Arista Networks (ANET) Risk Analysis

Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors that are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include: - a classified board of directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our board of directors;- the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;- the exclusive right of our board of directors to elect a director to fill an unfilled seat on our board of directors created by the expansion of our board of directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our board of directors;- a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders;- the requirement that a special meeting of stockholders may be called only by the chairman of our board of directors, our chief executive officer, our president (in the absence of our chief executive officer) or our board of directors, by a vote of a majority of the total number of authorized directors, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors;- the requirement that a director may be removed from office by our stockholders only for cause and only by the affirmative vote of holders of at least 66 2/3% of the voting power of our capital stock entitled to vote thereon;- the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of our capital stock entitled to vote generally in the election of directors, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the structure of our board of directors, the management of our business, and certain rights of our stockholders (including the prohibition on the stockholder's ability to act by written consent), which may inhibit the ability of an acquirer to effect such amendments to facilitate an unsolicited takeover attempt;- the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of our capital stock entitled to vote thereon for stockholders to amend, alter or repeal our amended and restated bylaws, which may inhibit the ability of an acquirer to effect such amendments to facilitate an unsolicited takeover attempt;- the ability of our board of directors, by a vote of a majority of the total number of authorized directors, to amend the bylaws, which may allow our board of directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend the bylaws to facilitate an unsolicited takeover attempt; and - advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders' meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer's own slate of directors or otherwise attempting to obtain control of us. In addition, as a Delaware corporation, we are subject to Section 203 of the Delaware General Corporation Law. These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time.

We expect our gross margins to vary over time and the gross margins we have achieved in recent years may not be sustainable and may be adversely affected in the future by numerous factors, including but not limited to pricing pressure on our products and services due to competition, the ability of more fully integrated competitors to bundle their networking products with other products, or utilize proprietary silicon in their products, the mix of sales to large customers who generally receive lower pricing, the mix of products sold, manufacturing-related costs, including costs associated with sourcing key components from sole or limited suppliers and potential changes to our manufacturing and supply chain to respond to international trade tensions, supply chain sourcing activities, merchant silicon costs, excess/obsolete inventory and supplier liability charges, and fees to expedite supplier components and costs related to tariffs from our products that are manufactured internationally. In addition, other factors that may impact our gross margins over time include the introduction of new products and new business models including the sale and delivery of more software and subscription solutions, entry into new markets or growth in lower margin markets, entry in markets with different pricing and cost structures, pricing discounts given to customers, costs associated with defending intellectual property rights infringement, misappropriation or other violation claims and the potential outcomes of such disputes, increased costs arising from epidemics, changes in distribution channels, increased warranty costs, and our ability to execute our operating plans. In addition, inflationary pressures and shortages have increased and may continue to increase costs for certain materials, components, supplies and services. As a result of cost inflation in our supply chain, we have implemented targeted price increases from time to time. However, these price increases could result in a decrease in demand for our products which would decrease revenue. In addition, if business were subject to sustained economic stress or recession, many of the risk factors identified in this risk factors section could be heightened. We determine our operating expenses largely on the basis of anticipated revenue and a high percentage of our expenses are fixed in the short and medium term. As a result, a failure or delay in generating or recognizing revenue could cause significant variations in our operating results and operating margin from quarter to quarter. Failure to sustain or improve our gross margins reduces our profitability and may have a material adverse effect on our business and stock price.

