Atlassian Corporation: 10-K Risk Factor Changes

We derive a majority of our revenue from Jira and Confluence. As such, the market acceptance of these products is critical to our success. Demand for these products and our other products is affected by a number of factors, many of which are beyond our control, such as continued market acceptance of our products by customers for existing and new use cases, the timing of development and release of new products, features, functionality and lower cost alternatives introduced by our competitors, technological changes and developments within the markets we serve, and growth or contraction in our addressable markets. If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of our products, our business, results of operations, and financial condition could be harmed.

We derive a majority of our revenue from Jira Software and Confluence. As such, the market acceptance of these products is critical to our success. Demand for these products and our other products is affected by a number of factors, many of which are beyond our control, such as continued market acceptance of our products by customers for existing and new use cases, the timing of development and release of new products, features, functionality and lower cost alternatives introduced by our competitors, technological changes and developments within the markets we serve, and growth or contraction in our addressable markets. If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of our products, our business, results of operations, and financial condition could be harmed.

Our success depends largely upon the continued services of our executive officers and key employees. We rely on our leadership team and other key employees in the areas of research and development, products, strategy, operations, security, go-to-market, marketing, IT, support, and general and administrative functions. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives, which could disrupt our business. For example, our Chief Revenue Officer stepped down from his role, effective December 31, 2023. We announced in April 2024 that one of our co-Chief Executive Officers intends to step down from his executive officer role and into an advisory role, effective August 31, 2024. Our Chief Sales Officer also intends to step down from his role, effective August 31, 2024. We do not have employment agreements with our executive officers or other key personnel that require them to continue to work for us for any specified period and, therefore, they are able to terminate their employment with us at any time. The loss of one or more of our executive officers, especially our Co-Chief Executive Officers, or other key employees may harm our business. In addition, in order to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, and many of the companies with which we compete for experienced personnel have greater resources than we have. We have from time to time experienced, and we expect to continue to experience, difficulty hiring and retaining employees with appropriate qualifications. In particular, recruiting and hiring senior product engineering personnel, especially those with experience in designing and developing software and cloud-based services or with AI and machine learning backgrounds, has been, and we expect it to continue to be, challenging. If we are unable to hire and retain talented product engineering personnel, we may be unable to scale our operations or release new products in a timely fashion and, as a result, customer satisfaction with our products may decline. Furthermore, as we hire employees from competitors or other companies, prior employers may attempt to assert that the employees or we have breached certain legal obligations, resulting in a diversion of our time and resources. Any reorganizational efforts we conduct, such as our March 2023 rebalancing to improve operational efficiencies and operating costs, may have an adverse effect on our ability to attract and retain employees. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. We have experienced large fluctuations in our stock price since the end of fiscal year 2021. If the value or perceived value of our equity awards declines, it could harm our ability to recruit and retain highly skilled employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business, results of operations and financial condition could be harmed.

Our success depends largely upon the continued services of our executive officers and key employees. We rely on our leadership team and other key employees in the areas of research and development, products, strategy, operations, security, go-to-market, marketing, IT, support, and general and administrative functions. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives, which could disrupt our business. For example, we announced in August 2023 that our current Chief Revenue Officer will step down from his role effective December 31, 2023. In addition, we do not have employment agreements with our executive officers or other key personnel that require them to continue to work for us for any specified period and, therefore, they could terminate their employment with us at any time. The loss of one or more of our executive officers, especially our Co-Chief Executive Officers, or other key employees could harm our business. In addition, in order to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel in Sydney, Australia, the San Francisco Bay Area, and in other locations where we 43 43 43 maintain offices, is intense, especially for engineers experienced in designing and developing software and cloud-based services. We have from time to time experienced, and we expect to continue to experience, difficulty hiring and retaining employees with appropriate qualifications. In particular, recruiting and hiring senior product engineering personnel (particularly with AI and machine learning backgrounds) has been, and we expect it to continue to be, challenging. In addition, our rebalancing in March 2023, and any future rebalancing efforts intended to improve operational efficiencies and operating costs, may adversely affect our ability to attract and retain employees. If we are unable to hire and retain talented product engineering personnel, we may be unable to scale our operations or release new products in a timely fashion and, as a result, customer satisfaction with our products may decline. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, these employers may attempt to assert that the employees or we have breached certain legal obligations, resulting in a diversion of our time and resources. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. If the value or perceived value of our equity awards declines, it could harm our ability to recruit and retain highly skilled employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business, results of operations and financial condition could be harmed.

In order for us to maintain or improve our results of operations, it is important that our customers renew their licenses or subscriptions when existing contract terms expire and that we expand our commercial relationships with our existing customers. Our customers have no obligation to renew their licenses or subscriptions, and our customers may not renew licenses or subscriptions with a similar contract duration or with the same or greater number of users. Our customers generally do not enter into long-term contracts; rather they primarily have monthly or annual terms. Some of our customers have elected not to renew their agreements with us in the past and it is difficult to accurately predict long-term customer retention. Our customer retention and expansion may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our products, new market entrants, our product support, our prices and pricing plans, the prices of competing software products, reductions in our customers’ spending levels, new product releases and changes to packaging of our product offerings, mergers and acquisitions affecting our customer base, our increased focus on our Cloud offerings, our decision to end the sale of new perpetual licenses for our products, or the effects of global economic conditions, including the impacts on us or our customers, partners and suppliers from inflation and interest rate increases. We may be unable to timely address any retention issues with specific customers, which could harm our results of operations. If our customers do not purchase additional licenses or subscriptions or renew their subscriptions, renew on less favorable terms, or fail to add more users, our revenue may decline or grow less quickly, which could harm our future results of operations and prospects.

In order for us to maintain or improve our results of operations, it is important that our customers renew their subscriptions and maintenance plans when existing contract terms expire and that we expand our commercial relationships with our existing customers. Our customers have no obligation to renew their subscriptions or maintenance plans, and our customers may not renew subscriptions or maintenance plans with a similar contract duration or with the same or greater number of users. Our customers generally do not enter into long-term contracts, rather they primarily have monthly or annual terms. Some of our customers have elected not to renew their agreements with us and it is difficult to accurately predict long-term customer retention. Our customer retention and expansion may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our products, new market entrants, our product support, our prices and pricing plans, the prices of competing software products, reductions in our customers’ spending levels, new product releases and changes to packaging of our product offerings, mergers and acquisitions affecting our customer base, our increased focus on our Cloud offerings, our decision to end the sale of new perpetual licenses for our products, or the effects of global economic conditions, including the impacts on us or our customers, partners and suppliers from inflation and related interest rate increases. We may be unable to timely address any retention issues with 17 17 17 specific customers, which could harm our results of operations. If our customers do not purchase additional licenses or subscriptions or renew their subscriptions or maintenance plans, renew on less favorable terms, or fail to add more users, our revenue may decline or grow less quickly, which could harm our future results of operations and prospects.

We generally recognize subscription revenue from customers ratably over the terms of their contracts. As a result, a significant portion of the revenue we report in each quarter is derived from the recognition of deferred revenue relating to subscription plans entered into during previous quarters. Consequently, a decline in new or renewed licenses and subscriptions in any single quarter may only have a small impact on our revenue results for that quarter. However, such a decline will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales and market acceptance of our products, and potential changes in our pricing policies or rate of expansion or retention, may not be fully reflected in our results of operations until future periods. For example, the impact of current economic uncertainties may cause customers to request concessions, including better pricing, which may not be reflected immediately in our results of operations. In addition, customers have in the past and may continue in the future to slow their rate of expansion or edition upgrades or reduce their number of licenses. We may also be unable to reduce our cost structure in line with a significant deterioration in sales. In addition, a significant majority of our costs are expensed as incurred, while a significant portion of our revenue is recognized over the life of the agreement with our customer. As a result, increased growth in the number of our customers could continue to result in our recognition of more costs than revenue in the earlier periods of the terms of certain of our customer agreements. Our subscription revenue also makes it more difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from certain new customers must be recognized over the applicable term.

We generally recognize subscription and maintenance revenue from customers ratably over the terms of their contracts. As a result, a significant portion of the revenue we report in each quarter is derived from the recognition of deferred revenue relating to subscription and maintenance plans entered into during previous quarters. Consequently, a decline in new or renewed licenses, subscriptions, and maintenance plans in any single quarter may only have a small impact on our revenue results for that quarter. However, such a decline will negatively affect 21 21 21 our revenue in future quarters. Accordingly, the effect of significant downturns in sales and market acceptance of our products, and potential changes in our pricing policies or rate of expansion or retention, may not be fully reflected in our results of operations until future periods. For example, the impact of the current economic uncertainty may cause customers to request concessions, including better pricing, or to slow their rate of expansion or reduce their number of licenses, which may not be reflected immediately in our results of operations. We may also be unable to reduce our cost structure in line with a significant deterioration in sales. In addition, a significant majority of our costs are expensed as incurred, while a significant portion of our revenue is recognized over the life of the agreement with our customer. As a result, increased growth in the number of our customers could continue to result in our recognition of more costs than revenue in the earlier periods of the terms of certain of our customer agreements. Our subscription and maintenance revenue also makes it more difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from certain new customers must be recognized over the applicable term.

