Uber Technologies (UBER) Risk Factors

In certain jurisdictions, including expansion markets such as Argentina, Germany, Italy, Japan, South Korea, and Spain, our ridesharing business model has been blocked, capped, or suspended, or we have been required to change our business model, due primarily to laws and significant regulatory restrictions in such jurisdictions. In some cases, we have applied for and obtained licenses or permits to operate and must continue to comply with the license or permit requirements or risk revocation. In addition, we may not be able to maintain or renew any such license or permit. We cannot predict whether future regulatory decisions or legislation in other jurisdictions may embolden or encourage other authorities to take similar actions even where we are operating according to the terms of an existing license or permit. Traditional taxicab and car service operators in various jurisdictions in the United States and abroad continue to lobby legislators and regulators to block our Mobility products or to require us to comply with regulatory, insurance, record-keeping, licensing, and other requirements to which taxicab and car services are subject. For example, in January 2019, we suspended our Mobility products in Barcelona after the regional government enacted regulations mandating minimum wait times before riders could be picked up by ridesharing drivers; in March 2021, we returned to Barcelona via taxis only. In December 2018, New York City's Taxi and Limousine Commission implemented a per-mile and per-minute minimum trip payment formula, designed to establish a minimum pay standard, for drivers providing for-hire services in New York City, such as those provided by Drivers on our platform. These minimum rates took effect in February 2019. Since implementation, these regulations have had an adverse impact on our financial performance in New York City and may continue to do so in the future. In August 2018, the New York City Council voted to approve various measures to further regulate our business, including driver earning rules, licensing requirements, and a one-year freeze on new for-hire vehicle licenses for ridesharing services like those enabled via our platform; the freeze on for-hire vehicle licenses remains. Additionally, in November 2019, a ballot measure to impose a surcharge on ridesharing trips in San Francisco was passed by voters in San Francisco and such surcharge took effect on January 1, 2020. Also in January 2020, a new tax went into effect in Chicago that imposes a surcharge of up to $3 per ridesharing trip taken in Chicago. In addition, in March 2022, a Washington state bill was signed into law establishing a minimum pay standard for drivers providing services on our platform, and other jurisdictions have in the past considered or may consider regulations which would implement minimum wage requirements or permit drivers to negotiate for minimum wages while providing services on our platform. Similar legislative or regulatory initiatives are being considered or have been enacted in countries outside the United States. If other jurisdictions impose similar regulations, our business growth could be adversely affected. In certain jurisdictions, we are subject to national, state, local, or municipal laws and regulations that are ambiguous in their application or enforcement or that we believe are invalid or inapplicable. In such jurisdictions, we may be subject to regulatory fines and proceedings and, in certain cases, may be required to cease operations altogether if we continue to operate our business as currently conducted, unless and until such laws and regulations are reformed to clarify that our business operations are fully compliant or such laws and regulations are determined to be invalid or inapplicable. For example, in September 2020, the Hong Kong Court of Final Appeal issued a ruling against a group of drivers who used the Uber app, concluding that by driving for hire without a Hire Car Permit, they violated the local Road Traffic Ordinance. A judicial review process is pending. However, these developments may adversely affect our ability to offer ridesharing services and negatively impact our financial performance in Hong Kong. As another example, in January 2020, we ceased offering our Mobility products in Colombia after a Colombian court ruled that we violated local competition laws. In response, we appealed the decision, made certain changes to our Mobility products in Colombia and re-launched Mobility in Colombia in February 2020, and in June 2020, the Appeals Court of Bogota revoked its order to block Mobility products in Colombia. Furthermore, in certain of these jurisdictions, we continue to provide our products and offerings while we assess the applicability of these laws and regulations to our products and offerings or while we seek judicial, regulatory or policy changes to address concerns with respect to our ability to comply with these laws and regulations. Our decision to continue operating in these instances has come under investigation or has otherwise been subject to scrutiny by government authorities. Our continuation of this practice and other past practices may result in fines or other penalties against us and Drivers imposed by local regulators, potentially increasing the risk that our licenses or permits that are necessary to operate in such jurisdictions will not be renewed. Such fines and penalties have in the past been, and may in the future continue to be, imposed solely on Drivers, which may cause Drivers to stop providing services on our platform. In many instances, we make the business decision as a gesture of goodwill to pay the fines on behalf of Drivers or to pay Drivers' defense costs, which, in the aggregate, can be in the millions of dollars. Furthermore, such business practices may also result in negative press coverage, which may discourage Drivers and consumers from using our platform and could adversely affect our revenue. In addition, we face regulatory obstacles, including those lobbied for by our competitors or from local governments globally, that have favored and may continue to favor local or incumbent competitors, including obstacles for potential Drivers seeking to obtain required licenses or vehicle certifications. In addition, an increasing number of municipalities have proposed delivery network fee caps with respect to our Delivery offering and caps on surge pricing with respect to our Mobility offering. We have incurred, and expect that we will continue to incur, significant costs in defending our right to operate in accordance with our business model in many jurisdictions. To the extent that efforts to block or limit our operations are successful, or we or Drivers are required to comply with regulatory and other requirements applicable to taxicab and car services, our revenue and growth would be adversely affected.

