Rush Street Interactive (RSI) Risk Analysis

We rely on products, technologies, customer databases and intellectual property such as certain "Bet Rivers" and "PlaySugarHouse" trademarks and domains, that we license or that are made available to us through agreements from affiliated and third parties, for use in our platform, offerings and/or operations. Substantially all our offerings use intellectual property licensed or made available to us through agreements from affiliated entities or third parties. See "Intellectual Property". The future success of our business may depend, in part, on our ability to obtain, retain and/or expand licenses or other agreements for certain technologies. We cannot assure you that these third-party licenses and other agreements, or support for the technologies licensed or provided to us thereunder, will continue to be available to us on commercially reasonable terms, if at all. If we cannot renew and/or expand existing licenses or other agreements, we may have to discontinue or limit our use of the offerings that include or incorporate the licensed or provided technology. Some of our license agreements contain minimum guaranteed payments to the third party. If we are unable to generate sufficient revenue to offset the minimum guaranteed payments, it could negatively affect our business, financial condition, results of operations, prospects and cash flows. Our license agreements generally allow for assignment in the event of a strategic transaction but contain some limited termination rights post-assignment. Certain of our license agreements grant the licensor rights to audit our use of their intellectual property. Disputes with licensors over uses or terms could result in our payment of additional fees or penalties, cancellation or non-renewal of the underlying license or litigation. The regulatory review process and licensing requirements also may preclude us from using technologies owned or developed by affiliated entities or third parties if those parties are unwilling to subject themselves to regulatory review or do not meet regulatory requirements. Some gaming authorities require gaming manufacturers to obtain approval before engaging in certain transactions, such as acquisitions, mergers, reorganizations, financings, stock offerings and share repurchases. Obtaining such approvals can be costly and time consuming, and we cannot assure you that such approvals will be granted or that the approval process will not result in delays or disruptions to our strategic objectives.

We collect and process information relating to our customers, personnel and others for various business reasons, including marketing and promotions. The collection and use of personal data is governed by U.S. and foreign privacy laws and regulations, which continue to evolve and may occasionally be inconsistent (or conflict) across jurisdictions. Various U.S. federal, state and foreign legislative or regulatory bodies may enact new or additional laws and regulations concerning privacy and data retention, transfer and protection. For example, the EU's adoption of the GDPR, which became fully enforceable in May 2018, includes operational and compliance requirements with significant penalties for non-compliance. California has enacted the California Consumer Privacy Act as amended by the California Privacy Rights Acts, a comprehensive privacy law, which provides some of the strongest U.S. privacy requirements to date. In addition, new privacy laws and requirements in various U.S. states, including in states where we offer real money gaming and where we have personnel, are continuing to come into effect each year. Compliance with applicable privacy laws and regulations may increase our operating costs and/or adversely impact our ability to market our offerings. In addition, non-compliance with applicable privacy laws and regulations by us (or in some instances, non-compliance by third parties engaged by us), including accidental loss, inadvertent disclosure, unapproved dissemination or a breach of security on systems storing our data, may result in damage to our reputation and subject us to fines, damages, lawsuits or restrictions on our use or transfer of data. We rely on proprietary and commercially available systems, software and tools to provide security for processing of customer and personnel data, such as payment card and other confidential or proprietary information. Our data security measures are reviewed and evaluated regularly; however, they might not protect us against increasingly sophisticated and aggressive threats including, without limitation, computer malware, viruses, hacking and phishing attacks.