43 43 43 The long-term effects of climate change on the global economy and the technology industry in particular are unclear; however, we recognize that there are inherent climate related risks wherever business is conducted. Climate-related events, including but not limited to the increasing frequency of extreme weather events and their impact on critical infrastructure in the U.S., Australia and elsewhere, have the potential to disrupt our business, our employees, our third-party suppliers, and/or the business of our customers, and may cause us to experience extended product downtimes, higher attrition, and losses and additional costs to maintain and resume operations. Furthermore, failure to achieve or advance towards our public sustainability commitments and objectives regarding climate action may have an adverse effect on our standing with investors, suppliers, and customers, as well as on our financial results and our capacity to attract and retain skilled individuals.

The long-term effects of climate change on the global economy and the technology industry in particular are unclear, however we recognize that there are inherent climate-related risks wherever business is conducted. Climate-related events, including the increasing frequency of extreme weather events and their impact on critical infrastructure in the U.S., Australia and elsewhere, have the potential to disrupt our business, our third-party suppliers, and/or the business of our customers, and may cause us to experience extended product downtimes, and losses and additional costs to maintain and resume operations.

The market price of our Class A Common Stock could decline as a result of substantial sales of shares of our common stock, particularly sales by our directors, executive officers and significant stockholders, or the perception in the market that holders of a large number of shares intend to sell their shares. As of June 30, 2024, we had 159,544,123 outstanding Class A Common Stock and 101,012,393 outstanding convertible Class B Common Stock. We have also registered shares of Class A Common Stock that we issue under our employee equity incentive plans. These shares may be sold freely in the public market upon issuance.

The market price of our Class A Common Stock could decline as a result of substantial sales of shares of our Class A Common Stock, particularly sales by our directors, executive officers and significant stockholders, or the perception in the market that holders of a large number of shares intend to sell their shares. As of June 30, 2023, we had 152,442,673 outstanding Class A Common Stock and 105,124,103 outstanding convertible Class B Common Stock. We have also registered shares of Class A Common Stock that we issue under our employee equity incentive plans. These shares may be sold freely in the public market upon issuance. Certain holders of our Class A Common Stock and our Class B Common Stock, including our founders, have rights, subject to certain conditions, to require us to file registration statements covering their shares or to include their shares in registration statements that we may file for ourselves or our stockholders. Sales of our Class A Common Stock pursuant to these registration rights may make it more difficult for us to sell equity securities in the future at a time and at a price that we deem appropriate. These sales also could cause the market price of our Class A Common Stock to fall and make it more difficult for our investors to sell our Class A Common Stock at a price that they deem appropriate.

Our business is subject to numerous risks and uncertainties, including those highlighted in this section titled “Risk Factors” and summarized below. We have various categories of risks, including risks related to our business and industry, risks related to information technology, intellectual property, data security and privacy, risks related to legal, regulatory, accounting, and tax matters, risks related to ownership of our Class A Common Stock, risks related to our indebtedness, and general risks, which are discussed more fully below. As a result, this risk factor summary does not contain all of the information that may be important to you, and you should read this risk factor summary together with the more detailed discussion of risks and uncertainties set forth following this summary, as well as elsewhere in this Annual Report on Form 10-K. These risks include, but are not limited, to the following: •Our historical rapid growth makes it difficult to evaluate our future prospects, and we may not be able to sustain our revenue growth rate or achieve profitability in the future. •The continuing global economic and geopolitical volatility, and measures taken in response, could harm our business and results of operations. •The markets in which we participate are intensely competitive, and if we do not compete effectively, our business, results of operations, and financial condition could be harmed. •Our quarterly results have fluctuated in the past and may fluctuate significantly in the future and may not fully reflect the underlying performance of our business. •Our use of generative AI and machine learning in our platform and our business, as well as our potential failure to effectively implement, use, and market these technologies, may result in reputational harm or liability, or could otherwise adversely affect our business. •We may encounter challenges to our business as we transition our business to focusing more on our cloud offerings. •Our business depends on our customers renewing their subscriptions and purchasing additional licenses or subscriptions from us, and any decline in our customer retention or expansion could harm our future results of operations. •If we are not able to develop new products and enhancements to our existing products that achieve market acceptance and that keep pace with technological developments, our business and results of operations could be harmed. •If we fail to effectively manage our growth, our business and results of operations could be harmed. •If our marketing model is not effective in attracting new customers or we are unable to realize the benefits of our free trial strategy, our business and results of operations could be harmed. •Our business model relies on a high volume of transactions and affordable pricing. As lower cost or free products are introduced by our competitors, our ability to generate new customers could be harmed. •We may encounter challenges as we develop our enterprise sales force. •If our security controls are compromised, leading to unauthorized or inappropriate access to customer data, our products could be perceived as insecure, and such perception may result in the loss of existing customers, hinder our ability to attract new ones, and expose us to significant liabilities. •Interruptions or performance problems associated with our technology and infrastructure could harm our business and results of operations. •Real or perceived errors, failures, vulnerabilities, or bugs in our products or in the products on Atlassian Marketplace could harm our business and results of operations. •Privacy concerns and laws as well as evolving regulation of cloud computing, AI services, cross-border data transfer restrictions and other domestic or foreign regulations may limit the use and adoption of our services and adversely affect our business and results of operation. •Our current and future indebtedness may limit our flexibility in obtaining additional financing and in pursuing other business opportunities or operating activities. •Our global operations and structure subject us to potentially adverse tax consequences. •The dual class structure of our common stock has the effect of concentrating voting control with certain stockholders, in particular, our Co-Founders and their affiliates, which will limit our other stockholders’ ability to influence the outcome of important transactions, including a change in control.

13 13 13 Our business is subject to numerous risks and uncertainties, including those highlighted in this section titled “Risk Factors” and summarized below. We have various categories of risks, including risks related to our business and industry, risks related to information technology, intellectual property, data security and privacy, risks related to legal, regulatory, accounting, and tax matters, risks related to ownership of our Class A Common Stock, risks related to our indebtedness, and general risks, which are discussed more fully below. As a result, this risk factor summary does not contain all of the information that may be important to you, and you should read this risk factor summary together with the more detailed discussion of risks and uncertainties set forth following this summary, as well as elsewhere in this Annual Report on Form 10-K. These risks include, but are not limited to, the following: •Our rapid growth makes it difficult to evaluate our future prospects and may increase the risk that we will not continue to grow at or near historical rates. •We may not be able to sustain our revenue growth rate or achieve profitability in the future. •The continuing global economic and geopolitical volatility, the COVID-19 pandemic, including any associated economic and social impacts, increased inflation and measures taken in response to these events, could harm our business and results of operations. •The markets in which we participate are intensely competitive, and if we do not compete effectively, our business, results of operations, and financial condition could be harmed. •Our distribution model of offering and selling on-premises offerings of certain of our products, in addition to offering and selling Cloud offerings of these products, increases our expenses, may impact revenue recognition timing, and may pose other challenges to our business. •Our business depends on our customers renewing their subscriptions and maintenance plans and purchasing additional licenses or subscriptions from us, and any decline in our customer retention or expansion could harm our future results of operations. •If we are not able to develop new products and enhancements to our existing products that achieve market acceptance and that keep pace with technological developments, our business and results of operations could be harmed. •Our quarterly results have fluctuated in the past and may fluctuate significantly in the future and may not fully reflect the underlying performance of our business. •Our business model relies on a high volume of transactions and affordable pricing. As lower cost or free products are introduced by our competitors, our ability to generate new customers could be harmed. •If we fail to effectively manage our growth, our business and results of operations could be harmed. •Our recent restructuring may not result in anticipated alignment with customer needs and business priorities or operational efficiencies, could result in total costs and expenses that are greater than expected, and could disrupt our business. •If our current marketing model is not effective in attracting new customers, we may need to incur additional expenses to attract new customers and our business and results of operations could be harmed. •Our Credit Facility and overall debt level may limit our flexibility in obtaining additional financing and in pursuing other business opportunities or operating activities. •Legal, regulatory, social and ethical issues relating to the use of new and evolving technologies, such as AI and machine learning, in our offerings may result in reputational harm and liability. •If our security measures are breached or unauthorized or inappropriate access to customer data is otherwise obtained, our products may be perceived as insecure, we may lose existing customers or fail to attract new customers, and we may incur significant liabilities. •Interruptions or performance problems associated with our technology and infrastructure could harm our business and results of operations. •Real or perceived errors, failures, vulnerabilities or bugs in our products or in the products on Atlassian Marketplace could harm our business and results of operations. •Changes in laws or regulations relating to data privacy or data protection, or any actual or perceived failure by us to comply with such laws and regulations or our privacy policies, could harm our business and results of operations. •Because our products rely on the movement of data across national boundaries, global privacy and data security concerns could result in additional costs and liabilities to us or inhibit sales of our products globally. •Our global operations and structure subject us to potentially adverse tax consequences. •The dual class structure of our common stock has the effect of concentrating voting control with certain stockholders, in particular, our Co-Chief Executive Officers and their affiliates, which will limit our other stockholders’ ability to influence the outcome of important transactions, including a change in control. 14 14 14

