Autodesk (ADSK) Risk Factors

As we digitize Autodesk and use cloud- and web-based technologies to leverage customer data to deliver the total customer experience, we are exposed to increased security risks and the potential for unauthorized access to, or improper use, disclosure, or other processing of, our and our customers' information. Like other software offerings and systems, ours are vulnerable to security breaches and incidents, including those from acquired companies. Also, our ability to mitigate the risk of security breaches and incidents may be impacted by our limited control over our customers or third-party technology providers and vendors, or the processing of data by third-party technology providers and vendors, which may not allow us to maintain the integrity or security of such transmissions or processing. We devote significant resources in an effort to maintain the security and integrity of our systems, offerings, services, and applications (online, mobile, and desktop). Despite these efforts, we are subject to security breaches and incidents, and we face delays and other difficulties in identifying, responding to, or remediating security breaches or incidents. Hackers regularly have targeted our systems, offerings, services, and applications, and we expect them to do so in the future. To date, such identified security events have not been material or significant to us or our customers, including to our reputation or business operations, or had a material financial impact, but there can be no assurance that future cyberattacks will not be material or significant. Security breaches or incidents disrupt the proper functioning of our systems, solutions, offerings, applications, or services; cause errors in the output of our customers' work; allow unauthorized access to or unauthorized use, disclosure, modification, loss, unavailability, or destruction of, sensitive data or intellectual property, including proprietary or confidential information of ours or our customers; or cause other destructive or disruptive outcomes. The risk of a security incident, particularly through cyber-attack or cyber intrusion, including by computer hackers, foreign governments, and cyber terrorists, has increased as the number, intensity, and sophistication of attempted attacks and intrusions from around the world have increased. These threats include, among others, identity theft, unauthorized access, DNS attacks, wireless network attacks, viruses and worms, malware, bugs, vulnerabilities, advanced persistent threats, application-centric attacks, peer-to-peer attacks, social engineering, phishing, credential stuffing, malicious file uploads, backdoor trojans, supply chain attacks, ransomware attacks, and distributed denial of service attacks. In addition, third parties may attempt to fraudulently induce our employees, vendors, partners, customers, or users to disclose information to gain access to our data or our customers' or users' data and there is the risk of employee, contractor, or vendor error or malfeasance. These existing risks are compounded given the shift in recent years to work-from-home arrangements for a large population of employees and contractors, as well as employees and contractors of our third-party technology providers and vendors, and the risks could also be elevated in connection with the ongoing war between Ukraine and Russia as we and our third-party technology providers and vendors are vulnerable to a heightened risk of cyberattacks from or affiliated with nation-state actors, including retaliatory attacks from Russian actors against U.S.-based companies. Despite our significant efforts to create security barriers to such threats, we cannot entirely mitigate these risks, and there is no guarantee that inadvertent or unauthorized use or disclosure of such information will not occur or that third parties will not gain unauthorized access to such information. Many governments have enacted laws requiring companies to provide notice of security breaches or incidents involving certain types of personal data and personal information. We are also contractually required to notify certain customers of certain security breaches or incidents. Any security breach or incident suffered, or believed to have been suffered, by us or by our technology providers or vendors could result in harm to our reputation and competitive position, difficulty attracting new customers (including government customers), retaining existing customers, and securing payment from customers, our expenditure of significant capital and other resources to evaluate and alleviate the security incident and to try to prevent further or additional incidents, and regulatory inquiries, investigations, and other proceedings, private claims, demands, lawsuits, potential liability, and the potential loss of our authorization under the Federal Risk and Authorization Management Program ("FedRAMP"). We could incur significant costs and liabilities, including due to litigation, indemnity obligations, damages for contract breach, penalties for violation of applicable laws or regulations, and costs for remediation and other incentives offered to customers or other business partners in an effort to maintain business relationships after a security breach or incident, and our financial performance could be negatively impacted. We cannot assure you that any limitations of liability provisions in our contracts would be enforceable or adequate or would otherwise protect us from any liabilities or damages with respect to any particular claim relating to a security incident. We also cannot be sure that our existing insurance coverage will continue to be available on acceptable terms or will be available in sufficient amounts to cover one or more large claims related to a security incident, or that the insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.

