Snowflake Inc.: 10-K Risk Factor Changes

Our success depends in part on the continued services of our executive officers, as well as our other key employees in the areas of research and development and sales and marketing. From time to time, there may be changes in our executive management team or other key employees resulting from the hiring or departure of these personnel. Our executive officers and other key employees are employed on an at-will basis, which means that these personnel could terminate their employment with us at any time. For example, in February 2024, Frank Slootman retired as Chief Executive Officer and we appointed Sridhar Ramaswamy to replace him. The loss of one or more of our executive officers could harm morale, cause additional personnel to depart, or introduce operational delays or risks as successor executives learn our business, each of which could harm our operating results. In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially for engineers experienced in designing and developing cloud-based data platform products, including products with artificial intelligence capabilities and experienced sales, customer support, and professional services personnel. We also are dependent on the continued service of our existing software engineers because of the sophistication of our platform. 27 27 27 27 27 27 Table of Contents Table of Contents Table of Contents In order to continue to hire and retain highly qualified personnel, we will need to continue to hire in new locations around the world and manage return to work and remote working policies, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have and can provide higher compensation and benefits. In addition, we require the majority of our employees to work from a physical office, while certain of our competitors allow remote work environments. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. If the actual or perceived value of our equity awards declines or continues to experience significant volatility, or if our existing employees receive significant proceeds from liquidating their previously vested equity awards, it may adversely affect our ability to recruit and retain key employees. Furthermore, current and prospective employees may believe that their equity award offers have limited upside, and our competitors may be able to offer more appealing compensation packages. In order to retain our existing employees and manage potential attrition, including as a result of any stock price decreases and market volatility that impact the actual or perceived value of our equity awards, we may issue additional equity awards or provide our employees with increased cash compensation, which could negatively impact our results of operations and be dilutive to stockholders. Finally, if we hire employees from competitors or other companies, their former employers may attempt to assert that we or these employees have breached our or their legal obligations, resulting in a diversion of our time and resources. We also believe our culture has been a key contributor to our success to date and that the critical nature of the platform that we provide promotes a sense of greater purpose and fulfillment in our employees. As our workforce becomes larger and more distributed around the world, we may not be able to maintain important aspects of our culture. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects would be harmed.

Our success depends in part on the continued services of Frank Slootman, our Chairman and Chief Executive Officer, Michael P. Scarpelli, our Chief Financial Officer, and our other executive officers, as well as our other key employees in the areas of research and development and sales and marketing. From time to time, there may be changes in our executive management team or other key employees resulting from the hiring or departure of these personnel. Our executive officers and other key employees are employed on an at-will basis, which means that these personnel could terminate their employment with us at any time. The loss of one or more of our executive officers, or the failure by our executive team to effectively work with our employees and lead our company could harm our business. In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially for engineers experienced in designing and developing cloud-based data platform products, experienced sales professionals, and expert customer support personnel. We also are dependent on the continued service of our existing software engineers because of the sophistication of our platform. 26 26 26 26 26 26 Table of Contents Table of Contents Table of Contents In order to continue to hire and retain highly qualified personnel, we will need to continue to hire in new locations around the world and manage return to work and remote working policies, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have, and the acceptance by these companies of remote or hybrid work environments may increase the competition for talent. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. If the actual or perceived value of our equity awards declines or continues to experience significant volatility, or if our existing employees receive significant proceeds from liquidating their previously vested equity awards, it may adversely affect our ability to recruit and retain key employees. Furthermore, current and prospective employees may believe that their equity award offers have limited upside, and our competitors may be able to offer more appealing compensation packages. In order to retain our existing employees and manage potential attrition, including as a result of recent stock price decreases and continued market volatility that impact the actual or perceived value of our equity awards, we may issue additional equity awards or provide our employees with increased cash compensation, which could negatively impact our results of operations and be dilutive to stockholders. Finally, if we hire employees from competitors or other companies, their former employers may attempt to assert that we or these employees have breached our or their legal obligations, resulting in a diversion of our time and resources. We also believe our culture has been a key contributor to our success to date and that the critical nature of the platform that we provide promotes a sense of greater purpose and fulfillment in our employees. As our workforce becomes larger and more distributed around the world, we may not be able to maintain important aspects of our culture. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects would be harmed.

Our platform and the public cloud infrastructure on which our platform relies are vulnerable to damage or interruption from catastrophic events, such as earthquakes, floods, fires, power loss, telecommunication failures, cyber attacks, military conflict or war, terrorist attacks, criminal acts, sabotage, other intentional acts of vandalism and misconduct, geopolitical events, and epidemics or pandemics, such as the COVID-19 pandemic. Some of our U.S. corporate offices in which we operate and certain of the public cloud data centers on which our platform runs are located in the San Francisco Bay Area and Pacific Northwest, regions known for seismic activity. Despite any precautions we may take, the occurrence of a natural disaster or other unanticipated problems at our facilities or the facilities of our public cloud providers could result in disruptions, outages, and other performance and quality problems. Our customers are also subject to the risk of catastrophic events. If those events occur, demand for our platform may decrease. If we are unable to develop and maintain adequate plans to ensure that our business functions continue to operate during and after a catastrophic event and to execute successfully on those plans if such an event occurs, our business could be seriously harmed.

