Trade Desk (TTD) Risk Factors

We operate in a highly competitive and rapidly changing industry. We expect competition to persist and intensify in the future, which could harm our ability to increase revenue and maintain profitability. New technologies and methods of buying advertising present a dynamic competitive challenge, as market participants develop and offer new products and services aimed at capturing advertising spend or disrupting the digital marketing landscape, such as analytics, automated media buying and exchanges. We may also face competition from new companies entering the market, including large established companies and companies that we do not yet know about or do not yet exist. If existing or new companies develop, market or resell competitive high-value products or services that result in additional competition for advertising spend or advertising inventory or if they acquire one of our existing competitors or form a strategic alliance with one of our competitors, our ability to compete effectively could be significantly compromised and our results of operations could be harmed. Our current and potential competitors may have significantly more financial, technical, marketing, and other resources than we have, which may allow them to devote greater resources to the development, promotion, sale and support of their products and services. They may also have more extensive advertiser bases and broader publisher relationships than we have, rich first-party data sets, and may be better positioned to execute on advertising conducted over certain channels, such as social media, mobile, and video. Some of our competitors may have a longer operating history and greater name recognition. As a result, these competitors may be better able to respond quickly to new technologies, develop superior solutions, develop deeper advertiser relationships or offer services at lower prices. Any of these developments would make it more difficult for us to sell our platform or related offerings and could result in increased pricing pressure, increased development, sales and marketing expense, or the loss of market share.

Our industry is subject to rapid and frequent changes in technology and laws governing our activities, evolving client needs and expectations and the frequent introduction by our competitors of new and enhanced offerings. If new or existing competitors have more attractive offerings, we may lose clients or clients may decrease their use of our platform. New client demands, superior competitive offerings or new industry standards could require us to make unanticipated and costly changes to our platform or business model. We must constantly make investment decisions regarding offerings and technology to meet client demand and evolving industry and legal standards. We may make bad decisions regarding these investments. Furthermore, even if we believe that our investments improve upon our platform and offerings, such as updates to our various platform features and user interface, they may nevertheless fail to meet new or existing client expectations or preferences, which could result in decreased client adoption or use of our platform. In addition, as we develop and introduce new products and services, including those incorporating or utilizing artificial intelligence and machine learning and new processing of personal information, including identifiable information, they may raise new, or heighten existing, technological, security, legal and other risks and challenges, which may cause unintended consequences, and they may not function properly or may be misused by our clients. If we fail to adapt to our rapidly changing industry or to evolving client needs or expectations, or we provide new or updated products and services that exacerbate technological, security, legal or other challenges, the reputation of and demand for our platform or related offerings could decrease and our business, financial condition and operations may be adversely affected.

The U.S. and non-U.S. tax laws applicable to our business activities are subject to interpretation and are changing. We are subject to audit by the Internal Revenue Service and by taxing authorities of the state, local and foreign jurisdictions in which we operate. Our tax obligations are based in part on our corporate operating structure, including the manner in which we develop, value, use and hold our intellectual property, the jurisdictions in which we operate, how tax authorities assess revenue-based taxes such as sales and use taxes, the scope of our international operations and the value we ascribe to our intercompany transactions. Taxing authorities may challenge, and have challenged, our tax positions and methodologies for valuing developed technology or intercompany arrangements, positions regarding the collection of sales and use taxes, and the jurisdictions in which we are subject to taxes, which could expose us to additional taxes. Any adverse outcomes of such challenges to our tax positions could result in additional taxes for prior periods, interest and penalties, as well as higher future taxes. In addition, our future tax expense could increase as a result of changes in tax laws, regulations or accounting principles, or as a result of earning income in jurisdictions that have higher tax rates. For example, the European Commission has proposed, and various jurisdictions, including a number of states in the United States, are considering enacting or have enacted laws that impose separate taxes on specified digital services, which may increase our tax obligations in such jurisdictions. In addition, the Organization for Economic Cooperation and Development ("OECD") announced an Inclusive Framework on Base Erosion and Profit Shifting, including Pillar Two Model Rules defining a global minimum tax, which calls for the taxation of large multinational corporations at a minimum rate of 15%. While the changes from these rules have not impacted our financial condition or results of operations, they could increase our effective tax rate and cash tax payments in future periods. Any increase in our tax expense could have a negative effect on our financial condition and results of operations. Moreover, the determination of our provision for income taxes and other tax liabilities requires significant estimates and judgment by management, and the tax treatment of certain transactions is uncertain. Any changes, ambiguity, or uncertainty in taxing jurisdictions' administrative interpretations, decisions, policies and positions, including, the position of taxing authorities with respect to revenue generated by reference to certain digital services, could also materially impact our income tax liabilities. Although we believe we will make reasonable estimates and judgments, the ultimate outcome of any particular issue may differ from the amounts previously recorded in our financial statements and any such occurrence could materially affect our financial condition and results of operations.

