Snowflake Inc.: 10-K Risk Factor Changes

A component of our growth strategy involves the further expansion of our operations and customer base internationally. Customer accounts outside the United States generated 25% of our revenue for the fiscal year ended January 31, 2026. We are continuing to adapt to and develop strategies to address international markets, but there is no guarantee that such efforts will have the desired effect. For example, we anticipate that we will need to establish relationships with new partners in order to expand or continue our expansion into certain countries, including China, and if we fail to identify, establish, and maintain such relationships, we may be unable to execute on our expansion plans. We expect that our international activities will continue to grow for the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant dedication of management attention and financial resources. Our current and future international business and operations involve a variety of risks, including: •slower than anticipated public cloud adoption by international businesses; •differing and potentially more onerous regulations compared to the United States, including relating to data privacy and security, including the unauthorized use of, or access to, commercial and personal information, and data localization; •changes in a specific country’s or region’s political, economic, or legal and regulatory environment, including the effects of pandemics, tariffs and trade wars, sanctions, or long-term environmental risks; 36 36 36 36 36 36 Table of Contents Table of Contents Table of Contents •the need to adapt and localize our platform for China, Saudi Arabia, and other countries, including as a result of data sovereignty requirements, and the engineering and related costs that we may incur when making those changes; •greater difficulty collecting accounts receivable and longer payment cycles; •unexpected changes in, or the selective application of, trade relations, regulations, or laws; •compliance with requirements to hire local employees to perform certain specific functions, such as Saudi Arabia’s Regional Headquarters Program, which may not align with how we would otherwise operate our business; •new, evolving, and potentially more stringent regulations relating to AI Technology; •labor regulations that are generally more advantageous to employees as compared to the United States, including regulations governing terminations in locations that do not permit at-will employment and deemed hourly wage and overtime regulations; •challenges inherent in efficiently managing, and the increased costs associated with, an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs that are specific to each jurisdiction; •difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems; •increased travel, real estate, infrastructure, and legal compliance costs associated with international operations, including increased costs associated with changing and potentially conflicting environmental regulations and requirements; •currency exchange rate fluctuations and the resulting effect on our revenue, RPO, and expenses, and the cost and risk of utilizing mitigating derivative transactions and entering into hedging transactions to the extent we do so in the future; •limitations on, or charges or taxes associated with, our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries; •laws and business practices favoring local competitors or general market preferences for local vendors; •limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting, or enforcing our intellectual property rights, including our trademarks and patents; •political instability, military conflict or war, or terrorist activities; •exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended (FCPA), U.S. bribery laws, the U.K. Bribery Act, and similar laws and regulations in other jurisdictions; •burdens of complying with laws and regulations related to taxation; and •regulations, adverse tax burdens, and foreign exchange controls that could make it difficult or costly to repatriate earnings and cash. We expect to invest substantial time and resources to further expand our international operations, and, if we are unable to do so successfully and in a timely manner, our business and results of operations could suffer. 37 37 37 37 37 37 Table of Contents Table of Contents Table of Contents

A component of our growth strategy involves the further expansion of our operations and customer base internationally. Customer accounts outside the United States generated 24% of our revenue for the fiscal year ended January 31, 2025. We are continuing to adapt to and develop strategies to address international markets, but there is no guarantee that such efforts will have the desired effect. For example, we anticipate that we will need to establish relationships with new partners in order to expand or continue our expansion into certain countries, including China, and if we fail to identify, establish, and maintain such relationships, we may be unable to execute on our expansion plans. We expect that our international activities will continue to grow for the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant dedication of management attention and financial resources. Our current and future international business and operations involve a variety of risks, including: •slower than anticipated public cloud adoption by international businesses; •changes in a specific country’s or region’s political, economic, or legal and regulatory environment, including the effects of pandemics, tariffs, trade wars, sanctions, or long-term environmental risks; •the need to adapt and localize our platform for China, Saudi Arabia, and other countries, including as a result of data sovereignty requirements, and the engineering and related costs that we may incur when making those changes; •greater difficulty collecting accounts receivable and longer payment cycles; •unexpected changes in, or the selective application of, trade relations, regulations, or laws; •new, evolving, and more stringent regulations relating to privacy and data security, data localization, and the unauthorized use of, or access to, commercial and personal information; •compliance with requirements to hire local employees to perform certain specific functions, such as Saudi Arabia’s Regional Headquarters Program, which may not align with how we would otherwise operate our business; •new, evolving, and potentially more stringent regulations relating to AI Technology; •differing and potentially more onerous labor regulations that are generally more advantageous to employees as compared to the United States, including regulations governing terminations in locations that do not permit at-will employment and deemed hourly wage and overtime regulations; •challenges inherent in efficiently managing, and the increased costs associated with, an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs that are specific to each jurisdiction; •difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems; •increased travel, real estate, infrastructure, and legal compliance costs associated with international operations, including increased costs associated with changing and potentially conflicting environmental regulations and requirements; •currency exchange rate fluctuations and the resulting effect on our revenue, RPO, and expenses, and the cost and risk of utilizing mitigating derivative transactions and entering into hedging transactions to the extent we do so in the future; •limitations on, or charges or taxes associated with, our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries; •laws and business practices favoring local competitors or general market preferences for local vendors; 35 35 35 35 35 35 Table of Contents Table of Contents Table of Contents •limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting, or enforcing our intellectual property rights, including our trademarks and patents; •political instability, military conflict or war, or terrorist activities; •exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended (FCPA), U.S. bribery laws, the U.K. Bribery Act, and similar laws and regulations in other jurisdictions; •burdens of complying with laws and regulations related to taxation; and •regulations, adverse tax burdens, and foreign exchange controls that could make it difficult or costly to repatriate earnings and cash. We expect to invest substantial time and resources to further expand our international operations, and, if we are unable to do so successfully and in a timely manner, our business and results of operations could suffer.