Our offerings are subject to export controls and economic sanctions laws and regulations that prohibit the delivery of certain solutions and services without the required export authorizations or export to locations, governments, and persons targeted by applicable sanctions. While we have processes to prevent our offerings from being exported in violation of these laws, including obtaining authorizations as appropriate and screening against U.S. government and international lists of restricted and prohibited persons, we cannot guarantee that these processes will prevent all violations of export control and sanctions laws. If our channel partners fail to obtain appropriate import, export, or re-export licenses or permits, we may also be adversely affected, through reputational harm as well as other negative consequences including government investigations and penalties. We presently incorporate export control and sanctions compliance requirements in our channel partner agreements. Complying with export control and sanctions regulations for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities. Violations of applicable sanctions or export control laws can result in fines or penalties. For additional risks regarding sanctions and trade protectionism, please see the risk factor entitled "We are dependent on international revenue and operations . . ." earlier in this section.

We are a U.S.-based multinational company subject to tax in multiple U.S. and foreign tax jurisdictions. Our effective tax rate is primarily based on our geographic mix of earnings; statutory rates; stock-based compensation; intercompany arrangements, including the manner we develop, value, and license our intellectual property; and enacted tax rules. Significant judgment is required in determining our effective tax rate and in evaluating our tax positions on a worldwide basis. While we believe our tax positions, including intercompany transfer pricing policies, are consistent with the tax laws in the jurisdictions in which we conduct our business, it is possible that these positions may be challenged by tax authorities and may have a significant impact on our effective tax rate and cash taxes. Tax laws in the United States and in foreign tax jurisdictions are dynamic and subject to change as new laws are passed and new interpretations of the law are issued or applied. For example, the U.S. government enacted significant tax law changes in December 2017, the Tax Act, which impacted our tax obligations and effective tax rate beginning in our fiscal 2018 tax year, and significant tax legislation was included in the March 2020 CARES Act and subsequent Consolidated Appropriations Act in December 2020. Due to the complexity and varying interpretations of the Tax Act and the CARES Act, the U.S. Department of Treasury and other standard-setting bodies have been issuing and will continue to issue regulations and interpretative guidance that could significantly impact how we will apply the law and the ultimate effect on our results of operations from both the Tax Act and the CARES Act, including for our prior tax years. In addition, increases in corporate tax rates, could increase our effective tax rate, cash taxes and have an adverse effect on our results from operations. Signed into law on August 16, 2022, the Inflation Reduction Act contains many provisions that may impact Autodesk, including the corporate alternative minimum tax and excise tax on stock buybacks. We are monitoring these impacts on our consolidated financial statements. For tax years beginning after December 31, 2021, the Tax Act required taxpayers to capitalize and amortize research and development costs pursuant to Internal Revenue Code Section 174. Section 174 required taxpayers to capitalize research and development costs and amortize them over 5 years for expenditures attributed to domestic research and 15 years for expenditures attributed to foreign research. Although Congress is considering legislation that would reinstate and extend Section 174 expensing for certain research and experimental expenditures, the possibility that this will happen is uncertain. Increasingly, tax authorities are reviewing existing corporate tax regulatory and legal regimes. Many countries are actively considering or implementing new taxing regimes and changes to existing tax laws. This could include U.S. and foreign tax law developments related to changes to long-standing tax principles arising from proposals made by the Organization for Economic Co-operation and Development that seek to allocate greater taxing rights to countries where customers are located and establish a global minimum tax rate of 15%. If U.S. or foreign tax authorities change applicable tax laws or successfully challenge how or where our profits are currently recognized, our overall taxes could increase, and our business, financial condition, or results of operations may be adversely impacted.

