PubMatic (PUBM) Risk Factors

We depend upon our buyer and publisher relationships, including channel partners, which aggregate large numbers of smaller publishers, to provide advertising space which we can offer to prospective buyers to continue to grow the usage of our platform. In doing so, we compete for both supply and demand with larger, well-established companies that may have technological or other advantages stemming from their broader experience in the market. We must continue to adapt and improve our technology to compete effectively, and customers have not always embraced our offerings due to various factors, including switching costs from moving away from pre-existing technology integrations, such as already implemented header bidding wrappers, and lack of awareness of our omnichannel offerings. Although we believe we provide superior transparency and accountability to such competitors, certain customers may make technological or financial demands that we are unable or unwilling to meet. These and other factors may make it difficult for us to increase our business with our publishers and buyers, cause some buyers to reduce their spending with us, or increase our costs of doing business, which could adversely affect our business, results of operations, and financial condition. A relatively small number of premium publishers have historically accounted for a significant portion of the ad impressions sold on our platform, as well as a significant portion of our revenue from publishers, including a relatively small number of channel partners. We generally do not have minimum commitments from publishers. As a result, the amount, quality, and cost of ad impressions available to us can change at any time with little or no prior notice, and we cannot assure you that we will have access to a consistent volume or quality of ad impressions at a reasonable cost, or at all. We depend upon a relatively small number of premium publishers and channel partners and expect to continue to do so for the foreseeable future. To support our continued growth, we seek to add additional publishers and buyers to our platform and to expand current utilization with our existing publishers and buyers. Any disruptions in our relationships with premium publishers, buyers, or our largest channel partners could adversely affect our business, results of operations, and financial condition. If we cannot retain or add individual publishers with valuable ad impressions, or if such publishers decide not to make their valuable ad impressions available to us, then our buyers may be less inclined to use our platform, which could adversely affect our business, results of operations, and financial condition. A limited number of large demand side platforms ("DSPs") – The Trade Desk and Google DV360 in particular – account for a significant portion of the ad impressions purchased on our platform. We depend upon these DSPs for a large percentage of impressions purchased and expect to do so for the foreseeable future. We have no minimum commitments from buyers to spend on our platform, so the amount of demand available to us can change at any time with little or no prior notice, and we cannot assure you that we will have access to a consistent volume or quality of ad campaigns or demand for our ad impressions at a reasonable price, or at all. Any disruptions in our relationships with DSPs, agencies, advertisers, or buyers could adversely affect our business, results of operations, and financial condition. If a buyer or group of buyers representing a significant portion of the demand in our marketplace decides to materially reduce use of our platform, it could cause an immediate and significant decline in our revenue and profitability and adversely affect our business, results of operations, and financial condition. Historically, our buyers have predominantly used our platform to purchase mobile, display, and video advertising inventory from our publishers. We expect that these will continue to be significant channels used by our customers for digital advertising in the future. We also believe that our revenue growth may depend on our ability to expand within mobile, video, and in particular, CTV, and we are continuing to enhance such channels. We may not be able to accurately predict changes in overall advertiser demand for the channels in which we operate and cannot assure you that our investment in formats will correspond to any such changes or shifts in demand. Any decrease in the use of mobile, display, and video advertising, whether due to customers losing confidence in the value or effectiveness of such channels, regulatory restrictions or other causes, or any inability to further penetrate CTV or enter new and emerging advertising channels, could adversely affect our business, results of operations, and financial condition.

We must address quality concerns of both advertisers and publishers. Publishers require ad quality tools that enable granular control over the characteristics of the ads that run on their ad impressions, including those relating to the advertiser, industry and content for a particular ad. We must also provide automatic or ad hoc blocking of ads that contain malware or other ads the publisher deems undesirable. Our inventory quality tools must continue to help publishers demonstrate the value and quality of their ad impressions to DSPs, advertisers, and agencies with automated fraud detection and viewability reporting. Maintaining and upgrading our capabilities associated with ad quality and inventory quality is complex and costly. Maintaining high-quality inventory may become increasingly difficult with the advent of "deep fake" video and other media produced using artificial intelligence ("AI"). If we fail to maintain high quality controls for our publishers and partners, our business, results of operations, and financial condition could be adversely affected. In addition, the viewability of ad impressions is important to certain advertisers because it enables them to assess the value of particular ad impressions as a means to reach a target audience. However, there is no consensus regarding the definition of viewability or the minimum standard viewability thresholds and metrics that should apply for different ad formats. We cannot predict whether consensus views will emerge, or what they will be. Incorporating accepted viewability approaches fully into our business as they evolve will require us to incur additional costs to integrate relevant technologies and process additional information through our platform. In addition, ad impressions that are well differentiated on the basis of viewability will also typically be differentiated on the basis of value, with those that are less viewable valued lower. In this context, if we are not able to effectively transact ad impressions with higher viewability and to incorporate appropriate viewability capabilities into our platform, we could be competitively disadvantaged and our business, results of operations, and financial condition could be adversely affected.