In the ordinary course of our business, we store, transmit, generate, and process our, our customers’, and our business partners’ confidential and proprietary data. Such data includes sensitive data, such as personal information, protected health information, and financial data. We use third-party service providers, sub-processors, and technology to help us deliver services to our customers and their end-users, as well as for our internal business operations. We also use third-party technology to assist with securing our environment and providing access to our platform. Some of our customers also use third-party service providers to assist with their use of our platform or third-party technology, such as connectors, to access our platform. These third-party service providers may process, store, or transmit data of our employees, partners, customers, and customers’ end-users or may otherwise be used to help operate our platform and corporate systems. In addition, AI models and large datasets are increasingly integrated into our, our customers’, and other third parties’ systems. We, our customers and business partners, and these third parties face a variety of evolving and increasing cybersecurity and data threats related to this complex network of technology. Cybersecurity threats come from a variety of sources, including traditional computer “hackers,” internal and external personnel (such as through exfiltration or misuse), sophisticated nation-states, and nation-state-supported actors. Cybersecurity threat actors can use a wide variety of methods, including unauthorized intrusions, denial-of-service attacks, ransomware attacks, business email compromises, computer malware, infostealer malware, social engineering attacks (including through deep-fakes and phishing), internal and external personnel misconduct or error, supply-chain attacks, software vulnerabilities, software or hardware disruptions or failures, and attacks enhanced or facilitated by AI Technology, all of which are prevalent in our industry and our customers’ and partners’ industries. These methods change frequently and are becoming increasingly difficult to detect. Threat actors who successfully compromise networks or systems may use such unauthorized access as a vector to compromise other networks and systems. Threat actors’ goals often include disrupting a company’s operations or ability to provide services, obtaining unauthorized access to platforms, systems, networks, or physical facilities in which data is stored or processed, or through which data is transmitted, stealing data, and demanding ransomware payments. There can be no assurance that security measures designed to protect against security incidents will be effective, that we will be able to detect, mitigate, or remediate vulnerabilities in our products and information security systems (such as our hardware and software, including that of third parties upon which we rely) on a timely basis, or that our efforts to investigate, mitigate, contain, and remediate any security or data incidents that do occur will be successful. In general, cybersecurity incidents or security vulnerabilities (both in our internal environment and third-party environments we may not control), as well as actions taken by us or third parties to detect, investigate, mitigate, contain, and remediate them, could lead to significant interruptions in our operations, outages, loss of data and income, reputational harm, diversion of funds, increased insurance costs, and other harm to our business, reputation, and competitive position. We also may be unwilling or unable to make ransom payments due to, for example, applicable laws or regulations prohibiting such payments, the negative precedent such payments would set, or uncertainty over whether such payments would result in the threat actor deleting stolen data or otherwise delivering on their promised course of action. In addition, the risk of cybersecurity and data incidents will increase as we continue to expand our product offerings and geographic footprint, grow our customer and partner base, expand our AI Technology offerings, acquire operating companies, begin to operate in and integrate with environments outside of our platform and over which we exercise significantly less or no control, and process, store, and transmit increasingly large amounts and increasingly sensitive and highly regulated types of data. In particular, certain new product offerings, including through both internal development and strategic acquisitions, may pose different or greater data and security risks than our traditional offerings. These products include, for example, features and functionality that access, take instructions from, and operate on large amounts of data inside and outside our platform, or that are accessible from external environments where we have no or limited visibility or control, such as distributed endpoints (e.g., a user’s local device) and publicly accessible networks, which increase the potential attack surface for threat actors. If our security measures designed to mitigate and defend against these risks are not effective or if our customers fail to effectively implement them, we or customers may experience unintended access to or actions taken with respect to our or their systems or data. 24 24 24 24 24 24 Table of Contents Table of Contents Table of Contents Any security breach of our platform, our operational systems, our software (including open-source software), our physical facilities, or the systems of our third-party service providers or sub-processors, or the perception that one has occurred, or unintended access or operations within our customers’ or partners’ systems, data, or technology, could result in claims that we have breached customer contracts or other legal obligations. In addition, we may be subject to, and have received in the past, requests by regulators (including members of Congress) for information about our security practices, our public statements about our security program, experiences, and issues. Alleged failures, problems, or issues related to our information security or our customers’ use of our platform, including following such information requests, could result in additional investigations; actions from a variety of regulators, including state attorneys general, the Department of Justice, the Federal Trade Commission (FTC), and the SEC; litigation; indemnity obligations; fines; penalties; mitigation and remediation costs; reputational harm; diversion of management’s attention; customer relationship issues; and other liabilities and damage to our business. Security or data incidents and their resulting consequences, including negative publicity, may also cause customers to stop using our platform, deter existing or prospective customers from using our platform, and negatively impact our ability to grow and operate our business. Further, cybersecurity incidents have in the past and may in the future lead customers or prospective customers to attempt to negotiate contractual terms that are less favorable to us, such as broader indemnification obligations, more stringent cybersecurity requirements, and higher limitations of liability. We may incur liability or suffer reputational harm for cybersecurity even if we do not control the applicable security measures or if we are not at fault. Our customers have experienced, and may in the future experience, security incidents in connection with their use of our platform that harm our customer relationships and our reputation, even when such incidents are due to vulnerabilities, policy violations, inadequate security controls, or credential exposures that we do not cause. We operate under a shared responsibility cybersecurity model where we are responsible for the security of our platform and underlying cloud infrastructure, while our customers are responsible for selecting, enabling, and configuring security and operational controls for their individual environments in a manner that meets applicable cybersecurity standards and effectively reduces their information security risk. Some customers also use third-party external authentication tools, in which case we do not have visibility into whether adequate access controls (such as multi-factor authentication (MFA) or network restrictions) are being enforced. Regardless of whether customers use our authentication tools or external tools, if customers allow static access credentials, they are responsible for ensuring that the credentials remain private and are rotated on a regular basis. If our customers do not implement, or incorrectly implement, the security tools and features we offer and support within our platform or otherwise fail to fulfill their responsibilities under our shared responsibility cybersecurity model, there is a higher risk that they will be the victim of cybersecurity or data incidents, which may harm our customer relationships, our reputation, and our business, which has occurred in the past and may happen again in the future. We have contractual and other legal obligations to notify customers and other parties of certain incidents, and may choose to make such notifications even if not legally required to do so. For example, SEC rules require disclosure on Form 8-K of the nature, scope and timing of any material cybersecurity incident and the reasonably likely impact of such incident. Determining whether a cybersecurity incident is notifiable or reportable may not be straightforward, and any such mandatory disclosures are costly and could lead to negative publicity, loss of customer or partner confidence in the effectiveness of our security measures, diversion of management’s attention, governmental investigations, and the expenditure of significant capital and other resources to investigate, respond to, or alleviate problems caused by the actual or perceived security breach. Our insurance coverage may not be adequate for liability arising from data security breaches involving us or our customers or other third parties, indemnification obligations, or other liabilities. The successful assertion of one or more large claims against us that exceeds our available insurance coverage or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements) could have an adverse effect on our business. In addition, we cannot be sure that our existing insurance coverage and coverage for errors and omissions will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim, particularly as we continue to expand our product offerings with different security risk profiles. 25 25 25 25 25 25 Table of Contents Table of Contents Table of Contents For example, in May 2024, we became aware that cybersecurity threat actors had accessed a number of our customers’ Snowflake accounts as a result of such customers’ failure to fulfill certain of their obligations under our shared responsibility cybersecurity model (e.g., implementing MFA and network access policies). Even though we did not identify any evidence suggesting this activity was caused by or otherwise related to any vulnerability or misconfiguration of our systems, or a breach of our platform’s security or our environment, we have been the subject of numerous lawsuits, regulatory investigations, and lawmaker inquiries relating to these customer incidents. Since May 2024, we have been made aware of additional cyberattacks on customers’ Snowflake accounts using similar methods intended to take advantage of customers’ failures to implement appropriate security safeguards (e.g., MFA and network access policies). We are unable to predict the outcome or timeline of these matters or whether any additional requests, inquiries, lawsuits, investigations or other government actions may arise. We have suffered and may continue to suffer negative publicity and reputational damage, including due to the misperception that our customers’ incidents resulted from a vulnerability, misconfiguration or breach of our platform’s security or systems and malicious activity within our environment. In addition, we may experience a loss of existing customers or face claims by customers, and it is possible that we are not able to fully recover any losses relating to these matters through any applicable insurance coverage or we may be required to seek indemnification from breached customers to mitigate our damages, which may be unsuccessful or impractical. These matters, together with any additional inquiries, regulatory or governmental investigations, or other disputes that result from these customer security incidents, have in the past and will continue to require us to divert resources and may harm our reputation, business, financial condition, or results of operations. Finally, some of our employees work remotely, including while traveling for business, which increases our cybersecurity risk, creates data accessibility concerns, and makes us more susceptible to security breaches or business disruptions. Any of the foregoing could have a material adverse effect on our business, financial condition, results of operations, or prospects.

In the ordinary course of our business, we store, transmit, generate, and process our, our customers’, and our business partners’ confidential and proprietary data. Such data includes sensitive data, such as personal information, protected health information, and financial data. We also use third-party service providers, sub-processors, and technology to help us deliver services to our customers and their end-users, as well as for our internal business operations. For example, our platform is built on the infrastructure of third-party public cloud providers, such as AWS, Azure, and GCP, and we use third-party technology to assist with securing our environment and providing access to our platform. Some of our customers also use third-party service providers to assist with their use of our platform or third-party technology, such as connectors, to access our platform. These third-party service providers may process, store, or transmit data of our employees, partners, customers, and customers’ end-users or may otherwise be used to help operate our platform and corporate systems. We, our customers and business partners, and these third parties face a variety of evolving cybersecurity threats. Cybersecurity threats come from a variety of sources, including traditional computer “hackers,” internal and external personnel (such as through theft or misuse), sophisticated nation-states, and nation-state-supported actors. Cybersecurity threat actors can use a wide variety of methods, including unauthorized intrusions, denial-of-service attacks, ransomware attacks, business email compromises, computer malware, infostealer malware, social engineering attacks (including through deep-fakes and phishing), internal and external personnel misconduct or error, supply-chain attacks, software vulnerabilities, software or hardware disruptions or failures, and attacks enhanced or facilitated by AI Technology, all of which are prevalent in our industry and our customers’ and partners’ industries. These methods change frequently and are becoming increasingly difficult to detect. Threat actors who successfully compromise networks or systems may use the unauthorized access as a vector to compromise other networks and systems. Threat actors’ goals often include disrupting a company’s operations or ability to provide services, obtaining unauthorized access to platforms, systems, networks, or physical facilities in which data is stored or processed, or through which data is transmitted, and stealing data. Ransomware attacks are becoming more frequent and severe. 22 22 22 22 22 22 Table of Contents Table of Contents Table of Contents There can be no assurance that security measures designed to protect against security incidents will be effective, and our efforts to investigate, mitigate, contain, and remediate any security incidents that do occur may not be successful. Even though we may not control the security measures of third-party providers or environments, we may incur liability or suffer reputational harm if such measures are breached. Actions taken by us, third-party cloud providers, or the other third parties with whom we work to detect, investigate, mitigate, contain, and remediate security incidents could result in outages, data losses, and disruptions of our business. We may be unable to detect, mitigate, or remediate vulnerabilities in our information security systems (such as our hardware and software, including that of third parties upon which we rely) on a timely basis. We may be unwilling or unable to make ransom payments due to, for example, applicable laws or regulations prohibiting such payments, the negative precedent such payments would set, or uncertainty over whether such payments would result in the threat actor deleting stolen data or otherwise delivering on their promised course of action. In general, cybersecurity incidents or security vulnerabilities could lead to significant interruptions in our operations, loss of data and income, reputational harm, diversion of funds, increased insurance costs, and other harm to our business, reputation, and competitive position. In addition, customers’ use of our platform in violation of our terms of service, including by granting access to a single Snowflake account to various third-party entities, could amplify the impact of any cybersecurity or product incidents. Security incidents and their resulting consequences, including negative publicity, may also cause customers to stop using our platform, deter existing or prospective customers from using our platform, and negatively impact our ability to grow and operate our business. Our customers have experienced, and may in the future experience, security incidents in connection with their use of our platform that harm our customer relationships and our reputation, even when such incidents are due to vulnerabilities, policy violations, inadequate security controls, or credential exposures that we do not cause. We operate under a shared responsibility cybersecurity model where we are responsible for the security of our platform and underlying cloud infrastructure, while our customers are responsible for selecting, enabling, and configuring security controls for their individual environments in a manner that meets applicable cybersecurity standards and effectively reduces their information security risk. To assist customers in meeting their responsibilities, we offer and support a range of tools and features within our platform for access control, including multi-factor authentication (MFA), network access policies, and unified role-based access controls and policies. Some customers also use third-party external authentication tools, in which case we do not have visibility into whether adequate access controls (such as MFA or network restrictions) are being enforced. Regardless of whether customers use our authentication tools or external tools, if customers allow static access credentials, they are responsible for ensuring that the credentials remain private and are rotated on a regular basis. If our customers do not implement, or incorrectly implement, these features or otherwise fail to fulfill their responsibilities under our shared responsibility cybersecurity model, there is a higher risk that they will be the victim of cybersecurity incidents, which may harm our customer relationships, our reputation, and our business, which has occurred in the past and may happen again in the future. We have contractual and other legal obligations to notify customers and other parties of certain security incidents, and may choose to make such notifications even if not legally required to do so. For example, SEC rules require disclosure on Form 8-K of the nature, scope and timing of any material cybersecurity incident and the reasonably likely impact of such incident. Determining whether a cybersecurity incident is notifiable or reportable may not be straightforward, and any such mandatory disclosures are costly and could lead to negative publicity, loss of customer or partner confidence in the effectiveness of our security measures, diversion of management’s attention, governmental investigations, and the expenditure of significant capital and other resources to investigate, respond to, or alleviate problems caused by the actual or perceived security breach. Any security breach of our platform, our operational systems, our software (including open-source software), our physical facilities, or the systems of our third-party service providers or sub-processors, or the perception that one has occurred, or unauthorized access to our customers’ or partners’ systems, data, or technology, could result in claims that we have breached customer contracts or other legal obligations, including as described below. In addition, we may be subject to, and have received in the past, requests by regulators (including members of Congress) for information about our security practices, our public statements about our security program, experiences, and issues. Alleged failures, problems, or issues related to our information security or our customers’ use of our platform, including following such information requests, could result in additional investigations; actions from a variety of regulators, including state attorneys general, the Department of Justice, the Federal Trade Commission (FTC), and the SEC; litigation; indemnity obligations; fines; penalties; mitigation and remediation costs; reputational harm; diversion of management’s attention; customer relationship issues; and other liabilities and damage to our business. Further, cybersecurity incidents have in the past and may in the future lead customers or prospective customers to attempt to negotiate contractual terms that are less favorable to us, such as broader indemnification obligations, more stringent cybersecurity requirements, and higher limitations of liability. 23 23 23 23 23 23 Table of Contents Table of Contents Table of Contents Our insurance coverage may not be adequate for liability arising from data security breaches involving us or our customers or other third parties, indemnification obligations, or other liabilities. The successful assertion of one or more large claims against us that exceeds our available insurance coverage or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements) could have an adverse effect on our business. In addition, we cannot be sure that our existing insurance coverage and coverage for errors and omissions will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim. Risks related to our systems and security breaches are likely to increase as we continue to expand our platform and geographic footprint, grow our customer and partner base, acquire operating companies, begin to operate in environments outside of our platform and over which we exercise significantly less or no control, and process, store, and transmit increasingly large amounts of data. For example, in May 2024, we became aware that a cybersecurity threat actor had accessed a number of our customers’ Snowflake accounts as a result of such customers’ failure to fulfill certain of their obligations under our shared responsibility cybersecurity model (e.g., implementing MFA and network access policies). Even though we did not identify any evidence suggesting this activity was caused by or otherwise related to any vulnerability or misconfiguration of our systems, or a breach of our platform’s security or our environment, we have been the subject of numerous lawsuits, regulatory investigations, and lawmaker inquiries relating to these customer incidents. Since May 2024, we have been made aware of additional cyberattacks on customers’ Snowflake accounts using similar methods to take advantage of customers’ failures to implement appropriate security safeguards (e.g., MFA and network access policies). We are unable to predict the outcome or timeline of these matters or if any additional requests, inquiries, lawsuits, investigations or other government actions may arise. We have suffered and may continue to suffer negative publicity and reputational damage, including due to the misperception that our customers’ incidents resulted from a vulnerability, misconfiguration or breach of our platform’s security or systems and malicious activity within our environment. In addition, we may experience a loss of existing customers or face claims by customers, and it is possible that we are not able to fully recover any losses relating to these matters through any applicable insurance coverage or we may be required to seek indemnification from breached customers to mitigate our damages, which may be unsuccessful or impractical. These matters, together with any additional inquiries, regulatory or governmental investigations, or other disputes that result from these customer security incidents, will require us to divert resources and may harm our reputation, business, financial condition, or results of operations. Finally, some of our employees work remotely, including while traveling for business, which increases our cybersecurity risk, creates data accessibility concerns, and makes us more susceptible to security breaches or business disruptions. Any of the foregoing could have a material adverse effect on our business, financial condition, results of operations, or prospects. 24 24 24 24 24 24 Table of Contents Table of Contents Table of Contents

