, if we fail to meet the minimum usage commitments we have in place with third-party cloud hosting providers, we may be required to pay certain penalties or fees, including the difference between the minimum usage commitments and our actual usage, which could negatively affect our financial condition and results of operations. If AWS, Microsoft Azure, or other third parties increase pricing terms, terminate or seek to terminate our contractual relationship, establish more favorable relationships with our competitors, change or interpret their terms of service or policies in a manner that is unfavorable to us, or fall out of favor with our customers who use our cloud-based services, we may be required to transfer to other cloud providers or invest in a private cloud. If we are required to transfer to other cloud providers or invest in a private cloud, we could incur significant costs and experience possible service interruption in connection with doing so, or risk loss of customer contracts if they are unwilling to accept such a change. A failure to maintain our relationships with our third-party providers (or obtain adequate replacements), and to receive services from such providers that do not contain any material errors or defects, could adversely affect our ability to deliver effective products and solutions to our customers and adversely affect our business and results of operations. **Current (2026):** financial condition, and results of operations could be adversely affected. The provisioning of additional cloud hosting capacity or upgrading technology, infrastructure, and software applications each require lead time and resources. AWS, Microsoft Azure, and other third parties have no obligation to renew their agreements with us on commercially reasonable terms, or at all. In addition, if we fail to meet the minimum usage commitments we have in place with third-party cloud hosting providers, we may be required to pay certain penalties or fees, including the difference between the minimum usage commitments and our actual usage, which could negatively affect our financial condition and results of operations. If AWS, Microsoft Azure, or other third parties increase pricing terms, terminate or seek to terminate our contractual relationship, establish more favorable relationships with our competitors, change or interpret their terms of service or policies in a manner that is unfavorable to us, or fall out of favor with our customers who use our cloud-based services, we may be required to transfer to other cloud providers or invest in a private cloud. If we are required to transfer to other cloud providers or invest in a private cloud, we could incur significant costs and experience possible service interruption in connection with doing so, or risk loss of customer contracts if they are unwilling to accept such a change. A failure to maintain our relationships with our third-party providers (or obtain adequate replacements), and to receive services from such providers that do not contain any material errors or defects, could adversely affect our ability to deliver effective products and solutions to our customers and adversely affect our business and results of operations. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "applications do issue as patents, they may not issue in a form that is sufficiently broad to protect our technology, prevent competitors or other third parties from competing with us or otherwise provide us with any competitive advantage." **Prior (2025):** protecting our intellectual property or other proprietary rights may be outweighed by the expense or distraction to our management. We may initiate claims or litigation against third parties for infringement, misappropriation, or other violation of our intellectual property or other proprietary rights or to establish the validity of our intellectual property or other proprietary rights. Any such litigation, whether or not it is resolved in our favor, could be time-consuming, result in significant expense to us and divert the efforts of our technical and management personnel. Furthermore, attempts to enforce our intellectual property rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us, or result in a holding that invalidates or narrows the scope of our rights, in whole or in part. **Current (2026):** applications do issue as patents, they may not issue in a form that is sufficiently broad to protect our technology, prevent competitors or other third parties from competing with us or otherwise provide us with any competitive advantage. Even if our patents issue in a form that covers our technology, enforcing patents against suspected infringers is time consuming, expensive, and involves risks associated with litigation, including the risk the suspected infringers file counterclaims against us. In addition, any of our patents, copyrights, trademarks, or other intellectual property or proprietary rights may be challenged, narrowed, invalidated, held unenforceable, or circumvented in litigation or other proceedings, including, where applicable, opposition, re-examination, inter partes review, post-grant review, interference, nullification and derivation proceedings, and equivalent proceedings in foreign jurisdictions, and such intellectual property or other proprietary rights may be lost or no longer provide us meaningful competitive advantages. Such proceedings may result in substantial cost and require significant time from our management, even if the eventual outcome is favorable to us. Third parties also may legitimately and independently develop products, services, and technology similar to or duplicative of our platforms. In addition to protection under intellectual property laws, we rely on confidentiality or license agreements that we generally enter into with our corporate partners, employees, consultants, advisors, vendors, and customers, and generally limit access to and distribution of our proprietary information. However, we cannot be certain that we have entered into such agreements with all parties who may have or have had access to our confidential information or that the agreements we have entered into will not be breached or challenged, or that such breaches will be detected. Furthermore, non-disclosure provisions can be difficult to enforce, and even if successfully enforced, may not be entirely effective. Additionally, as more information about us and our platforms is made or becomes publicly available, it may be more difficult to manage actions by