Our strategy to digitize Autodesk involves increasing our use of cloud- and web-based technologies and applications to leverage customer data to improve our offerings for the benefit of our customers. To accomplish this strategy, we must collect and otherwise process customer data, which may include personal data and personal information of users from different jurisdictions globally. We also collect and otherwise process personal data and personal information of our employees and contractors. As a result, federal, state, and global laws relating to privacy, data protection, and information security apply to Autodesk's personal data and personal information processing activities. The scope of these laws and regulations is rapidly evolving, subject to differing interpretations, may be inconsistent among jurisdictions, or conflict with other rules and is likely to remain uncertain for the foreseeable future. We also expect that there will continue to be new laws, regulations, and industry standards concerning privacy, data protection, and information security proposed and enacted in various jurisdictions. Globally, laws such as the General Data Protection Regulation (EU) 2016/679 ("GDPR") in the European Union ("EU") and the Personal Information Protection Law ("PIPL") in China have been enacted, and numerous other countries have proposed or have enacted laws concerning privacy, data protection, and information security. In addition, new and emerging state laws in the United States governing privacy, data protection, and information security, such as the California Consumer Privacy Act ("CCPA"), the California Privacy Rights Act ("CPRA"), and numerous laws in other states, many of which provide for obligations similar to the CCPA and CPRA, have been enacted. These laws and regulations, as well as industry self-regulatory codes, industry standards, and other actual and asserted obligations to which we are or may be asserted to be subject, create new compliance obligations and substantially expand the scope of potential liability and provide greater penalties for non-compliance. For example, the GDPR provides for penalties of up to €20 million or 4% of a company's annual global revenue, whichever is greater, the PIPL provides for penalties of up to 50 million renminbi or 5% of a company's annual revenue and disgorgement of all illegal gains, whichever is greater, and the CCPA provides for penalties of up to $7,500 per violation. These laws, regulations, and codes may also impact our innovation and business drivers in developing new and emerging technologies (e.g., AI and machine learning). These requirements, among others, may impact demand for our offerings and force us to bear the burden of expanded obligations in our contracts. In addition, there is continued instability of international personal data transfer legal mechanisms that are complex, uncertain, and subject to active litigation and enforcement actions in a number of jurisdictions around the world. For example, on June 4, 2021, the European Commission published a new set of modular standard contractual clause ("SCCs"), providing for an 18-month implementation period, which became effective on June 29, 2021, and imposes on companies obligations relating to personal data transfers, including the obligation to conduct a transfer impact assessment and, depending on a party's role in the transfer, to implement additional security measures and to update internal privacy practices. We may, in addition to other impacts, be required to expend significant time and resources to update our contractual arrangements and to comply with new obligations, and we face exposure to regulatory actions, substantial fines and injunctions in connection with transfers of personal data from the EU. In addition, the United Kingdom's ("UK") exit from the EU, and ongoing developments in the UK, have created uncertainty with regard to data protection regulation in the UK. Data processing in the UK is now governed by the UK General Data Protection Regulation and supplemented by other domestic data protection laws, such as the UK Data Protection Act 2018, which authorizes fines of up to £17.5 million or 4% of annual global revenue, whichever is higher. We are also exposed to potentially divergent enforcement actions for certain violations. Furthermore, the new SCCs apply only to the transfer of personal data outside the EU and not the UK. Although the European Commission adopted an adequacy decision for the UK on June 28, 2021, allowing the continued flow of personal data from the EU to the UK, this decision will be regularly reviewed going forward and may be revoked if the UK diverges from its current adequate data protection laws following its exit from the EU. On February 2, 2022, the UK's Information Commissioner's Office issued new standard contractual clauses to support personal data transfers out of the UK ("UK SCCs"), which became effective March 21, 2022. We may, in addition to other impacts, experience additional costs associated with increased compliance burdens and be required to engage in new contract negotiations with third parties that aid in processing personal data on our behalf or localize certain personal data. On March 25, 2022, the United States and EU announced an "agreement in principle" to replace the EU-U.S. Privacy Shield transfer framework with the Trans-Atlantic Data Privacy Framework ("EU-U.S. DPF"). On July 10, 2023, the European Commission adopted an adequacy decision in relation to the EU-U.S. DPF, allowing the EU-U.S. DPF to be utilized as a means of legitimizing EU-U.S. personal data transfers for participating entities. We are evaluating whether the EU-U.S. DPF will be appropriate for us to utilize. The EU-U.S. DPF may be subject to legal challenges from privacy advocacy groups or others, and the European Commission's adequacy decision regarding the EU-U.S. DPF provides that the EU-U.S. DPF will be subject to future reviews and may be subject to suspension, amendment, repeal, or limitations to its scope by the European Commission. Further, several European data protection authorities recently indicated that the use of Google Analytics by European website operators involves the unlawful transfer of personal data to the United States. As the enforcement landscape further develops, and