Our platform and the public cloud infrastructure on which our platform relies are vulnerable to damage or interruption from catastrophic events, such as earthquakes, floods, fires, power loss, telecommunication failures, military conflict or war, terrorist attacks, criminal acts, sabotage, other intentional acts of vandalism and misconduct, geopolitical events, and disease. Some of our United States corporate offices in which we operate and certain of the public cloud data centers on which our platform runs are located in the San Francisco Bay Area and Pacific Northwest, regions known for seismic activity. Despite any precautions we may take, the occurrence of a natural disaster or other unanticipated problems at our facilities or the facilities of our public cloud providers could result in disruptions, outages, and other performance and quality problems. Similarly, the potential long-term impact of the COVID-19 pandemic, its resurgence, or a new pandemic on the global economy and our business continue to be difficult to assess or predict. While many states and countries have reopened, the status of the global recovery remains uncertain and unpredictable. If we are unable to develop and maintain adequate plans to ensure that our business functions continue to operate during and after a catastrophic event and to execute successfully on those plans if such an event occurs, our business could be seriously harmed.

A component of our growth strategy involves the further expansion of our operations and customer base internationally. Customer accounts outside the United States generated 23% of our revenue for the fiscal year ended January 31, 2024. We are continuing to adapt to and develop strategies to address international markets, but there is no guarantee that such efforts will have the desired effect. For example, we anticipate that we will need to establish relationships with new partners in order to expand into certain countries, including China, and if we fail to identify, establish, and maintain such relationships, we may be unable to execute on our expansion plans. We expect that our international activities will continue to grow for the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant dedication of management attention and financial resources. Our current and future international business and operations involve a variety of risks, including: •slower than anticipated public cloud adoption by international businesses; •changes in a specific country’s or region’s political, economic, or legal and regulatory environment, including the effects of pandemics, tariffs, trade wars, sanctions, or long-term environmental risks; •the need to adapt and localize our platform for China and other countries, including as a result of data sovereignty requirements, and the engineering and related costs that we may incur when making those changes; 32 32 32 32 32 32 Table of Contents Table of Contents Table of Contents •greater difficulty collecting accounts receivable and longer payment cycles; •unexpected changes in, or the selective application of, trade relations, regulations, or laws; •new, evolving, and more stringent regulations relating to privacy and data security, data localization, and the unauthorized use of, or access to, commercial and personal information; •new, evolving, and potentially more stringent regulations relating to AI Technology; •differing and potentially more onerous labor regulations where labor laws are generally more advantageous to employees as compared to the United States, including regulations governing terminations in locations that do not permit at-will employment and deemed hourly wage and overtime regulations; •challenges inherent in efficiently managing, and the increased costs associated with, an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs that are specific to each jurisdiction; •difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems; •increased travel, real estate, infrastructure, and legal compliance costs associated with international operations, including increased costs associated with changing and potentially conflicting environmental regulations and requirements; •currency exchange rate fluctuations and the resulting effect on our revenue, RPO, and expenses, and the cost and risk of utilizing mitigating derivative transactions and entering into hedging transactions to the extent we do so in the future; •limitations on, or charges or taxes associated with, our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries; •laws and business practices favoring local competitors or general market preferences for local vendors; •limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting, or enforcing our intellectual property rights, including our trademarks and patents; •political instability, military conflict or war, or terrorist activities; •exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended (FCPA), U.S. bribery laws, the U.K. Bribery Act, and similar laws and regulations in other jurisdictions; •burdens of complying with laws and regulations related to taxation; and •regulations, adverse tax burdens, and foreign exchange controls that could make it difficult or costly to repatriate earnings and cash. We expect to invest substantial time and resources to further expand our international operations, and, if we are unable to do so successfully and in a timely manner, our business and results of operations will suffer.

A component of our growth strategy involves the further expansion of our operations and customer base internationally. Customer accounts outside the United States generated 21% of our revenue for the fiscal year ended January 31, 2023. We are continuing to adapt to and develop strategies to address international markets, but there is no guarantee that such efforts will have the desired effect. For example, we anticipate that we will need to establish relationships with new partners in order to expand into certain countries, including China, and if we fail to identify, establish, and maintain such relationships, we may be unable to execute on our expansion plans. We expect that our international activities will continue to grow for the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant dedication of management attention and financial resources. Our current and future international business and operations involve a variety of risks, including: •slower than anticipated public cloud adoption by international businesses; 30 30 30 30 30 30 Table of Contents Table of Contents Table of Contents •changes in a specific country’s or region’s political, economic, or legal and regulatory environment, including the effects of Brexit, pandemics, tariffs, trade wars, sanctions, or long-term environmental risks; •the need to adapt and localize our platform for China and other countries, including as a result of data sovereignty requirements, and the engineering and related costs that we may incur when making those changes; •greater difficulty collecting accounts receivable and longer payment cycles; •unexpected changes in, or the selective application of, trade relations, regulations, or laws; •new, evolving, and more stringent regulations relating to privacy and data security and the unauthorized use of, or access to, commercial and personal information; •differing and potentially more onerous labor regulations where labor laws are generally more advantageous to employees as compared to the United States, including regulations governing terminations in locations that do not permit at-will employment and deemed hourly wage and overtime regulations; •challenges inherent in efficiently managing, and the increased costs associated with, an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs that are specific to each jurisdiction; •difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems; •increased travel, real estate, infrastructure, and legal compliance costs associated with international operations, including increased costs associated with changing and potentially conflicting environmental regulations and requirements; •currency exchange rate fluctuations and the resulting effect on our revenue, RPO, and expenses, and the cost and risk of utilizing mitigating derivative transactions and entering into hedging transactions to the extent we do so in the future; •limitations on, or charges or taxes associated with, our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries; •laws and business practices favoring local competitors or general market preferences for local vendors; •limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting, or enforcing our intellectual property rights, including our trademarks and patents; •political instability, military conflict or war, or terrorist activities; •COVID-19 or any other pandemics or epidemics that could result in decreased economic activity in certain markets; additional costs associated with travel, return to work, or other restrictions that are specific to certain markets; decreased use of our products and services; or decreased ability to import, export, or sell our products and services to existing or new customers in international markets; •exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended (FCPA), U.S. bribery laws, the U.K. Bribery Act, and similar laws and regulations in other jurisdictions; •burdens of complying with laws and regulations related to taxation; and •regulations, adverse tax burdens, and foreign exchange controls that could make it difficult or costly to repatriate earnings and cash. We expect to invest substantial time and resources to further expand our international operations and, if we are unable to do so successfully and in a timely manner, our business and results of operations will suffer. 31 31 31 31 31 31 Table of Contents Table of Contents Table of Contents