Our success depends in part on the continued services of our executive officers, as well as our other key employees in the areas of research and development and sales and marketing. From time to time, there may be changes in our executive management team or other key employees resulting from the hiring or departure of these personnel. Our executive officers and other key employees are employed on an at-will basis, which means that these personnel could terminate their employment with us at any time. For example, we have experienced several executive leadership transitions since the beginning of fiscal 2025: in February 2024, Sridhar Ramaswamy was appointed to replace Frank Slootman as Chief Executive Officer upon his retirement; in September 2024, Vivek Raghunathan was appointed as SVP, Engineering and Support to replace Grzegorz Czajkowski, who resigned in July 2024; in March 2025, Michael Gannon was appointed as Chief Revenue Officer to replace Christopher W. Degnan; and in September 2025, Brian Robins was appointed to replace Michael P. Scarpelli as Chief Financial Officer upon his retirement. The loss of additional executive officers or any significant change in key leadership could harm morale, cause additional personnel to depart, introduce operational delays or risks as departing employees are replaced and successors learn our business, or disrupt operations and implementation of business strategy as result of any changes such successors may make, each of which could harm our operating results. In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially for engineers experienced in designing and developing cloud-based data platform products, including products with AI capabilities, and experienced sales, customer support, and professional services personnel. We also are dependent on the continued service of our existing software engineers because of the sophistication of our platform. 31 31 31 31 31 31 Table of Contents Table of Contents Table of Contents In order to support our growing business, we will need to continue to hire in new locations around the world and manage remote/hybrid working policies in certain areas, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications, including skilled AI engineers, many of whom are in high demand and command high compensation packages. Many of the companies with which we compete for experienced personnel have greater resources than we have and can provide more competitive compensation and benefits. In addition, we require the majority of our employees to work from a physical office, while certain of our competitors allow remote work environments. In addition, prospective and existing employees often consider the value and other terms of the equity awards they receive to be an important part of their employment compensation package. Our stock price declined significantly during portions of fiscal 2026 and fiscal 2025. If the actual or perceived value of our equity awards declines or undergoes significant volatility, or if our existing employees receive significant proceeds from liquidating their previously vested equity awards, it may adversely affect our ability to recruit and retain key employees. Furthermore, current and prospective employees may believe that their equity award offers have limited upside, and our competitors may be able to offer more appealing compensation packages. In order to retain our existing employees and manage potential attrition, including as a result of any stock price decreases and market volatility that impact the actual or perceived value of our equity awards, we may issue additional equity awards or provide our employees with increased cash compensation, which could negatively impact our results of operations and be dilutive to stockholders. For example, our stock-based compensation, net of amounts capitalized, represented 34% of our revenue for fiscal 2026 and 41% for fiscal 2025, and we expect stock-based compensation to remain substantial even if we are successful in reducing it as a percentage of our revenue. Finally, if we hire employees from competitors or other companies, their former employers may attempt to assert that we or these employees have breached our or their legal obligations, resulting in a diversion of our time and resources. We also believe our culture has been a key contributor to our success to date and that the critical nature of the platform that we provide promotes a sense of greater purpose and fulfillment in our employees. As our workforce becomes larger and more distributed around the world or as our executive management team changes, we may not be able to maintain important aspects of our culture. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel. If we fail to attract and recruit new personnel or fail to retain and motivate our current personnel, our business and future growth prospects would be harmed.

Our success depends in part on the continued services of our executive officers, as well as our other key employees in the areas of research and development and sales and marketing. From time to time, there may be changes in our executive management team or other key employees resulting from the hiring or departure of these personnel. Our executive officers and other key employees are employed on an at-will basis, which means that these personnel could terminate their employment with us at any time. For example, in February 2024, Frank Slootman retired as Chief Executive Officer and Sridhar Ramaswamy was appointed to replace him; in July 2024, Grzegorz Czajkowski, our former EVP, Engineering and Support, resigned and left Snowflake to pursue another opportunity, and in September 2024, Vivek Raghunathan was appointed as SVP, Engineering and Support to replace him; in February 2025, Michael P. Scarpelli notified us of his intention to retire as Chief Financial Officer once his successor is appointed, after which he will transition into an advisory role to support continuity and a smooth transition; and in March 2025, Christopher W. Degnan notified us of his intention to retire as Chief Revenue Officer and Michael Gannon was appointed to replace him. The loss of additional executive officers or any significant change in key leadership could harm morale, cause additional personnel to depart, introduce operational delays or risks as departing employees are replaced and successors learn our business, or disrupt operations and implementation of business strategy as result of any changes such successors may make, each of which could harm our operating results. In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially for engineers experienced in designing and developing cloud-based data platform products, including products with artificial intelligence capabilities, and experienced sales, customer support, and professional services personnel. We also are dependent on the continued service of our existing software engineers because of the sophistication of our platform. In order to support our growing business, we will need to continue to hire in new locations around the world and manage return to work and remote working policies, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have and can provide more competitive compensation and benefits. In addition, we require the majority of our employees to work from a physical office, while certain of our competitors allow remote work environments. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. Our stock price declined significantly during a portion of fiscal 2025. If the actual or perceived value of our equity awards declines or undergoes significant volatility, or if our existing employees receive significant proceeds from liquidating their previously vested equity awards, it may adversely affect our ability to recruit and retain key employees. Furthermore, current and prospective employees may believe that their equity award offers have limited upside, and our competitors may be able to offer more appealing compensation packages. In order to retain our existing employees and manage potential attrition, including as a result of any stock price decreases and market volatility that impact the actual or perceived value of our equity awards, we may issue additional equity awards or provide our employees with increased cash compensation, which could negatively impact our results of operations and be dilutive to stockholders. For example, our stock-based compensation, net of amounts capitalized, represented 41% of our revenue for fiscal 2025 and 42% for fiscal 2024, and we expect stock-based compensation to remain substantial even if we are successful in reducing it as a percentage of our revenue. Finally, if we hire employees from competitors or other companies, their former employers may attempt to assert that we or these employees have breached our or their legal obligations, resulting in a diversion of our time and resources. 30 30 30 30 30 30 Table of Contents Table of Contents Table of Contents We also believe our culture has been a key contributor to our success to date and that the critical nature of the platform that we provide promotes a sense of greater purpose and fulfillment in our employees. As our workforce becomes larger and more distributed around the world or as our executive management team changes, we may not be able to maintain important aspects of our culture. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel. If we fail to attract and recruit new personnel or fail to retain and motivate our current personnel, our business and future growth prospects would be harmed.

