Smartsheet (SMAR) Risk Factors

There is considerable patent and other intellectual property development activity in our industry. Our future success depends on our technology, products, and services not infringing upon the intellectual property rights of others. Our competitors, and other entities, including non-practicing entities and individuals, may own or claim to own, intellectual property relating to our industry. Our competitors or other third parties may claim that we are infringing upon or misappropriating their intellectual property rights, and we may be found to be infringing upon or misappropriating these rights. Additionally, we rely on the feedback provided by our customers and users to inform decisions on potential changes to our products and services, and we negotiate agreements with our customers that may include license rights to intellectual property developed while performing professional services. This feedback and these license rights may provide a customer or user a basis for competing against us, demanding royalties for use of intellectual properties, or contesting ownership and seeking to enjoin our use of current or future intellectual property. Third parties have occasionally alleged that our technology infringes upon their intellectual property rights. In the future, others may raise the same or similar claims and may assert claims against us, even if we are unaware of their intellectual property rights. Any of these claims and related litigation could cause us to incur significant expenses, and, if successfully asserted against us, could require that we pay substantial damages, settlement fees, or ongoing license or royalty payments; cease offering our platform or services or cease using certain technologies; implement expensive workarounds; or comply with other unfavorable conditions. We may also be required to issue customer refunds and be obligated, without contractual limitation of liability provisions to limit our exposure, to indemnify our customers or business partners for intellectual property claims or litigation. Even if we were to prevail in any intellectual property dispute, any litigation regarding our intellectual property could be costly and time consuming and divert the attention of our management and key personnel from our business operations. During any litigation, we may make announcements regarding the results of hearings and motions and other interim developments, which could cause the market price of our Class A common stock to decline if securities analysts and investors view those announcements negatively.

Our business involves the storage, transmission, and processing of a large quantity of customer data, including confidential and sensitive information. Our failure to sufficiently secure our products and services may result in unauthorized access to customer data, a negative impact on our customer attraction and retention, and significant liabilities. Even if our security measures are appropriately engineered and implemented to secure our products and services against external threats, we may be subject to inadvertent disclosures as a result of employee actions or system misconfigurations. Unauthorized use of or access to customer data could result in the loss, compromise, corruption, or destruction of our or our customers' sensitive and proprietary information and could lead to litigation, regulatory investigations and claims, indemnity obligations, reputational harm, loss of authorization under the Federal Risk and Authorization Management Program ("FedRAMP") or other authorizations, and other liabilities. Our agreements with third parties, including customers, contain contractual commitments related to our information security and data privacy practices. If we experience an incident that triggers a breach of these contractual commitments, we could be exposed to significant liability or cancellation of service under these agreements. The damages payable to the counterparty, as well as the impact to our products and services, could be substantial and result in significant costs and loss of business. There can be no assurance that any limitation of liability provisions in our contracts will be adequate in protecting us from these liabilities or damages with respect to any claim. Many U.S. and foreign laws and regulations, including those promulgated by the SEC, require companies to provide notice of cybersecurity incidents based on specific criteria. Certain of these notice or disclosure obligations are contingent upon the findings of complex analyses, including in some cases a determination of materiality. The nature of cybersecurity incidents makes it difficult to quickly and comprehensively assess an incident's overall impact to our business, and we may make errors in our evaluations. If we are unable to appropriately assess a cybersecurity incident in the context of required analyses then we could face compliance issues under these laws and regulations, and we could be subject to lawsuits, regulatory fines or investigations, or other liabilities, any or all of which could adversely affect our business and operating results. Furthermore, cybersecurity incidents experienced by us, or by our customers or vendors, that lead to public disclosures may also result in widespread negative publicity and increased government or regulatory scrutiny. Any security compromise in our industry, whether actual or perceived, could harm our reputation; erode customer confidence in our security measures; negatively affect our ability to attract new customers; cause existing customers to not renew their subscriptions; or subject us to third-party lawsuits, regulatory fines or investigations, or other liability, any or all of which could adversely affect our business and operating results. Even the perception of inadequate security may damage our reputation and negatively impact our ability to win new customers and retain existing customers. Additionally, we could be required to expend significant capital and other resources to investigate and address any Cybersecurity Threats or incidents or to prevent further or additional incidents. To maintain business relationships, we may find it necessary or desirable to incur costs to provide remediation and incentives to customers or other business partners following an actual or suspected security incident. We also cannot be sure that our existing cybersecurity insurance will continue to be available on acceptable terms, in sufficient amounts to cover any claims we submit, or at all. Further, we cannot be sure that insurers will not deny coverage as to any claim, and some security incidents may be outside the scope of our coverage, including in instances where they are considered force majeure events. The premiums for cybersecurity insurance can vary and increase substantially from year-to-year, and any security incidents that we may experience may result in an increase in our premium costs for cybersecurity insurance. One or more large, successful claims against us in excess of our available insurance coverage, or changes in our insurance policies, including premium increases or large deductible or co-insurance requirements, could have an adverse effect on our business, operating results, and financial condition.