Our ability to attract new customers and retain and increase revenue from existing customers depends in large part on our ability to enhance and improve our existing products and to introduce compelling new products that reflect the changing nature of our markets. The success of any enhancement to our products depends on several factors, including timely completion and delivery, competitive pricing, adequate quality testing, integration with existing technologies and our platform, and overall market acceptance. Any new product that we develop may not be introduced in a timely or cost-effective manner, may contain bugs, or may not achieve the market acceptance necessary to generate significant revenue. The markets for our products are subject to rapid technological change, evolving industry standards, and changing regulations, as well as changing customer needs, requirements and preferences. These are all uncertain and we cannot predict the consequences, effects, or introduction of new, disruptive, emerging technologies or the manner and pace at which our markets develop over time, and our ability to compete in these markets depends on predicting and adapting to these changing circumstances. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis, and anticipating these factors requires that we allocate significant resources without any guarantee that any such investments and efforts will result in initial or enhanced adoption of our products in the marketplace. For example, with the development of next-generation solutions that utilize new and advanced features, including AI and machine learning, we have and expect to continue to commit significant resources to developing new products and enhancements incorporating AI and machine learning, and there is no guarantee that our investments and efforts will result in wider adoption of our products in the marketplace. If new technologies emerge that can deliver competitive products and services at lower prices, more efficiently, more reliably, more conveniently or more securely or if new products are introduced into the market that could render our existing products obsolete, such technologies and products could adversely impact our ability to compete effectively and may lead to customers reducing or terminating their usage of our products. If we are unable to successfully develop new products, enhance our existing products to meet customer requirements, or otherwise gain market acceptance, our business, results of operations, and financial condition could be harmed. 19 19 19

Our ability to attract new customers and retain and increase revenue from existing customers depends in large part on our ability to enhance and improve our existing products and to introduce compelling new products that reflect the changing nature of our markets. The success of any enhancement to our products depends on several factors, including timely completion and delivery, competitive pricing, adequate quality testing, integration with existing technologies and our platform, and overall market acceptance. Any new product that we develop may not be introduced in a timely or cost-effective manner, may contain bugs, or may not achieve the market acceptance necessary to generate significant revenue. If we are unable to successfully develop new products, enhance our existing products to meet customer requirements, or otherwise gain market acceptance, our business, results of operations, and financial condition could be harmed.

Use of our products involves the storage, transmission, and processing of our customers’ proprietary data, including potentially personal or identifying information. Unauthorized or inappropriate access to, or security breaches of, our products could result in unauthorized or inappropriate access to data and information, and the loss, compromise or corruption of such data and information. In the event of a security breach, we could suffer loss of business, severe reputational damage adversely affecting customer or investor confidence, regulatory investigations and orders, litigation, indemnity obligations, damages for contract breach, penalties for violation of applicable laws or regulations, significant costs for remediation, and other liabilities. In addition, we rely on third-party service providers to host or otherwise process some of such data, and any failure by a third party, or any other entity in our collective supply chain, to prevent or mitigate data security breaches or improper access to, or use, acquisition, disclosure, alteration, or destruction of, such data could have similar adverse consequences for us. We have incurred and expect to incur significant expenses to prevent security breaches, including costs related to deploying additional personnel and protection technologies, training employees, and engaging third-party solution providers and consultants. Our errors and omissions insurance covering certain security and privacy damages and claim expenses may not be sufficient to compensate for all liabilities we may incur. Although we expend significant resources to create security protections that shield our customer data against potential theft and security breaches, the techniques used to obtain unauthorized access to systems or sabotage systems, or disable or degrade services, change frequently and are often unrecognizable until launched against a target, and therefore such measures cannot provide absolute security. We have in the past experienced breaches of our security measures and other inappropriate access to our systems. Certain of these incidents have resulted in unauthorized access to certain data processed through our products. Our products are at risk for future breaches and inappropriate access, including, without limitation, inappropriate access that may be caused by errors or breaches that may occur as a result of third-party action, or employee, vendor or contractor error or malfeasance, and other causes. We have in the past been, and may in the future be, a target of security threats, including from state actors. While these incidents have not materially affected our business, reputation or financial results, there is no guarantee they will not in the future. Additionally, the ongoing Russian invasion of Ukraine may result in a heightened threat environment and create unknown cyber risks, including increased risk of retaliatory cyber-attacks from Russian actors against non-Russian companies. Additionally, we have transitioned to a remote-first “Team Anywhere” work environment that may pose additional data security risks. We also continue to build AI and machine learning into our products, which may result in security incidents or otherwise increase cybersecurity risks. Further, AI technologies may be used in connection with certain cybersecurity attacks, resulting in heightened risks of security breaches and incidents. 25 25 25 As we further transition to selling our products via our Cloud offerings, continue to collect more personal and sensitive information, and operate in more countries, our risks continue to increase and evolve. For instance, we rely on third-party partners to develop apps on the Atlassian Marketplace that connect with and enhance our Cloud offerings for our customers. These apps may not meet the same quality standards that we apply to our own development efforts and have in the past, and may in the future, contain bugs, vulnerabilities, or defects that pose data security risks to our customer or lead to the unauthorized access of user data. Our ability to mandate security standards and ensure compliance by these third parties may be limited. Additionally, our products may be subject to vulnerabilities in the third-party software on which we rely. We have in the past identified a vulnerability in an open source software application we used and similar incidents may occur in the future and could have a material adverse effect on our business. We are likely to face increased risks that real or perceived vulnerabilities of our systems could seriously harm our business and our financial performance, by tarnishing our reputation and brand and limiting the adoption of our products. Because the techniques used to obtain unauthorized access to or to sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. We may also experience security breaches that may remain undetected for an extended period and, therefore, have a greater impact on the products we offer, the proprietary data processed through our services, and, ultimately, on our business. Data security breaches could also expose us to liability under various laws and regulations across jurisdictions and increase the risk of litigation and governmental or regulatory investigation. Due to concerns about data security and integrity, a growing number of legislative and regulatory bodies have adopted breach notification and other requirements in the event that information subject to such laws is accessed by unauthorized persons and additional regulations regarding security of such data are possible. We may need to notify governmental authorities and affected individuals with respect to such incidents. For example, laws in the EU and UK and all 50 U.S. states may require businesses to provide notice to individuals whose personal information has been disclosed as a result of a data security breach. Complying with such numerous and complex regulations in the event of a data security breach would be expensive and difficult, and failure to comply with these regulations could subject us to regulatory scrutiny and additional liability. We may also be contractually required to notify customers or other counterparties of a security incident, including a data security breach. Regardless of our contractual protections, any actual or perceived data security breach, or breach of our contractual obligations, could harm our reputation and brand, expose us to potential liability or require us to expend significant resources on data security and in responding to any such actual or perceived breach.

Use of our products involves the storage, transmission, and processing of our customers’ proprietary data, including potentially personal or identifying information. Unauthorized or inappropriate access to, or security breaches of, our products could result in unauthorized or inappropriate access to data and information, and the loss, compromise or corruption of such data and information. In the event of a security breach, we could suffer loss of business, severe reputational damage adversely affecting customer or investor confidence, regulatory investigations and orders, litigation, indemnity obligations, damages for contract breach, penalties for violation of applicable laws or regulations, significant costs for remediation, and other liabilities. We have incurred and expect to incur significant expenses to prevent security breaches, including costs related to deploying additional personnel and protection technologies, training employees, and engaging third-party solution providers and consultants. Our errors and omissions insurance coverage covering certain security and privacy damages and claim expenses may not be sufficient to compensate for all liabilities we may incur. Although we expend significant resources to create security protections that shield our customer data against potential theft and security breaches, such measures cannot provide absolute security. We have in the past experienced breaches of our security measures and other inappropriate access to our systems. Certain of these incidents have resulted in unauthorized access to certain data processed through our products. Our products are at risk for future breaches and inappropriate access, including, without limitation, inappropriate access that may be caused by errors or breaches that may occur as a result of third-party action, including from state actors, or employee, vendor or contractor error or malfeasance, and other causes. For example, the ongoing Russian invasion of Ukraine may result in a heightened threat environment and create unknown cyber risks, including increased risk of retaliatory cyber-attacks from Russian actors against non-Russian companies. Additionally, we have transitioned to a remote-first “Team Anywhere” work environment that may pose additional data security risks. 27 27 27 As we further transition to selling our products via our Cloud offerings, continue to collect more personal and sensitive information, and operate in more countries, our risks continue to increase and evolve. For instance, we rely on third-party partners to develop apps on the Atlassian Marketplace that connect with and enhance our Cloud offerings for our customers. These apps may not meet the same quality standards that we apply to our own development efforts and may contain bugs, vulnerabilities, or defects that could pose data security risks. Our ability to mandate security standards and ensure compliance by these third parties may be limited. Additionally, our products may be subject to vulnerabilities in the third-party software on which we rely. For example, in December 2021, a vulnerability in a widely-used open-source software application, known as Apache Log4j, was identified that could have allowed bad actors to remotely access a target, potentially stealing data or taking control of a target’s system. We promptly worked to remediate vulnerabilities related to Apache Log4j in our products while working with our partners to ensure the same. While this issue has not materially affected our business, reputation or financial results, there is no guarantee that our actions effectively remediated the vulnerabilities and there is no assurance that other incidents could not occur in the future with a material adverse effect on our business. We are likely to face increased risks that real or perceived vulnerabilities of our systems could seriously harm our business and our financial performance, by tarnishing our reputation and brand and limiting the adoption of our products. Because the techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. We may also experience security breaches that may remain undetected for an extended period and, therefore, have a greater impact on the products we offer, the proprietary data processed through our services, and, ultimately, on our business.