Our restated certificate of incorporation and restated bylaws contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors who are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include: - a provision that our board of directors will be classified into three classes of directors with staggered three-year terms at such time as the outstanding shares of our Class B common stock represent less than a majority of the combined voting power of our common stock, which could delay the ability of stockholders to change the membership of our board;- the ability of our board to issue shares of preferred stock without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;- a prohibition on stockholder action by written consent effective upon such time as the outstanding shares of our Class B common stock represent less than a majority of the combined voting power of our common stock;- the requirement that a special meeting of stockholders may be called only by the chairman of the board, our chief executive officer, our lead director, or a majority of our board;- the requirement for the affirmative vote of holders of at least 66-2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend provisions of our restated certificate of incorporation or our restated bylaws;- the ability of our board to amend the bylaws, which may allow it to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer;- the requirement that stockholders submitting notice of a nomination or proposal to be considered at an annual meeting of our stockholders must have continuously beneficially owned at least 1% of our outstanding common stock for a period of one year before giving such notice;- advance notice procedures with which stockholders must comply to nominate candidates to our board or to propose matters to be acted upon at a stockholders' meeting; and - the dual class common stock structure in which holders of our Class B common stock have the ability to control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the outstanding shares of our common stock, including the election of directors and significant corporate transactions, such as a merger or other sale of our company or its assets. In addition, our restated certificate of incorporation provides that the Court of Chancery of the State of Delaware will be the exclusive forum for derivative actions, actions asserting a breach of fiduciary duty, actions asserting a claim against us arising pursuant to the Delaware General Corporation Law, our restated certificate of incorporation or restated bylaws, or any action asserting a claim against us that is governed by the internal affairs doctrine. This choice of forum provision may limit a stockholder's ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers, or other employees, which may discourage lawsuits with respect to such claims. Alternatively, if a court were to find the choice of forum provision contained in our restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could adversely affect our business, results of operations, and financial condition. In addition, because we are incorporated in Delaware, we are governed by the provisions of the anti-takeover provisions of the Delaware General Corporation Law, which may discourage, delay or prevent a change in control by prohibiting us from engaging in a business combination with an interested stockholder for a period of three years after the person becomes an interested stockholder, even if a change of control would be beneficial to our existing stockholders. Although we believe these provisions collectively provide for an opportunity to obtain greater value for stockholders by requiring potential acquirers to negotiate with our board, they would apply even if an offer rejected by our board was considered beneficial by some stockholders. In addition, these provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board, which is responsible for appointing the members of our management.

We operate in an evolving industry with ever-changing customer needs, and, as a result, our business has evolved over time such that our operating history makes it difficult to evaluate our business and future prospects. Our results of operations have fluctuated in the past, and future results of operations are likely to fluctuate as well. Although we have experienced prolonged revenue growth, we may not be able to sustain this growth rate, current revenue levels, or profitability. In addition, because our business is evolving, our historical results of operations may be of limited utility in assessing our future prospects. We expect to face challenges, risks, and difficulties frequently experienced by growing companies in rapidly developing industries, including those relating to: - changes in demand and pricing for ad impressions sold on our platform;- changes in our access to valuable ad impressions from publishers;- responding to evolving industry standards and government regulations that impact our business, particularly in the areas of data protection and consumer privacy;- developing, maintaining, and expanding relationships with publishers, DSPs, agencies, advertisers, and buyers;- seasonality in our business;- innovating and developing new solutions that are adopted by and meet the needs of publishers, DSPs, agencies, advertisers, and buyers;- competing against companies with a larger customer base or greater financial or technical resources;- changes in the structure of the buying and selling of ad impressions;- changes in the pricing policies of publishers and competitors;- changes in demand due to changes in macroeconomic environment, including as a result of an economic downturn, recession, inflation, changes in interest rates or foreign exchange rates, disruptions to supply chains, or otherwise;- further expanding our business internationally; and - recruiting, integrating, and retaining qualified and motivated employees, particularly engineers. Any one or more of the factors above may result in significant fluctuations in our results of operations. You should not rely on our past results as an indicator of our future performance. Because many of our expenses are based upon forecasted demand and may be difficult to reduce in the short term, volatility in quarterly revenue could cause significant variations in quarterly results of operations. We may not forecast our revenue or expenses accurately, causing our results of operations to diverge from our estimates or the expectations of securities analysts and investors. If we fail to meet or exceed such expectations for these or any other reasons, the trading price of our Class A common stock could fall, and we could face costly litigation, including securities class action lawsuits.