We typically commit to our customers that our platform will maintain a minimum service-level of availability. If we are unable to meet these commitments, including with respect to newly introduced products that are initially covered under an existing service-level commitment but may eventually require a different level of availability, we may be obligated to provide customers with additional capacity at no cost, which could significantly affect our revenue. We rely on public cloud providers, such as AWS, Azure, and GCP, and any availability interruption in the public cloud could result in us not meeting our service-level commitments to our customers. In some cases, we may not have a contractual right with our public cloud providers that compensates us for any losses due to availability interruptions in the public cloud. Further, any failure to meet our service-level commitments could damage our reputation and hinder the adoption of our platform, and we could face loss of revenue from reduced future consumption of our platform. Any service-level failures could adversely affect our business, financial condition, and results of operations.

We typically commit to our customers that our platform will maintain a minimum service-level of availability. If we are unable to meet these commitments, we may be obligated to provide customers with additional capacity at no cost, which could significantly affect our revenue. We rely on public cloud providers, such as AWS, Azure, and GCP, and any availability interruption in the public cloud could result in us not meeting our service-level commitments to our customers. In some cases, we may not have a contractual right with our public cloud providers that compensates us for any losses due to availability interruptions in the public cloud. Further, any failure to meet our service-level commitments could damage our reputation and hinder the adoption of our platform, and we could face loss of revenue from reduced future consumption of our platform. Any service-level failures could adversely affect our business, financial condition, and results of operations. 32 32 32 32 32 32 Table of Contents Table of Contents Table of Contents

The conversion of the Notes may dilute the ownership interests of our stockholders. Upon conversion of the Notes, we have the option to settle the obligation in cash, shares of our common stock, or a combination of both. If we elect to settle our conversion obligation in shares of our common stock or a combination of cash and shares of our common stock, any sales in the public market of our common stock issuable upon such conversion could adversely affect prevailing market price of our common stock. In addition, the existence of the Notes may encourage short selling by market participants because the conversion of the Notes could be used to satisfy short positions, or anticipated conversion of the Notes into shares of our common stock could depress the price of our common stock. 49 49 49 49 49 49 Table of Contents Table of Contents Table of Contents

The conversion of the Notes may dilute the ownership interests of our stockholders. Upon conversion of the Notes, we have the option to settle the obligation in cash, shares of our common stock, or a combination of both. If we elect to settle our conversion obligation in shares of our common stock or a combination of cash and shares of our common stock, any sales in the public market of our common stock issuable upon such conversion could adversely affect prevailing market price of our common stock. In addition, the existence of the Notes may encourage short selling by market participants because the conversion of the Notes could be used to satisfy short positions, or anticipated conversion of the Notes into shares of our common stock could depress the price of our common stock. 47 47 47 47 47 47 Table of Contents Table of Contents Table of Contents

We compete in markets that evolve rapidly. We believe that the pace of innovation will continue to accelerate as customers increasingly base their purchases of cloud data platforms on a broad range of factors, including performance and scale, cost, markets addressed, types of data processed, ease of data ingress and egress, support of open data formats, user experience and programming languages, use of AI, interoperability and integrations across tools, applications, and platforms, and data governance, security, and regulatory compliance. We introduced data warehousing on our platform in 2014 as our core use case, and our customers subsequently began using our platform for additional product categories, including analytics, data engineering, AI, and applications and collaboration. Our future success depends on our ability to continue to innovate rapidly and effectively and increase customer adoption of our platform and the AI Data Cloud, including emerging product areas such as AI, Apache Iceberg tables, and Snowpark. 22 22 22 22 22 22 Table of Contents Table of Contents Table of Contents Further, the value of our platform to customers increases to the extent they are able to use it to process and access all types of data. We need to continue to invest in technologies, services, and partnerships that increase the types of data available and processed on our platform, the ease with which customers can ingest data into our platform, and the types of environments that our platform supports, including hybrid offerings that extend into customer-managed environments. We must also continue to enhance our data sharing and marketplace capabilities so customers can share their data with internal business units, their customers, and other third parties, acquire additional third-party data and data products to combine with their own data to gain additional business insights, and develop and monetize applications on our platform. As we develop, acquire, and introduce new services and technologies, including those that incorporate AI Technology, we have been and may continue to be subject to new or heightened legal, ethical, and other challenges. In addition, our platform requires third-party public cloud infrastructure to operate. We need to continue to innovate to optimize our offerings for these and other public clouds that our customers require, particularly as we expand internationally. Further, the markets in which we compete are subject to evolving industry standards and regulations, resulting in increasing data governance and compliance requirements for us and our customers and partners. As we expand further into the public sector and highly regulated countries and industries, our platform and operations will need to address additional requirements specific to those markets, including data sovereignty requirements. If we are unable to enhance our platform or operations to keep pace with these rapidly evolving customer needs or other market requirements, or if new technologies emerge that deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our platform, our business, financial condition, and results of operations could be adversely affected.

We compete in markets that evolve rapidly. We believe that the pace of innovation will continue to accelerate as customers increasingly base their purchases of cloud data platforms on a broad range of factors, including performance and scale, markets addressed, types of data processed, ease of data ingress and egress, support of open data formats, user experience and programming languages, use of artificial intelligence, and data governance, security, and regulatory compliance. We introduced data warehousing on our platform in 2014 as our core use case, and our customers subsequently began using our platform for additional product categories, including analytics, data engineering, artificial intelligence, and applications and collaboration. Our future success depends on our ability to continue to innovate rapidly and effectively and increase customer adoption of our platform and the AI Data Cloud, including the Snowflake Marketplace and Snowpark. Further, the value of our platform to customers increases to the extent they are able to use it to process and access all types of data. We need to continue to invest in technologies, services, and partnerships that increase the types of data available and processed on our platform, the ease with which customers can ingest data into our platform, and the types of environments that our platform supports, including hybrid offerings that extend into customer-managed environments. We must also continue to enhance our data sharing and marketplace capabilities so customers can share their data with internal business units, customers, and other third parties, acquire additional third-party data and data products to combine with their own data to gain additional business insights, and develop and monetize applications on our platform. As we develop, acquire, and introduce new services and technologies, including those that may incorporate artificial intelligence and machine learning, we may be subject to new or heightened legal, ethical, and other challenges. In addition, our platform requires third-party public cloud infrastructure to operate. Currently, we use public cloud offerings provided by AWS, Azure, and GCP. We will need to continue to innovate to optimize our offerings for these and other public clouds that our customers require, particularly as we expand internationally. Further, the markets in which we compete are subject to evolving industry standards and regulations, resulting in increasing data governance and compliance requirements for us and our customers and partners. To the extent we expand further into the public sector and highly regulated countries and industries, our platform and operations may need to address additional requirements specific to those markets, including data sovereignty requirements. If we are unable to enhance our platform or operations to keep pace with these rapidly evolving customer requirements, or if new technologies emerge that deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our platform, our business, financial condition, and results of operations could be adversely affected. 21 21 21 21 21 21 Table of Contents Table of Contents Table of Contents

Companies across many industries face ongoing scrutiny related to their environmental, social and governance (ESG) practices and reporting, both in the United States and internationally. Our response to ESG disclosure requirements and stakeholder expectations may require additional investments and implementation of new practices and reporting processes, all entailing additional compliance risk and cost. To the extent we share information about our ESG practices, we could be criticized for the accuracy, adequacy, or completeness of such disclosures. In addition, we may communicate ESG goals or initiatives from time to time, which can be costly to achieve and difficult to implement. There is no assurance that we will achieve any of these goals, that our initiatives will achieve their intended outcome, and our ability to implement these ESG-related initiatives or achieve ESG-related goals may be dependent on external factors outside our control. At the same time, anti-ESG sentiment has gained momentum across the United States, and both the federal and state governments have enacted or proposed “anti-ESG” policies or legislation or have issued related legal opinions. In addition, both federal and state governments and activist groups have increased scrutiny of private sector employment practices, asserting that certain corporate practices, such as diversity, equity, and inclusion (DEI), are discriminatory and unlawful. Such anti-ESG and anti-DEI related policies, legislation, initiatives and scrutiny could expose certain ESG, human capital management, or other practices we adopt to the risk of litigation, antitrust investigations or challenges by federal or state authorities, which may result in injunctions, penalties, and reputational harm. Further, we may experience backlash from customers, government entities, advocacy groups, employees, or other stakeholders who disagree with our actual or perceived positions, or with our lack of position on social, environmental, governance, political, public policy, economic, geopolitical, or other sensitive issues. Any perceived lack of transparency about these matters could harm our brand and reputation, our employees’ engagement and retention, and the willingness of our customers and partners to do business with us. Both advocates and opponents to ESG-related matters are increasingly resorting to a range of activism forms, including media campaigns and litigation, to advance their perspectives. To the extent we are subject to such activism, it may require us to incur costs or otherwise adversely impact our business, results of operations, or financial condition.