In May 2024, we issued $500 million aggregate principal amount of 5.250% senior notes due 2029 (the “2029 Notes”) and $500 million aggregate principal amount of 5.500% senior notes due 2034 (together with the 2029 Notes, the “Senior Notes”). In August 2024, we amended and restated our prior credit facility to eliminate the senior unsecured delayed-draw term loan facility and provide for a $750 million senior unsecured revolving credit facility (the “Credit Facility”). As of August 14, 2024, we had no outstanding revolving loans under the Credit Facility. Our Credit Facility requires compliance with various financial and non-financial covenants, including affirmative covenants relating to the provision of periodic financial statements, compliance certificates and other notices, maintenance of properties and insurance, payment of taxes and compliance with laws and negative covenants, including, among others, restrictions on the incurrence of certain indebtedness, granting of liens and mergers, dissolutions, consolidations and dispositions. The Credit Facility also provides for a number of events of default, including, among others, failure to make a payment, bankruptcy, breach of a covenant or representation and warranty, default under material indebtedness (other than the Credit Facility), change of control and judgment defaults. The indentures governing our Senior Notes contain certain negative covenants, including a limitation on liens and limitation on sale/leaseback covenants. Under the terms of these covenants, we may be restricted from engaging in business or operating activities that may otherwise improve our business or from financing future operations or capital needs. Failure to comply with certain covenants, including the financial covenant, if not cured or waived, will result in an event of default that could trigger acceleration of our indebtedness, which would require us to repay all amounts owed and could have a material adverse impact on our business. In addition, our Credit Facility has a floating interest rate that is based on variable and unpredictable U.S. and international economic risks and uncertainties. If we were to draw on the Credit Facility, any increase in interest rates, as has occurred in the past and may occur in the future, may negatively impact our financial results. We continue to have the ability to incur additional debt, subject to the limitations in our Credit Facility and the indentures governing our Senior Notes. Our level of debt could have important consequences to us, including the following: 31 31 31 •our ability to obtain additional financing, if necessary, for working capital, capital expenditures, acquisitions or other purposes may be impaired or such financing may not be available on favorable terms; •we may need a substantial portion of our cash flow to make principal and interest payments on our debt, reducing the funds that would otherwise be available for investment in operations and future business opportunities; •our debt level will make us more vulnerable than our competitors with less debt to competitive pressures or a downturn in our business or the economy generally; and •our debt level may limit our flexibility in responding to changing business and economic conditions. Our ability to service our debt will depend upon, among other things, our future financial and operating performance, which will be affected by prevailing economic conditions and financial, business, regulatory and other factors, some of which are beyond our control. If our operating results are not sufficient to service our current or future indebtedness, we will be forced to take actions such as reducing or delaying our business activities, acquisitions, investments or capital expenditures, selling assets, restructuring or refinancing our debt, or seeking additional equity capital or bankruptcy protection. We may not be able to effect any of these remedies on satisfactory terms to us or at all.

Our Credit Facility requires compliance with various financial and non-financial covenants, including affirmative covenants relating to the provision of periodic financial statements, compliance certificates and other notices, maintenance of properties and insurance, payment of taxes and compliance with laws and negative covenants, including, among others, restrictions on the incurrence of certain indebtedness, granting of liens and mergers, dissolutions, consolidations and dispositions. The Credit Facility also provides for a number of events of default, including, among others, failure to make a payment, bankruptcy, breach of a covenant, representation and warranty, default under material indebtedness (other than the Credit Facility), change of control and judgment defaults. Under the terms of the Credit Facility, we may be restricted from engaging in business or operating activities that may otherwise improve our business or from financing future operations or capital needs. Failure to comply with the covenants, including the financial covenant, if not cured or waived, will result in an event of default that could trigger acceleration of our indebtedness, which would require us to repay all amounts owing under our Credit Facility and could have a material adverse impact on our business. Overdue amounts under the Credit Facility accrue interest at a default rate. We cannot be certain that our future operating results will be sufficient to ensure compliance with the financial covenant in our Credit Facility or to remedy any defaults. In addition, in the event of default and related acceleration, we may not have or be able to obtain sufficient funds to make the accelerated payments required under the Credit Facility. We continue to have the ability to incur additional debt, subject to the limitations in our Credit Facility. Our level of debt could have important consequences to us, including the following: •our ability to obtain additional financing, if necessary, for working capital, capital expenditures, acquisitions or other purposes may be impaired or such financing may not be available on favorable terms; •we may need a substantial portion of our cash flow to make principal and interest payments on our debt, reducing the funds that would otherwise be available for investment in operations and future business opportunities; •our debt level will make us more vulnerable than our competitors with less debt to competitive pressures or a downturn in our business or the economy generally; and •our debt level may limit our flexibility in responding to changing business and economic conditions. Our ability to service our debt will depend upon, among other things, our future financial and operating performance, which will be affected by prevailing economic conditions and financial, business, regulatory and other factors, some of which are beyond our control. If our operating results are not sufficient to service our current or future indebtedness, we will be forced to take actions such as reducing or delaying our business activities, acquisitions, investments or capital expenditures, selling assets, restructuring or refinancing our debt, or seeking 23 23 23 additional equity capital or bankruptcy protection. We may not be able to effect any of these remedies on satisfactory terms to us or at all. In addition, our Credit Facility has a floating interest rate that is based on variable and unpredictable U.S. and international economic risks and uncertainties and an increase in interest rates, such as has occurred recently and is expected in the future, may negatively impact our financial results. We enter into interest rate hedging transactions that reduce, but do not eliminate, the impact of unfavorable changes in interest rates. We attempt to minimize credit exposure by limiting counterparties to internationally recognized financial institutions, but even these counterparties are subject to default and contract risk and this risk is beyond our control. There is no guarantee that our hedging efforts will be effective or, if effective in one period will continue to remain effective in future periods. We have amended our Credit Facility to utilize the Secured Overnight Financing Right (“SOFR”) to calculate the amount of accrued interest on any borrowings in place of London Interbank Offered Rate (“LIBOR”), which ceased publication on June 30, 2023. SOFR is intended to be a broad measure of the cost of borrowing cash overnight that is collateralized by U.S. Treasury securities. However, because SOFR is a broad U.S. Treasury repo financing rate that represents overnight secured funding transactions, it differs fundamentally from LIBOR. The change from LIBOR to SOFR could result in interest obligations that are more than or that do not otherwise correlate over time with the payments that would have been made on this debt if LIBOR were available. This may result in an increase in the cost of our borrowings under our existing Credit Facility and any future borrowings.

We are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the listing requirements of Nasdaq and other applicable securities rules and regulations. Compliance with these rules and regulations has increased our legal and financial compliance costs, making some activities more difficult, time-consuming, and costly, and has increased demand on our systems and resources. The Exchange Act requires, among other things, that we file annual reports with respect to our business and results of operations. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. In order to maintain and, if required, improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, significant resources and management oversight is required. We have in the past and expect to continue to incur significant legal, accounting, insurance and other expenses and to expend time and resources to comply with these requirements. Additionally, as a result of the complexity involved in complying with the rules and regulations applicable to public companies, our management’s attention may be diverted from other business concerns, which could harm our business, results of operations and financial condition. In addition, the pressures of operating a public company may divert management’s attention to delivering short-term results, instead of focusing on long-term strategy. Additionally, we may need to develop our reporting and compliance infrastructure and may face challenges in complying with new requirements that may become applicable to us over time. If we fall out of compliance, we risk becoming subject to litigation or being delisted, among other potential problems. Further, as a public company it is more expensive for us to maintain adequate director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified executive officers and members of our board of directors.