As part of our business strategy, we have made and could continue to make investments in complementary companies, products or technologies which could involve licenses, additional channels of distribution, discount pricing or investments in or acquisitions of other companies. For example, we completed the acquisition of VeloCloud in June 2025 which required management to focus efforts on integrating the VeloCloud business with the Company. In addition, the privately-held companies in which we invested are in the startup or development stages. These investments are inherently risky because the markets for the technologies or products these companies are developing are typically in the early stages and may never materialize, and we could lose our entire investment in these companies. We may not be able to find suitable investment or acquisition candidates and we may not be able to complete such investments or acquisitions on favorable terms, if at all. If we do complete investments or acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any investments or acquisitions we complete could be viewed negatively by our customers, investors and securities analysts. Through acquisitions, we continue to expand into new markets and we may experience challenges in entering into new markets for which we have not previously manufactured and sold products, including facing exposure to new market risks, difficulty achieving expected business results due to a lack of experience in new markets, products or technologies or the initial dependence on unfamiliar distribution partners or vendors. In addition, investments and acquisitions may result in unforeseen operating difficulties and expenditures. For example, if we are unsuccessful at integrating any acquisitions or retaining key talent from those acquisitions, or the technologies associated with such acquisitions, into our company, the business, financial condition, results of operations and prospects of the combined company could be adversely affected. We may have difficulty retaining the employees of any acquired business or the acquired technologies or research and development expectations may prove unsuccessful. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. Acquisitions may also disrupt our ongoing business, divert our resources and require significant management attention that would otherwise be available for development of our business. We may not successfully evaluate or utilize the acquired technology or personnel or accurately forecast the financial effects of an acquisition transaction, including accounting charges. Any acquisition or investment could expose us to unknown liabilities. Moreover, we cannot assure you that the anticipated benefits of any acquisition or investment would be realized or that we would not be exposed to unknown liabilities. We may not be successful in retaining or expanding the customers and sales activities of any acquired business or in realizing the expected operational and cost efficiencies anticipated with the acquisition. We may have to pay cash, incur debt or issue equity securities to pay for any such investment or acquisition, each of which could adversely affect our financial condition or the market price of our common stock. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our stockholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations. Moreover, if the investment or acquisition becomes impaired, we may be required to take an impairment charge, which could adversely affect our financial condition or the market price of our common stock.

We have made substantial investments to develop new products and services and enhancements to existing products through our acquisitions and internal research and development efforts to expand our product offerings and maintain our revenue growth. If we are unable to anticipate technological changes in our industry by introducing new or enhanced products and services in a timely and cost-effective manner or if we fail to introduce products and services that meet market demand, we may lose our competitive position, our products may become obsolete, and our business, financial condition or results of operations could be adversely affected. For example, with our most recently introduced 800 GbE, AI focused Ethernet products and AI-Driven Campus and Branch Networking Offerings, our ability to continue to maintain our competitive position with our customers will depend on our ability to deliver these new products in a timely manner, our customers' acceptance of these products and the growth of the markets that these products serve. In addition, the evaluation, testing and qualification of our new products by our customers may be lengthy and may require increased customer trials and contracts with acceptance clauses, which delay revenue recognition may negatively impact our revenue. We remain in a period of new product introductions and expanded use cases, particularly in the AI Ethernet market. This has resulted in increased customer trials and contracts with acceptance periods, and an increase in the volatility and magnitude of our product deferred revenue balances, which in turn may create variability in our revenue results on a quarterly and annual basis. In addition, if we are not able to satisfy the requirements under customer trials or contracts with acceptance periods, we may be required to accept product returns from our customers, which would prevent us from recognizing revenue on such transactions and may result in the write-down of inventory. Additionally, from time to time, we invest in expansion into adjacent markets, including campus and Wi-Fi networking, AI networking, cloud and enterprise routing markets, network security markets and SD-WAN markets. Although we believe these solutions are complementary to our current offerings, we have less experience and a more limited operating history in these markets, and our efforts in this area may not be successful. Expanding our services in existing and new markets and increasing the depth and breadth of our presence imposes significant burdens on our marketing, compliance, and other administrative and managerial resources. Our plan to expand and deepen our market share in our existing markets and possibly expand into additional markets is subject to a variety of risks and challenges. Our success in these new markets depends on a variety of factors, including but not limited to our ability to develop new products, new product features and services that address the customer requirements for these markets, attract a customer base in markets in which we have less experience, compete with new and existing competitors in these adjacent markets, and gain market acceptance of our new products. In addition, when we introduce new products, we expect that it will take time for manufacturing to ramp production and fulfill customer demand. Developing our products is expensive, and the investment in product development typically involves a long payback cycle. We expect to continue to make substantial investments to introduce new products and services and enhance the functionality of our existing cloud networking platform through investments in our research and development organization, and investments in or acquisitions of complementary companies, products and technologies to expand our product offerings and build upon our technology leadership. We expect that our results of operations will be impacted by the timing and size of these investments. These investments may take several years to generate positive returns, if ever. Additionally, future market share gains may take longer than planned and cause us to incur significant costs. If we are unable to attract new large customers or to sell additional products and services to our existing customers, our revenue growth will be adversely affected, and our revenue could decrease. Difficulties in any of our new product development efforts or our efforts to enter adjacent markets could adversely affect our operating results and financial condition.