Companies across many industries are facing increasing scrutiny related to their environmental, social and governance (ESG) practices and reporting, both in the United States and internationally. For example, new domestic and international laws and regulations relating to ESG matters, including environmental sustainability and climate change and human capital management, are under consideration or being adopted, which may include specific, target-driven disclosure requirements or obligations. Our response to increased ESG disclosure requirements may require additional investments and implementation of new practices and reporting processes, all entailing additional compliance risk and cost. To the extent we share information about our ESG practices, we could be criticized for the accuracy, adequacy, or completeness of such disclosures. In addition, we may communicate ESG goals or initiatives from time to time, which can be costly to achieve and difficult to implement. There is no assurance that we will achieve any of these goals, that our initiatives will achieve their intended outcome, and our ability to implement these ESG-related initiatives or achieve ESG-related goals may be dependent on external factors outside our control. At the same time, anti-ESG sentiment has gained momentum across the United States, and both the federal and state governments have enacted or proposed “anti-ESG” policies or legislation or have issued related legal opinions. In addition, the U.S. Supreme Court’s ruling striking down race-based affirmative action in higher education has increased scrutiny of private sector employment practices and activist groups and state attorneys general have begun to analogize the outcome of that case to private employment matters, asserting that certain corporate practices, such as diversity, equity, and inclusion (DEI), are discriminatory and unlawful. Such anti-ESG and anti-DEI related policies, legislation, initiatives and scrutiny could expose any ESG, DEI or other practices we adopt to the risk of litigation, antitrust investigations or challenges by federal or state authorities, result in injunctions, penalties, and reputational harm. Further, we may experience backlash from customers, government entities, advocacy groups, employees, or other stakeholders who disagree with our actual or perceived positions, or with our lack of position on social, environmental, governance, political, public policy, economic, geopolitical, or other sensitive issues. Any perceived lack of transparency about these matters could harm our brand and reputation, our employees’ engagement and retention, and the willingness of our customers and partners to do business with us. Both advocates and opponents to ESG-related matters are increasingly resorting to a range of activism forms, including media campaigns and litigation, to advance their perspectives. To the extent we are subject to such activism, it may require us to incur costs or otherwise adversely impact our business, results of operations, or financial condition.

If the conditional conversion feature of a series of the Notes is triggered, holders of such Notes will be entitled to elect to convert their Notes at any time during specified periods, as described in the applicable Indenture. For example, holders of each series of the Notes can convert their Notes at any time during the fiscal quarter ending April 30, 2026 as the last reported sale price of our common stock was greater than or equal to 130% of the conversion price for the Notes for at least 20 trading days during the 30 consecutive trading days ending on the last trading day of the fiscal quarter ended January 31, 2026. If one or more holders elect to convert their Notes, we would be required to settle a portion or all of our conversion obligation through the payment of cash, unless we elect to fully settle such conversion by delivering shares of our common stock (other than any cash paid in lieu of delivering fractional shares), which could adversely affect our liquidity. In addition, even if holders do not elect to convert their Notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the relevant series of Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital.

If the conditional conversion feature of a series of the Notes is triggered, holders of such Notes will be entitled to elect to convert their Notes at any time during specified periods, as described in the applicable Indenture. If one or more holders elect to convert their Notes, we would be required to settle a portion or all of our conversion obligation through the payment of cash, unless we elect to fully settle such conversion by delivering shares of our common stock (other than any cash paid in lieu of delivering fractional shares), which could adversely affect our liquidity. In addition, even if holders do not elect to convert their Notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the relevant series of Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital.

We have in the past and may in the future seek to acquire or invest in businesses, joint ventures, and platform technologies that we believe could complement or expand our platform, enhance our technology, or otherwise offer growth opportunities. For example, since the beginning of fiscal 2025, we have acquired several companies, including Night Shift Development, Inc., a privately-held data analytics firm focused on the U.S. public sector; Datavolo, Inc., a privately-held company that built a dataflow infrastructure to support the creation, management, and observability of multimodal data pipelines for enterprise AI; Crunchy Data Solutions, Inc., a privately-held company that provided PostgreSQL technology; TensorStax, Inc., a privately-held company that built autonomous AI agents for data engineering services; and Observe, Inc., a privately-held company that built an AI-powered observability platform. Such transactions have in the past and may in the future divert the attention of management and cause us to incur various expenses in identifying, investigating, financing, and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties or unexpected costs integrating the businesses, technologies, products, personnel, contracts or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform, or we have difficulty retaining the customers, suppliers, or partners of any acquired business due to changes in ownership, management, or otherwise. Any such transactions that we are able to complete may not result in the revenue, synergies, or other benefits we expect to achieve, which could result in substantial impairment charges. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. In addition, we may inherit commitments, risks, and liabilities of companies that we acquire that we are unable to successfully mitigate and that may be amplified by our existing business. Finally, disputes or litigation can arise out of our acquisitions or investments from time to time, including in connection with the achievement of earnouts. As part of our corporate development program, we invest in companies to support our key business initiatives. These companies range from early, growth stage companies to mature companies with established revenue streams. Our strategic investments are subject to risk of inability to achieve the desired strategic synergies and partial or total loss of investment capital. Furthermore, our competitors may invest in these companies alongside us, and may obtain information about our corporate development program or other business plans. The financial success of our investment is typically dependent on an exit in favorable market conditions. To the extent any of the companies in which we invest are not successful, which can include failure to achieve strategic business objectives as well as failure to achieve a favorable exit, we could recognize an impairment or loss on all or part of our investment, which we have done in the past. In addition, in certain cases we are required to consolidate one or more of our strategic investee’s financial results into ours. Fluctuations in any such investee’s financial results, due to general market conditions, bank failures, or otherwise, can negatively affect our consolidated financial condition, results of operations, cash flows, or the price of our common stock. If one or more of such investees fails to timely provide us with information necessary for the preparation of our consolidated financial statements and disclosures, we may be unable to report our financial results in a timely manner, which would negatively affect our business and the price of our common stock. We also enter into strategic partnerships where we agree to incorporate third-party technologies into our platform and services. In some cases, we have revenue-sharing arrangements with our strategic partners who supply the technology. We may be unable to reach agreements with potential strategic partners on terms acceptable to us, if at all, and we may not be successful in partnering with the companies that have the technologies we need. Such strategic partnerships are also subject to a number of risks, including with respect to performance issues, security controls, indemnification obligations, and ownership of intellectual property and other proprietary information. Any of the foregoing could harm our business, financial position, and results of operations. 35 35 35 35 35 35 Table of Contents Table of Contents Table of Contents

We have in the past and may in the future seek to acquire or invest in businesses, joint ventures, and platform technologies that we believe could complement or expand our platform, enhance our technology, or otherwise offer growth opportunities. For example, since the beginning of fiscal 2024, we have acquired several companies, including Samooha, Inc., a privately-held company which developed data clean room technology; Neeva Inc. (Neeva), a privately-held internet search company which leveraged generative AI Technology; Mountain US Corporation (f/k/a Mobilize.net Corporation), a privately-held company which provided a suite of tools for efficiently migrating databases to the AI Data Cloud; LeapYear Technologies, Inc., a privately-held company which provided a differential privacy platform; Night Shift Development, Inc., a privately-held data analytics firm focused on the U.S. public sector; and Datavolo, Inc., a privately-held company that built a dataflow infrastructure to support the creation, management, and observability of multimodal data pipelines for enterprise AI. Any such acquisitions or investments may divert the attention of management and cause us to incur various expenses in identifying, investigating, financing, and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties or unexpected costs assimilating or integrating the businesses, technologies, products, personnel, contracts or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform, or we have difficulty retaining the customers, suppliers, or partners of any acquired business due to changes in ownership, management, or otherwise. Any such transactions that we are able to complete may not result in the synergies or other benefits we expect to achieve, which could result in substantial impairment charges. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. In addition, we may inherit commitments, risks, and liabilities of companies that we acquire that we are unable to successfully mitigate and that may be amplified by our existing business. Finally, disputes or litigation can arise out of our acquisitions or investments from time to time, including in connection with the achievement of earnouts. 33 33 33 33 33 33 Table of Contents Table of Contents Table of Contents As part of our corporate development program, we invest in companies to support our key business initiatives. These companies range from early, growth stage companies to mature companies with established revenue streams. Our strategic investments are subject to risk of inability to achieve the desired strategic synergies and partial or total loss of investment capital. Furthermore, our competitors may invest in these companies alongside us, and may obtain information about our corporate development program or other business plans. The financial success of our investment is typically dependent on an exit in favorable market conditions. To the extent any of the companies in which we invest are not successful, which can include failure to achieve strategic business objectives as well as failure to achieve a favorable exit, we could recognize an impairment or loss on all or part of our investment, which we have done in the past. In addition, in certain cases we are required to consolidate one or more of our strategic investee’s financial results into ours. Fluctuations in any such investee’s financial results, due to general market conditions, bank failures, or otherwise, can negatively affect our consolidated financial condition, results of operations, cash flows, or the price of our common stock. If one or more of such investees fails to timely provide us with information necessary for the preparation of our consolidated financial statements and disclosures, we may be unable to report our financial results in a timely manner, which would negatively affect our business and the price of our common stock. We also enter into strategic partnerships where we agree to incorporate third-party technologies into our platform and services. In some cases, we have revenue-sharing arrangements with our strategic partners who supply the technology. We may be unable to reach agreements with potential strategic partners on terms acceptable to us, if at all, and we may not be successful in partnering with the companies that have the technologies we need. Such strategic partnerships are also subject to a number of risks, including with respect to security controls, indemnification obligations, and ownership of intellectual property and other proprietary information. Any of the foregoing could harm our business, financial position, and results of operations.