We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the listing requirements of Nasdaq and other applicable securities rules and regulations. Compliance with these rules and regulations has increased our legal and financial compliance costs, making some activities more difficult, time-consuming, and costly, and has increased demand on our systems and resources. The Exchange Act requires, among other things, that we file annual reports with respect to our business and results of operations. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. In order to maintain and, if required, improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, significant resources and management oversight is required. Additionally, as of September 30, 2022, we are no longer a foreign private issuer, and we are required to comply with all of the provisions applicable to a U.S. domestic issuer under the Exchange Act, including filing an annual report on Form 10-K, quarterly periodic reports and current reports for certain events, complying with the sections of the Exchange Act regulating the solicitation of proxies, requiring insiders to file public reports of their share ownership and trading activities and insiders being liable for profit from trades made in a short period of time. We are also no longer exempt from the requirements of Regulation FD promulgated under the Exchange Act related to selective disclosures. We are also no longer permitted to follow our home country’s rules in lieu of the corporate governance obligations imposed by Nasdaq, and are required to comply with the governance practices required by U.S. domestic issuers listed on Nasdaq. We are also required to comply with all other rules of Nasdaq applicable to U.S. domestic issuers. In addition, we are required to report our financial results under GAAP, including our historical financial results, which have previously been prepared in accordance with International Financial Reporting Standards. The regulatory and compliance costs associated with the reporting and governance requirements applicable to U.S. domestic issuers may be significantly higher than the costs we previously incurred as a foreign private issuer. We expect to continue to incur significant legal, accounting, insurance and other expenses and to expend greater time and resources to comply with these requirements. Additionally, as a result of the complexity involved in complying with the rules and regulations applicable to public companies, our management’s attention may be diverted from other business concerns, which could harm our business, results of operations and financial condition. In addition, the pressures of operating a public company may divert management’s attention to delivering short-term results, instead of focusing on long-term strategy. In addition, we may need to develop our reporting and compliance infrastructure and may face challenges in complying with the new requirements applicable to us. If we fall out of compliance, we risk becoming subject to litigation or being delisted, among other potential problems. Further, as a public company it is more expensive for us to maintain adequate director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified executive officers and members of our board of directors. 34 34 34

Large-scale international events in recent years, such as the COVID-19 pandemic and geopolitical instability and war in regions including Ukraine and the Middle East, have negatively impacted the global economy, disrupted global supply chains, and created significant volatility and disruption of financial markets. There has also been historically high inflation, which caused the Federal Reserve to tighten monetary policy, including issuing a series of interest rate hikes. This has contributed to the failures of certain banking institutions and otherwise uncertain economic conditions. Our business depends on demand for business software applications generally and for collaboration software solutions in particular. The market adoption of our products and our revenue is dependent on the number of users of our products. The continuing global economic and geopolitical volatility has and may continue to cause us and our customers to experience decreased demand for our products and services, increases in our operating costs (including our labor costs), reduced liquidity, and limits on our ability to access credit or otherwise raise capital. They could reduce the number of personnel providing development or engineering services, decrease technology spending, including the purchasing of software products, adversely affect demand for our products, affect our ability to accurately forecast our future results, cause some of our paid customers or suppliers to file for bankruptcy protection or go out of business, impact expected spending from new customers or renewals, expansions or reductions in paid seats from existing customers, negatively impact collections of accounts receivable, result in elongated sales cycles, and otherwise harm our business, results of operations, and financial condition. In particular, we have revenue exposure to customers who are small- and medium-sized businesses. If these customers’ business operations and finances are negatively affected, they may not purchase or renew our products, may reduce or delay spending, or request extended payment terms or price concessions, which would negatively impact our business, results of operations, and financial condition. For example, rising interest rates and uncertain economic conditions have contributed to the failures of banking institutions, such as Silicon Valley Bank and First Republic Bank. While we have not had any direct exposure to failed banking institutions to date, if other banks and financial institutions enter receivership or become insolvent in the future in response to financial conditions affecting the banking system and financial markets, our ability or our customers’ ability to access existing cash, cash equivalents, and investments may be threatened and affect our customers’ ability to pay for our products and could have a material adverse effect on our business and financial condition. 15 15 15 The extent to which global economic and geopolitical factors ultimately impact our business, results of operations, and financial position will depend on future developments, which are uncertain and cannot be fully predicted at this time. As a result of recent events, we have seen the revenue growth from existing customers moderate and experienced volatility in the trading prices for our Class A Common Stock, and such volatility may continue in the long term. Any sustained adverse impacts from these and other recent macroeconomic events could materially and adversely affect our business, financial condition, operating results, and earnings guidance that we may issue from time to time, which could have a material effect on the value of our Class A Common Stock. They could also heighten many of the other risks described in this “Risk Factors” section.

The COVID-19 pandemic has negatively impacted the global economy, disrupted global supply chains, and created significant volatility and disruption of financial markets. Additionally, the Russian invasion of Ukraine in 2022 has led to further economic disruptions. The conflict has increased inflationary pressures and supply chain constraints, which have negatively impacted the global economy. Inflationary pressure may result in decreased demand for our products and services, increases in our operating costs (including our labor costs), reduced liquidity, and limits on our ability to access credit or otherwise raise capital. In response to the concerns over inflation risk, the U.S. Federal Reserve raised interest rates multiple times in 2022 and 2023 and may continue to do so in the future. It is especially difficult to predict the impact of such events on the global economic markets, which have been and will continue to be highly dependent upon the actions of governments, businesses, and other enterprises in response to such events, and the effectiveness of those actions. The adverse public health developments of COVID-19, including orders to shelter-in-place, travel restrictions, and mandated business closures, have adversely affected workforces, organizations, customers, economies, and financial markets globally, leading to increased macroeconomic and market volatility. It has also disrupted the normal operations of many businesses, including ours. Following an initial movement to remote work due to the COVID-19 pandemic, we subsequently announced that most employees will have flexibility to work remotely indefinitely as part of our “Team Anywhere” policy. Our remote-work arrangements could strain our business continuity plans, introduce operational risk, including cybersecurity risks and increased costs, and impair our ability to effectively manage our business, which may negatively impact our business, results of operations, and financial condition. We are actively monitoring the impacts of the situation and may continue to adjust our current policies and practices. 15 15 15 Our business depends on demand for business software applications generally and for collaboration software solutions in particular. In addition, the market adoption of our products and our revenue is dependent on the number of users of our products. The COVID-19 pandemic, including intensified measures undertaken to contain the spread of COVID-19, the Russian invasion of Ukraine, increased inflation and interest rates and the resulting economic and social impacts of these events could reduce the number of personnel providing development or engineering services, decrease technology spending, including the purchasing of software products, adversely affect demand for our products, affect our ability to accurately forecast our future results, cause some of our paid customers or suppliers to file for bankruptcy protection or go out of business, affect the ability of our customer support team to conduct in-person trainings or our solutions partners to conduct in-person sales, impact expected spending from new customers or renewals, expansions or reductions in paid seats from existing customers, negatively impact collections of accounts receivable, result in elongated sales cycles, and harm our business, results of operations, and financial condition. In particular, we have revenue exposure to customers who are small- and medium-sized businesses. If these customers’ business operations and finances are negatively affected, they may not purchase or renew our products, may reduce or delay spending, or request extended payment terms or price concessions, which would negatively impact our business, results of operations, and financial condition. For example, rising interest rates and slowing economic conditions have contributed to the recent failure of banking institutions, such as Silicon Valley Bank and First Republic Bank. While we have not had any direct exposure to recently failed banking institutions to date, if other banks and financial institutions enter receivership or become insolvent in the future in response to financial conditions affecting the banking system and financial markets, our ability or our customers’ ability to access existing cash, cash equivalents, and investments may be threatened and affect our customers’ ability to pay for our products and could have a material adverse effect on our business and financial condition. The extent to which these factors ultimately impact our business, results of operations, and financial position will depend on future developments, which are uncertain and cannot be fully predicted at this time, including, but not limited to, the continued duration and spread of the COVID-19 outbreak and related variants, its severity, the actions taken by governments and authorities to contain the virus or treat its impact, the effectiveness of current vaccine and therapeutic treatments, and the extent to which normal economic and operating conditions continue to resume, future developments regarding Russia’s invasion of Ukraine, continued inflationary pressures and governmental actions, such as interest rate increases to respond to such pressures. As a result of these and other recent macroeconomic events, we have seen the growth from existing customers moderate and experienced volatility in the trading prices for our Class A Common Stock, and such volatility may continue in the long term. Any sustained adverse impacts from these and other recent macroeconomic events could materially and adversely affect our business, financial condition, operating results, and earnings guidance that we may issue from time to time, which could have a material effect on the value of our Class A Common Stock.