We are subject to various U.S. export control and trade and economic sanctions laws and regulations, including the U.S. Export Administration Regulations and the various sanctions programs administered by the U.S. Department of the Treasury's Office of Foreign Assets Control (collectively, "Trade Controls"). U.S. Trade Controls may prohibit the shipment of specified products and services to certain countries, governments, and persons. Although we endeavor to conduct our business in compliance with Trade Controls, our limited ability to oversee and control the inventory of our channel partners or our failure to successfully comply may expose us to negative legal and business consequences, including civil or criminal penalties, governmental investigations, and reputational harm. Furthermore, if we export our technology or software, the exports may require authorizations, including a license, a license exception, or other appropriate government authorization or regulatory requirements. Complying with Trade Controls may be time-consuming and may result in the delay or loss of opportunities. In addition, various countries regulate the import of encryption technology, including the imposition of import permitting and licensing requirements, and have enacted laws that could limit our ability to offer our platform or could limit our customers' ability to use our platform in those countries. Changes in our platform or future changes in export and import regulations may create delays in the introduction of our platform in certain markets or prevent our customers with international operations from deploying our platform globally. Any change in export or import regulations, economic sanctions or related legislation, or change in the countries, governments, persons, or technologies targeted by such regulations, could result in decreased use of our platform by, or in our decreased ability to export our technology and services to, existing or potential customers with international operations. Any decreased use of our platform or limitation on our ability to export our platform could adversely affect our business, results of operations, and financial condition.

We are subject to federal, state, and local taxes in the United States, and we are subject to taxes in numerous foreign jurisdictions. Significant judgment is required in evaluating our tax positions and our worldwide provision for income taxes. During the ordinary course of business, there are many activities and transactions for which the ultimate tax determination is uncertain. In addition, our future income tax obligations could be adversely affected by changes in, or interpretations of, tax laws in the United States or in other jurisdictions in which we operate. For example, the United States tax legislation commonly referred to as the Tax Cuts and Jobs Act of 2017 (the "Tax Act") (as modified by the Coronavirus Aid, Relief, Economic Security Act, the Families First Coronavirus Response Act and the American Rescue Plan Act), significantly reformed the Internal Revenue Code of 1986, as amended, reducing U.S. federal tax rates, making sweeping changes to rules governing international business operations, and imposing significant additional limitations on tax benefits, including the deductibility of interest and the capitalization of research and development expenses. In addition, the Inflation Reduction Act of 2022 (the "Inflation Reduction Act") imposes a 15% corporate alternative minimum tax and 1% excise tax on repurchases of corporate stock. We are currently evaluating the various provisions of the Inflation Reduction Act but do not anticipate it will have a material effect on the condensed consolidated financial statements. Tax proposals and enactments worldwide include changes to the existing framework in respect of income taxes, limitations on the ability of taxpayers to claim and utilize tax benefits, as well as new types of non-income taxes (such as taxes based on a percentage of revenue or taxes applicable to digital services). For example, the Organisation for Economic Co-operation and Development proposed introduction of the global minimum tax standard. Due to the large and expanding scale of our international business activities, these types of changes to the taxation of our activities could impact the tax treatment of our foreign earnings, increase our worldwide effective tax rate, increase the amount of taxes imposed on our business, and impact our financial position.