A substantial portion of our network infrastructure is provided by third parties, including Internet service providers and other technology-based service providers. We use technology-based service providers such as CloudFlare to mitigate cybersecurity risks such as distributed denial-of-service attacks. If our service providers experience service interruptions, including because of cyber attacks or due to an event causing an unusually high volume of Internet use, communications over the Internet may be interrupted and impair our ability to conduct our business. Internet service providers and other technology-based service providers may in the future roll out upgraded or new mobile or other telecommunications services, such as 6G services, which may not be successful and thus may impact our customers' ability to access our platform or offerings in a reasonable fashion or at all. In addition, our ability to process e-commerce transactions depends on bank processing and credit card systems. We cannot guarantee that the Internet infrastructure or our own network systems will continue to be able to meet the demand placed on us by the continued growth of the Internet, the overall online gaming industry and our customers. Any difficulties these providers face, including certain network traffic potentially receiving priority over other traffic (i.e., lack of net neutrality), may adversely affect our business. In addition, we exercise little control over these providers, which increases our vulnerability to problems with the services they provide. Any system failure as a result of reliance on third parties, such as network, software or hardware failure, including as a result of cyber-attacks, which causes a loss of our customers' property or personal information or a delay or interruption in our online services or offerings, including our ability to handle existing or increased traffic, could result in a loss of anticipated revenue, interruptions to our platform and offerings, cause us to incur significant legal, remediation and notification costs, degrade the customer experience and cause our customers to lose confidence in our offerings, any of which could have a material adverse effect on our business, financial condition, results of operations and prospects.

We are subject to laws and regulations relating to real-money online casino and retail and online sports betting in the jurisdictions in which we conduct our business or in some circumstances, where our offerings are available. We are also subject to the general laws and regulations that apply to all e-commerce businesses, such as those related to privacy and personal information, tax and consumer protection. Additionally, we and our market access partners (where applicable) are subject to various reporting and anti-money laundering regulations. These laws and regulations vary among jurisdictions and future legislative and regulatory action, court decisions or other governmental action, which may be affected by, among other things, political pressures, attitudes and climates, as well as personal biases, may have a material impact on our operations and financial results. In particular, some jurisdictions have introduced regulations or legislation attempting to restrict or prohibit online gaming. Additionally, some jurisdictions in which we may operate could presently be unregulated, partially regulated or in the process of regulating and therefore may be more susceptible to the enactment or change of laws and regulations. We offer our real-money offerings in 16 U.S. states that have adopted legislation and regulations permitting online casino, online sports betting and/or retail sports betting. In those states that currently require a license or registration, we have obtained the appropriate license or registration or have obtained a provisional license. We also currently operate under foreign licenses in Colombia, Ontario, Canada, Mexico and Peru. In May 2018, the U.S. Supreme Court struck down as unconstitutional PASPA. This decision effectively lifted federal restrictions on sports betting, thus allowing states to determine by themselves the legality of sports betting. Since the repeal of PASPA, numerous states (and Washington D.C.) have legalized online sports betting. To the extent new real-money online casino or retail or sports betting jurisdictions are established or expanded, we cannot guarantee that we will successfully penetrate such new jurisdictions or expand our business or customer base in line with the growth of existing jurisdictions. If we are unable to effectively operate in these new jurisdictions or if our competitors successfully penetrate geographic jurisdictions that we cannot access or where we face other restrictions, that could materially adversely affect our business, financial condition, results of operations and prospects. Our failure to obtain or maintain necessary regulatory approvals in jurisdictions, whether individually or collectively, could have a material adverse effect on our business. See "Business - Government Regulation." To expand into new jurisdictions, we may need to be licensed and obtain approvals of our offerings, which can be time-consuming and extremely costly and can divert management's attention away from operating the business. Any delays in obtaining or difficulty in maintaining regulatory approvals needed for expansion within existing jurisdictions or