depending on the impacts of these rulings and other developments with respect to cross-border data transfer, we could suffer additional costs, complaints and/or regulatory investigations or fines, have to stop using certain tools and vendors, and make other operational changes. Several other countries, including China, Australia, New Zealand, Brazil, and Japan, have also established specific legal requirements for cross-border data transfers. There is also an increasing trend towards data localization policies. For example, in 2021, China introduced localization requirements for certain data. Other countries, such as India, also are considering data localization requirements. If this trend continues, and countries implement more restrictive regulations for cross-border personal data transfers (or do not permit personal data to leave the country of origin), it could affect the manner in which we provide our services, the geographical location or segregation of our relevant systems and operations, and our business, financial condition, and results of operations in those jurisdictions could be impacted. In addition, the CPRA and many of the other new state laws addressing privacy and information security, including those that have become or will become effective in 2024, provide for additional obligations such as data minimization and storage limitations, granting additional rights to consumers such as correction of personal information and additional opt-out rights. The CPRA also created a new agency to implement and enforce the law. These new state laws have required us to modify our data processing practices and policies and may cause us to make additional modifications, and to incur substantial costs and expenses, in our efforts to comply. Laws in all 50 states, and some of our contracts, require us to provide notice under certain circumstances to customers whose personal information has been disclosed as a result of a data breach. Also, if third parties we work with, such as suppliers, violate applicable data protection laws or regulations, such violations may also put our users' information at risk and could materially adversely affect our business, financial condition, results of operations, and prospects. Additionally, in addition to government activity, privacy advocacy groups and technology and other industries are considering various new, additional, or different self-regulatory standards that may place, or be asserted to place, additional burdens on us. Evolving legislation and the interplay of federal and state laws may be subject to varying interpretations by courts and government agencies, creating complex compliance issues and have and may cause variation in requirements, increase restrictions and potential legal risk and impact strategies and the availability of previously useful data, potentially exposing us to additional expense, adverse publicity, and liability. In the EU and the UK, regulators are increasingly focusing on compliance with requirements in the online behavioral advertising ecosystem, and current national laws that implement the ePrivacy Directive are likely to be replaced by an EU regulation known as the ePrivacy Regulation, which is expected to significantly increase fines for non-compliance. While the text of the ePrivacy Regulation is under development, recent European case law and regulators' recent guidance are driving increased attention to cookies and tracking technologies. This could lead to substantial costs, require significant system changes, limit the effectiveness of our marketing activities, divert the attention of our technology personnel, adversely affect our margins, increase costs, and subject us to additional liabilities. Regulation of cookies and similar technologies, and any decline of cookies or similar online tracking technologies as a means to identify and potentially target users, may lead to broader restrictions and impairments on our marketing and personalization activities and may negatively impact our efforts to understand our customers. Governments, regulators, plaintiffs' attorneys, privacy advocates have increased their focus on how companies collect, process, use, store, share, and transmit personal data and personal information. Any perception of our practices, products, offerings, or services as a violation of individual privacy or data protection rights may subject us to public criticism, lawsuits, reputational harm, or investigations, claims, demands, or other proceedings by regulators, industry groups or other third parties, all of which could disrupt or adversely impact our business and expose us to increased liability. Moreover, because the interpretation and application of many laws, regulations, and other actual and asserted obligations relating to privacy, data protection, and information security are uncertain, it is possible that these laws, regulations, and obligations may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our products, offerings, and services. We could be required to fundamentally change our business activities and practices or modify our offerings and services, any of which could require significant additional expense and adversely affect our business, including impacting our ability to innovate, delaying our development roadmap and adversely affecting our relationships with customers and our ability to compete. If we are obligated to fundamentally change our business activities and practices or modify our products, offerings, or services, we may be unable to make such changes and modifications in a commercially reasonable manner, or at all, and our ability to develop new products, offerings, and services could be limited.

Our success and ability to invest and grow depend largely on our ability to attract and retain highly skilled technical, professional, managerial, sales, and marketing personnel. Historically, competition for these key personnel has been intense. The loss of services of any of our key personnel, including key personnel joining our company through acquisitions, inability to retain and attract qualified employees in the future, or delays in hiring required personnel, particularly engineering and sales personnel, could make it difficult to meet key objectives, such as timely and effective product introductions and financial goals.