Under the indemnification provisions of our standard sales contracts, we agree to defend our customers and channel partners against third-party claims asserting infringement, misappropriation or other violation of certain intellectual property rights, which may include patents, copyrights, trademarks or trade secrets, and to pay judgments entered on such claims. An adverse ruling in such litigation may potentially expose us to claims in the event that claims are brought against our customers based on the ruling and we are required to indemnify such customers. Our exposure under these indemnification provisions is frequently limited to the total amount paid by our customer under the agreement. However, certain agreements include indemnification provisions that could potentially expose us to losses in excess of the amount received under the agreement. Any of these events, including claims for indemnification, could seriously harm our business, financial condition, results of operations and prospects.

We increasingly depend upon our IT systems to conduct virtually all of our business operations, ranging from our internal operations and product development activities to our marketing and sales efforts and communications with our customers and business partners. Computer programmers or other persons or organizations may attempt to penetrate our network security, or that of our website or systems, and access, use, or obtain confidential, personal, or otherwise sensitive or proprietary information about us or our customers, or via these or other methods, including denial of service attacks and other cyberattacks, disrupt or cause interruptions of our systems, products, services and networks. In addition, geopolitical tensions and conflicts, such as the Russia-Ukraine conflict, the Israel-Hamas hostilities and deteriorating relations with China, may create a greater risk of cyberattacks against our company and our manufacturers, suppliers, logistics providers, banks and other business partners. Because the techniques used to access, disrupt, or sabotage networks and systems change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques. In addition, our software and sophisticated hardware and operating system software and applications that we develop or procure from third parties may contain vulnerabilities or defects in design or manufacture, including "bugs," viruses, ransomware and other malware, and other problems that could cause the software or applications to fail or otherwise to unexpectedly interfere with the operation of the system or that could result in a breach of or disruption to our systems, products, services or networks or the systems, networks, products, or services of third parties that support us and our services. We also face risks of others gaining unauthorized access to our products and services and introducing malicious software, and such malicious software, defects, bugs or vulnerabilities, or other defects, bugs, or vulnerabilities in our products or services may result in failures or interruptions of our products or services or expose our end-customers' networks, leaving their networks unprotected against the latest security threats. In addition, our systems, services and products are subject to risks of system outages and other cybersecurity incidents caused by unintended technical errors, which would occur even in the absence of unauthorized access or other malicious activity. We have also outsourced some business functions to third parties, including our manufacturers, logistics providers, and cloud service providers, and our business operations also depend, in part, on the success of these third parties' own cybersecurity measures. Similarly, we rely upon distributors, resellers and system integrators to sell our products and our sales operations depend, in part, on the reliability of their cybersecurity measures. Additionally, we depend upon our employees to appropriately handle confidential, sensitive, and proprietary data and comply with the security measures we have instituted to prevent exposure of our networks and systems to security breaches and incidents, the unauthorized access to our products and the loss of data. We and the aforementioned third parties also face the risk of ransomware and other malicious software, phishing schemes and other social engineering methods, fraud and other malfeasance, cybersecurity threats from state sponsors and other actors, and intentional or negligent acts or omissions of employees and contractors. Furthermore, our acquisition of Awake Security and our provision of its NDR platform may result in us being a more attractive target for such attacks. Accordingly, if our cybersecurity systems and measures or those of any of the aforementioned third parties, or of any other third parties capable of introducing risks to our system or operations, fail to protect against sophisticated cyber-attacks, other means of effectuating security breaches or incidents, interruptions or other disruptions of our or our third-party service providers' systems, networks, products, or services, the mishandling of data by employees and contractors, the corruption, loss, or mishandling or other unauthorized processing of data by unauthorized persons, or any other means of unauthorized access to, or use of, our manufacturing process, products, services, networks, systems, or data that we or such third parties maintain, operate, or process, our ability to conduct our business effectively could be damaged in a number of ways, including: - sensitive data