In our customer contracts, we assume liability for security breaches and data protection claims caused by us and by certain third parties on which we rely. Our contracts with customers, investors, and other third parties may also include indemnification provisions under which we agree to defend and indemnify them against claims and losses arising from alleged infringement, misappropriation, or other violation of intellectual property rights and for other matters. Although we attempt to limit our liability and indemnity obligations and negotiate corresponding liability and indemnification rights with vendors that would require them to contribute to our indemnity obligations, we may not be successful in doing so, and an event triggering our liability or indemnity obligations could give rise to multiple claims involving multiple customers or other third parties. There is no assurance that our applicable insurance coverage, if any, would cover, in whole or in part, any such liability or indemnity obligations. We may be liable for up to the full amount of the contractual claims, which could result in substantial liability or material disruption to our business or could negatively impact our relationships with customers or other third parties, reduce demand for our platform, and adversely affect our business, financial condition, and results of operations. 28 28 28 28 28 28 Table of Contents Table of Contents Table of Contents

In our customer contracts, we assume liability for security breaches and data protection claims caused by us and by certain third parties on which we rely. Our contracts with customers, investors, and other third parties may also include indemnification provisions under which we agree to defend and indemnify them against claims and losses arising from alleged infringement, misappropriation, or other violation of intellectual property rights and for other matters. Although we attempt to limit our liability and indemnity obligations and negotiate corresponding liability and indemnification rights with vendors that would require them to contribute to our indemnity obligations, we may not be successful in doing so, and an event triggering our liability or indemnity obligations could give rise to multiple claims involving multiple customers or other third parties. There is no assurance that our applicable insurance coverage, if any, would cover, in whole or in part, any such liability or indemnity obligations. We may be liable for up to the full amount of the contractual claims, which could result in substantial liability or material disruption to our business or could negatively impact our relationships with customers or other third parties, reduce demand for our platform, and adversely affect our business, financial condition, and results of operations. 27 27 27 27 27 27 Table of Contents Table of Contents Table of Contents

Customers generally consume our platform by using compute, storage, and data transfer resources. Unlike a subscription-based business model, in which revenue is recognized ratably over the term of the subscription, we generally recognize revenue on consumption. Because our customers have flexibility in the timing of their consumption, we do not have the visibility into the timing of revenue recognition that a typical subscription-based software company has. There is a risk that customers will consume our platform at lower levels than we expect, including in response to adverse macroeconomic conditions or holidays. For example, during April 2023 and part of May 2023, consumption of our platform increased at a slower pace than expected. Unexpected fluctuations in customer consumption may cause actual results to differ from our forecasts. As a result, our results of operations in a given period should not be relied upon as indicative of future performance. 19 19 19 19 19 19 Table of Contents Table of Contents Table of Contents

Customers generally consume our platform by using compute, storage, and data transfer resources. Unlike a subscription-based business model, in which revenue is recognized ratably over the term of the subscription, we generally recognize revenue on consumption. Because our customers have flexibility in the timing of their consumption, we do not have the visibility into the timing of revenue recognition that a typical subscription-based software company has. There is a risk that customers will consume our platform more slowly than we expect, including in response to adverse macroeconomic conditions, and we have recently seen, and may continue to see, our newer customers increase their consumption of our platform at a slower pace than our more tenured customers. As a result, actual results may differ from our forecasts, and our results of operations in a given period should not be relied upon as indicative of future performance. 19 19 19 19 19 19 Table of Contents Table of Contents Table of Contents

We must increase the productivity of our sales and marketing organization to increase our sales to new and existing customers. It requires significant time and resources to effectively onboard new sales and marketing personnel and to train new and existing personnel so they are able to successfully sell our product. We also plan to continue to dedicate significant resources to sales and marketing programs that are industry-specific and focused on large organizations. Once a new customer begins using our platform, our sales team needs to focus on expanding consumption with that customer. All of these efforts will require us to invest significant financial and other resources, including in industries and sales channels in which we have limited experience to date. Our business and results of operations will be harmed if our sales and marketing efforts generate increases in revenue that are smaller than anticipated. We may not achieve anticipated revenue growth from our sales force if we are unable to hire, develop, integrate, and retain talented and effective sales personnel, if our sales personnel are unable to achieve desired productivity levels, or if our sales and marketing programs are not effective. 25 25 25 25 25 25 Table of Contents Table of Contents Table of Contents