Our business is subject to numerous risks and uncertainties that you should consider before investing in our securities. These risks are described more fully below and include, but are not limited to, risks relating to the following: - Our strategy to develop and introduce new products and services, exposing us to risks such as limited customer acceptance (both with new and existing customers), costs related to product defects, and large expenditures. - Global economic and political conditions. - Costs and challenges associated with strategic acquisitions and investments. - Dependency on international revenue and operations, exposing us to significant international regulatory, economic, intellectual property, collections, currency exchange rate, taxation, political, and other risks. - Inability to predict subscription renewal rates and their impact on our future revenue and operating results. - Existing and increased competition and rapidly evolving technological changes. - Fluctuation of our financial results, key metrics and other operating metrics. - Deriving a substantial portion of our net revenue from a small number of solutions, including our AutoCAD-based software products and collections. - Any failure to successfully execute and manage initiatives to realign or introduce new business and sales initiatives. - Net revenue, billings, earnings, cash flow, or subscriptions shortfalls or volatility of the market causing the market price of our stock to decline. - Challenges relating to the proper management and governance of our use of AI in our offerings. - Security incidents compromising the integrity of our or our customers' offerings, services, data, or intellectual property. - Reliance on third parties to provide us with a number of operational and technical services as well as software. - Our highly complex software, which may contain undetected errors, defects, or vulnerabilities, and is subject to service disruptions, degradations, outages or other performance problems. - Increasing regulatory focus on privacy, data protection, and information security issues and expanding laws. - Governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate the controls. - Protection of our intellectual property rights and intellectual property infringement claims from others. - The government procurement process. - Fluctuations in currency exchange rates. - Our debt service obligations. - Our investment portfolio consisting of a variety of investment vehicles that are subject to interest rate trends, market volatility, and other economic factors.

The software industry has limited barriers to entry, and the availability of computing devices with continually expanding performance at progressively lower prices contributes to the ease of market entry. The industry has undergone a transition from developing and selling perpetual licenses and on-premises products to subscriptions and cloud-enabled technologies. This shift further lowers barriers to entry and poses a disruptive challenge to established software companies. The markets in which we operate are characterized by vigorous competition, both by entrants with innovative technologies and by consolidation of companies with complementary offerings and technologies. Some of our competitors have greater financial, technical, sales and marketing, and other resources. Our competitors may also be able to develop and market new technologies that render our existing or future products less competitive. For example, disruptive technologies such as machine learning and other AI technologies may significantly alter the market for our products in unpredictable ways and reduce customer demand. Furthermore, a reduction in the number and availability of compatible third-party applications or our inability to rapidly adapt to technological and customer preference changes, including those related to cloud computing, mobile devices, and new computing platforms, may adversely affect the sale of our solutions. Because of these and other factors, competitive conditions in the industry are likely to intensify in the future. Increased competition could result in price reductions, reduced net revenue and profit margins, and loss of market share, any of which would likely harm our business.

We derive a substantial portion of our net revenue from sales of subscriptions of a limited number of our offerings, including AutoCAD software, solutions based on AutoCAD, which include our collections that serve specific markets, and products that are interoperable with AutoCAD. Any factor adversely affecting sales of these subscriptions, including the product release cycle, market acceptance, product competition, performance and reliability, reputation, price competition, economic and market conditions, and the availability of third-party applications, would likely harm our financial results. During the nine months ended October 31, 2024 and 2023, combined revenue from our AutoCAD and AutoCAD LT family products, not including collections having AutoCAD or AutoCAD LT as a component, represented 26% and 27% of our total net revenue, respectively.