We are subject to income taxes in the United States and various foreign jurisdictions. The determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by management, and there are many transactions where the ultimate tax determination is uncertain. We believe that our provision for income taxes is reasonable, but the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods in which such outcome is determined. Our effective tax rate could increase due to several factors, including: •changes in the relative amounts of income before taxes in the various jurisdictions in which we operate that have differing statutory tax rates; •changes in tax laws, tax treaties, and regulations or the interpretation of them; •changes to our assessment about our ability to realize our deferred tax assets that are based on estimates of our future results, the prudence and feasibility of possible tax planning strategies, and the economic and political environments in which we do business; •the outcome of current and future tax audits, examinations, or administrative appeals; and •the effects of acquisitions, divestitures, and restructurings. Any of these developments could adversely affect our results of operations. 48 48 48 48 48 48 Table of Contents Table of Contents Table of Contents

We are subject to income taxes in the United States and various foreign jurisdictions. The determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by management, and there are many transactions where the ultimate tax determination is uncertain. We believe that our provision for income taxes is reasonable, but the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods in which such outcome is determined. Our effective tax rate could increase due to several factors, including: •changes in the relative amounts of income before taxes in the various jurisdictions in which we operate that have differing statutory tax rates; •changes in tax laws, tax treaties, and regulations or the interpretation of them; •changes to our assessment about our ability to realize our deferred tax assets that are based on estimates of our future results, the prudence and feasibility of possible tax planning strategies, and the economic and political environments in which we do business; •the outcome of current and future tax audits, examinations, or administrative appeals; and •the effects of acquisitions, divestitures, and restructurings. Any of these developments could adversely affect our results of operations. 46 46 46 46 46 46 Table of Contents Table of Contents Table of Contents

We are currently offering our platform in China to Chinese affiliates of certain multi-national customers. Under Chinese law, we must offer our platform through a Chinese-owned operating partner, which must assume control and management of certain aspects of our platform and serve as the seller of record. This has required a new operating and go-to-market model, and there is a risk that functionality or customer experience may suffer and that we may incur liability or brand impairment arising from the operating partner’s actions, inactions, or ineffectiveness. In addition, developing and operationalizing this new model is a significant investment and may not generate expected returns. We may also encounter the following risks: •uncertainty regarding the validity, enforceability, and scope of protection for intellectual property rights in China and the practical difficulties of enforcing such rights; •inability to secure our intellectual property and other proprietary information located in China from unauthorized access or theft; •heightened risks of cyber incidents, which could lead to the unauthorized access to or exposure of customer data; •inability to comply with extensive and evolving Chinese laws that are often ambiguous or inconsistently enforced; •changes in tax regulations that may impact the economics of our China operating model; •economic or political instability; •a slowdown in China’s economy; and •a government-controlled foreign exchange rate and capital controls, including limitations on the convertibility of the Chinese yuan to other currencies. Further, geopolitical, economic, and national security tensions or conflicts between China and the United States or other countries could lead to further restrictions on our ability to operate in China, increased scrutiny or suspension of our business operations in China, new regulations, or unwillingness of certain customers to do business with us, including the U.S. federal government. Due to these and other risks, our operations in China may be more expensive or difficult than anticipated or they may fail, which could have an adverse effect on our business, financial condition, results of operations, and growth prospects. 38 38 38 38 38 38 Table of Contents Table of Contents Table of Contents

We are currently offering our platform to Chinese affiliates of certain multi-national customers. Under Chinese law, we must offer our platform through a Chinese-owned operating partner, which must assume control and management of certain aspects of our platform and serve as the seller of record. This has required a new operating and go-to-market model, and there is a risk that functionality or customer experience may suffer and that we may incur liability or brand impairment arising from the operating partner’s actions or inactions. In addition, developing and operationalizing this new model is a significant investment and may not generate expected returns. We may also encounter the following risks: •uncertainty regarding the validity, enforceability, and scope of protection for intellectual property rights in China and the practical difficulties of enforcing such rights; •inability to secure our intellectual property and other proprietary information located in China from unauthorized access or theft; •heightened risks of cyber incidents, which could lead to the unauthorized access to or exposure of customer data; •inability to comply with extensive and evolving Chinese laws that are often ambiguous or inconsistently enforced; •changes in tax regulations that may impact the economics of our China operating model; •economic or political instability; •a slowdown in China’s economy; and •a government-controlled foreign exchange rate and capital controls, including limitations on the convertibility of the Chinese yuan to other currencies. Further, geopolitical and national security tensions between China and the United States or other countries could lead to further restrictions on our ability to operate in China, increased scrutiny of our business operations in China, or unwillingness of certain customers to do business with us, including the U.S. federal government. Due to these and other risks, our operations in China may be more expensive or difficult than anticipated or they may fail, which could have an adverse effect on our business, financial condition, results of operations, and growth prospects. 36 36 36 36 36 36 Table of Contents Table of Contents Table of Contents

In our customer contracts and certain strategic partnership agreements, we assume liability for certain security breaches and data protection claims caused by us and by certain third parties on which we rely. Our contracts with customers, partners, investors, and other third parties may also include indemnification provisions under which we agree to defend and indemnify them against claims and losses arising from alleged infringement, misappropriation, or other violation of intellectual property rights, violation of applicable laws, security breaches, breach of warranties, and for other matters. Such claims may arise more often (and if they arise, may be more complex to litigate) as we begin to extend our platform and other offerings into customer and partner environments over which we exercise significantly less or no control. We may not be successful in our attempt to limit our liability and indemnity obligations and obtain corresponding liability and indemnification obligations and security, privacy, data protection, and other compliance obligations from vendors and partners that would require them to contribute to our obligations, and an event triggering our liability or indemnity obligations could give rise to multiple claims involving multiple customers or other third parties. In addition, there have been instances where our customers or other business partners attempt to claim indemnification even if indemnification obligations have not been triggered, and defending against such claims can be time-consuming and expensive. There is no assurance that our applicable insurance coverage, if any, would cover, in whole or in part, any such liability or indemnity obligations. We may be liable for up to the full amount of the contractual claims, which could result in substantial liability or material disruption to our business or could negatively impact our relationships with customers or other third parties, cause reputational harm, reduce demand for our platform, and adversely affect our business, financial condition, and results of operations. 34 34 34 34 34 34 Table of Contents Table of Contents Table of Contents

In our customer contracts and certain strategic partnership agreements, we assume liability for certain security breaches and data protection claims caused by us and by certain third parties on which we rely. Our contracts with customers, partners, investors, and other third parties may also include indemnification provisions under which we agree to defend and indemnify them against claims and losses arising from alleged infringement, misappropriation, or other violation of intellectual property rights and for other matters. Such claims may arise more often (and if they arise, may be more complex to litigate) as we begin to extend our platform and other offerings into customer environments over which we exercise significantly less or no control. We may not be successful in our attempt to limit our liability and indemnity obligations and obtain corresponding liability and indemnification obligations from vendors and partners that would require them to contribute to our obligations, and an event triggering our liability or indemnity obligations could give rise to multiple claims involving multiple customers or other third parties. In addition, there have been instances where our customers or other business partners attempt to claim indemnification even if indemnification obligations have not been triggered, and defending against such claims can be time-consuming and expensive. There is no assurance that our applicable insurance coverage, if any, would cover, in whole or in part, any such liability or indemnity obligations. We may be liable for up to the full amount of the contractual claims, which could result in substantial liability or material disruption to our business or could negatively impact our relationships with customers or other third parties, reduce demand for our platform, and adversely affect our business, financial condition, and results of operations.

Customers generally consume our platform by using compute, storage, and/or data transfer resources. Unlike a subscription-based business model, in which revenue is recognized ratably over the term of the subscription, we generally recognize revenue on consumption. Because our customers have flexibility in the timing of their consumption, we do not have the visibility into the timing of revenue recognition that a typical subscription-based software company has. Customer consumption fluctuates from time to time, and there is a risk that customers will consume our platform at lower levels than we expect, including in response to new software releases or hardware improvements that may make our platform more efficient, adverse macroeconomic conditions, or holidays. Unexpected fluctuations in customer consumption may cause actual results to differ from our forecasts. As a result, our results of operations in a given period should not be relied upon as indicative of future performance.