third parties with respect to, or other use of, such information. We cannot guarantee that any of the measures we have taken will prevent infringement, misappropriation, or other violation of our technology or other intellectual property or proprietary rights. Because we may be an attractive target for cyberattacks and espionage, we also may have a heightened risk of unauthorized access to, and misappropriation of, our proprietary and competitively sensitive information. We may be required to spend significant resources to monitor and protect our intellectual property and other proprietary rights, and we may conclude that in at least some instances the benefits of protecting our intellectual property or other proprietary rights may be outweighed by the expense or distraction to our management. We have initiated, and may in the future initiate, claims or litigation against third parties for infringement, misappropriation, or other violation of our intellectual property or other proprietary rights or to establish the validity of our intellectual property or other proprietary rights. Any such litigation, whether or not it is resolved in our favor, could be time-consuming, result in significant expense to us and divert the efforts of our technical and management personnel. Furthermore, attempts to enforce our intellectual property rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us, or result in a holding that invalidates or narrows the scope of our rights, in whole or in part. --- ## Modified Risk: If we are not successful in executing our sales strategy, our results of operations may suffer. **Key changes:** - Updated: "These risks include: •increased leverage held by large customers in negotiating contractual arrangements with us; •changes in key decision makers within these organizations that may negatively impact our ability to negotiate in the future; •customer IT departments may perceive that our platforms and services pose a threat to their internal control and advocate for legacy or internally developed solutions over our platforms; •resources may be spent on a potential customer that ultimately elects not to purchase our platforms and services; •challenges in successfully identifying, evaluating, and collaborating or teaming with one or more third-party partners or suppliers in order to jointly pursue, secure, and perform under large or complex customer contracts, including certain government procurement programs; •more stringent requirements in our service contracts, including stricter service response times, and increased penalties for any failure to meet service requirements; •increased competition from larger competitors, such as defense contractors, system integrators, or large software and service companies that traditionally target large enterprises and government entities and that may already have purchase commitments from those customers; and •less predictability in completing some of our sales than we do with smaller customers." **Prior (2025):** An important part of our growth strategy is to increase sales of our platforms to large enterprises and government entities. Sales to large enterprises and government entities involve risks that may not be present (or that are present to a lesser extent) with sales to small-to-mid-sized entities. These risks include: •increased leverage held by large customers in negotiating contractual arrangements with us; •changes in key decision makers within these organizations that may negatively impact our ability to negotiate in the future; 26 26 26 **Current (2026):** An important part of our growth strategy is to increase sales of our platforms to large enterprises and government entities. Sales to large enterprises and government entities involve risks that may not be present (or that are present to a lesser extent) with sales to small-to-mid-sized entities. These risks include: •increased leverage held by large customers in negotiating contractual arrangements with us; •changes in key decision makers within these organizations that may negatively impact our ability to negotiate in the future; •customer IT departments may perceive that our platforms and services pose a threat to their internal control and advocate for legacy or internally developed solutions over our platforms; •resources may be spent on a potential customer that ultimately elects not to purchase our platforms and services; •challenges in successfully identifying, evaluating, and collaborating or teaming with one or more third-party partners or suppliers in order to jointly pursue, secure, and perform under large or complex customer contracts, including certain government procurement programs; •more stringent requirements in our service contracts, including stricter service response times, and increased penalties for any failure to meet service requirements; •increased competition from larger competitors, such as defense contractors, system integrators, or large software and service companies that traditionally target large enterprises and government entities and that may already have purchase commitments from those customers; and •less predictability in completing some of our sales than we do with smaller customers. Large enterprises and government entities often undertake a significant evaluation process that results in a lengthy sales cycle, in some cases over twelve months, requiring approvals of multiple management personnel and more technical personnel than 27 27 27 27 27 27 --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "attract new customers could be negatively affected, our management's attention could be diverted, and our business, financial condition, and results of operations could be materially and adversely affected." **Prior (2025):** our existing general liability insurance coverage and coverage for cyber liability or errors or omissions will continue to be available on acceptable terms or will be available in sufficient amounts to cover one or more large claims or that the insurer will not deny coverage as to any future claim as a result of inapplicability of coverage or administrative or procedural issues. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could harm our financial condition. **Current (2026):** attract new customers could be negatively affected, our management's attention could be diverted, and our business, financial condition, and results of operations could be materially and adversely affected. Further, unauthorized access to our or our third-party vendors' information technology systems or data or other security breaches or incidents could result in the loss, corruption, or unavailability of information; significant remediation costs; litigation, disputes, regulatory action, or investigations that could result in damages, material fines, and penalties; indemnity obligations; interruptions in the operation of our business, including our ability to provide new product features, new platforms, or services to our customers; damage to our operation technology networks and information technology systems; and other liabilities. Moreover, our remediation efforts may not be successful. Any or all of these issues, or the perception that any of them have occurred, could negatively affect our ability to attract new customers, cause existing customers to terminate or not renew their agreements, hinder our ability to obtain and maintain required or desirable cybersecurity certifications, and result in reputational damage, any of which could materially adversely affect our results of operations, financial condition, and future prospects. There can be no assurance that any limitations of liability provisions in our license arrangements with customers or in our agreements with vendors, partners, or others would be enforceable, applicable, or adequate or would otherwise protect us from any such liabilities or damages with respect to any particular claim. We maintain cybersecurity insurance and other types of insurance, subject to applicable deductibles and policy limits, but our insurance may not be sufficient to cover all costs associated with a potential data security incident. We also cannot be sure that our existing general liability insurance coverage and coverage for cyber liability or errors or omissions will continue to be available on acceptable terms or will be available in sufficient amounts to cover one or more large claims or that the insurer will not deny coverage as to any future claim as a result of inapplicability of coverage or administrative or procedural issues. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could harm our financial condition. --- ## Modified Risk: Joint ventures, channel sales relationships, platform partnerships, and strategic alliances may have a material adverse effect on our business, results of operations and prospects. **Key changes:** - Updated: "We expect to continue to enter into joint ventures, channel sales relationships (including original equipment manufacturer and reseller relationships), platform partnerships, and strategic alliances (including teaming agreements) as part of our long-term business strategy." **Prior (2025):** We expect to continue to enter into joint ventures, channel sales relationships (including original equipment manufacturer and reseller relationships), platform partnerships, and strategic alliances (including teaming agreements) as part of our long-term 25 25 25 **Current (2026):** We expect to continue to enter into joint ventures, channel sales relationships (including original equipment manufacturer and reseller relationships), platform partnerships, and strategic alliances (including teaming agreements) as part of our long-term business strategy. Joint ventures, channel sales relationships, platform partnerships, strategic alliances, and other similar arrangements involve significant investments of both time and resources, and there can be no assurances that they will be successful. They may present significant challenges and risks, including that they may not advance our business strategy, we may get an unsatisfactory return on our investment or lose some or all of our investment, they may distract management and divert resources from our core business, including our business development and product development efforts, they may expose us to additional or unexpected liabilities, including as a result of partnering with entities in new or unfamiliar territories or markets, they may conflict with our sales hiring and direct sales strategy, or we may choose a partner that does not cooperate as we expect them to and that fails to meet its obligations or that has economic, business, or legal interests or goals that are inconsistent with ours. For example, in November 2019, we created a jointly controlled entity in Japan with SOMPO Holdings, Inc., in which we subsequently obtained a controlling interest in November 2022. For more information see Note 14. Business Combinations in the consolidated financial statements in our Annual Report on Form 10-K for the year ended December 31, 2023, which was filed with the SEC on February 20, 2024. We also created a jointly-owned entity in South Korea with HD Hyundai Co. Ltd. in December 2022 in which we have a controlling interest. We believe these arrangements offer our business strategic operational advantages within Japanese and Korean markets, but they also limit our ability to independently sell our platforms, provide certain services, engage certain customers, or compete in Japanese and Korean markets or related industry verticals, which in turn limits our opportunities for growth in Japan and Korea and, depending on the success of each respective entity, may negatively impact our results. Furthermore, since 2020, we have entered into channel sales relationships and strategic alliances with various global system integrators that we believe provide us with more diverse go-to-market 26 26 26 26 26 26 --- ## Modified Risk: Table of Contents **Key changes:** - Added: "productivity and availability of key personnel and other employees necessary to conduct our business; and on third-party service providers who perform critical services for us, or otherwise cause operational failures due to changes in our normal business practices." - Added: "Our success depends on our ability to effectively source and staff people with the right mix of skills and experience to perform services for our customers, including our ability to transition personnel to new assignments on a timely basis." - Added: "If we are unable to effectively utilize our personnel on a timely basis to fulfill the needs of our customers, our business could suffer." - Added: "Further, if we are not able to recruit, hire, or retain the talent we need because of increased regulation of immigration or work visas, including limitations placed on the number of visas granted, changes to application processes or fees, limitations on the type of work performed or location in which the work can be performed, and new or higher minimum salary requirements, it