We must expand our sales and marketing organization to increase our sales to new and existing customers. We plan to continue expanding our direct sales force, both domestically and internationally, particularly our direct enterprise sales organization focused on sales to the world’s largest organizations. We believe there is significant competition for experienced sales professionals with the necessary skills and technical knowledge, particularly as we target larger enterprise customers. It requires significant time and resources to effectively onboard new sales and marketing personnel. We also plan to continue to dedicate significant resources to sales and marketing programs that are industry-specific and focused on large organizations. Once a new customer begins using our platform, our sales team will need to continue to focus on expanding consumption with that customer. All of these efforts will require us to invest significant financial and other resources, including in industries and sales channels in which we have limited experience to date. Our business and results of operations will be harmed if our sales and marketing efforts generate increases in revenue that are smaller than anticipated. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop, integrate, and retain talented and effective sales personnel, if our new and existing sales personnel are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective.

We are subject to data privacy and protection laws, regulations, guidance, external and internal policies and other documentation, industry standards, certifications, and contractual and other obligations that apply to the collection, transmission, storage, use, and other processing of personal information. These obligations are rapidly evolving, extensive, complex, and include inconsistencies and uncertainties. Examples of recent and anticipated developments that have impacted or could impact our business include the following: •The European Union’s (EU) General Data Protection Regulation (GDPR) and the United Kingdom’s General Data Protection Regulation established strict requirements applicable to the handling of personal information. •The EU has proposed the Regulation on Privacy and Electronic Communications, which, if adopted, would impose new obligations on using personal information in the context of electronic communications, particularly with respect to online tracking technologies and direct marketing. •Certain other jurisdictions have enacted data localization laws and cross-border personal information transfer laws, such as Brazil and China, which could make it more difficult for us to transfer personal information across jurisdictions (such as transferring or receiving personal or other sensitive information that originates in the EU or China), or to enable our customers to transfer or replicate their data across jurisdictions using our platform. Existing mechanisms that may facilitate cross-border personal information transfers may change or be invalidated. An inability or material limitation on our ability to transfer personal data to the United States or other countries could materially impact our business operations and revenue. •In the United States, federal, state, and local governments have enacted or proposed data privacy and security laws, including data breach notification laws, personal data privacy laws, and consumer protection laws. Additionally, in the past few years, numerous U.S. states—including California, Virginia, Colorado, Connecticut, and Utah—have enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data. Such rights may include the right to access, correct, or delete certain personal data, and to opt-out of certain data processing activities, such as targeted advertising, profiling, and automated decision-making and, if exercised, may adversely impact our business and ability to provide our products and services. Certain states also impose stricter requirements for processing certain personal data, including sensitive information, such as conducting data privacy impact assessments. These state laws allow for statutory fines for noncompliance. For example, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), provides increased privacy rights and protections, including the ability of individuals to opt out of specific disclosures of their personal information, and provides for fines of up to $7,500 per intentional violation and allows private litigants affected by certain data breaches to recover significant statutory damages. Other U.S. states have adopted, or are considering adopting, similar laws. •The certifications we may maintain and the standards that may apply to our business, such as the U.S. Federal Risk and Authorization Management Program (FedRAMP), U.S. Department of Defense Impact Level 4 (IL4), Payment Card Industry Data Security Standards (PCI-DSS), International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001, Health Information Trust Alliance Common Security Framework (HI-TRUST CSF), StateRAMP, among others, are becoming more stringent. •We may also become subject to new laws that specifically regulate non-personal data. For example, we may become subject to certain parts of the European Union’s Data Act, which imposes certain data and cloud service interoperability and switching obligations to enable users to switch between cloud service providers without undue delay or cost, as well as certain requirements concerning cross-border international transfers of, and governmental access to, non-personal data outside the European Economic Area. 37 37 37 37 37 37 Table of Contents Table of Contents Table of Contents These and other similar legal and regulatory developments could contribute to legal and economic uncertainty, increase our exposure to liability, affect how we design, market, and sell our platform, and how we operate our business, how our customers and partners process and share data, how we process and use data, and how we transfer personal data from one jurisdiction to another, any of which could increase our costs, require us to take on more onerous obligations in our contracts, impact our ability to operate in certain jurisdictions, and/or negatively impact the types of data available on or the demand for our platform. It is possible that new laws may be adopted or existing laws may be interpreted and applied in a manner that is inconsistent with our practices and our efforts to comply with the evolving data protection rules may be unsuccessful. We may incur substantial costs to comply with such laws and regulations, to meet the demands of our customers relating to their own compliance with applicable laws and regulations, and to establish and maintain internal policies, self-certifications, and third-party certifications supporting our compliance programs. Our customers may delegate certain of their GDPR compliance or other privacy law obligations to us, and we may otherwise be required to expend resources to assist our customers with such compliance obligations. Although we endeavor to comply with applicable data privacy and security obligations, any actual or perceived non-compliance with such obligations by us or our third-party service providers and sub-processors could result in proceedings, investigations, or claims against us by regulatory authorities, customers, or others, leading to reputational harm, higher liability and indemnity obligations, significant fines, litigation costs, additional reporting requirements or oversight, bans on processing personal information, orders to destroy or not use personal information, limitations in our ability to develop or commercialize our platform, inability to process personal information or operate in certain jurisdictions, and other damages. For example, if regulators assert that we have failed to comply with the GDPR or U.K. GDPR, we may be subject to fines of up to (i) 20.0 million Euros or 17.5 million British pounds, as applicable, or (ii) 4% of our worldwide annual revenue, whichever is greater, as well as potential data processing restrictions and penalties. In addition, private plaintiffs have become increasingly active in bringing privacy- and information security-related claims against companies, including class action claims. Some of these claims allow for the recovery of statutory damages on a per violation basis, and, if viable, carry the potential for significant statutory damages, depending on the volume of data and the number of violations. Even if we are not determined to have violated these laws and other obligations, investigations into these issues typically require the expenditure of significant resources and generate negative publicity. In addition, any failure by us or our third-party service providers and sub-processors to comply with applicable obligations could result in proceedings against us. Certain regulators, such as the FTC, may prohibit our use of certain personal information as a result of such proceedings. Any of these events could have a material adverse effect on our business, financial condition, and results of operations. We publish privacy policies and other documentation regarding our security program and our collection, processing, use, and disclosure of personal information or other confidential information. Although we endeavor to comply with our published policies, certifications, and documentation, we or our vendors may at times fail to do so or may be perceived to have failed to do so. Claims by regulators or private parties that we have not followed our published documentation or otherwise violated individuals’ privacy rights or failed to comply with data protection laws, even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business.