We use open source software in our platform and expect to continue to use open source software in the future. There are uncertainties regarding the proper interpretation of and compliance with open source licenses, and there is a risk that open source licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to use open source software and to provide or distribute our platform. Additionally, we may face claims from third parties alleging infringement of certain intellectual property rights resulting from our use of open source software or seeking to enforce the terms of an open source license, including by demanding public release of derivative works or our proprietary source code. These claims could result in litigation and could require us to make our proprietary source code freely available, devote additional research and development resources to make changes to our platform, or incur additional costs and expenses. Any of the foregoing outcomes could adversely affect our business, reputation, financial condition, and operating results. In addition, if the license terms change for the open source software we utilize, we may be forced to re-engineer our platform or incur additional costs to comply with the changed license terms or to replace the affected open source software. Further, use of certain open source software can lead to greater risks than use of third-party commercial software because open source licensors generally do not provide updates, warranties, or assurances of performance or title. Certain versions and libraries of open source software allow for any individuals to make contributions and updates, and this may introduce or amplify certain security vulnerabilities depending on how, and with which systems, the software is implemented. Although we have established policies to regulate the use and incorporation of open source software into our platform, we cannot be certain that we have not incorporated open source software in our platform in a manner that is inconsistent with these policies.

Economic sanctions prohibit the distribution of certain products and the provisioning of technology and services to countries, governments, entities. and persons identified by government sanction programs, including trade sanctions regulations maintained by the U.S. Department of Treasury's Office of Foreign Assets Control. If we fail to comply with these economic sanctions or fail to maintain controls sufficient to monitor our sanctions compliance on an ongoing basis, we may suffer reputational harm and the government may fine or impose other civil or criminal penalties on us, including a denial of certain export privileges. While our controls and policies are designed to prevent the use of certain products and services in sanctioned countries, or by governments or persons identified by government sanction programs, we may not be able to prevent distribution or use in violation of these sanctions from occurring, and these controls may not be fully effective. Additionally, trade sanctions and similar regulations may experience periods of rapid and complex change, and we may experience difficulties or delays implementing updated compliance protocols. Furthermore, our products and services may be subject to U.S. export controls, including U.S. Export Administration Regulations administered by the Department of Commerce's Bureau of Industry and Security, and we incorporate encryption technology into certain features. U.S. export controls may require authorization for export or submissions classifying our products. Governmental regulation of encryption technology and regulation of exports of encryption products, or our failure to obtain required export authorization (or to qualify for exceptions) or licenses for our products and services, when applicable, could harm our international sales and adversely affect our revenue. Compliance with applicable regulatory requirements regarding the export of our products and services may prevent us from utilizing non-U.S. engineering resources or create delays in the introduction of our feature releases in international markets, prevent our customers with international operations from using our platform and services, or, in some cases, prevent the use of our products and services in some countries or regions altogether. If we fail to comply with these regulations, then we may be subject to criminal and civil penalties. Moreover, any new export restrictions, trade sanctions, new legislation, or shifting approaches in the enforcement or scope of existing regulations could result in decreased use of our products or services by, or in our decreased ability to export or sell our services or access to our platform to, existing or potential customers with international operations. Any decreased use of our products or services, or limitation on our ability to export or sell our services or access to our platform, would likely adversely affect our business.

Regardless of the outcome of any existing and future litigation related to the Merger, such litigation may be time-consuming and expensive and may distract our management from running the day-to-day operations of our business. The litigation costs and diversion of management's attention and resources to address the claims and counterclaims in any litigation related to the Merger may adversely affect our business, results of operations, prospects, and financial condition. If the Merger is not consummated for any reason, litigation could be filed in connection with the failure to consummate the Merger. Any litigation related to the Merger may result in negative publicity or an unfavorable impression of us, which could adversely affect the price of our common stock, impair our ability to recruit or retain employees, damage our relationships with our customers, suppliers, and other business partners, or otherwise harm our operations and financial performance.