We receive, store, and process data about or related to consumers in addition to publisher, buyer, partner, employee, and services provider or vendor data. Our handling of this data is subject to numerous federal, state, and foreign laws and regulations that are constantly evolving and not always consistent across jurisdictions. We are also subject to regulation by various governmental authorities in addition to federal and state regulations. Our data handling is further subject to contractual obligations and may be deemed to be subject to industry standards and trade associations. The U.S. federal government and various state and foreign governments have adopted or proposed limitations on the collection, distribution, use, and storage of data relating to individuals, including the use of contact information and other data for marketing, advertising and other communications with individuals and businesses. In the United States, various laws and regulations apply to the collection, processing, disclosure, and security of certain types of data. Additionally, the U.S. Federal Trade Commission and many state attorneys general are interpreting federal and state consumer protection laws as imposing standards for the online collection, use, dissemination, and security of data. These regulatory regimes are constantly evolving and not always interpreted in a consistent manner. If we fail to comply with any such laws or regulations, we may be subject to enforcement actions that may not only expose us to litigation, fines, and civil and/or criminal penalties, but also require us to change our business practices, each of which could adversely affect our business, results of operations, and financial condition. The regulatory framework for data privacy issues worldwide is evolving and is likely to remain uncertain for the foreseeable future. The occurrence of unanticipated events often rapidly drives the adoption of legislation or regulation affecting the use, collection, or other processing of data and manners in which we conduct our business. Restrictions have been placed upon the collection, management, aggregation, and use of information, and compliance with those restrictions may require us to change how we collect, manage, aggregate, and use data in the future, which could result in a material increase in the cost of collecting or otherwise obtaining certain kinds of data. These restrictions could further limit the ways in which we may use or disclose information, or may require us to make changes to our offerings, which could adversely affect our business, results of operations, and financial condition. In particular, interest-based advertising, or the use of data to draw inferences about a user's interests and deliver relevant advertising to that user, and similar or related practices (sometimes referred to as behavioral advertising or personalized advertising), such as cross-device data collection and aggregation, have come under increasing scrutiny by legislative, regulatory, and self-regulatory bodies in the United States and abroad that focus on consumer protection or data privacy. In addition, the steps taken by companies to de-identify personal data, to use and distribute the resulting data, including for purposes of personalization and the targeting of advertisements, have also been a frequent target of scrutiny by these authorities. Much of the related regulatory activity has focused on the use of cookies and other technology to collect information about Internet users' online browsing activity on web browsers, mobile devices, and other devices, to associate such data with user or device identifiers or de-identified identities across devices and channels. In addition to governmental authorities, providers of Internet browsers have engaged in, or announced plans to continue or expand, efforts to provide increased visibility into, and certain controls over, cookies and similar technologies and the data collected using such technologies. For example, Google announced on January 4, 2024, that it was disabling third-party cookies for 1% of Chrome users with plans to disable third-party cookies for additional Chrome users in the latter half of the year. Because we, and our customers, rely upon large volumes of such data collected primarily through cookies and similar technologies, it is possible that these efforts may have a substantial impact on our ability to collect and use data from Internet users, and it is essential that we monitor developments in this area domestically and globally, and engage in responsible privacy practices, including providing consumers with notice of the types of data we collect and how we use that data to provide our services. In the United States, the U.S. Congress and state legislatures, along with federal regulatory authorities have increased their attention on matters concerning the collection and use of consumer data. In the United States, non-sensitive consumer data generally may be used under current rules and regulations, subject to certain restrictions, so long as the person does not affirmatively "opt-out" of the collection or use of such data. If an "opt-in" model or other more restrictive regulations were to be adopted in the United States, less data would be available, and the cost of data would be higher. California enacted the California Consumer Privacy Act ("CCPA") which took effect in January 2020 and was later amended by the California Privacy Rights Act ("CPRA"), with those amendments taking effect in January 2023. The CCPA, as amended by the CPRA, is referred to as the "CCPA." The CCPA created individual privacy rights for California residents, including rights of deletion and access, and increased the privacy and security obligations of businesses handling personal data. The CCPA is also still enforceable by the California Attorney