Information relating to individuals and their devices (commonly called "personal information" or "personal data") is regulated under a wide variety of local, state, national and international laws and regulations that apply to its collection, use, retention, protection, disclosure, transfer (including transfer across national boundaries) and other processing. We typically collect and store IP addresses and other device identifiers (such as unique cookie identifiers and mobile application identifiers), which are or may be considered personal data or personal information in many jurisdictions or otherwise subject to regulation. In connection with certain of our offerings, including Unified ID 2.0, EUID and OpenPass, we receive information that directly identifies individuals, such as email addresses and phone numbers, both directly from consumers and from our clients or others. We deploy technical and security measures, internal policy controls, and contractual measures to limit how such identifying information is used and shared and to help honor consumer choices. Nevertheless, we cannot guarantee any such measures or controls will be effective and handling identifying information increases our exposure under privacy and data protection laws. The global regulatory landscape regarding the privacy and protection of personal information is evolving, and U.S. (state, federal and local) and foreign governments continue to consider and enact additional legislation and rulemaking related to privacy and data protection, often with a particular focus on intermediaries in the online advertising ecosystem, including those that engage in targeted advertising, "sell" or "share" personal data, and act as "data brokers." We expect to see an increase in, or changes to, privacy and data protection legislation and regulation in this area for the foreseeable future. For example, in the U.S., the FTC continues to propose updates to existing regulations, including those governing collection of data from children online and related to "commercial surveillance" generally. Further, the FTC uses its enforcement powers under Section 5 of the Federal Trade Commission Act (the "FTC Act") (which prohibits "unfair" and "deceptive" trade practices) to investigate companies engaging in online tracking. For example, the FTC has been very active in bringing enforcement actions against companies that handle personal data it views as sensitive for advertising purposes, including location data brokers and companies that process health-related data. These enforcement announcements signal increased regulatory scrutiny of advertising practices that involve "sensitive" categories of personal data such as health data and precise location information. Other companies in the advertising technology space have been subject to government investigation by regulatory bodies; advocacy organizations have also filed complaints with data protection authorities against advertising technology companies, arguing that certain of these companies' practices do not comply with data privacy laws, or consumer protection laws such as the FTC Act. We cannot avoid the possibility that one of these investigations or enforcement actions will require us to alter our practices. In addition, a potential federal omnibus privacy law remains a possibility. Although the initial momentum surrounding it has waned, if ultimately passed, such a law would likely substantially impact the online advertising ecosystem. State lawmakers are also actively addressing consumer data privacy issues. Many states have adopted omnibus consumer privacy laws, some of which are already enforceable, while others will take effect over the coming years. These state laws define "personal information" broadly enough to include many online identifiers provided by individuals' devices, applications, and protocols (such as IP addresses, mobile application identifiers and unique cookie identifiers), individuals' location data, and hashed versions of email addresses and phone numbers. These laws generally require covered businesses to meet numerous data privacy-related obligations and establish data privacy rights for consumers in such states (including rights to opt out of certain processing of their personal data and to request correction, deletion of and access to personal data), imposing special rules on the collection of personal data from minors and other personal data deemed "sensitive" under the laws, and creating new notice obligations. Many also impose data minimization requirements, mandating that companies only collect and process data for certain purposes. Most significant for the advertising industry, however, these laws require businesses that engage in certain advertising uses of personal data to offer and honor an opt-out of such activities, including, in some states, through browser or device-based preference signals. (Terminology varies slightly among some of the state laws, tying the opt-out requirement to "targeted advertising," "sales" or "sharing" of personal data.) Because of these obligations, the