regarding our business or our customers, including intellectual property and other proprietary data, could be stolen or lost, modified, rendered unavailable, or otherwise assessed, used, or processed in authorized manners;- our systems, including email and other electronic communication methods, and access to or availability of data, could be disrupted or harmed, and our ability to conduct our business operations could be seriously damaged until such systems or data access and availability can be restored, which we may be unable to achieve in a prompt manner or at all;- our ability to process customer orders and electronically deliver products and services could be degraded, and our distribution channels could be disrupted, resulting in delays in revenue recognition;- defects and security vulnerabilities could be introduced into our software, thereby damaging the reputation and perceived reliability and security of our products and potentially making the data systems of our customers vulnerable to data loss and security breaches and incidents;- our manufacturing process, products, services, supply chain, network systems and data could be corrupted or otherwise disrupted; and - personal data of our customers, employees, contractors, and business partners could be lost, accessed, obtained, modified, disclosed or used without authorization, corrupted or made unavailable, or otherwise compromised. Should any of the above events occur, or be perceived to occur, we could be subject to significant claims for liability from our customers and others and regulatory investigations and actions from governmental agencies, and we could be required to expend significant capital and other resources to remediate and otherwise address any security breach or incident, including to notify individuals, entities, or regulatory bodies and to implement measures in an effort to prevent further breaches or incidents. In addition, our ability to protect our intellectual property rights could be compromised and our reputation and competitive position could be significantly harmed. Also, the regulatory and contractual actions, proceedings, litigation, investigations, fines, penalties and liabilities relating to any actual or perceived data breaches or security incidents that result in losses of, damage or destruction of, or unauthorized access to or acquisition of, credit card information or other personal or sensitive data of users of our services can be significant in terms of fines and reputational impact and necessitate changes to our business operations that may be disruptive to us. Additionally, we could incur significant costs in order to upgrade our cybersecurity systems and measures in an effort to prevent network and system disruptions and other security breaches and other incidents. Even the perception of inadequate security may damage our reputation and negatively impact our ability to win new customers and retain existing customers. Consequently, our financial performance and results of operations could be adversely affected by any of the foregoing types of security breaches, incidents, vulnerabilities, or other matters, or the perception that any of them have occurred. In addition, we cannot assure that any limitation of liability provisions in our customer agreements, contracts with third-party vendors and service providers or other contracts would be enforceable or adequate or would otherwise protect us from any liabilities or damages with respect to any particular claim relating to a security breach or other security-related matter. We also cannot be certain that our insurance coverage will be adequate for data handling or data security liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any future claim will not be excluded or otherwise be denied coverage by any insurer. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our reputation, financial condition and operating results.

Generally, our products comprise only a part of the network infrastructure and must interoperate with our customers' existing infrastructure, specifically their networks, servers, software and operating systems, which may be manufactured by a wide variety of vendors and OEMs. Our products must comply with established industry standards in order to interoperate with the servers, storage, software and other networking equipment in the network infrastructure such that all systems function efficiently together. We depend on the vendors of servers and systems in a data center to support prevailing industry standards. Often, these vendors are significantly larger and more influential in driving industry standards than we are. Also, some industry standards may not be widely adopted or implemented uniformly and competing standards may emerge that may be preferred by our customers. In addition, when new or updated versions of these software operating systems or applications are introduced, we must sometimes develop updated versions of our software so that our products will interoperate properly. We may not accomplish these development efforts quickly, cost-effectively or at all. These development efforts require capital investment and the devotion of engineering resources. If we fail to maintain compatibility with these systems and applications, our customers may not be able to adequately utilize our products, and we may lose or fail to increase market share and experience a weakening in demand for our products, among other consequences, which would adversely affect our business, financial condition, results of operations and prospects.