Our overall performance depends largely upon domestic and worldwide economic and political conditions. The United States and other countries' economies have experienced cyclical downturns, in which economic activity was impacted by falling demand for a variety of goods and services, restricted credit, poor liquidity, decreased government spending, reduced corporate profitability, volatility in credit, equity, and foreign exchange markets, inflationary pressures and higher interest rates, bankruptcies, and overall uncertainty. These economic conditions can occur abruptly. For example, current geopolitical and global macro-economic challenges have caused uncertainty in the global economy, and an economic downturn or recession in the United States or in other countries may occur or has already occurred and may continue. The extent to which these challenges will impact our financial condition or results of operations is still uncertain and will continue to depend on developments such as the impact of these challenges on our customers, vendors, distributors, and resellers, such as the supply chain disruption and resulting inflationary pressures and global labor shortage that we have seen recently, material scarcity, as well as other factors; actions taken by governments, businesses, and consumers in response to these challenges; speed and timing of economic recovery, including in specific geographies; our billings and renewal rates, including new business close rates, rate of multi-year contracts, pace of closing larger transactions, and new unit volume growth; wars and armed conflicts, including the ongoing wars between Ukraine and Russia and between Israel and Hamas; foreign exchange rate fluctuations; and the effect of these challenges on margins and cash flow. All of these factors continue to evolve and remain uncertain at this time, and some of these factors are not within our control. If economic growth in countries where we do business slows or if such countries experience further economic recessions, customers may delay or reduce technology purchases, which we have seen recently in certain countries including China. Our customers include government entities, including the U.S. federal government, and if spending cuts impede the ability of governments to purchase our products and services, our revenue could decline. In addition, a number of our customers rely, directly and indirectly, on government spending. As described elsewhere in these risk factors, we are dependent on international revenue and operations and are subject to related risks of conducting business globally. Trends toward nationalism and protectionism and the weakening or dissolution of international trade pacts may increase the cost of, or otherwise interfere with, conducting business. These trends have increased political and economic unpredictability globally and may increase the volatility of global financial markets, and the impact of such developments on the global economy remains uncertain. Political instability or adverse political developments in any of the countries in which we do business could harm our business, results of operations, and financial condition. A financial sector credit crisis could impair credit availability and the financial stability of our customers, including our distribution partners and channels. A disruption in the financial markets may also have an effect on our derivative counter-parties and could also impair our banking partners, on which we rely for operating cash management. War, including the ongoing wars between Ukraine and Russia and between Israel and Hamas, and any related political or economic responses and counter-responses or otherwise by various global actors or the general effect on the global economy, could also affect our business. Any of these events could harm our business, results of operations, and financial condition.

International net revenue represented 64% of our net revenue during both the nine months ended October 31, 2024 and 2023, respectively. Our international revenue, some of which comes from emerging economies, is subject to economic and political conditions in foreign markets, including those resulting from economic and political conditions in the United States. For example, we have recently seen a deceleration in growth in certain geographies including China. Our total revenue is also impacted by the relative geographical and country mix of our revenue over time. Our dependency on international revenue makes us much more exposed to global economic and political trends, which can negatively impact our financial results even if our results in the United States are strong for a particular period. We anticipate that our international operations will continue to account for a significant portion of our net revenue and, as we expand our international development, sales, and marketing expertise, will provide significant support to our overall efforts in countries outside of the United States. Risks inherent in our international operations include: - economic volatility;- tariffs, quotas, and other trade barriers and restrictions, including any political or economic responses and counter-responses or otherwise by various global actors to the ongoing wars between Ukraine and Russia and between Israel and Hamas;- fluctuating currency exchange rates, including devaluations, currency controls, and inflation, and risks related to any hedging activities we undertake;- changes in regulatory requirements and practices;- delays resulting from difficulty in obtaining export licenses for certain technology;- different purchase patterns as compared to the developed world;- operating in locations with a higher incidence of corruption and fraudulent business practices, particularly in emerging economies;- compliance with the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act, and other anti-corruption laws;- difficulties in staffing and managing foreign sales and development operations;- local competition;- longer collection cycles for accounts receivable;- U.S. and foreign tax law changes and the complexities of tax reporting;- laws regarding the free flow of data across international borders and management of and access to data and public networks;- possible future limitations upon foreign-owned businesses;- increased financial accounting and reporting burdens and complexities;- inadequate local infrastructure;- greater difficulty in protecting intellectual property;- software piracy; and - other factors beyond our control, including popular uprisings, terrorism, war (including the ongoing