14 14 14 We have experienced rapid growth in recent years and such growth rate should not be considered indicative of our future performance and may decline in the future. This rapid growth also makes it more challenging to evaluate our future prospects. Our revenue growth rate has fluctuated in prior periods and, in future periods, our revenue could grow more slowly than it has in the past or decline for a number of reasons, including any reduction in demand for our products, increase in competition, limitations on our ability to, or any decision not to, increase pricing, a slower than anticipated adoption of or migration to our Cloud offerings, failure to capitalize on growth opportunities, contraction in our overall market, or impact from broader macroeconomic factors. As one example, we have seen expansion from existing customers moderate in recent quarters, particularly amongst our small and medium-sized customers. Additionally, we ceased sales of new perpetual license Server offerings for our products in February 2021, and, subject to limited exceptions, ended maintenance and support for Server products in February 2024. If our Server customers did not transition to our Cloud or Data Center offerings, or if our Data Center customers do not migrate to our Cloud offerings, our revenue growth rates and profitability may be negatively impacted. We make assumptions regarding the risks and uncertainties associated with our growth as we plan and operate our business. If our assumptions are incorrect or change, or if we do not address risks successfully, our operating and financial results could differ materially from our expectations, our growth rates may slow, and our business would suffer. In addition, we expect our expenses to increase substantially in the near term, particularly as we continue to make significant investments in research and development and technology infrastructure for our Cloud offerings, expand our operations globally and develop new products and features for, and enhancements of, our existing products, including our AI products. As a result of these significant investments, and in particular stock-based compensation associated with our growth, we have not in the past and may not in the future be able to achieve profitability as determined under U.S. generally accepted accounting principles (“GAAP”). The additional expenses we will incur may not lead to sufficient additional revenue to maintain historical revenue growth rates and profitability.

Our historical growth rate should not be considered indicative of our future performance and may decline in the future. Our revenue growth rate has fluctuated in prior periods and, in future periods, our revenue could grow more slowly than in recent periods or decline for a number of reasons, including any reduction in demand for our products, increase in competition, limited ability to, or our decision not to, increase pricing, contraction of our overall market, a slower than anticipated adoption of or migration to our Cloud offerings, or our failure to capitalize on growth opportunities. For example, beginning in the first quarter of fiscal year 2023, we have seen growth from existing customers moderate, which we believe is due to customers being impacted by weakening economic conditions. Additionally, beginning in February 2021, we ceased sales of new perpetual licenses for our products, and beginning in February 2022, we ceased sales of upgrades to these on-premises versions of our products. We also plan to end maintenance and support for these on-premises versions of our products in February 2024. If our customers do not transition from our on-premises offerings to our Cloud or Data Center offerings prior to February 2024, our revenue growth rates and profitability may be negatively impacted. In addition, we expect expenses to increase substantially in the near term, particularly as we continue to make significant investments in research and development and technology infrastructure for our Cloud offerings, expand our operations globally and develop new products and features for, and enhancements of, our existing products. As a result of these significant investments, and in particular stock-based compensation associated with our growth, we may not be able to achieve profitability as determined under U.S. generally accepted accounting principles (“GAAP”) in future periods. The additional expenses we will incur may not lead to sufficient additional revenue to maintain historical revenue growth rates and profitability.

Our marketing model has relied on the strength of our products and organic user demand, driven by word-of-mouth marketing and viral expansion within organizations. We offer free trials, limited free versions and affordable starter licenses for certain products in order to promote additional usage, brand and product awareness, and adoption. If we are not able to organically attract customers, our revenue may grow more slowly than expected, or decline. In addition, high levels of customer satisfaction and market adoption are central to our marketing model. Any decrease in our customers’ satisfaction with our products, including as a result of our own actions or actions outside of our control, could harm word-of-mouth referrals and our brand. If our customer base does not continue to grow with our marketing model, we may be required to incur significantly higher marketing and sales expenses in order to acquire new subscribers, which could harm our business and results of operations. In addition, our strategy of offering free trials, limited free versions or affordable starter licenses for certain products could be ineffective. Users may not perceive value in the additional benefits and services we offer beyond our free trials or limited free versions and, historically, a majority of users never convert to a paid version of our products from these free trials or limited free versions or upgrade beyond the starter license. Our marketing strategy also depends in part on persuading users who use free trials, free versions or starter licenses of our products to convince others within their organization to purchase and deploy our products. To the extent that these users do not become, or lead others to become, customers, we will not realize the intended benefits of this marketing strategy, and our ability to grow our business could be harmed.

We offer free trials, limited free versions or affordable starter licenses for certain products in order to promote additional usage, brand and product awareness, and adoption. Historically, a majority of users never convert to a paid version of our products from these free trials or limited free versions or upgrade beyond the starter license. Our marketing strategy also depends in part on persuading users who use the free trials, free versions or starter licenses of our products to convince others within their organization to purchase and deploy our products. To the extent that these users do not become, or lead others to become, customers, we will not realize the intended benefits of this marketing strategy, and our ability to grow our business could be harmed.

We currently offer and sell both Data Center and Cloud offerings of certain of our products. For these products, our Cloud offering enables quick setup and subscription pricing, while our Data Center offering permits more customization, a term license fee structure, and complete application control. Although a substantial majority of our revenue was historically generated from customers using our Server and Data Center products, over time our customers have moved and we expect them to continue to move to our Cloud offerings, resulting in our Cloud offerings becoming more central to our distribution model. As a part of this transition, we ceased sales of new perpetual licenses for our Server products in February 2021 and, subject to limited exceptions, ended maintenance and support for Server products in February 2024. We may be subject to additional competitive and pricing pressures for our Cloud offerings compared to our Data Center offerings, which could harm our business. Further, revenues from our Cloud offerings are typically lower in the initial year compared to our Data Center offerings, which may impact our near-term revenue growth rates and margins, and we incur higher or additional costs to supply our Cloud offerings, such as fees associated with hosting our cloud infrastructure. We have and expect to continue to see increased expenses and lower margins due such hosting costs increasing in this transition. Additionally, we offered discounts to certain of our enterprise-level Server customers to incentivize migration to our Cloud offerings, which impacted our near-term revenue growth. If our remaining Server customers did not transition to our Cloud or Data Center offerings, or if our Data Center customers do not migrate to our Cloud offerings, our revenue growth rates and profitability may be negatively impacted. If our Cloud offerings do not develop as quickly as we expect, if we are unable to continue to scale our systems to meet the requirements of successful, large Cloud offerings, or if we lose customers currently 18 18 18 using our Data Center products due to our increased focus on our Cloud offerings or our inability to successfully migrate them to our Cloud products, our business could be harmed. We are directing a significant portion of our financial and operating resources to implement robust Cloud offerings for our products and to migrate our existing customers to our Cloud offerings, but even if we continue to make these investments, we may be unsuccessful in growing or implementing our Cloud offering that competes successfully against our current and future competitors and our business, results of operations, and financial condition could be harmed.

We currently offer and sell both on-premises and Cloud offerings of certain of our products. For these products, our Cloud offering enables quick setup and subscription pricing, while our on-premises offering permits more customization, a perpetual or term license fee structure, and complete application control. Although a substantial majority of our revenue was historically generated from customers using our on-premises products, over time our customers have moved and will continue to move to our Cloud offerings, and our Cloud offerings will become more central to our distribution model. For example, beginning in February 2021, we ceased sales of new perpetual licenses for our products, and beginning in February 2022, we ceased sales of upgrades to these on-premises versions of our products. We also plan to end maintenance and support for these on-premises versions of our products in February 2024. We may be subject to additional competitive and pricing pressures from our Cloud offerings compared to our on-premises offerings, which could harm our business. Further, revenues from our Cloud offerings are typically lower in the initial year compared to our on-premises offerings, which may impact our near-term revenue growth rates and margins, and we incur higher or additional costs to supply our Cloud offerings, such fees associated with hosting our cloud infrastructure. Additionally, we offered discounts to certain of our enterprise-level on-premises customers to incentivize migration to our Cloud offerings, which impacted our near-term revenue growth. If our customers do not transition from our on-premises offerings to our Cloud or Data Center offerings prior to February 2024, our revenue growth rates and profitability may be negatively impacted. If our Cloud offerings do not develop as quickly as we expect, if we are unable to continue to scale our systems to meet the requirements of successful, large Cloud offerings, or if we lose customers currently using our on-premises products due to our increased focus on our Cloud offerings or our inability to successfully migrate them to our Cloud products, our business could be harmed. We are directing a significant portion of our financial and operating resources to implement robust Cloud offerings for our products and to migrate our existing customers to our Cloud offerings, but even if we continue to make these investments, we may be unsuccessful in growing or implementing our Cloud offering that competes successfully against our current and future competitors and our business, results of operations, and financial condition could be harmed.