We are subject to data privacy and protection laws, regulations, guidance, external and internal policies and other documentation, industry standards, certifications, and contractual and other obligations that apply to the collection, transmission, storage, use, and other processing of personal information. These obligations are rapidly evolving, extensive, complex, and include inconsistencies and uncertainties. Examples of recent and anticipated developments that have or could impact our business include the following: •The European Union’s (EU) General Data Protection Regulation (GDPR) and the United Kingdom’s General Data Protection Regulation established strict requirements applicable to the handling of personal information. •The EU has proposed the Regulation on Privacy and Electronic Communications, which, if adopted, would impose new obligations on using personal information in the context of electronic communications, particularly with respect to online tracking technologies and direct marketing. •Certain other jurisdictions have enacted data localization laws and cross-border personal information transfer laws, such as Brazil and China, which could make it more difficult for us to transfer personal information across jurisdictions (such as transferring or receiving personal or other sensitive information that originates in the EU or China), or to enable our customers to transfer or replicate their data across jurisdictions using our platform. Existing mechanisms that may facilitate cross-border personal information transfers may change or be invalidated. An inability or material limitation on our ability to transfer personal data to the United States or other countries could materially impact our business operations and revenue. 34 34 34 34 34 34 Table of Contents Table of Contents Table of Contents •In the United States, federal, state, and local governments have enacted or proposed data privacy and security laws, including data breach notification laws, personal data privacy laws, and consumer protection laws. For example, the California Consumer Privacy Act (CCPA) provides increased privacy rights and protections, including the ability of individuals to opt out of specific disclosures of their personal information. Further, as of January 1, 2023, the California Privacy Rights Act of 2020 (CPRA) has expanded the CCPA and established the California Privacy Protection Agency for purposes of implementing and enforcing the CPRA, which could increase the risk of an enforcement action. Other U.S. states have adopted, or are considering adopting, similar laws. •Other government bodies have implemented laws and are considering further regulating artificial intelligence and machine learning, which could negatively impact our ability to use these technologies. Further, there is a proposed regulation in Europe related to artificial intelligence that, if adopted, could impose onerous obligations related to the use of AI-related systems. We may have to change our business practices to comply with such obligations, which may be difficult, onerous, and costly. •The certifications we may maintain and the standards that may apply to our business, such as the U.S. Federal Risk and Authorization Management Program, PCI-DSS, ISO/IEC 27001, HI-TRUST CSF, StateRAMP, among others, are becoming more stringent. These and other similar legal and regulatory developments could contribute to legal and economic uncertainty, increase our exposure to liability, affect how we design, market, and sell our platform, and how we operate our business, how our customers and partners process and share data, how we process and use data, and how we transfer personal data from one jurisdiction to another, any of which could require us to take on more onerous obligations in our contracts, impact our ability to operate in certain jurisdictions, and/or negatively impact the types of data available on or the demand for our platform. It is possible that new laws may be adopted or existing laws may be interpreted and applied in a manner that is inconsistent with our practices and our efforts to comply with the evolving data protection rules may be unsuccessful. We may incur substantial costs to comply with such laws and regulations, to meet the demands of our customers relating to their own compliance with applicable laws and regulations, and to establish and maintain internal policies, self-certifications, and third-party certifications supporting our compliance programs. Our customers may delegate certain of their GDPR compliance or other privacy law obligations to us, and we may otherwise be required to expend resources to assist our customers with such compliance obligations. Although we endeavor to comply with applicable data privacy and security obligations, any actual or perceived non-compliance with such obligations by us or our third-party service providers and sub-processors could result in proceedings, investigations, or claims against us by regulatory authorities, customers, or others, leading to reputational harm, higher liability and indemnity obligations, significant fines, litigation costs, additional reporting requirements or oversight, bans on processing personal information, orders to destroy or not use personal information, limitations in our ability to develop or commercialize our platform, inability to process personal information or operate in certain jurisdictions, and other damages. For example, if regulators assert that we have failed to comply with the GDPR, we may be subject to fines of up to EUR 20.0 million or 4% of our worldwide annual revenue, whichever is greater, as well as potential data processing restrictions and penalties. Even if we are not determined to have violated these laws and other obligations, investigations into these issues typically require the expenditure of significant resources and generate negative publicity. In addition, any failure by us or our third-party service providers to comply with applicable obligations could result in proceedings against us. Any of these events could have a material adverse effect on our business, financial condition, and results of operations. We may publish privacy policies and other documentation regarding our collection, processing, use, and disclosure of personal information, or other confidential information. Although we endeavor to comply with our published policies, certifications, and documentation, we or our vendors may at times fail to do so or may be perceived to have failed to do so. Claims that we have violated individuals’ privacy rights or failed to comply with data protection laws or applicable privacy notices even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business. 35 35 35 35 35 35 Table of Contents Table of Contents Table of Contents