General, and there is a CCPA private right of action relating to certain data security incidents. The CCPA generally requires covered businesses to, among other things, provide new disclosures to California consumers regarding the collection, use and disclosure of their personal information. The CCPA also affords California consumers new abilities to opt-out of certain sales of personal information, a concept that is defined broadly and is subject to evolving regulations promulgated initially by the California Attorney General, and now the California Privacy Protection Agency ("CPPA"), a newly created agency under the CPRA charged with CCPA rulemaking and enforcement. The CPRA also imposed additional data protection obligations on companies doing business in California, including additional consumer rights processes and opt-outs for certain uses of sensitive data and "sharing" of personal information for cross-context behavioral advertising While new CCPA regulations have been introduced, enforcement of some have been initially delayed through court orders but such enforcement is expected to begin in March 2024. The effects of the CCPA, including from expected but not yet promulgated regulations, are potentially significant and may require us to modify our data collection or processing practices and policies and to incur substantial costs and expenses in an effort to comply, which will increase our potential exposure to regulatory enforcement and/or litigation. Decreased availability and increased costs of information due to implementing the CCPA, could adversely affect our ability to meet our customers' requirements and could have an adverse effect on our business, results of operations, and financial condition. The CCPA has encouraged "copycat" laws in other states across the country. Following California's lead, several other states enacted privacy laws that took effect in 2023: the Colorado Privacy Act, the Connecticut Personal Data Privacy and Online Monitoring Act, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act. Additional state privacy laws in nine other states have been enacted and are set to take effect between 2024 and 2026: the Florida Digital Bill of Rights (July 1, 2024), Oregon's protections for the personal data of consumer enacted through SB 619 (July 1, 2024), the Texas Data Privacy and Security Act (July 1, 2024), Montana's Consumer Data Privacy Act (October 1, 2024), the Delaware Personal Data Privacy Act (January 1, 2025), Iowa's Consumer Data Protection Act (January 1, 2025), the New Jersey Senate Bill 332 (January 15, 2025), the Tennessee Information Protection Act (July 1, 2025) and the Indiana Consumer Data Protection Act (January 1, 2026). Compliance with new privacy legislation adds complexity and may require investment in additional resources for compliance programs, thus potentially resulting in additional costs and expense of resources to maintain compliance. We cannot yet fully predict the impact of such state laws or subsequent guidance on our business or operations, but it may require us to further modify our data processing practices and policies and to incur substantial costs and expenses in an effort to comply. This new proposed legislation may add additional complexity, variation in requirements, restrictions, and potential legal risk, require additional investment in resources to compliance programs, and could impact strategies and availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. Although it continues to be introduced as a bill in Congress each year, it remains to be seen whether the U.S. will implement federal consumer privacy legislation. In Europe, the GDPR took effect on May 25, 2018, and applies to products and services that we provide in Europe, as well as the processing of personal data of European Union ("EU") citizens, wherever that processing occurs. The United Kingdom ("U.K.") implemented the Data Protection Act, effective May 2018, and statutorily amended it in 2019 to contain provisions, including its own derogations, for how GDPR is applied in the U.K. post-Brexit (the "UK GDPR"). The GDPR includes operational requirements for companies that receive or process personal data of residents of the EU. For example, we are required to offer consent mechanisms to data subjects in Europe before processing data for certain aspects of our service. Failure to comply with GDPR may result in significant penalties for non-compliance of up to the greater of €20 million (£17.5 million in the U.K.) or 4% of an enterprise's global annual revenue. In addition to the foregoing, a breach of the GDPR could result in regulatory investigations, reputational damage, orders to cease/ change our processing of our data, enforcement notices, and/ or assessment notices (for a compulsory audit). We may also face civil claims including representative actions and other class action type litigation (where individuals have suffered harm), potentially amounting to significant compensation or damages liabilities, as well as associated costs, diversion of internal resources, and reputational harm. Further, European regulators continue to be focused on compliance with requirements in the online behavioral advertising ecosystem and enforcing national laws that implement the ePrivacy Directive (commonly called the "Cookie Directive") in those ecosystems. Notably, discussions continue about replacing the ePrivacy Directive with an EU Regulation known as the ePrivacy Regulation which would significantly increase fines for non-compliance and impose burdensome requirements around obtaining consent. European court decisions and regulators' recent guidance continue to drive increased attention to cookies and tracking technologies. As regulators start to enforce a stricter approach (which has already begun to occur in Germany, where data protection