Regulation related to the provision of services over the internet is evolving, as federal, state and foreign governments continue to adopt new, or modify existing, laws and regulations addressing data privacy, cybersecurity, data protection, data sovereignty and the collection, processing, storage, hosting, transfer and use of data, generally. In the United States, the Federal Trade Commission and state regulators enforce a variety of data privacy issues, such as promises made in privacy policies or failures to appropriately protect information about individuals, as unfair or deceptive acts or practices in or affecting commerce in violation of the Federal Trade Commission Act or similar state laws. In addition, new U.S. state data privacy laws, such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CPRA”), and laws that have recently passed and/or gone into effect in many other states similarly impose new obligations on us and many of our customers, potentially as both businesses and service providers. These laws continue to evolve, and as various states introduce similar proposals, we and our customers could be exposed to additional regulatory burdens. In the European Economic Area (“EEA”) and the U.K., data privacy laws and regulations, such as the European Union General Data Protection Regulation (“EU GDPR”) and United Kingdom General Data Protection Regulation and Data Protection Act 2018 (collectively, the “UK GDPR,” and, together with the EU GDPR, the “GDPR”), impose comprehensive obligations directly on Atlassian as both a data controller and a data processor, as well as on many of our customers, in relation to our collection, processing, sharing, disclosure and other use of personal data. 27 27 27 We are also subject to evolving privacy laws on cookies, tracking technologies and e-marketing. For example, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 establishes certain requirements for commercial email messages and specifies penalties for the transmission of commercial email messages that are intended to deceive the recipient as to source or content. In addition, certain states and foreign jurisdictions, such as Australia, Canada and the EU, have enacted laws that regulate sending email, and some of these laws are more restrictive than U.S. laws. In the EU and U.K., informed consent is required for the placement of certain cookies or similar tracking technologies on an individual’s device and for direct electronic marketing. Consent is tightly defined and includes a prohibition on pre-checked consents and a requirement to obtain separate consents for each type of cookie or similar technology. Recent European court and regulator decisions are driving increased attention to cookies and similar tracking technologies. In addition, various safe harbors have historically been provided to those who hosted content provided by others, such as safe harbors from monetary damages for copyright infringement arising from copyrighted content provided by customers and others, and for defamation and other torts arising from information provided by customers and others. There is an increasing demand for repealing or limiting these safe harbors by either judicial decision or legislation. Loss of these safe harbors may require altering or limiting some of our services or may require additional contractual terms to avoid liabilities for our customers’ misconduct. Although we monitor the regulatory, judicial and legislative environment and have invested in addressing these developments, these new laws may require us to make additional changes to our practices and services to enable us or our customers to meet the new legal requirements, and may also increase our potential liability exposure through new or higher potential penalties for noncompliance, including as a result of penalties, fines and lawsuits related to data breaches. For instance, the Digital Services Act (“DSA”) in the EU, which came into force on November 16, 2022 and the majority of substantive provisions of which took effect on February 17, 2024, imposes new obligations around illegal services or content on our platform, traceability of business users, and enhanced transparency measures, and failure to comply can result in fines of up to 6% of total annual worldwide turnover. Record-breaking enforcement actions globally have shown that regulators wield their right to impose substantial fines for violations of privacy regulations, and these enforcement actions could result in guidance from regulators that would require changes to our current compliance strategy. Furthermore, privacy laws and regulations are subject to differing interpretations and may be inconsistent among jurisdictions. These and other requirements are causing increased scrutiny among customers, particularly in the public sector and highly regulated industries, and may be perceived differently from customer to customer. These developments could reduce demand for our services, require us to take on more onerous obligations in our contracts, restrict our ability to store, transfer and process data, require us to fundamentally change our business activities and practices or modify our products, or, in some cases, impact our ability or our customers' ability to offer our services in certain locations, to deploy our solutions, to reach current and prospective customers, or to derive insights from customer data globally. For example, in July 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield Framework, one of the mechanisms that allowed companies, including Atlassian, to transfer personal data from the European Economic Area (“EEA”) to the United States. Even though the CJEU decision upheld the Standard Contractual Clauses as an adequate transfer mechanism, the decision created uncertainty around the validity of all EU-to-U.S. data transfers. While the EU and U.S. governments have recently adopted the EU-U.S. Data Privacy Framework to foster EU-to-U.S. data transfers and address the concerns raised in the aforementioned CJEU decision, it is uncertain whether this framework will eventually be overturned in court like the previous two EU-U.S. bilateral cross-border transfer frameworks. Certain countries outside of the EEA have also passed or are considering passing laws requiring varying degrees of local data residency. By way of further example, statutory damages available through a private right of action for certain data breaches under the CPRA and potentially other U.S. states’ laws, may increase our and our customers’ potential liability and the demands our customers place on us. As another example, jurisdictions are considering legal frameworks on AI, which is a trend that may increase now that the EC has agreed the first such framework. The costs of compliance with, and other burdens imposed by, privacy laws, regulations and standards may limit the use and adoption of our services, reduce overall demand for our services, make it more difficult to meet expectations from our commitments to customers and our customers’ users, lead to significant fines, penalties or liabilities for noncompliance, impact our reputation, or slow the pace at which we close sales transactions, in particular where customers request specific warranties and unlimited indemnity for noncompliance with privacy laws, any of which could harm our business. We have adopted and continue to adopt data residency in certain territories. These services may enhance our ability to attract and retain customers operating in the relevant jurisdictions, but may also increase the cost and complexity of supporting those customers, the scope of our residency offering may not align with customer needs, and our customers may request similar offerings in other territories. 28 28 28 In addition to government activity, privacy advocates and other industry groups have established or may establish new self-regulatory standards that may place additional burdens on our ability to provide our services globally. Our customers expect us to meet voluntary certification and other standards established by third parties. If we are unable to maintain these certifications or meet these standards, it could adversely affect our ability to provide our solutions to certain customers and could harm our business. In addition, we have seen a trend toward the private enforcement of data protection obligations, including through private actions for alleged noncompliance, which could harm our business and negatively impact our reputation. In addition, a shift in consumers’ data privacy expectations or other social, economic or political developments could impact the regulatory enforcement of privacy regulations, which could require our cooperation and increase the cost of compliance with the imposed regulations. Further, any failure or perceived failure by us to comply with our posted privacy policies, our privacy-related obligations to users or other third parties, or any other legal obligations or regulatory requirements relating to privacy, data protection or information security may result in governmental investigations or enforcement actions, litigation, claims or public statements against us by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us, and otherwise materially and adversely affect our reputation and business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations and policies that are applicable to the businesses of our users may limit the adoption and use of, and reduce the overall demand for, our platform. Additionally, if third parties we work with violate applicable laws, regulations or agreements, such violations may put our users’ data at risk, could result in governmental investigations or enforcement actions, fines, litigation, claims, or public statements against us by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us and otherwise materially and adversely affect our reputation and business. Further, public scrutiny of, or complaints about, technology companies or their data handling or data protection practices, even if unrelated to our business, industry or operations, may lead to increased scrutiny of technology companies, including us, and may cause government agencies to enact additional regulatory requirements, or to modify their enforcement or investigation activities, which may increase our costs and risks. Our business also increasingly relies on artificial intelligence to improve our services and tailor our interactions with our customers. However, in recent years use of these methods has come under increased regulatory scrutiny. New laws, guidance and/or decisions in this area may limit our ability to use our artificial intelligence models, or require us to make changes to our operations that may decrease our operational efficiency, result in an increase to operating costs and/or hinder our ability to improve our services. For example, there are specific rules on the use of automated decision making under the GDPR that require the existence of automated decision making to be disclosed to the data subject with a meaningful explanation of the logic used in such decision making in certain circumstances, and safeguards must be implemented to safeguard individual rights, including the right to obtain human intervention and to contest any decision. Further, California recently introduced a law requiring disclosure of chatbot functionality. Finally, the uncertain and shifting regulatory environment and trust climate may raise concerns regarding data privacy and cybersecurity, which may cause our customers or our customers’ users to resist providing the data necessary to allow our customers to use our services effectively. In addition, new products we develop or acquire may expose us to liability or regulatory risk. Even the perception that the privacy and security of personal information are not satisfactorily protected or do not meet regulatory requirements could inhibit sales of our products or services and could limit adoption of our cloud offerings.