We have in the past and may in the future seek to acquire or invest in businesses, joint ventures, and platform technologies that we believe could complement or expand our platform, enhance our technology, or otherwise offer growth opportunities. For example, during the fiscal year ended January 31, 2024, we acquired several companies, including Samooha, Inc., a privately-held company which developed data clean room technology; Neeva Inc., a privately-held internet search company which leveraged generative artificial intelligence; Mountain US Corporation (f/k/a Mobilize.net Corporation), a privately-held company which provided a suite of tools for efficiently migrating databases to the Data Cloud; and LeapYear Technologies, Inc., a privately-held company which provided a differential privacy platform. Any such acquisitions or investments may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties or unexpected costs assimilating or integrating the businesses, technologies, products, personnel, or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise. Any such transactions that we are able to complete may not result in the synergies or other benefits we expect to achieve, which could result in substantial impairment charges. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. In addition, we may inherit commitments, risks, and liabilities of companies that we acquire that we are unable to successfully mitigate and that may be amplified by our existing business. Finally, our acquisitions or investments may result in disputes or litigation, including in connection with the achievement of earnouts. As part of our corporate development program, we invest in companies to support our key business initiatives. These companies range from early, growth stage companies still defining their strategic direction to mature companies with established revenue streams. Our strategic investments are subject to risk of inability to achieve the desired strategic synergies and partial or total loss of investment capital. Furthermore, our competitors may invest in these companies alongside us, and may obtain information about our corporate development program or other business plans. The financial success of our investment is typically dependent on an exit in favorable market conditions. To the extent any of the companies in which we invest are not successful, which can include failure to achieve strategic business objectives as well as failure to achieve a favorable exit, we could recognize an impairment or loss on all or part of our investment. In addition, in certain cases we may be required to consolidate one or more of our strategic investee’s financial results into ours. Fluctuations in any such investee’s financial results, due to general market conditions, bank failures, or otherwise, could negatively affect our consolidated financial condition, results of operations, cash flows, or the price of our common stock. If one or more of such investees fails to timely provide us with information necessary for the preparation of our consolidated financial statements and disclosures, we may be unable to report our financial results in a timely manner, which would negatively affect our business and the price of our common stock. 29 29 29 29 29 29 Table of Contents Table of Contents Table of Contents

We have in the past and may in the future seek to acquire or invest in businesses, joint ventures, and platform technologies that we believe could complement or expand our platform, enhance our technology, or otherwise offer growth opportunities. Further, the proceeds we received from our initial public offering (IPO) in September 2020 increased the likelihood that we will devote resources to exploring larger and more complex acquisitions and investments than we have previously attempted. For example, in March 2022 we acquired Streamlit, Inc., a privately-held company which provides an open-source framework built to simplify and accelerate the creation of data applications, representing a larger and more complex acquisition than our prior endeavors. Any such acquisitions or investments may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties or unexpected costs assimilating or integrating the businesses, technologies, products, personnel, or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise. Any such transactions that we are able to complete may not result in the synergies or other benefits we expect to achieve, which could result in substantial impairment charges. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. As part of our corporate development program, we invest in companies to support our key business initiatives. These companies range from early, growth stage companies still defining their strategic direction to mature companies with established revenue streams. Our strategic investments are subject to risk of inability to achieve the desired strategic synergies and partial or total loss of investment capital. Furthermore, our competitors may invest in these companies alongside us, and may obtain information about our corporate development program or other business plans. The financial success of our investment is typically dependent on an exit in favorable market conditions. To the extent any of the companies in which we invest are not successful, which can include failure to achieve strategic business objectives as well as failure to achieve a favorable exit, we could recognize an impairment or loss on all or part of our investment. In addition, in certain cases we may be required to consolidate one or more of our strategic investee’s financial results into ours. Fluctuations in any such investee’s financial results, due to general market conditions, bank failures, or otherwise, could negatively affect our consolidated financial condition, results of operations, cash flows, or the price of our common stock. If one or more of such investees fails to timely provide us with information necessary for the preparation of our consolidated financial statements and disclosures, we may be unable to report our financial results in a timely manner, which would negatively affect our business and the price of our common stock.