into new jurisdictions can negatively affect our opportunities for growth, including the growth of our customer base, or delay our ability to recognize revenue from our offerings in any such jurisdictions. Additionally, in June 2024, the U.S. Supreme Court reversed its longstanding approach of judicial deference to administrative interpretations of laws and regulations. This outcome could materially and adversely affect rule making and existing agency regulations, and it is uncertain how lower courts will apply the decision in the context of other regulatory schemes without more specific guidance from the U.S. Supreme Court. For example, the U.S. Supreme Court's decision could significantly impact consumer protection, advertising, privacy, artificial intelligence, anti-corruption and anti-money laundering practices and other regulatory regimes with which we are required to comply. Future legislative and regulatory action, and court decisions or other governmental action, may have a material impact on our operations and financial results. Governmental authorities could view us as having violated local laws, despite our efforts to obtain applicable licenses or approvals. Further, governmental authorities or courts could determine that our free-to-play, social gaming offerings constitute unauthorized gambling or that legislation is enacted in jurisdictions in which we operate such social gaming offerings that makes them unauthorized gambling, which could negatively impact our operations and business results and expose us and certain of our third-party providers, including the app stores that distribute our apps, to potential litigation. Civil and criminal proceedings, including class actions brought by or on behalf of prosecutors, public entities, incumbent monopoly providers or private individuals, could be initiated against us, Internet service providers, credit card and other payment processors, financial institutions, advertisers and others involved in the online gaming industries. Such potential proceedings could involve substantial litigation expense, penalties, fines, asset seizures, injunctions or other restrictions being imposed upon us, our licensees or other business partners, while diverting the attention of management. Such proceedings could have a material adverse effect on our business, financial condition, results of operations and prospects, as well as impact our reputation. Legislation could be proposed and passed in jurisdictions relevant or potentially relevant to our business to prohibit, legislate or regulate various aspects of the online and retail gaming industries (or that existing laws in those jurisdictions could be subject to challenge, be interpreted or enforced negatively or could be invalidated or otherwise deemed to be unconstitutional). Compliance with any such legislation may have a material adverse effect on our business, financial condition, results of operations and prospects, either as a result of us determining that a jurisdiction should be blocked, or because a local license or approval may be costly for us or our business partners to obtain and/or such licenses or approvals may contain other commercially undesirable conditions. In the United States, the UIGEA prohibits, among other things, a business accepting a wager by means of the Internet where such wager is prohibited by any federal or state law where initiated, received or otherwise made. Under UIGEA severe criminal and civil sanctions may be imposed on the owners and operators of such systems and on financial institutions that process wagering transactions. The law contains a safe harbor for wagers placed within a single state (disregarding intermediate routing of the transmission) where the method of placing the wager and receiving the wager is authorized by that state's law, provided the underlying regulations establish appropriate age and location verification. The U.S. Illegal Gambling Business Act ("IGBA") makes it a crime to conduct, finance, manage, supervise, direct or own all or part of an "illegal gambling business" and the U.S. Travel Act makes it a crime to use the mail or any facility in interstate commerce with the intent to "distribute the proceeds of any unlawful activity" or "otherwise promote, manage, establish, carry on, or facilitate the promotion, management, establishment, or carrying on, of any unlawful activity." For an action to violate either the IGBA or the Travel Act, it must violate an underlying state law. In 2011, the DOJ issued an opinion concluding that the Wire Act's prohibitions were limited to sports gambling and thus did not apply to state lotteries (the "2011 DOJ Opinion"). Subsequently, in 2019, the DOJ changed course and published a legal opinion concluding that the Wire Act's restrictions on the transmission in interstate or foreign commerce of bets and wagers were not limited to sports gambling but instead applied to all bets and wagers. This 2019 legal opinion was challenged in court, and both the district and appellate courts held that the 2011 DOJ Opinion was the correct interpretation. The DOJ did not appeal the matter. Consequently, at this time it appears that the 2011 DOJ Opinion is the prevailing view with respect to the Wire Act's applicability; however, we cannot provide any assurance that there won't be future interpretations, challenges, case law or legislation that may alter the Wire Act's applicability.