availability of data within our platform, our other offerings and the advertising ecosystem more broadly may decline, potentially making our platform and offerings less valuable to our clients. The requirement under certain states' laws to honor users' requests to opt out of certain disclosures and uses of data for advertising purposes through preference signals, such as the Global Privacy Control ("GPC") or similar signals, reflects a broader attention that privacy advocates, the media and some government regulators, such as the FTC, have devoted to digital advertising in recent years. If the use of the GPC or similar technical signals is adopted by many Internet users, is imposed by additional states or by federal or foreign legislation or is agreed upon by standard setting groups, we may have to change our business practices, our clients may reduce their use of our platform and offerings, and our business could be harmed. These laws and their implementing regulations will likely also increase compliance costs and obligations on us, our clients, and other companies in the advertising industry. Although we have attempted to mitigate certain risks posed by these laws through contractual, platform and product changes, we cannot predict with certainty the effect of these laws and their implementing regulations, many of which are not yet finalized, on our business, nor the share of consumers who will carry out their opt-out and other rights and how these actions will impact us, our clients, inventory sources, and our industry. Further, enforcement activity under such laws already in effect, particularly in California, reflects an ongoing focus on online advertising activities and signals regulators' willingness to pursue in-depth investigations and impose substantial penalties on entities allegedly operating in violation of the statute. Thus, we expect that continuing to maintain compliance with states' varying legal requirements, including monitoring and adjusting to new regulations and interpretations that emerge through enforcement actions, will require significant time, resources, and expense, as will the effort to monitor whether additional changes to our business practices and our backend configuration are needed, all of which may increase operating costs, or limit our ability to operate or expand our business. In addition to these broad-based consumer privacy laws, lawmakers and regulators continue to focus on activities that involve use of categories of personal data perceived as especially sensitive, such as health data and children's data. For example, several states have enacted laws that would substantially impact activities that involve showing targeted advertisements to individuals under 18 through a variety of new restrictions, or in some cases prohibit it altogether. In addition, several recent federal bills would likewise further regulate the processing of children's data and other personal data perceived as especially sensitive. Further, several states have enacted laws, updated existing laws or have introduced bills to impose new privacy obligations related to health-related personal information beyond that governed by federal and state laws governing medical records and similar information, such as HIPAA. For example, Washington's My Health, My Data Act ("MHMD") introduced a host of requirements related to a very broadly-defined notion of consumer health data that impacts the advertising industry in part because MHMD is subject to a private right of action (unlike other state privacy laws), so plaintiffs' attorneys could explore claims that stretch the bounds of the law's text. These laws and the heightened scrutiny associated with the enforcement of such laws may, in turn, ultimately lead to increased compliance and defense costs, and more obligations on us, our clients and other companies in the advertising industry. Laws governing the processing of personal data in Europe (including the U.K., EU and EEA, and the countries of Iceland, Liechtenstein, and Norway) also continue to impact us and continue to evolve. For example, the GDPR defines "personal data" broadly and enhances data protection obligations for controllers of such data and for service providers processing the data. It also provides certain rights, such as access and deletion, to the individuals about whom the personal data relates. IAB Europe previously collaborated with the digital advertising industry to create a user-facing framework (the Transparency and Control Framework, or "TCF") for establishing and managing legal bases under the GDPR and other U.K. and EU privacy laws including the ePrivacy Directive. Although the TCF is actively in use, its viability as a compliance mechanism remains under review by European authorities and we cannot predict its effectiveness over the long term. Non-compliance with the GDPR can trigger steep fines of up to the greater of €20 million or 4% of total worldwide annual revenue. Relatedly, authorities enforcing the U.K. GDPR have the ability to separately fine up to the greater of £17.5 million or 4% of