Our revenue was $2.8 billion, $2.1 billion and $1.2 billion for the fiscal years ended January 31, 2024, 2023 and 2022, respectively. As a result of our historical rapid growth, limited operating history, and unstable macroeconomic conditions, our ability to accurately forecast our future results of operations, including revenue, remaining performance obligations (RPO), and the percentage of RPO we expect to recognize as revenue in future periods, is limited and subject to a number of uncertainties, including our ability to plan for and model future growth and platform consumption. Our historical revenue growth should not be considered indicative of our future performance. Further, our revenue growth could slow or our revenue could decline for a number of reasons, including increased competition, changes to technology, such as changes in software or underlying cloud infrastructure or the increasing prominence of new technology like artificial intelligence, and reduced demand for our platform. For example, customers may continue to optimize consumption, rationalize budgets, and prioritize cash flow management, including by reducing storage through shorter data retention policies and shortening committed contract durations. As a result of the foregoing and our rapid revenue growth in prior periods, our revenue growth rate has slowed in recent periods. Any further declines in our revenue growth rate could adversely affect investors’ perceptions of our business, and negatively impact the trading price of our common stock. We have also encountered, and will continue to encounter, risks and uncertainties frequently experienced by growing companies in rapidly changing industries, such as the risks and uncertainties described below. If our assumptions regarding these risks and uncertainties and our future revenue growth are incorrect or change, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations, and our business could suffer.

Our revenue was $2.1 billion, $1.2 billion, and $592.0 million for the fiscal years ended January 31, 2023, 2022, and 2021, respectively. As a result of our historical rapid growth, limited operating history, and unstable macroeconomic conditions, our ability to accurately forecast our future results of operations, including revenue, remaining performance obligations (RPO), and the percentage of RPO we expect to recognize as revenue in future periods, is limited and subject to a number of uncertainties, including our ability to plan for and model future growth and platform consumption. Our historical revenue growth should not be considered indicative of our future performance. Further, in future periods, our revenue growth could slow or our revenue could decline for a number of reasons, including increased competition, changes to technology (including changes in software or underlying cloud infrastructure), and reduced demand for our platform as customers seek to optimize consumption, rationalize budgets, and prioritize cash flow management (including through shortened contract duration) in response to adverse economic conditions. In addition, we have recently seen, and may continue to see, our newer customers increase their consumption of our platform at a slower pace than our more tenured customers. As a result of the foregoing and our rapid revenue growth in prior periods, we expect our revenue growth rate to decline in future periods, and a decline in our revenue growth rate could adversely affect investors’ perceptions of our business, and negatively impact the trading price of our common stock. We have also encountered, and will continue to encounter, risks and uncertainties frequently experienced by growing companies in rapidly changing industries, such as the risks and uncertainties described below. If our assumptions regarding these risks and uncertainties and our future revenue growth are incorrect or change, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations, and our business could suffer.

The market price of our common stock has been and may continue to be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, some of which are beyond our control, including: •actual or anticipated fluctuations in our financial condition or results of operations; •variance in our actual or projected financial performance from expectations of securities analysts; •changes in the pricing or consumption of our platform; •updates to our projected operating and financial results; •changes in laws or regulations applicable to our business; •announcements by us or our competitors of significant business developments, acquisitions, investments, or new offerings; •rumors and market speculation involving us or other companies in our industry; •significant data breaches, disruptions to, or other incidents involving our platform; •our involvement in litigation; •changes in senior management or key personnel; •fluctuations in company valuations, particularly valuations of high-growth or cloud companies, perceived to be comparable to us; •the trading volume of our common stock; •changes in the anticipated future size and growth rate of our market; •our issuance or repurchase of shares of our common stock; and •general political, social, economic, and market conditions. 42 42 42 42 42 42 Table of Contents Table of Contents Table of Contents Broad market and industry fluctuations, as well as general economic, political, regulatory, and market conditions, such as recessions, interest rate changes, or international currency fluctuations, may also negatively impact the market price of our common stock. In addition, technology stocks have historically experienced high levels of volatility. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We have been, and may be in the future, the target of this type of litigation, which could result in substantial expenses and divert our management’s attention. We are currently subject to a securities class action lawsuit in federal court alleging federal securities law violations in connection with our IPO. See the section titled “Legal Proceedings” for more information.

The market price of our common stock has been and may continue to be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, some of which are beyond our control, including: •actual or anticipated fluctuations in our financial condition or results of operations; 38 38 38 38 38 38 Table of Contents Table of Contents Table of Contents •variance in our actual or projected financial performance from expectations of securities analysts; •changes in the pricing or consumption of our platform; •updates to our projected operating and financial results; •changes in laws or regulations applicable to our business; •announcements by us or our competitors of significant business developments, acquisitions, investments, or new offerings; •significant data breaches, disruptions to, or other incidents involving our platform; •our involvement in litigation; •changes in senior management or key personnel; •fluctuations in company valuations, particularly valuations of high-growth or cloud companies, perceived to be comparable to us •the trading volume of our common stock; •changes in the anticipated future size and growth rate of our market; •our issuance or repurchase of shares of our common stock; and •general political, social, economic, and market conditions. Broad market and industry fluctuations, as well as general economic, political, regulatory, and market conditions, such as recessions, interest rate changes, or international currency fluctuations, may also negatively impact the market price of our common stock. In addition, technology stocks have historically experienced high levels of volatility. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial expenses and divert our management’s attention.