Our business is subject to regulation by various federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, environmental laws (including new laws related to climate change), consumer protection laws, privacy, data protection, telecommunications, anti-bribery laws such as the U.S. Foreign Corrupt Practices Act, import/export controls and sanctions, conflict minerals, federal securities laws and tax laws and regulations. In addition, emerging tools and technologies we utilize in providing our products, like AI and machine learning, may also become subject to regulation under new laws or new applications of existing laws. Violations of these laws and regulations could result in fines and penalties, criminal sanctions against us, our officers or our employees, prohibitions on the conduct of our business, and damage to our reputation. In addition, in certain jurisdictions, these regulatory requirements may be more stringent than those in the United States, such as the EU's General Data Protection Regulation ("GDPR"). The GDPR provides for substantial obligations relating to the handling, storage and other processing of data relating to individuals and administrative fines for violations, which can be up to four percent of the previous year's annual revenue or €20 million, whichever is higher. In the past, we relied on the E.U.-U.S. and Swiss-U.S. Privacy Shield programs, and/or the use of standard contractual clauses approved by the European Commission ("SCCs"), to legitimize transfers of data out of the EU. EU courts later invalidated the E.U.-U.S. Privacy Shield and imposed additional obligations in connection with use of the SCCs. The European Commission subsequently issued new SCCs. The continued validity of these new SCCs for cross-border data transfer is uncertain and difficult to predict. Among other effects, we may experience additional costs associated with increased compliance burdens and new contract negotiations with third parties that aid in processing data on our behalf. Further, the UK has implemented legislation that substantially mirrors the GDPR, and which provides for fines of up to the greater of 17.5 million British Pounds or four percent of the previous year's annual revenue, whichever is higher. The relationship between the UK and the EU in relation to certain aspects of data protection law remains unclear following the UK's exit from the EU, including with respect to regulation of data transfers between EU member states and the UK. The UK has issued new standard contractual clauses that, like the SCCs, are required to be implemented. We may experience reluctance or refusal by current or prospective customers in the European Economic Area (the "EEA"), the UK, or other regions to use our products, and we may find it necessary or desirable to make further changes to our handling of personal data of residents of the EEA, UK, or other regions. The regulatory environment applicable to the handling of personal data of EEA and UK residents, and our actions taken in response, may cause us to assume additional liabilities or incur additional costs and could result in our business, operating results and financial condition being harmed. Additionally, we and our customers may face a risk of enforcement actions by data protection authorities relating to personal data transfers to us and by us from the EEA, UK, or other regions. Any such enforcement actions could result in substantial costs and diversion of resources, distract management and technical personnel and negatively affect our business, operating results, and financial condition. Many jurisdictions have passed new laws and regulations relating to privacy, data protection, and other matters, and other jurisdictions are considering imposing additional restrictions. These laws continue to develop and may be inconsistent from jurisdiction to jurisdiction. For example, the California Consumer Privacy Act ("CCPA") became operative on January 1, 2020 and was amended by the California Privacy Rights Act ("CPRA") going into effect over time through July 1, 2023. Aspects of the CCPA/CPRA and its interpretation remain uncertain and are likely to remain uncertain for an extended period and may require us to incur additional costs and expenses in an effort to comply. In addition to the CCPA/CPRA, numerous other states have enacted or are considering similar laws that will require ongoing compliance efforts and investment. For example, Connecticut, Virginia, Colorado and Utah have enacted legislation similar to the CCPA and CPRA that took effect in 2023; Florida, Montana, Oregon, and Texas have enacted similar legislation that took effect in 2024; Delaware, Tennessee, Iowa, Maryland, Minnesota, New Hampshire, Nebraska, New Jersey and Tennessee have enacted similar legislation effective, or taking effect in 2025; and Indiana, Rhode Island and Kentucky have enacted similar legislation