could be more difficult to staff our personnel on customer engagements and could increase our costs." - Added: "We face intense competition for qualified personnel, especially engineering personnel, in major U.S." **Prior (2025):** Volatility or lack of appreciation in the trading price of our Class A common stock may also affect our ability to attract and retain qualified personnel. Many of our senior personnel and other key personnel hold equity awards that have vested in part or are exercisable, which could adversely affect our ability to retain these personnel. Personnel may be more likely to leave us if the shares they own or the shares underlying their vested options, restricted stock units ("RSUs"), or other equity awards have significantly appreciated in value. In addition, many of our personnel may be able to receive significant proceeds from sales of our equity in the public markets, which may reduce their motivation to continue to work for us. Any of these factors could harm our business, financial condition, and results of operations. **Current (2026):** productivity and availability of key personnel and other employees necessary to conduct our business; and on third-party service providers who perform critical services for us, or otherwise cause operational failures due to changes in our normal business practices. Our success depends on our ability to effectively source and staff people with the right mix of skills and experience to perform services for our customers, including our ability to transition personnel to new assignments on a timely basis. If we are unable to effectively utilize our personnel on a timely basis to fulfill the needs of our customers, our business could suffer. Further, if we are not able to recruit, hire, or retain the talent we need because of increased regulation of immigration or work visas, including limitations placed on the number of visas granted, changes to application processes or fees, limitations on the type of work performed or location in which the work can be performed, and new or higher minimum salary requirements, it could be more difficult to staff our personnel on customer engagements and could increase our costs. We face intense competition for qualified personnel, especially engineering personnel, in major U.S. markets, where a large portion of our personnel are based, as well as in other non-U.S. markets where we have expanded or expect to expand our non-U.S. operations. We incur costs related to attracting, relocating, and retaining qualified personnel in these highly competitive markets, including leasing real estate in prime areas in these locations and compensation-related expenses. Further, many of the companies with which we compete for qualified personnel have greater resources than we have. If the perceived value of our equity awards declines, or if the mix of equity and cash compensation or the structure and terms of the compensation that we offer is less attractive than that of our competitors, it may adversely affect our ability to recruit and retain highly skilled personnel, and we may incur additional compensation-related expenses to successfully recruit and retain such personnel. Additionally, laws and regulations, such as restrictive immigration laws, may limit our ability to recruit outside of the United States. We seek to retain and motivate existing personnel through our compensation practices, company culture, and career development opportunities. If we fail to attract new personnel or to retain our current personnel, our business and operations could be harmed. Volatility or lack of appreciation in the trading price of our Class A common stock may also affect our ability to attract and retain qualified personnel. Many of our senior personnel and other key personnel hold equity awards that have vested in part or are exercisable, which could adversely affect our ability to retain these personnel. Personnel may be more likely to leave us if the shares they own or the shares underlying their vested options, restricted stock units ("RSUs"), or other equity awards have significantly appreciated in value. In addition, many of our personnel may be able to receive significant proceeds from sales of our equity in the public markets, which may reduce their motivation to continue to work for us. Any of these factors could harm our business, financial condition, and results of operations. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "to do business with a government could adversely impact, and could have a material adverse effect on, our business, results of operations, financial condition, public perception, and growth prospects." **Prior (2025):** comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, and termination of contracts and suspension or debarment from government contracting for a period of time with government agencies. Any such damages, penalties, disruption, or limitation in our ability to do business with a government could adversely impact, and could have a material adverse effect on, our business, results of operations, financial condition, public perception, and growth prospects. **Current (2026):** to do business with a government could adversely impact, and could have a material adverse effect on, our business, results of operations, financial condition, public perception, and growth prospects. --- ## Modified Risk: Table of Contents **Key changes:** - Updated: "requiring a facility security clearance could be terminated, either of which would have an adverse impact on our business, financial condition, and results of operations." **Prior (2025):** or terminate employment with us, then we may be unable to comply with relevant U.S. and international government agency requirements, or our customers requiring classified work could choose to terminate or decide not to renew one or more contracts requiring employees to obtain or maintain security clearances upon expiration. To the extent we are not able to obtain or maintain a facility security clearance, we may not be able to bid on or win new classified contracts, and existing contracts requiring a facility security clearance could be terminated, either of which would have an adverse impact on our business, financial condition, and results of operations. **Current (2026):** requiring a facility security clearance could be terminated, either of which would have an adverse impact on our business, financial condition, and results of operations. --- *Data sourced from SEC EDGAR. Last updated 2026-05-05.*