Privacy and data security have become significant issues in the U.S., Europe and in many other jurisdictions where we offer our products. The regulatory framework for the collection, use, retention, safeguarding, sharing, disclosure, and transfer of data worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future. Globally, virtually every jurisdiction in which we operate has established its own data security and privacy frameworks with which we, and/or our customers, must comply. These laws and regulations often are more restricted than those in the United States. The European General Data Protection regulation (“GDPR”), which is supplemented by national laws in individual member states and the guidance of national supervisory authorities and the European Data Protection Board, applies to any company established in the European Economic Area (“EEA”) as well as to those outside the EEA if they collect and use personal data in connection with the offering of goods or services to individuals in the EEA or the monitoring of their behavior. GDPR enhances data protection obligations for processors and controllers of personal data, including, for example, expanded disclosures about how personal information is collected and used, limitations on retention of information, mandatory data breach notification requirements, and extensive obligations on services providers. Non-compliance can trigger steep fines. In addition, the UK has established its own domestic regime with the UK GDPR and amendments to the Data Protection Act, which so far mirrors the obligations in the GDPR, poses similar challenges and imposes substantially similar penalties. Additionally, in the U.S., various laws and regulations apply to the collection, processing, disclosure and security of certain types of data, including the Federal Trade Commission Act, and state equivalents, the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. There are also various state laws relating to privacy and data security. The California Consumer Privacy Act (“CCPA”) as modified by California Privacy Rights Act (“CPRA”), broadly defines personal information and gives California residents expanded privacy rights and protections and provides for civil penalties for violations and a private right of action for data breaches. Since the CPRA passed, various other states have passed their own comprehensive privacy statutes that share similarities with CCPA and CPRA. Some observers see this influx of state privacy regimes as a trend towards 29 29 29 more stringent privacy legislation in the United States, including a potential federal privacy law, all of which could increase our potential liability and adversely affect our business. We expect that there will continue to be new proposed laws and regulations around the globe and we cannot yet determine the full impact these developments may have on our business, nor assure ongoing compliance with all such laws or regulations. For example, the EEA is in the process of finalizing the e-Privacy Regulation to replace the European e-Privacy Directive (Directive 2002/58/EC as amended by Directive 2009/136/EC). We may face difficulties in marketing to current and potential customers under applicable laws, which impacts our ability to spread awareness of our products and services and, in turn, grow a customer base. As rules evolve, we also expect to incur additional costs to comply with new requirements. As another example, countries are considering legal frameworks on AI, which is a trend that may increase now that the EC has proposed the first such framework. The interpretation and application of these laws are, and will likely remain, uncertain, and it is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing data management practices or product features. If so, in addition to the possibility of fines, lawsuits and other claims and penalties, we could be required to fundamentally change our business activities and practices or modify our products, which could harm our business. Any inability to adequately address privacy and data security concerns or comply with applicable privacy or data security laws, regulations and policies could result in additional cost and liability to us, damage our reputation, inhibit sales, and harm our business. Moreover, record-breaking enforcement actions globally have shown that regulators wield their right to impose substantial fines for violations of privacy regulations, and these enforcement actions could result in guidance from regulators that would require changes to our current compliance strategy. Given the breadth and depth of changes in data protection obligations, complying with global data protection requirements requires time, resources, and a review of our technology and systems currently in use against regulatory requirements. In addition, privacy advocates and industry groups may propose new and different self-regulatory standards that either legally or contractually apply to us. Further, our customers may require us to comply with more stringent privacy and data security contractual requirements or obtain certifications that we do not currently have, and any failure to obtain these certifications could reduce the demand for our products and our business could be harmed. If we were required to obtain additional industry certifications, we may incur significant additional expenses and have to divert resources, which could slow the release of new products, all of which could harm our ability to effectively compete. Further, any failure or perceived failure by us to comply with our posted privacy policies, our privacy-related obligations to users or other third parties, or any other legal obligations or regulatory requirements relating to privacy, data protection or information security may result in governmental investigations or enforcement actions, litigation, claims or public statements against us by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us, and otherwise materially and adversely affect our reputation and business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations and policies that are applicable to the businesses of our users may limit the adoption and use of, and reduce the overall demand for, our platform. Additionally, if third parties we work with violate applicable laws, regulations or agreements, such violations may put our users’ data at risk, could result in governmental investigations or enforcement actions, fines, litigation, claims, or public statements against us by consumer advocacy groups or others and could result in significant liability, cause our users to lose trust in us and otherwise materially and adversely affect our reputation and business. Further, public scrutiny of, or complaints about, technology companies or their data handling or data protection practices, even if unrelated to our business, industry or operations, may lead to increased scrutiny of technology companies, including us, and may cause government agencies to enact additional regulatory requirements, or to modify their enforcement or investigation activities, which may increase our costs and risks.

We have incorporated and expect to continue to incorporate AI and machine learning solutions and features, including generative AI solutions and features, into our platform, and otherwise within our business, and these solutions and features may become more important to our operations or to our future growth over time. There can be no assurance that the use of AI and machine learning solutions and features will enhance our products or services, produce intended results, or be beneficial to our business, including our efficiency or profitability, and we may fail to properly implement or market our AI and machine learning solutions and features. Our investments in AI solutions and features have and may continue to negatively impact our operating margins until we are able to increase revenue enough to offset these investments. Our competitors or other third parties may incorporate AI into their products, offerings, and solutions more quickly or more successfully than us, which could impair our ability to compete effectively and adversely affect our results of operations. In addition, suppliers of the third-party AI models we use in our platform could terminate their relationship with us, cease to make certain models available to us, or make certain models more expensive for us to use. Our ability to effectively implement and market our AI solutions and features will also depend, in part, on our ability to attract and retain employees with AI expertise, and we expect significant competition for professionals with such skills and technical knowledge. 17 17 17 Additionally, our AI and machine learning solutions and features may expose us to additional claims, demands, and proceedings by private parties and regulatory authorities and subject us to legal liability as well as brand and reputational harm. There are significant risks involved in utilizing AI and machine learning technologies, and in particular, generative AI technologies. For example, AI and machine learning algorithms may be flawed, insufficient, or of poor quality, reflect unwanted forms of bias, or contain other errors or inadequacies, any of which may not easily be detectable. AI and machine learning technologies have also been known to produce false or “hallucinatory” inferences or outputs. Further, inappropriate or controversial data practices by developers and end-users, or other factors adversely affecting public opinion regarding the use of AI and machine learning, could impair the acceptance of AI and machine learning solutions, including those incorporated into our products and services. If the AI and machine learning tools incorporated into our platform, or the content generated by such tools, is harmful, biased, inaccurate, discriminatory or controversial, our results of operations could suffer, including due to legal, competitive and reputational harm. Our customers may be less likely to utilize our AI and machine learning tools or may cease using our platform altogether. If we do not have sufficient rights to use the output of such AI and machine learning tools, or the data or other material or content on which the AI and machine learning tools we use rely, we also may incur liability through the violation of applicable laws and regulations, third-party intellectual property, privacy or other rights, or contracts to which we are a party. In addition, we are subject to the risks of new or enhanced governmental or regulatory scrutiny, litigation, or other legal liability, ethical concerns, negative consumer perceptions as to automation and AI and machine learning technologies, any of which could adversely affect our business, reputation, or financial results. The technologies underlying AI and machine learning and their uses are subject to a variety of laws and regulations related to online services, intermediary liability, intellectual property rights, privacy, data security and data protection, consumer protection, competition and equal opportunity laws, and are expected to be subject to increased regulation and new laws or new applications of existing laws and regulations. AI and machine learning technologies are the subject of ongoing review by various federal, state and foreign governments and regulators, which are applying, or are considering applying, their platform moderation, privacy, data security and data protection laws and regulations to such technologies or are considering general legal frameworks for the appropriate use of AI and machine learning. As the legal, regulatory, and policy environments around AI and machine learning evolve, we may become subject to new legal and regulatory obligations in connection with our use of AI and machine learning technology, which could require us to make significant changes to our policies and practices, necessitating expenditure of significant time, expense, and other resources. We may not be able to anticipate how to respond to rapidly evolving legal frameworks, and we may have to expend resources to adjust our offerings in certain jurisdictions if the legal frameworks on AI and machine learning products are not consistent across jurisdictions. Accordingly, it is not possible to predict all of the risks related to the use of AI and machine learning solutions that we may face, and changes in laws, rules, directives, and regulations governing the use of AI and machine learning solutions may adversely affect our ability to use or sell these solutions or subject us to legal liability.

We are building AI and machine learning into our products. The rapid evolution of AI and machine learning will require the application of resources to develop, test and maintain our products and services to help ensure that AI and machine learning are implemented responsibly in order to minimize unintended, harmful impact. Failure to properly do so may cause us to incur increased research and development costs, or divert resources from other development efforts, to address social and ethical issues related to AI and machine learning. As with many cutting-edge innovations, AI and machine learning present new risks and challenges. Existing laws and regulations may apply to us or our vendors in new ways and new laws and regulations may be instituted, the effects of which are difficult to predict. The risks and challenges presented by AI and machine learning could undermine public confidence in AI and machine learning, which could slow its adoption and affect our business. If we enable or offer AI and machine learning products that draw controversy due to their perceived or actual impact on human rights, intellectual property, privacy, security, employment, the environment or in other social contexts, we may experience brand or reputational harm, competitive harm or legal liability. Data governance practices by us or others that result in controversy could also impair the acceptance of AI solutions. This in turn could undermine the decisions, predictions, analysis or other outputs that AI applications produce, subjecting us to competitive harm, legal liability and brand or reputational harm. 24 24 24 Uncertainty around new and emerging AI applications such as generative AI content creation may require additional investment in the development of proprietary datasets, machine learning models and systems to test for accuracy, bias and other variables, which are often complex, may be costly and could impact our profit margin as we expand generative AI into our product offerings. Developing, testing and deploying AI systems may also increase the cost profile of our offerings due to the nature of the computing costs involved in such systems. Potential government regulation specifically related to AI may also increase the burden and cost of research and development in this area. For example, countries are considering legal frameworks on AI, which is a trend that may increase now that the European Commission (the “EC”) of the European Union (the “EU”) has proposed the first such framework. Stakeholders and those affected by the development and use of AI and machine learning (including our employees and customers) who are dissatisfied with our public statements, policies, practices, or solutions related to the development and use of AI and machine learning may express opinions that could introduce reputational or business harm, or legal liability.