authorities have initiated a probe on third-party cookies), this could lead to substantial costs, require significant systems changes, limit the effectiveness of our marketing activities, divert the attention of our technology personnel, adversely affect our margins, increase costs, and subject us to additional liabilities. IAB Europe previously collaborated with the digital advertising industry to create a user-facing framework (the Transparency and Control Framework, or "TCF") for establishing and managing legal bases under the GDPR and other U.K. and EU privacy laws including the ePrivacy Directive. Although the TCF is actively in use, its viability as a compliance mechanism is under review by the Belgian Data Protection Authority ("DPA") and others and we cannot predict its effectiveness over the long term. In February 2022, the Belgian DPA issued an order against IAB Europe that imposes specific remedies on IAB Europe and its operation of TCF. IAB Europe appealed the Belgian DPA's decision, and recently, the Belgian Market Court issued an interim ruling on the appeal and referred preliminary questions to the CJEU for guidance. It is unclear whether the Belgian DPA will rule on the corrective action plan submitted by the IAB prior to a final judgement on the appeal. Further, other European regulators have questioned TCF's viability and activists have filed complaints with regulators of alleged non-compliance by specific companies that employ the TCF. In addition, some countries, including India, Brazil, Thailand, and Japan, are considering or have passed legislation implementing data protection requirements or requiring local storage and processing of data or similar requirements that could increase the cost and complexity of delivering our services or force us to change business practices to conform to local law. Any failure to achieve required data protection standards (which are not currently clear when applied to the online advertising ecosystem) may result in lawsuits, regulatory fines, or other actions or liability, all of which may harm our results of operations. Because the interpretation and application of privacy and data protection laws, such as the CCPA and GDPR, and their related regulations and standards, are uncertain and sometimes contradictory across jurisdictions, it is possible that these laws, regulations and standards may be interpreted and applied in manners that are, or are asserted to be, inconsistent with our data management practices or the technological features of our solutions. We are also subject to laws and regulations that dictate whether, how, and under what circumstances we can transfer, process and/or receive certain data that is critical to our operations, including data shared between countries or regions in which we operate and data shared among our products and services. We are also subject to regulation with respect to political advertising activities, which are governed by various federal and state laws in the United States, and national and provincial laws worldwide. Online political advertising laws are rapidly evolving and our publishers may impose restrictions on receiving political advertising, especially in light of the 2024 elections both in the United States and in foreign jurisdictions. The lack of uniformity and increasing compliance requirements around political advertising may adversely impact the amount of political advertising spent through our platform, increase our operating and compliance costs, and subject us to potential liability from regulatory agencies. In addition to government regulation, privacy advocacy and industry groups may propose new and different self-regulatory standards that either legally or contractually apply to us or our customers. We are members of self-regulatory bodies that impose additional requirements related to the collection, use, and disclosure of consumer data. Under the requirements of these self-regulatory bodies, in addition to other compliance obligations, we are obligated to provide consumers with notice about our use of cookies and other technologies to collect consumer data and of our collection and use of consumer data for certain purposes, and to provide consumers with certain choices relating to the use of consumer data. Some of these self-regulatory bodies have the ability to discipline members or participants, which could result in fines, penalties, and/or public censure (which could in turn cause reputational harm) being imposed on us. Additionally, some of these self-regulatory bodies might refer violations of their requirements to the U.S. Federal Trade Commission or other regulatory bodies. If we were to be found responsible for such a violation, it could adversely affect our reputation, as well as our business, results of operations, and financial condition.

Because we do not generally have direct relationships with consumers, we rely on publishers, buyers, and data providers, as applicable, to obtain the consent of the consumer on our behalf to process their data and deliver interest-based advertisements, and to implement any notice or choice mechanisms required under applicable laws. If publishers, buyers, or data providers do not follow the applicable requirements and processes or otherwise fail to secure any legally-required consents or provide required notice and choice mechanisms, which can be difficult given the rapidly evolving regulatory consent frameworks being promulgated, we could be subject to fines and liability. Additionally, if our data, privacy, or consent practices are found to be inadequate, or we make errors in the deployment of existing and future policies or safeguards, we may be subject to regulatory action. We may not have adequate insurance or contractual indemnity arrangements to protect us against any such fines, penalties, claims, and losses.