that will become effective in 2026. Among other emerging laws relating to privacy and data protection globally, India has released its Digital Personal Data Protection Act 2023, India's Ministry of Electronics and Information Technology has published Draft Digital Personal Data Protection Rules for public comment on January 3, 2025, addressing various matters under this law, but the full scope of the implementation remains uncertain. We maintain an employee and operational presence in India, and this act may require us to modify our policies and practices and incur increased costs in our efforts to comply. We also expect laws, regulations, industry standards and other obligations worldwide relating to privacy, data protection and cybersecurity to continue to evolve, and that there will continue to be new, modified, and re-interpreted laws, regulations, standards, and other obligations in these areas. For example, the Network and Information Security Directive II, or NIS2, adopted in 2023, aims to enhance cybersecurity across critical infrastructure and essential services in the EU. It expands the scope of the 2016 NIS Directive to include additional sectors while enforcing stricter governance and accountability requirements. NIS2 requires all 27 EU member states to issue implementing legislation by October 2024; however, several EU member states have not finalized their respective legislation and guidance. Additionally, the Digital Operational Resiliency Act, or DORA, became effective in January 2025, and aims to establish a universal framework for managing and mitigating information and communication technology risk that will apply to entities in the financial sector and their third-party cloud service providers. In addition, some countries are considering or have enacted legislation requiring local storage and processing of data that could increase the cost and complexity of delivering our services. Accordingly, we cannot predict the full impact of other evolving privacy and data protection obligations on our business or operations. Complying with emerging and changing legal and regulatory requirements relating to privacy, data protection and other matters may cause us to incur costs or require us to change our business practices, which could harm our business, financial condition, results of operations and prospects. We are also subject to environmental laws and regulations governing the management and disposal of hazardous materials and wastes, including the hazardous material content of our products and laws relating to the collection, recycling and disposal of electrical and electronic equipment. Our failure, or the failure of our partners, including our contract manufacturers, to comply with past, present and future environmental laws could result in fines, penalties, third-party claims, reduced sales of our products, re-engineering our products, substantial product inventory write-offs and reputational damage, any of which could harm our business, financial condition, results of operations and prospects. We also expect that our business will be affected by new environmental laws and regulations on an ongoing basis applicable to us and our partners, including our contract manufacturers. To date, our expenditures for environmental compliance have not had a material effect on our results of operations or cash flows. Although we cannot predict the future effect of such laws or regulations, they will likely result in additional costs or require us to change the content or manufacturing of our products, which could have a material adverse effect on our business, financial condition, results of operations and prospects. From time to time, we may receive inquiries from governmental agencies or we may make voluntary disclosures regarding our compliance with applicable governmental regulations or requirements relating to various matters, including import/export controls, federal securities laws and tax laws and regulations which could lead to formal investigations. Actual or alleged noncompliance with applicable laws, regulations or other governmental requirements could lead to regulatory investigations, enforcement actions, and other proceedings, private claims and litigation, and potentially may subject us to sanctions, mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties or injunctions. If any governmental fines, penalties, or other sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, financial condition, results of operations and prospects could be materially adversely affected. In addition, responding to any investigation, action or other proceeding will likely result in a significant diversion of management's attention and resources and an increase in professional fees. Enforcement actions, investigations, and fines, penalties, and other sanctions could harm our business, financial condition, results of operations and prospects.