Historically, we have received a higher volume of orders from new and existing customers in the fourth fiscal quarter of each year. As a result, we have historically seen higher non-GAAP free cash flow in the first and fourth fiscal quarters of each year, and our sequential growth in remaining performance obligations has historically been highest in the fourth fiscal quarter of each year. Although we seek to moderate our cash outflows with our cash receipts, we may not be successful in doing so, particularly since we expect this seasonality to become more pronounced as we continue to target large enterprise customers based on their procurement, budgeting, and deployment cycles. In addition, while consumption is typically lower during holidays, the magnitude of any decrease is difficult to predict and that may result in inaccurate financial guidance. For more information about non-GAAP free cash flow, including a definition of non-GAAP free cash flow and a reconciliation of free cash flow to the most directly comparable financial measure calculated in accordance with U.S. generally accepted accounting principles (GAAP), see the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

Historically, we have received a higher volume of orders from new and existing customers in the fourth fiscal quarter of each year. As a result, we have historically seen higher non-GAAP free cash flow in the first and fourth fiscal quarters of each year, and our sequential growth in remaining performance obligations has historically been highest in the fourth fiscal quarter of each year. We expect this seasonality to become more pronounced as we continue to target large enterprise customers based on their procurement, budgeting, and deployment cycles. For more information, including a definition of non-GAAP free cash flow and a reconciliation of free cash flow to the most directly comparable financial measure calculated in accordance with GAAP, see the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

The tax regimes we are subject to or operate under, including income and non-income taxes, are unsettled and may be subject to significant change. Changes in tax laws, regulations, or rulings, or changes in interpretations of existing laws and regulations, could materially affect our financial position and results of operations. For example, 2017 legislation informally titled the Tax Act significantly reformed the Internal Revenue Code of 1986, as amended (the Code). In August 2022, the United States passed the Inflation Reduction Act, which provides for a minimum tax equal to 15% of the adjusted financial statement income of certain large corporations, as well as a 1% excise tax on stock repurchases. In February 2023, our board of directors authorized the repurchase of up to $2.0 billion of our common stock through a stock repurchase program. We do not expect the excise tax on repurchases under our stock repurchase program to have a material impact on our aggregate tax liability. In addition, many countries have recently proposed, recommended, or enacted changes to existing tax laws or new tax laws that could significantly increase our tax obligations in the countries where we do business or require us to change the manner in which we operate our business. Over the last several years, the Organization for Economic Cooperation and Development has been working on a Base Erosion and Profit Shifting Project that, if implemented, would change various aspects of the existing framework under which our tax obligations are determined in many of the countries in which we do business. As of July 2023, nearly 140 countries have approved a framework that imposes a minimum tax rate of 15%, among other provisions. As this framework is subject to further negotiation and implementation by each member country, the timing and ultimate impact of any such changes on our tax obligations are uncertain. Similarly, the European Commission and several countries have issued proposals that would apply to various aspects of the current tax framework under which we are taxed. These proposals include changes to the existing framework to calculate income tax, as well as proposals to change or impose new types of non-income taxes (such as taxes based on a percentage of revenue or taxes applicable to digital services), which could apply to our business. Due to the large and expanding scale of our international business activities, these types of changes to the taxation of our activities could increase our worldwide effective tax rate, increase the amount of taxes imposed on our business, and harm our financial position. Such changes may also apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our financial statements. We continue to monitor the impact of new global and U.S. legislation on our effective tax rate.

The tax regimes we are subject to or operate under, including income and non-income taxes, are unsettled and may be subject to significant change. Changes in tax laws, regulations, or rulings, or changes in interpretations of existing laws and regulations, could materially affect our financial position and results of operations. For example, 2017 legislation informally titled the Tax Act significantly reformed the Internal Revenue Code of 1986, as amended (the Code). Recently, the United States passed the Inflation Reduction Act, which provides for a minimum tax equal to 15% of the adjusted financial statement income of certain large corporations, as well as a 1% excise tax on share repurchases. In February 2023, our board of directors authorized the repurchase of up to $2.0 billion of our common stock through a stock repurchase program. We do not expect the excise tax on share repurchase programs to have a material impact on our aggregate tax liability. Many countries in Europe, as well as a number of other countries and organizations, including the Organization for Economic Cooperation and Development and the European Commission, have recently proposed, recommended, or (in the case of countries) enacted or otherwise become subject to changes to existing tax laws or new tax laws that could significantly increase our tax obligations in the countries where we do business or require us to change the manner in which we operate our business. These proposals, recommendations and enactments include changes to the existing framework in respect of income taxes, as well as new types of non-income taxes (such as taxes based on a percentage of revenue or taxes applicable to digital services), which could apply to our business. Due to the large and expanding scale of our international business activities, these types of changes to the taxation of our activities could increase our worldwide effective tax rate, increase the amount of taxes imposed on our business, and harm our financial position. Such changes may also apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our financial statements. We continue to monitor the impact of new global and U.S. legislation on our effective tax rate. 37 37 37 37 37 37 Table of Contents Table of Contents Table of Contents