Customers generally consume our platform by using compute, storage, and/or data transfer resources. Unlike a subscription-based business model, in which revenue is recognized ratably over the term of the subscription, we generally recognize revenue on consumption. Because our customers have flexibility in the timing of their consumption, we do not have the visibility into the timing of revenue recognition that a typical subscription-based software company has. Customer consumption fluctuates from time to time, and there is a risk that customers will consume our platform at lower levels than we expect, including in response to new software releases or hardware improvements that may make our platform more efficient, adverse macroeconomic conditions, or holidays. Unexpected fluctuations in customer consumption may cause actual results to differ from our forecasts. As a result, our results of operations in a given period should not be relied upon as indicative of future performance. 19 19 19 19 19 19 Table of Contents Table of Contents Table of Contents

Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers and potential customers. Negative conditions or volatility in the general economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, bank failures, international trade relations, inflation, tariffs and trade wars, extended U.S. federal government shutdowns, and interest rate fluctuations, or the existence of epidemics, pandemics or other public health crises, political turmoil and geopolitical conflicts, natural catastrophes, warfare, or terrorist attacks on the United States, Europe, the Asia-Pacific region, Japan, or elsewhere, could cause a decrease in business investments, including spending on cloud technologies, and negatively affect the growth of our business. For example, the existing tariffs and continued threats of new or increased tariffs, sanctions, trade restrictions and trade barriers, ongoing changes in the United States and foreign government trade policies, various ongoing military conflicts and rising geopolitical tensions globally, including the ongoing military conflicts in the Middle East and between Russia and Ukraine as well as the rising tensions between China and Taiwan, have created volatility in the global capital markets, have had and may continue to have disruptive impact on the global economy, and could have further global economic consequences, including disruptions of the global supply chain. Tariffs may also increase the costs for AWS, Azure, and/or GCP to provide cloud infrastructure services, which may in turn increase the costs for us to use such services when we renew our agreements with them. In addition, unfavorable conditions in the general economy, including tariffs and trade wars, may negatively impact our customers’ budgets or cash flow, which could impact the contract terms, including payment terms, our customers demand from us. Competitors, many of whom are larger and have greater financial resources than we do, may respond to challenging market conditions by lowering prices in an attempt to attract our customers. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry. 32 32 32 32 32 32 Table of Contents Table of Contents Table of Contents

Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers and potential customers. Negative conditions or volatility in the general economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, bank failures, international trade relations, inflation, tariffs, and interest rate fluctuations, or the existence of epidemics, pandemics or other public health crises, political turmoil and geopolitical conflicts, natural catastrophes, warfare, or terrorist attacks on the United States, Europe, the Asia-Pacific region, Japan, or elsewhere, could cause a decrease in business investments, including spending on cloud technologies, and negatively affect the growth of our business. For example, the ongoing military conflicts between Russia and Ukraine and in the Middle East, as well as the rising tensions between China and Taiwan, have created volatility in the global capital markets and could have further global economic consequences, including disruptions of the global supply chain. In addition, unfavorable conditions in the general economy may negatively impact our customers’ budgets or cash flow, which could impact the contract terms, including payment terms, our customers demand from us. Competitors, many of whom are larger and have greater financial resources than we do, may respond to challenging market conditions by lowering prices in an attempt to attract our customers. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry.

We are from time to time subject to intellectual property disputes. We compete in markets where there are a large number of patents, copyrights, trademarks, trade secrets, and other intellectual and proprietary rights, as well as disputes regarding infringement of these rights. We are currently subject to a class action lawsuit alleging copyright infringement in connection with our large language model training. In addition, many of the holders of patents, copyrights, trademarks, trade secrets, and other intellectual and proprietary rights have extensive intellectual property portfolios and greater resources than we do to enforce their rights. As compared to our large competitors, our patent portfolio is relatively undeveloped and may not provide a material deterrent to such assertions or provide us with a strong basis to counterclaim or negotiate settlements. Further, to the extent assertions are made against us by entities that hold patents but are not operating companies, our patent portfolio may not provide deterrence because such entities are not concerned with counterclaims. Any current or future intellectual property litigation to which we become a party may require us to do one or more of the following: •cease selling, licensing, or using products, features, or data sets that incorporate the intellectual property rights that we allegedly infringe, misappropriate, or violate; •require us to change the name of our products or services; •make substantial payments for legal fees, settlement payments, or other costs or damages, including indemnification of third parties; 41 41 41 41 41 41 Table of Contents Table of Contents Table of Contents •obtain a license or enter into a royalty agreement, either of which may not be available on reasonable terms or at all, in order to obtain the right to sell or use the relevant intellectual property; or •redesign the allegedly infringing products to avoid infringement, misappropriation, or violation, which could be costly, time-consuming, or impossible. Intellectual property litigation is typically complex, time consuming, and expensive to resolve and would divert the time and attention of our management and technical personnel. It may also result in adverse publicity, which could harm our reputation and ability to attract or retain employees, customers, or partners. As we grow, we may experience a heightened risk of allegations of intellectual property infringement. An adverse result in any litigation claims against us could have a material adverse effect on our business, financial condition, and results of operations.

We compete in markets where there are a large number of patents, copyrights, trademarks, trade secrets, and other intellectual and proprietary rights, as well as disputes regarding infringement of these rights. In addition, many of the holders of patents, copyrights, trademarks, trade secrets, and other intellectual and proprietary rights have extensive intellectual property portfolios and greater resources than we do to enforce their rights. As compared to our large competitors, our patent portfolio is relatively undeveloped and may not provide a material deterrent to such assertions or provide us with a strong basis to counterclaim or negotiate settlements. Further, to the extent assertions are made against us by entities that hold patents but are not operating companies, our patent portfolio may not provide deterrence because such entities are not concerned with counterclaims. Any intellectual property litigation to which we become a party may require us to do one or more of the following: •cease selling, licensing, or using products, features, or data sets that incorporate the intellectual property rights that we allegedly infringe, misappropriate, or violate; •require us to change the name of our products or services; •make substantial payments for legal fees, settlement payments, or other costs or damages, including indemnification of third parties; •obtain a license or enter into a royalty agreement, either of which may not be available on reasonable terms or at all, in order to obtain the right to sell or use the relevant intellectual property; or •redesign the allegedly infringing products to avoid infringement, misappropriation, or violation, which could be costly, time-consuming, or impossible. 39 39 39 39 39 39 Table of Contents Table of Contents Table of Contents Intellectual property litigation is typically complex, time consuming, and expensive to resolve and would divert the time and attention of our management and technical personnel. It may also result in adverse publicity, which could harm our reputation and ability to attract or retain employees, customers, or partners. As we grow, we may experience a heightened risk of allegations of intellectual property infringement. An adverse result in any litigation claims against us could have a material adverse effect on our business, financial condition, and results of operations.

The markets in which we operate are rapidly evolving and highly competitive. In recent years, we have adopted open data formats like Apache Iceberg tables to allow customers to use our platform to process data stored in external customer-controlled environments outside of Snowflake, and we have introduced a significant number of new features and expanded into new product categories like AI and transactions. These changes are driving increased competition, both because there is less customer “lock in” when our products are used in external environments, and also because we are competing across more product categories, each of which is subject to distinct customer requirements and preferences. Our success depends on our ability to continue to effectively innovate in response to changing market dynamics. Our current competitors include: •large, well-established, public cloud providers that generally compete in all of our markets, including AWS, Azure, and GCP; •less-established public and private cloud companies with products that compete in some or all of our markets; •other established vendors of legacy database solutions or big data offerings; •existing observability solution providers, particularly those with strong technological, marketing, and sales positions; and •new or emerging entrants seeking to develop competing technologies. 21 21 21 21 21 21 Table of Contents Table of Contents Table of Contents We compete based on various factors, including price, performance, product features, breadth of use cases, multi-cloud availability, brand recognition and reputation, customer support, technical services, and differentiated capabilities, including ease of implementation and data migration, ease of administration and use, scalability and reliability, data governance, security and compatibility with existing standards, programming languages, third-party products, and the ability to operate in hybrid environments. Many of our competitors have substantially greater brand recognition, customer relationships, and financial, technical, and other resources than we do, and may be able to respond more effectively than us to new or changing opportunities, technologies, standards, customer requirements, and buying practices. Some of our privately-held competitors also have greater operational flexibility than we do, including the ability to make strategic long-term business decisions without the short-term financial performance pressure, market expectations, and public disclosure obligations that affect public companies. In addition, we may not be able to respond to market opportunities as quickly as smaller companies or offer as many discounts or free services as our competitors. Our support of open data formats may also reduce switching costs between us and our competitors. We currently offer our platform on the public clouds provided by AWS, Azure, and GCP, which are also some of our primary competitors. Currently, a substantial majority of our business is run on the AWS public cloud. There is risk that one or more of these public cloud providers could use its respective control of its public clouds to embed innovations or privileged interoperating capabilities in competing products, bundle competing products, provide us unfavorable pricing, leverage its public cloud customer relationships to exclude us from opportunities, and treat us and our customers differently with respect to terms and conditions or regulatory requirements than it would treat its similarly situated customers. Further, they have the resources to acquire, invest in, or partner with existing and emerging providers of competing technologies and thereby accelerate adoption of those competing technologies. All of the foregoing could make it difficult or impossible for us to provide products and services that compete favorably with those of the public cloud providers. Companies with which we have strategic partnerships and alliances in some areas may be competitors in other areas, and this trend may increase, particularly as we expand our product offerings. Additionally, companies that are strategic partners in some areas of our business may acquire or form alliances with our competitors, thereby reducing their business with us. We also face competition from some of our customers and vendors. Further, some customers use drivers and/or connectors to connect our platform to third-party applications or databases. Attempts by third-party application or database providers to restrict the use of drivers and connectors may make it more difficult for customers to use our platform, which could lead to reduced sales and consumption. Any inability to effectively manage these complex relationships could materially harm our business, results of operations, and financial condition. In addition, enterprise adoption of AI may significantly transform our competitive landscape. Frontier AI model providers may seek to vertically integrate their offerings by expanding into the data storage and management layers and developing their own database solutions. In addition, companies may use AI to develop their own software, reducing their need to purchase third-party solutions. If this occurs, our market share could decline and our business could be harmed. For all of these reasons, competition may negatively impact our ability to acquire new customers and maintain and grow use of our platform, put downward pressure on our prices and gross margins, or lead us to take greater risks, any of which could materially harm our business, reputation, results of operations, revenue retention rate, and financial condition.