global turnover. Continuing to maintain compliance with the requirements of the GDPR, including monitoring and adjusting to rulings and interpretations that affect our approach to compliance, requires significant time, resources and expense, as will the effort to monitor whether additional changes to our business practices and our backend configuration are needed, all of which may increase operating costs, or limit our ability to operate or expand our business. Data residency and cross-border transfer restrictions also impact our operations. For the transfer of personal data from Europe to the U.S., we rely upon, and are certified under, the EU-U.S. and Swiss-U.S. Data Privacy Frameworks ("DPF") and the U.K. extension to the EU-U.S. DPF. The DPF replaced the Privacy Shield Framework as an adequate mechanism by which EU companies may pass personal data to the U.S. However, the DPF is already subject to legal challenge in Europe. Relatedly, whether and how other transfer mechanisms, such as standard contractual clauses, can be used to transfer personal data to the U.S. is in question. While the adequacy decision for the DPF helps to reduce the legal uncertainty of cross-border transfers of personal data, the long-term validity of these transfer mechanisms remains uncertain. If all or some jurisdictions within the EU or the U.K. determine that the latest standard contractual clauses also cannot be used to transfer personal data to the U.S. and if the DPF is ultimately struck down in a manner similar to the Privacy Shield Framework, we could be left with no reasonable option for the lawful cross-border transfer of personal data. In such circumstances, continuing to transfer personal data from the EU to the U.S. could lead to governmental enforcement actions, litigation, fines and penalties or adverse publicity. Such consequences could have an adverse effect on our reputation and business, such as by requiring us to establish systems to maintain certain data in the EU, potentially involving substantial expense and causing us to divert resources from other aspects of our operations, all of which may adversely affect our business. Other jurisdictions have adopted or are considering cross-border or data residency restrictions, which could reduce the amount of data we can collect or process and, as a result, significantly impact our business. Further, our legal risk depends in part on our clients' or other third parties' adherence to data privacy laws and regulations and their use of our services in ways consistent with end user expectations. We rely on representations made to us by clients, partners and providers that they will comply with all applicable laws, including all relevant data privacy and data protection regulations. Although we make reasonable efforts to enforce such representations and contractual requirements, we do not fully audit our clients' compliance with our recommended disclosures or their adherence to data privacy laws and regulations. If our clients, partners or providers fail to adhere to our expectations or contracts in this regard, we and our clients could be subject to adverse publicity, damages and related possible investigation or other regulatory activity. Adapting our business to enhanced and evolving privacy obligations across relevant jurisdictions could continue to involve substantial expense and may cause us to divert resources from other aspects of our operations, all of which may adversely affect our business. Additionally, as the advertising industry evolves, and new ways of collecting, combining and using data are created, governments may enact legislation in response to technological advancements and changes that could result in our having to re-design features or functions of our platform and related offerings, therefore incurring unexpected compliance costs. Further, adaptation of the digital advertising marketplace requires increasingly significant collaboration between participants in the market, such as publishers and advertisers. Failure of the industry to adapt to changes required for operating under existing and future data privacy laws, industry approaches that disfavor our platform and offerings, and user response to such changes could negatively impact inventory, data, and demand. We cannot control or predict the pace or effectiveness of such adaptation, and we cannot currently predict the impact such changes may have on our business. In addition to laws regulating the processing of personal data, we, our advertisers, and publishers are also subject to regulation with respect to political advertising activities, which are governed by various federal and state laws in the U.S., and national and provincial laws worldwide. Online political advertising laws are rapidly evolving and, in certain jurisdictions, impose varying substantive transparency and disclosure requirements on advertisers, publishers, and/or others in the ecosystem. We saw publishers impose varying prohibitions and restrictions on the types of political advertising and breadth of targeted advertising allowed on their