We depend on third-party contract manufacturers to manufacture our product lines. A significant portion of our cost of revenue consists of payments to these third-party contract manufacturers. Our reliance on these third-party contract manufacturers reduces our control over the manufacturing process, quality assurance, product costs and product supply and timing, which exposes us to operational risks including their ability to obtain in a timely manner sufficient components for our products and to ramp manufacturing sufficiently to meet our customer demand. Our reliance on contract manufacturers also yields the potential for their infringement, misappropriation or other violation of third-party intellectual property rights in the manufacturing of our products or their infringement, misappropriation or other violation of our intellectual property rights in the manufacturing of other customers' products. If we are unable to manage our relationships with our third-party contract manufacturers effectively, or if these third-party manufacturers suffer delays or disruptions or quality control problems in their operations, experience increased manufacturing lead times, capacity constraints or fail to meet our future requirements for timely delivery, our ability to ship products to our customers would be severely impaired, and our business, financial condition, results of operations and prospects would be seriously harmed. To the extent that our products are manufactured at facilities in foreign countries, we may be subject to additional risks associated with complying with local rules and regulations in those jurisdictions. Shelter in place orders, factory closures or reductions in staffing at our manufacturing sites would result in material disruptions, increased lead times and supply shortages of our products. Due to their existence in foreign locations, our contract manufacturers may also be subject to or become subject to new or increased tariffs which, if sufficiently high, may affect the profitability of these operations and may require relocation to new locations, moves which may require bearing associated costs. There is no guarantee that any contract manufacturing location may not be targeted by tariffs or other trade measures imposed by the United States or another country. Our contract manufacturers typically fulfill our supply requirements on the basis of individual orders. We do not have long-term contracts with our third-party manufacturers that guarantee capacity, the continuation of particular pricing terms or the extension of credit limits. Accordingly, they are not obligated to continue to fulfill our supply requirements, which could result in supply shortages, and the prices we are charged for manufacturing services could be increased on short notice. For example, a competitor could place large orders with the third-party manufacturer, thereby utilizing all or substantially all of such third-party manufacturer's capacity and leaving the manufacturer little or no capacity to fulfill our individual orders without price increases or delays, or at all. Our contract with one of our contract manufacturers permits it to terminate the agreement for convenience, subject to prior notice requirements. We may not be able to develop alternate or second contract manufacturers in a timely manner. If we add or change contract manufacturers or change any manufacturing plant locations within a contract manufacturer network, we would add additional complexity and risk to our supply chain management and may increase our working capital requirements. Ensuring a new contract manufacturer or new plant location is qualified and has sufficient manufacturing capacity to manufacture our products to our standards and industry requirements could take significant effort and be time consuming and expensive, and any delays or failures to adequately ramp production to meet our customer demand could negatively impact our business, financial condition, results of operations and prospects. Any addition or change in manufacturers may be extremely costly, time consuming and we may not be able to do so successfully. Furthermore, when we introduce new products, it could take time for manufacturing to ramp production and fulfill customer demand. In addition, we may be subject to additional significant challenges to ensure that quality, processes and costs, among other issues, are consistent with our expectations and those of our customers. A new contract manufacturer or manufacturing location may not be able to scale its production of our products at the volumes or quality we require. This could also adversely affect our ability to meet our scheduled product deliveries to our customers, which could damage our customer relationships and cause the loss of sales to existing or potential customers, late delivery penalties, delayed revenue or an increase in our costs which could adversely affect our gross margins. This could also result in increased levels of inventory subjecting us to increased risk of excess and obsolete charges that could have a negative impact on our operating results. Any production interruptions, labor shortages or disruptions for any reason, including those noted above, as well as a natural disaster, epidemic, war, capacity shortages, adverse results from intellectual property litigation or quality problems, at one of our manufacturing partners would adversely affect sales of our product lines manufactured by that manufacturing partner and adversely affect our business, financial condition, results of operations and prospects.