The markets in which we operate are rapidly evolving and highly competitive. In recent years, we have adopted open data formats like Apache Iceberg tables to allow customers to use our platform to process data stored in external customer-controlled environments outside of Snowflake, and we have introduced a significant number of new features and expanded into new product categories like artificial intelligence. These changes are driving increased competition, both because there is less customer “lock in” when our products are used in external environments, and also because we are competing across more product categories, each of which is subject to distinct customer requirements and preferences. Our success depends on our ability to continue to innovate in response to changing market dynamics. Our current competitors include: •large, well-established, public cloud providers that generally compete in all of our markets, including AWS, Azure, and GCP; •less-established public and private cloud companies with products that compete in some or all of our markets; •other established vendors of legacy database solutions or big data offerings; and •new or emerging entrants seeking to develop competing technologies. We compete based on various factors, including price, performance, product features, breadth of use cases, multi-cloud availability, brand recognition and reputation, customer support, and differentiated capabilities, including ease of implementation and data migration, ease of administration and use, scalability and reliability, data governance, security and compatibility with existing standards, programming languages, third-party products, and the ability to operate in hybrid environments. Many of our competitors have substantially greater brand recognition, customer relationships, and financial, technical, and other resources than we do, and may be able to respond more effectively than us to new or changing opportunities, technologies, standards, customer requirements, and buying practices. In addition, we may not be able to respond to market opportunities as quickly as smaller companies or offer as many discounts or free services as our competitors. Our support of open data formats may also reduce switching costs between us and our competitors. 20 20 20 20 20 20 Table of Contents Table of Contents Table of Contents We currently offer our platform on the public clouds provided by AWS, Azure, and GCP, which are also some of our primary competitors. Currently, a substantial majority of our business is run on the AWS public cloud. There is risk that one or more of these public cloud providers could use its respective control of its public clouds to embed innovations or privileged interoperating capabilities in competing products, bundle competing products, provide us unfavorable pricing, leverage its public cloud customer relationships to exclude us from opportunities, and treat us and our customers differently with respect to terms and conditions or regulatory requirements than it would treat its similarly situated customers. Further, they have the resources to acquire, invest in, or partner with existing and emerging providers of competing technologies and thereby accelerate adoption of those competing technologies. All of the foregoing could make it difficult or impossible for us to provide products and services that compete favorably with those of the public cloud providers. Some of our customers use drivers and/or connectors to connect our platform to third-party applications or databases. Attempts by third-party application or database providers to restrict the use of drivers and connectors may make it more difficult for customers to use our platform, which could lead to reduced sales and consumption. For all of these reasons, competition may negatively impact our ability to acquire new customers and maintain and grow use of our platform, put downward pressure on our prices and gross margins, or lead us to take greater risks, any of which could materially harm our business, reputation, results of operations, revenue retention rate, and financial condition.

The tax regimes we are subject to or operate under, including income and non-income taxes, are unsettled and may be subject to significant change. Changes in tax laws, regulations, or rulings, or changes in interpretations of existing laws and regulations, could materially affect our financial position and results of operations. The Tax Cuts and Jobs Act and the Inflation Reduction Act (Inflation Act) made many significant changes to U.S. tax laws. For example, the Inflation Act imposes a 1% excise tax applicable to corporations traded on an established securities market (which includes the New York Stock Exchange) on the fair market value of certain stock repurchases in excess of the fair market value of stock issuances in the same taxable year. Repurchases of our common stock under current or future stock repurchase programs could result in an excise tax liability, and we are continuing to evaluate the impact that such excise tax liability, if any, may have on our aggregate tax liability. Additionally, the One Big Beautiful Bill Act (OBBBA), enacted on July 4, 2025, modifies existing U.S. tax laws. The OBBBA includes permanent extensions of certain expiring provisions of the Tax Cuts and Jobs Act, including 100% bonus depreciation for certain qualified property, and reverses the requirement under the Tax Cuts and Jobs Act to capitalize and amortize domestic research and experimentation expenses, allowing taxpayers to deduct such expenses in the year incurred for tax years beginning after December 31, 2024. The OBBBA also includes modifications to the international tax framework. Future guidance from the Internal Revenue Service and other tax authorities with respect to such legislation may affect us, and certain aspects thereof could be repealed or modified in future legislation. In addition, our tax obligations and effective tax rate in the jurisdictions in which we conduct business could increase, including as a result of the base erosion and profit shifting (BEPS) project that is being led by the Organization for Economic Co-operation and Development (OECD), and other initiatives led by the OECD or the European Commission. Due to the large and expanding scale of our international business activities, these types of changes to the taxation of our activities could increase our worldwide effective tax rate, the amount of taxes imposed on our business, and our compliance costs, and harm our financial position. Such changes may also apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our financial statements. We continue to monitor the impact of new global and U.S. legislation on our effective tax rate. 47 47 47 47 47 47 Table of Contents Table of Contents Table of Contents

The tax regimes we are subject to or operate under, including income and non-income taxes, are unsettled and may be subject to significant change. Changes in tax laws, regulations, or rulings, or changes in interpretations of existing laws and regulations, could materially affect our financial position and results of operations. Legislation informally titled the Tax Cuts and Jobs Act and the Inflation Reduction Act (Inflation Act) made many significant changes to U.S. tax laws. For example, the Inflation Act includes provisions that will impact the U.S. federal income taxation of certain corporations, including a minimum tax equal to 15% of the adjusted financial statement income of certain large corporations, as well as a 1% excise tax applicable to corporations traded on an established securities market (which includes the New York Stock Exchange) on the fair market value of certain stock repurchases in excess of the fair market value of stock issuances in the same taxable year. In February 2023, our board of directors authorized the repurchase of up to $2.0 billion of our common stock through a stock repurchase program. In August 2024, our board of directors authorized the repurchase of an additional $2.5 billion of our outstanding common stock under the stock purchase program and extended the expiration date of the stock repurchase program from March 2025 to March 2027. Repurchases of our common stock under current or future stock repurchase programs could result in an excise tax liability, and we are continuing to evaluate the impact that such excise tax liability, if any, may have on our aggregate tax liability. Future guidance from the Internal Revenue Service and other tax authorities with respect to such legislation may affect us, and certain aspects thereof could be repealed or modified in future legislation. In addition, our tax obligations and effective tax rate in the jurisdictions in which we conduct business could increase, including as a result of the base erosion and profit shifting (BEPS) project that is being led by the Organization for Economic Co-operation and Development (OECD), and other initiatives led by the OECD or the European Commission. 45 45 45 45 45 45 Table of Contents Table of Contents Table of Contents Due to the large and expanding scale of our international business activities, these types of changes to the taxation of our activities could increase our worldwide effective tax rate, the amount of taxes imposed on our business, and our compliance costs, and harm our financial position. Such changes may also apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our financial statements. We continue to monitor the impact of new global and U.S. legislation on our effective tax rate.

We are investing significantly in AI Technology. Our investments include internally developing AI Technology, acquiring companies with complementary AI Technology, and partnering with companies to bring AI Technology to our platform. Our competitors are pursuing similar opportunities and may, as a result of greater resources, branding, or otherwise, develop, adopt, and implement AI Technology faster or more successfully than we do, which could impair our ability to compete effectively. We also use third-party vendors for certain AI Technology components and services, including large language models, and if they are flawed or fail to execute, it may adversely impact our ability to deliver our products and services to our customers. In addition, our successful development of AI Technology depends on our access to GPUs and ability to recruit and retain AI-skilled personnel, both of which are currently in high demand. Finally, customers’ use of our AI Technology is often dependent on their ability to meet evolving regulatory standards, successfully complete internal compliance reviews, and enter into mutually acceptable contractual terms. If they are unable to do so, they may not use our AI Technology as much as we anticipate, or at all. It is also possible that our investments in AI Technology do not result in the benefits we anticipate, or enable us to maintain our competitive advantage. For example, we may not accurately anticipate market demand or offer AI Technology that amplifies our core data platform. In addition, we are increasingly using AI Technology as part of our internal operations. For example, we use AI Technology to enhance research and development, sales and marketing, services delivery, and compliance activities. If we are unable to effectively leverage AI Technology in our internal operations, or if we fail to use AI Technology responsibly, our productivity, operational efficiency, or effectiveness may suffer. Any of the foregoing could have a material adverse effect on our business, financial condition, results of operations, or prospects. 23 23 23 23 23 23 Table of Contents Table of Contents Table of Contents

We are investing significantly in AI Technology. Our investments include internally developing AI Technology, acquiring companies with complementary AI Technology, and partnering with companies to bring AI Technology to our platform. Our competitors are pursuing similar opportunities and may, as a result of greater resources, branding, or otherwise, develop, adopt and implement AI Technology faster or more successfully than we do, which could impair our ability to compete effectively and adversely affect our business, financial condition and results of operations. In addition, our successful development of AI Technology depends on our access to GPUs, which are currently in high demand. Finally, customers’ use of our AI Technology is often dependent on their ability to meet evolving regulatory standards, successfully complete internal compliance reviews, and enter into mutually acceptable contractual terms. If they are unable to do so, they may not use our AI Technology as much as we anticipate, or at all. It is also possible that our investments in AI Technology do not result in the benefits we anticipate, or enable us to maintain our competitive advantage, which may adversely affect our business, financial condition, and results of operations. For example, we may not accurately anticipate market demand or offer AI Technology that amplifies our core data platform.