As a growing company with expanding operations, we may from time to time increasingly face the risk of claims, lawsuits and other proceedings involving intellectual property, privacy and data protection, consumer protection, accessibility claims, securities, tax, labor and employment, regulatory and compliance, competition and antitrust, commercial disputes, services and other matters. Litigation to defend us against third-party claims or to enforce any rights that we may have against third parties may be necessary, which may result in substantial costs and divert resources and our management's attention, which could have a material adverse effect on our business, financial condition, results of operations and prospects. Any litigation to which we are a party may result in an onerous or unfavorable judgment that may not be reversed on appeal (if any), or in payments of substantial damages or fines, posting of bonds requiring significant collateral, letters of credit or similar instruments, or we may decide to settle lawsuits on unfavorable terms. These proceedings could also result in criminal sanctions, reputational harm, consent decrees or orders preventing us from offering certain products or requiring a change in our business practices in costly ways or requiring development of non-infringing or otherwise altered products or technologies. Litigation and other claims and regulatory proceedings against us could result in unexpected disciplinary actions, expenses and liabilities, which could have a material adverse effect on our business, financial condition, results of operations and prospects.

Our tax obligations are varied and include U.S. federal, state, local, and international taxes due to the nature of our business. The tax laws that apply to our business are subject to interpretation, and significant judgment is required in determining our worldwide provision for income taxes. In the course of our business, there will be many transactions and calculations where the ultimate tax determination is uncertain. In addition, increases in our income tax rates or other changes in U.S. or international income tax laws could reduce our after-tax income from the relevant jurisdictions, and existing U.S. or international tax laws have been and could in the future be subject to significant change, any of which adversely affect our business, financial condition or results of operations. For example, the 2017 U.S. Tax Cuts and Jobs Act (the "TCJA") was signed into law in the United States in 2017, which provided for significant changes to then-existing tax laws. Additional guidance issued by the IRS pursuant to the TCJA or an extension of TCJA provisions may impact us in future periods. In addition, the Inflation Reduction Act (the "IRA") was enacted in August 2022, the provisions of which include a minimum tax equal to 15% of the adjusted financial statement income of certain large corporations, as well as a 1% excise tax on certain share buybacks by public corporations that would be imposed on such corporations. While the current impact of the IRA on us has not been material, we are currently unable to predict whether other proposed changes will occur and, if so, when they would be effective or the ultimate impact on us or our business. To the extent that such changes have a negative impact on us or our business, these changes may materially and adversely impact our business, financial condition, and results of operations. Further, it is possible that changes under the IRA, the TCJA or other tax legislation could increase our future tax liability, which could in turn adversely impact our business and future profitability. More recently, the new U.S. president included as part of his agenda a potential reform of U.S. tax laws. The details of this potential reform has not yet emerged, but during his 2024 presidential campaign, President Trump outlined several intended reforms, including, among other things, extending certain provisions of the TCJA, and imposing new tariffs. Many political and economic commentators believe that the combined impact of extending certain tax benefits pursuant to the TCJA and the implementation of new tariffs could potentially lead to increases in the U.S. deficit, inflation, and interest rates, all of which could contribute to increases in market interest rates and a decrease in U.S. economic growth with a possibility of a recession. However, we cannot predict whether, when, or to what extent these new regulations or rulings will be issued, nor the long-term impact of the proposed tax reforms on the gaming industry as a whole or on us as a company. Many jurisdictions and intergovernmental organizations have been discussing or are in the process of implementing proposals that may change various aspects of the existing framework under which our tax obligations are determined in many of the jurisdictions in which we do business and in which our users are located. For example, the Organization for Economic Co-operation and Development (the "OECD"), an international association comprised of 38 countries, including the United States, issued recommendations for a global minimum tax, and on December 12, 2022 the European Union member states agreed to implement the OECD's Base Erosion and Profit Shifting ("BEPS") 2.0 Pillar Two global corporate minimum tax rate of 15% on companies with revenues of at least €750 million. The application and timing of BEPS 2.0 Pillar Two recommendations is determined on a country-by-country basis due to the need for each jurisdiction to enact their own statutes. In December 2022, South Korea enacted new global minimum tax rules to align with the OECD's BEPS 2.0 Pillar Two. Countries in which we operate, such as Canada, have finalized and enacted legislation that became effective starting in 2024. The United States has not enacted BEPS 2.0 Pillar Two legislation and it is uncertain whether it will do so at a future date. While BEPS 2.0 Pillar Two legislation has not had an impact on the Company, it could significantly increase our future tax liabilities. We will continue to monitor regulatory developments to assess potential impacts to us. The gaming industry represents a significant source of tax revenue to the jurisdictions in which we are licensed. Gaming companies are subject to significant taxes such as gaming taxes, and fees in addition to corporate income taxes, and such taxes and fees are subject to increase at any time. From time to time, various government bodies or officials have proposed and/or adopted changes in tax rates, tax laws, or in administration, interpretation or enforcement of such laws, affecting the gaming industry. For instance, regulatory authorities may, as they have done in the past, change applicable regulations or their interpretation thereof, related to whether we can deduct for purposes of calculating gaming taxes that we may owe in that jurisdiction, certain promotional incentives such as free bets that we give to some of our customers, and if so, the maximum amount that may be deducted. Worsening economic conditions and the large number of jurisdictions with significant current or projected budget deficits, could also intensify government efforts to raise revenues through tax increases. For instance, certain jurisdictions where we operate have proposed (Louisiana, New Jersey, Michigan) or effected (Illinois, Ohio) gaming tax rate increases or proposed additional taxes or withholdings (Colombia) in recent years. As recently as February 2025, the Colombian President issued an internal commotion (state of emergency) decree, pursuant to which he issued a temporary decree imposing a 19% VAT tax on player deposits made in Colombia with operators of games of chance and lucky operated over the internet. As of the date of this filing, these decrees are subject to an automatic review by the Constitutional Court of Colombia. If the decrees are found constitutional, it is expected that the VAT may last up until December 31, 2025, subject to determination by the Constitutional Court to limit it to no more than 180 days. If it is found constitutional, this VAT tax could negatively impact the demand for our offerings in Colombia as well as our Colombian revenues and financial results. More generally, we cannot determine with certainty the likelihood of changes in tax rates, tax laws or in the administration, interpretation or enforcement of such laws. Any material increase in, or the adoption of, additional taxes or fees could have a material adverse effect on our business, financial condition, results of operations and prospects. Tax authorities may also impose indirect taxes on Internet-related commercial activity or digital services based on existing laws and regulations which, in some cases, were established prior to the advent of the Internet. Tax authorities may interpret laws originally enacted for mature industries and apply them to newer industries such as ours. Such laws may be applied inconsistently across jurisdictions. Our in-jurisdiction activities may vary from period to period, which could result in differences in nexus from period to period. We are subject to periodic reviews, examinations and audits by domestic and foreign tax authorities. Tax authorities may disagree with certain positions we have taken or will take, and any adverse outcome of such a review, examination or audit could have a negative effect on our business, financial condition, results of operations and prospects. Although we believe our tax provisions, positions and estimates are reasonable and appropriate, tax authorities may disagree with them. In addition, economic and political pressures to increase tax revenue in various jurisdictions or the adoption of new or reformed tax legislation or regulation may make resolving tax disputes favorably more difficult and the final resolution of tax audits and any related litigation can differ from our historical provisions and accruals, resulting in an adverse impact on our business, financial condition or results of operations.