Income, sales, use, value added, or other tax laws, statutes, rules, regulations, or ordinances could be enacted or amended at any time, possibly with retroactive effect, and could be applied solely or disproportionately to products and services provided over the Internet. These enactments or amendments could reduce our sales activity by increasing gross sales prices, inclusive of tax, and ultimately harm our operating results and cash flows. In addition, global tax developments applicable to multinational businesses could have an adverse impact on our financial condition, results of operations, and cash flows. Such developments, for example, include without limitation certain Organization for Economic Cooperation and Development proposals regarding the implementation of the global minimum tax under the Pillar Two model rules. We are continuing to evaluate the impact of these tax developments as new guidance and regulations are published. Given these developments, we believe that tax authorities in the U.S. and other jurisdictions are likely to increase audit efforts, which could increase the amount of taxes we incur in those jurisdictions, and in turn, increase our global effective tax rate. The application of U.S. federal, state, local, and international tax laws to services provided electronically is unclear and continuously evolving. Existing tax laws, statutes, rules, regulations, or ordinances could be interpreted or applied adversely to us, possibly with retroactive effect, which could require us or our customers to pay additional tax amounts, as well as require us or our customers to pay fines, penalties, or interest for past amounts. If we are unsuccessful in collecting these taxes due from our customers, we could be held liable for outstanding amounts, which could adversely affect our operating results and harm our business.

Although we offer and continue to develop additional solutions, we currently derive, and expect to continue to derive, substantially all of our revenue from the sale of subscriptions to our cloud-based collaborative work management platform. As a result, the continued growth in market demand for our platform is critical to our continued success. Demand for our platform is affected by a number of factors, including continued market acceptance; the timing of development and release of competing products and services; price or product changes by us or by our competitors; technological changes; growth or contraction in the markets we serve; and general economic conditions and trends. In addition, some current and potential customers, particularly large organizations, may develop or acquire their own internal collaborative work management tools or continue to rely on traditional tools that would reduce or eliminate the demand for our platform. If demand for our platform declines for any of these or other reasons, our business could be adversely affected.

Political developments, wars and conflicts, other governmental changes, and trade disputes and tariffs may negatively impact markets and cause weaker macroeconomic conditions. These conditions have created and may in the future create economic, operational, and political uncertainty, including volatility in global financial markets and the value of foreign currencies. For example, the ongoing conflicts in the Middle East and Ukraine have had a negative impact on global economic and market conditions, and any laws, sanctions, or regulations resulting from these conflicts may impact our ability to do business in certain jurisdictions. Any geopolitical wars or conflicts could adversely affect our business in the involved jurisdictions and more broadly in the geographic area surrounding the war or conflict. As we monitor the developments related to and resulting from wars and conflicts, we may be required to adjust our business plans to achieve compliance with applicable law, sanctions, regulations, and, as necessary, to support our customers and employees. The impact of wars, conflicts, domestic and international political developments, and governmental changes may not be fully realized for several years or more. Uncertainty about these impacts may cause some of our customers or potential customers to curtail spending and may ultimately result in new regulatory, operational, and cost challenges to our global operations. These adverse conditions could result in reductions in sales of our products and services, longer sales cycles, reductions in subscription duration and value, slower adoption of new technologies, and increased price competition. Any of these events would likely have an adverse effect on our business, operating results, and financial position.

Our growth strategy depends on our ability to staff our organization with skilled personnel and create a high-performance culture. Recruiting, engaging, and retaining qualified individuals requires significant time, expense, and attention. In addition to hiring new employees and contractors, we must continue to focus on retaining our best employees. The market for skilled personnel is very competitive, especially in emerging areas of focus such as AI and machine learning and in markets where our company is less well known. We compete with many other companies for software engineers with requisite experience in designing, developing, and managing cloud-based software, as well as for skilled product development, marketing, sales, and operations professionals, and we may not always attract, engage, or retain employees with the appropriate qualifications and experience. We have supplemented our employee workforce with contractors, and our engagements with contractors could expose us to claims that we have misclassified these workers, which could subject us to liability. In addition, immigration laws may limit our ability to recruit individuals outside their countries of citizenship. Any changes to immigration policies that restrain the flow of technical and professional talent may inhibit our ability to recruit and retain highly qualified employees. Further, many of the companies that we compete with for experienced personnel have greater resources than we do. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees, alone or with our inducement, have breached their legal obligations, resulting in a diversion of our time and resources. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. If the perceived or actual value of our equity awards declines, it may reduce our ability to recruit and retain highly skilled employees. If we fail to attract new personnel or fail to engage and retain our current personnel, our business and future growth prospects could be harmed.