platforms with respect to advertisements for the 2020 U.S. presidential election in response to political advertising scandals, such as the scandal involving Cambridge Analytica. The lack of uniformity and increasing restrictions and requirements on transparency and disclosure could adversely impact the inventory made available for political advertising and the demand for such inventory on our platform, and otherwise increase our operating and compliance costs. Concerns about political advertising or other advertising in areas deemed sensitive, whether or not valid and whether or not driven by applicable laws and regulations, industry standards, client or inventory provider expectations, or public perception, may harm our reputation, result in loss of goodwill, and inhibit use of our platform by current and future clients. We deploy technical and organizational measures, internal policy controls, and contractual measures to limit how identifying information is used and shared and to help honor consumer choices. Nevertheless, we cannot guarantee any such measures or controls will be effective and handling identifying information increases our exposure under privacy and data protection laws. These laws and other obligations may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our platform and related offerings. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our products, which could have an adverse effect on our business. In addition, public perception regarding data protection and privacy are significant in the programmatic advertising buying industry. Concerns about industry practices regarding the collection, use, and disclosure of personal data, whether or not valid and whether driven by applicable laws and regulations, industry standards, client or inventory provider expectations, or the broader public, may harm our reputation, result in loss of goodwill, and inhibit use of our platform or related offerings by current and future clients. For example, perception that our practices involve an invasion of privacy or are designed with insufficient protections, whether or not such practices are consistent with current or future laws, regulations, or industry practices, may subject us to public criticism, private class actions, reputational harm, or claims by regulators, which could disrupt our business and expose us to increased liability. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new products and features could be limited. All of this could impair our or our clients' ability to collect, use, or disclose information relating to consumers, which could decrease demand for our platform and related offerings, increase our costs, and impair our ability to maintain and grow our client base and increase our revenue.

We depend on various technology, software, products and services from third parties or available as open source, including data centers and API technology, payment processing, payroll and other technology and professional services, some of which are critical to the features and functionality of our platform. For example, in order for clients to target ads in ways they desire and otherwise optimize and verify campaigns, our platform must have access to data regarding Internet user behavior and reports with demographic information regarding Internet users. Identifying, negotiating, complying with and integrating with third-party terms and technology are complex, costly and time-consuming matters. Failure by third-party providers to maintain, support or secure their technology either generally or for our accounts specifically, or downtime, errors or defects in their products or services, could adversely impact our platform, our administrative obligations or other areas of our business. Having to replace any third-party providers or their technology, products or services could result in outages or difficulties in our ability to provide our services. If we are unsuccessful in establishing or maintaining our relationships with our third-party providers or otherwise need to replace them, internal resources may need to be diverted and our business, financial condition and results of operations could be harmed.

Our business depends on the overall demand for advertising and on the economic health of advertisers that benefit from our platform. Current or future global market uncertainties or downturns and associated macroeconomic conditions, such as growing inflation, rising interest rates, recessionary fears, changes in foreign currency exchange rates, supply chain disruptions, the impact of global instability in many parts of the world and public health crises, may disrupt the operations of our clients and partners and cause advertisers to decrease or pause their advertising budgets, which could reduce spend though our platform and adversely affect our business, financial condition and results of operations. As we explore new countries to expand our business, economic downturns or unstable market conditions in any of those countries could also result in our investments not yielding the returns we anticipate.