We rely on a variety of direct marketing techniques, including email marketing, online advertising and direct mailings. Any further restrictions in laws such as the CAN-SPAM Act, the Telephone Consumer Protection Act, the Do-Not-Call-Implementation Act, applicable Federal Communications Commission telemarketing rules (including the declaratory ruling affirming the blocking of unwanted robocalls), the FTC Privacy Rule, Safeguards Rule, Consumer Report Information Disposal Rule, Telemarketing Sales Rule, Canada's Anti-Spam Law and various U.S. state laws, or new U.S federal, state or foreign laws and regulations (including gaming laws and regulations) on marketing and solicitation or international privacy, e-privacy, and anti-spam laws that govern these activities could adversely affect the continuing effectiveness of email, online advertising and direct mailing techniques and could force further changes in our marketing strategy. In particular, these laws may require us to make disclosures regarding our privacy and information sharing practices, safeguard and protect the privacy of such information, and in some cases, provide customers the opportunity to "opt out" of the use of their information for certain purposes, any of which could limit our ability to leverage existing and future databases of information or require us to develop alternative marketing strategies, any of which could have a material adverse effect on our financial condition, results of operations, and cash flows. Various national and local privacy laws also regulate tracking individuals who visit our websites and the use of tracking technologies, including web beacons and cookies. We are obligated to permit individuals to choose how we use and store their information. Failure to obtain cookie consent under laws may result in fines or otherwise limit our ability to use information and potentially limit our marketing and business strategies. We must comply with U.S. federal, state and foreign requirements regarding notice and consent to obtain, use, share, transmit and store certain personal information. Furthermore, we may face conflicting obligations arising from the potential concurrent application of laws of multiple jurisdictions. In the event that we are not able to reconcile such obligations, we may be required to change business practices or face liability or sanction.