Our products are primarily manufactured in Malaysia, Vietnam, and Mexico, and we also procure a limited number of products with Country of Origin from China, Taiwan, Thailand and Philippines. In addition, our contract manufacturing partners procure some components from China for use in the manufacturing of our products. Because our products are primarily manufactured internationally, the import of our products into the United States may be affected by applicable tariff policies. The Office of the U.S. Trade Representative has enacted various Section 301 tariffs on certain imports into the U.S. from China, including communications equipment products and components manufactured and imported from China. In addition, since March 2025, the United States has imposed additional tariffs on most products of China pursuant to an executive order addressing the flow of fentanyl. In March 2025, the U.S. government also imposed new fentanyl-related tariffs on certain products of Canada and Mexico pursuant to a separate executive order (the "Canada-Mexico Tariffs"), and which exempt products qualifying for preferential treatment under the United States-Mexico-Canada Agreement ("USMCA"). Our products manufactured in Mexico, which generally qualify for preferential treatment under USMCA, have not been significantly impacted by the Canada-Mexico Tariffs. The U.S. government announced on July 31, 2025 that it would extend the current arrangement with respect to Mexico for a period of 90 days. Since April 2025, pursuant to additional executive orders, including those reflecting trade agreements reached with various trading partners, the U.S. government imposed additional reciprocal tariffs (in addition to Section 301 tariffs and fentanyl tariffs listed above) of 10% or more on virtually all other U.S. trading partners (collectively, the "Reciprocal Tariffs"). The U.S. government has paused additional, higher Reciprocal Tariffs until August 7, 2025. Additionally, the Reciprocal Tariffs currently exempt some products, including certain semiconductors, computers, consumer electronics, and items covered under a Section 232 tariff order or which become covered under a Section 232 tariff order. Currently, most our products manufactured in Malaysia and Vietnam are items currently excluded from the scope of the Reciprocal Tariffs and therefore not impacted by the tariffs levied in the Reciprocal Tariff orders. Other products may be impacted by the Reciprocal Tariffs. Some of our products may also be within the scope of one or more pending Section 232 investigations by the U.S. Department of Commerce, including an investigation into semiconductors and an investigation into processed critical minerals and derivative products, including various electronics items; once these investigations are complete, the U.S. government may place additional tariffs on these items which could result in higher costs to us and negatively affect our gross margins. In response to these and other U.S. measures, China, Canada, and other countries have taken a range of retaliatory measures. These include the imposition of retaliatory tariffs on certain U.S.-origin goods; the implementation of new export controls by China on various critical minerals, including rare earths metals; the scheduling of further retaliatory tariff measures; and other actions. There is currently significant uncertainty about the future relationship between the United States, and various other countries, most significantly China, with respect to tariffs and trade policies. The situation regarding these tariffs and trade policies has been fluid. Continued escalations could result in the imposition of extreme tariff or non-tariff trade measures, which may lead to a breakdown in international supply chains due to increased tariff costs or disruptions in the availability of goods. An increase in trade-related costs associated with these tariff actions may impair the profitability of such international production, may strain our suppliers' ability to provide inputs necessary for the production of these items, and may otherwise affect our manufacturing partners' ability to provide our products at previously contracted prices. We also may not be able to pass on the full burden of the increase in trade-related costs to our partners and/or customers which could impact our profitability and/or our competitiveness. We are adjusting our supply chain and manufacturing practices to minimize the impact of the tariffs and any impact on the supply chain of components sourced from affected countries, but our efforts may not be successful. In addition, there can be no assurance that we will not experience a disruption in our business related to these or other changes in trade practices, and the process of changing suppliers in order to mitigate any such tariff costs could be complicated, time-consuming, and costly. Tariffs may also cause customers to delay or to request an expedition for their orders as they evaluate where to take delivery of our products in connection with their efforts to mitigate their own tariff exposure. Such delays or expeditions may create forecasting difficulties for us and increase the risk that orders might be canceled or might never be placed. Current or future tariffs may also negatively impact our customers' sales, thereby causing an indirect negative impact on our own sales. Even in the absence of further tariffs, the related uncertainty and the market's fear of an escalating trade tensions and related macroeconomic effects might cause our distributors and customers to place fewer orders for our products, which could have a material adverse effect on our business, liquidity, financial condition, and/or results of operations.