Our international operations and expansion plans create challenges associated with supporting a rapidly growing business across a multitude of cultures, customs, monetary, legal and regulatory systems and commercial infrastructures. We have a limited operating history outside of the United States, and our ability to manage and expand our business and conduct our operations internationally requires considerable attention and resources. We have personnel in countries within North America, Central America, Europe, Asia and Australia, and we are continuing to expand our international operations. Some of the countries into which we are, or potentially may, expand score unfavorably on the Corruption Perceptions Index ("CPI") of the Transparency International. Our teams in locations outside the United States are substantially smaller than some of our teams in the United States. To the extent we are unable to effectively engage with non-U.S. advertising agencies or international divisions of U.S. agencies due to our limited sales force capacity, or we are unable to secure quality non-U.S. ad inventory and data on reasonable terms due to our limited inventory and data team capacity, we may be unable to effectively grow in international markets. Our international operations and expansion subject us to a variety of additional risks, including: - risks related to local advertising markets, where adoption of programmatic ad buying may be slower than in the United States, advertising buyers and inventory and data providers may be less familiar with demand-side platforms and our brand, and business models may not support our value proposition;- exposure to public health issues and to travel restrictions and other measures undertaken by governments in response to such issues;- risks related to compliance with local laws and regulations, including those relating to privacy, cybersecurity, data security, antitrust, data localization, anti-bribery, import and export controls, economic sanctions (including to existing and potential partners and clients), tax and withholding (including overlapping of different tax regimes), and varied labor and employment laws (including those relating to termination of employees); corporate formation, partnership, restrictions on foreign ownership or investment and other regulatory limitations or obligations on our operations (such as obtaining requisite licenses or other governmental requirements); and the increased administrative costs and risks associated with such compliance;- operational and execution risk, and other challenges caused by distance, language and cultural differences, which may burden management, increase travel, infrastructure and legal compliance costs, and add complexity to our enforcement of advertising standards across languages and countries;- geopolitical and social factors, such as concerns regarding negative, unstable or changing economic conditions in the countries and regions where we operate, recessions, armed conflicts and wars, political instability and trade disputes;- risks related to pricing structure, payment and currency, including aligning our pricing model and payment terms with local norms, higher levels of credit risk and payment fraud, difficulties in invoicing and collecting in foreign currencies and associated foreign currency exposure, and difficulties in repatriating or transferring funds from or converting currencies; and - reduced protection for intellectual property rights in some countries and practical difficulties in enforcing contractual and intellectual property rights abroad. We have a U.K. entity through which we have entered into international client and partner agreements, including with those in the EU, which are governed by English Law, and some of our clients and partners pay us in British Pounds and Euros. We may incur significant operating expenses as a result of our international operations and expansion, and we may not be successful. Our international business also subjects us to the impact of differing regulatory requirements, costs and difficulties in managing a distributed workforce, and potentially adverse tax consequences in the United States and abroad. If our international activities were found to be in violation of any existing or future international laws or regulations or if interpretations of those laws and regulations were to change, our business in those countries could be subject to fines and other financial penalties, have licenses revoked, or be forced to restructure operations or shut down entirely. In addition, advertising markets outside of the United States are not as developed as those within the United States, and we may be unable to grow our business sufficiently. Any failure to successfully manage the risks and challenges related to our international operations could adversely affect our business, financial condition and results of operations.

Our business and operations have been, and could in the future be, adversely affected by health epidemics, such as the global COVID-19 pandemic. The COVID-19 pandemic and efforts to control its spread curtailed the movement of people, goods and services worldwide, including in the regions in which we and our clients and partners operate, and significantly impacted economic activity and financial markets. Many marketers decreased or paused their advertising spending as a response to the economic uncertainty, decline in business activity and other COVID-19-related impacts, which negatively impacted, and with respect to other future health epidemics, may negatively impact, our revenue and results of operations, the extent and duration of which we may not be able to accurately predict. The economic uncertainty caused by the COVID-19 pandemic made, and future health epidemics may make, it difficult for us to forecast revenue and operating results and to make decisions regarding operational cost structures and investments. The duration and extent of the impact from future health epidemics or other health events depend on future developments that cannot be accurately predicted at this time, including measures taken by governments, businesses and other organizations in response to such epidemic or other public health event, and if we are not able to respond to and manage the impact of such events effectively, our business may be harmed.

While the majority of the transactions through our platform are denominated in U.S. Dollars, we have transacted in foreign currencies, both for inventory and data and for payments by clients from use of our platform. We also have expenses denominated in currencies other than the U.S. Dollar. Given our anticipated international growth, we expect the number of transactions in a variety of foreign currencies to continue to grow in the future. While we generally require a fee from our clients that pay in non-U.S. currency, this fee may not always cover foreign currency exchange rate fluctuations. In addition, for those clients that pay in non-U.S. currency, we often pay for the advertising inventory and data purchased by such clients in U.S. Dollars. As a result, any increase in the value of the U.S. Dollar against these foreign currencies could cause our revenue to decline relative to our costs. Although we currently have a program to hedge exposure to foreign currency fluctuations, the use of hedging instruments may not be available for all currencies or may not always offset losses resulting from foreign currency exchange rate fluctuations. Moreover, the use of hedging instruments can itself result in losses if we are unable to structure effective hedges with such instruments.