wars between Ukraine and Russia and between Israel and Hamas, and any related political or economic responses and counter-responses or otherwise by various global actors or the general effect on the global economy), natural disasters, and diseases and pandemics, such as COVID-19. Some of our business partners also have international operations and are subject to the risks described above. The application of the Trade and Cooperation Agreement between the European Union, the European Atomic Energy Community, and the United Kingdom signed in December 2020 (the "TCA"), which took effect January 1, 2021, could have adverse tax, tax treaty, banking, operational, legal, regulatory, or other impacts on our businesses in the region. The withdrawal could also, among other potential outcomes, create currency volatility; disrupt the free movement of goods, services, and people between the United Kingdom and the European Union; and significantly disrupt trade between the United Kingdom and the European Union and other parties. Uncertainty around these and related issues could lead to adverse effects on the United Kingdom economy, the European Union economies, and the other economies in which we operate. In addition, in recent years, the United States has instituted or proposed changes to foreign trade policy, including the negotiation or termination of trade agreements, the imposition of tariffs on products imported from certain countries, economic sanctions on individuals, corporations, or countries, and other government regulations affecting trade between the United States and other countries in which we do business. More recently, the United States and other global actors have imposed sanctions as a result of the war against Ukraine launched by Russia and the ongoing war between Israel and Hamas. New or increased tariffs and other changes in U.S. trade policy, including new sanctions, could trigger retaliatory actions by affected countries, including Russia. In addition, certain foreign governments, including the Chinese government, have instituted or considered imposing trade sanctions on certain U.S.-manufactured goods. The escalation of protectionist or retaliatory trade measures in either the United States or any other countries in which we do business, such as announcing sanctions, a change in tariff structures, export compliance, or other trade policies, may increase the cost of, or otherwise interfere with, the conduct of our business, and could have a material adverse effect on our operations and business outlook. Even if we are able to successfully manage the risks of international operations, our business may be adversely affected if our business partners are not able to successfully manage these risks.

Our business is highly automated and relies extensively on the availability of our network and data center infrastructure, our internal technology systems, and our websites. We also rely on hosted computer services from third parties for services that we provide to our customers and computer operations for our internal use. The failure of our systems or hosted computer services due to a catastrophic event, such as an earthquake, fire, flood, tsunami, weather event, telecommunications failure, power failure, cyber-attack, terrorism or war (including the ongoing wars between Ukraine and Russia and between Israel and Hamas, and any related political or economic responses and counter-responses or otherwise by various global actors or the general effect on the global economy), or business interruption from epidemics or pandemics, or the fear of such events, could adversely impact our business, financial results, and financial condition. For example, our corporate headquarters and executive offices are located near major seismic faults in the San Francisco Bay Area and face annual periods of wildfire danger, which increase the probability of power outages and may impact employees' abilities to commute to work or to work from home. We have developed disaster recovery plans and maintain backup systems in order to reduce the potential impact of a catastrophic event; however, there can be no assurance that these plans and systems would enable us to return to normal business operations. In addition, any such event could negatively impact a country or region in which we sell our products. This could in turn decrease that country's or region's demand for our products, negatively impacting our financial results.

Because we conduct a substantial portion of our business outside the United States, we face exposure to adverse movements in foreign currency exchange rates, which could have a material adverse impact on our financial results and cash flows. These exposures may change over time as business practices evolve and economic conditions change. We use derivative instruments to manage a portion of our cash flow, revenue and expense exposure to fluctuations in foreign currency exchange rates. As part of our risk management strategy, we use foreign currency contracts to manage a portion of our exposures of underlying assets, liabilities, and other obligations, which exist as part of our ongoing business operations. These foreign currency instruments may have maturities that extend for one to 18 months in the future and provide us with some protection against currency exposures. However, our attempts to hedge against these risks may not be completely successful, resulting in an adverse impact on our financial results. The fluctuations of currencies in which we conduct business can both increase and decrease our overall revenue and expenses for any given period. Although our foreign currency cash flow hedge program extends beyond the current quarter in order to reduce our exposure to foreign currency volatility, we do not attempt to completely mitigate this risk, and in any case, will incur transaction fees in adopting such hedging programs. Such volatility, even when it increases our revenues or decreases our expenses, impacts our ability to accurately predict our future results and earnings. In addition, global events, including geopolitical and economic developments, may contribute to volatility in foreign exchange markets, which we may not be able to effectively manage, and our financial results could be adversely impacted. Additionally, countries in which we operate may be classified as highly inflationary economies, requiring special accounting and financial reporting treatment for such operations, or such countries' currencies may be devalued, or both, which may adversely impact our business operations and financial results.