We depend on certain key personnel to manage and operate our business, including both our Executive Chairman and our CEO. Our current executive team's leadership has been a critical element of our success and the departure, death or disability of any of our executive team or other extended or permanent loss of any of their services, or any negative market or industry perception with respect to any of them or their loss, could have a material adverse effect on our business. Our ability to compete and grow depends largely on the efforts and talents of our employees. Labor is subject to external factors that are beyond our control, including our industry's highly competitive market for skilled personnel, cost inflation, low unemployment and workforce participation rates. Our employees, particularly engineers and developers, are in high demand, and we devote significant resources to identifying, hiring, training, successfully integrating and retaining these employees. Competition for skilled engineers and developers is so intense in the United States that we recruit for these roles internationally, and to help attract such talent we have expended significant time and resources to establish local development hubs in foreign jurisdictions such as Estonia, Canada, Colombia and Serbia. To attract top talent in a competitive industry and labor market, we have offered, and believe we will need to continue to offer, robust compensation packages before we can validate an individual's productivity. Many companies now offer remote or hybrid work environments, which may increase the competition for such employees from employers outside of our traditional office locations. To retain employees, we also may need to increase our employee compensation levels in response to competition. We use equity awards to attract and retain key personnel. If the value of our Class A Common Stock declines significantly and remains depressed, that may inhibit our efforts to recruit and retain key personnel. Our ability to attract, retain and motivate our personnel may also be adversely affected by stock price volatility. We cannot provide assurance that we will be able to attract or retain such highly qualified personnel in the future without adjusting other components of the compensation package. Most of our executive officers and key employees are employees at-will. The unexpected loss of services of one or more of these key employees could have a material adverse effect on our business, financial condition, results of operations and prospects. In addition, losing employees or being unable to hire necessary skilled employees could result in significant disruptions to our business, and integrating replacement personnel could be time-consuming, expensive and cause additional disruptions to our business. If we fail to attract, hire and integrate qualified personnel, or retain and motivate existing personnel, we may be unable to grow effectively and our business, financial condition, results of operations and prospects could be adversely affected.

We rely on third-party geolocation and identity verification systems and service providers to ensure that we comply with certain laws and regulations, and any disruption to those systems may prohibit us from operating our platform and would adversely affect our business. There is no guarantee that these third-party systems or service providers will perform adequately or will be effective. Additionally, incorrect or misleading geolocation and identity verification data with respect to current or potential customers received from third-party providers may result in us inadvertently allowing access to our offerings to individuals who should not be permitted to access them or inadvertently deny access to individuals who should be able to access them. Third-party geolocation services providers generally rely on their ability to obtain information necessary to determine geolocation from mobile devices, operating systems and other sources. Changes, disruptions or temporary or permanent failure to access such sources by our third-party providers may result in their inability to accurately determine our customers' locations. Moreover, our inability to maintain our existing contracts with third-party providers, or to replace them with equivalent third parties, may result in our inability to access geolocation and identity verification data necessary for our operations. If any of these risks materialize, we may be subject to disciplinary action, fines and lawsuits, and our business, financial condition, results of operations and prospects could be adversely affected.

Although financial institutions, credit card issuers and payment processors are permitted to provide services to us and others in our industry, they may be hesitant to offer their services to real-money gaming businesses. Consequently, the businesses involved in our industry, including ourselves, may encounter difficulties in establishing and maintaining banking and payment processing relationships with a full scope of services and generating market rate interest, in particular in jurisdictions that are in the process of becoming regulated or are newly regulated. If we are unable to maintain our bank accounts or our customers are unable to use their credit cards, bank accounts or e-wallets to make deposits and withdrawals from our platform, it would make it difficult for us to operate our business, increase our operating costs and pose additional operational, logistical and security challenges, which could result in an inability to implement our business plan.

A negative shift in public opinion of sports betting or online casino, or how politicians and other governmental authorities view sports betting or online casino, whether fueled by news outlets or otherwise, could result in future legislation or new regulations restricting or prohibiting some or all sports betting or online casino activities in certain jurisdictions, the result of which may negatively impact our business, financial condition, results of operations and prospects. For instance, in December 2024, the U.S. Senate Judiciary Committee held a hearing on "America's High-Stakes Bet on Legalized Sports Gambling," which, among other things, focused on certain perceived risks and harms associated with sports betting. Further, negative publicity about us or our offerings, platform or customer experience, or those of our competitors or third parties with whom we have relationships or the underlying sports leagues could seriously harm our reputation or that of the industry overall.