We operate in an industry in which the competition for Drivers is intense. In this highly competitive environment, the means we use to onboard and attract Drivers may be challenged by competitors, government regulators, or individual plaintiffs. For example, putative class actions have been filed by individual plaintiffs against us for alleged violation of the Telephone Consumer Protection Act of 1991, alleging, among other things, that plaintiffs received text messages from us regarding our Driver program without their consent or after indicating to us they no longer wished to receive such text messages. These lawsuits are expensive and time consuming to defend, and, if resolved adversely to us, could result in material financial damages and penalties, costly adjustments to our business practices, and negative publicity. In addition, we could incur substantial expense and possible loss of revenue if competitors file additional lawsuits or other claims challenging these practices.

The tax laws applicable to our global business activities are subject to uncertainty and can be interpreted differently by different companies. For example, we may become subject to sales tax rates in certain jurisdictions that are significantly greater than the rates we currently pay in those jurisdictions. Like many other multinational corporations, we are subject to tax in multiple U.S. and foreign jurisdictions and have structured our operations to reduce our effective tax rate. Currently, certain jurisdictions are investigating our compliance with tax rules. If it is determined that we are not compliant with such rules, we could owe additional taxes. Certain jurisdictions, including Australia, Kingdom of Saudi Arabia, the UK and other countries, require that we pay any assessed taxes prior to being allowed to contest or litigate the applicability of tax assessments in those jurisdictions. These amounts could materially adversely impact our liquidity while those matters are being litigated. This prepayment of contested taxes is referred to as "pay-to-play." Payment of these amounts is not an admission that we believe we are subject to such taxes; even when such payments are made, we continue to defend our positions vigorously. If we prevail in the proceedings for which a pay-to-play payment was made, the jurisdiction collecting the payment will be required to repay such amounts and also may be required to pay interest. Additionally, the taxing authorities of the jurisdictions in which we operate have in the past, and may in the future, examine or challenge our methodologies for valuing developed technology, which could increase our worldwide effective tax rate and harm our financial position and operating results. Furthermore, our future income taxes could be adversely affected by earnings being lower than anticipated in jurisdictions that have lower statutory tax rates and higher than anticipated in jurisdictions that have higher statutory tax rates, changes in the valuation allowance on our U.S. and Netherlands' deferred tax assets, or changes in tax laws, regulations, or accounting principles. We are subject to regular review and audit by both U.S. federal and state tax authorities, as well as foreign tax authorities, and currently face numerous audits in the United States and abroad. Any adverse outcome of such reviews and audits could have an adverse effect on our financial position and operating results. In addition, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by our management, and we have engaged in many transactions for which the ultimate tax determination remains uncertain. The ultimate tax outcome may differ from the amounts recorded in our financial statements and may materially affect our financial results in the period or periods for which such determination is made. Our tax positions or tax returns are subject to change, and therefore we cannot accurately predict whether we may incur material additional tax liabilities in the future, which could impact our financial position. In addition, in connection with any planned or future acquisitions, we may acquire businesses that have differing licenses and other arrangements that may be challenged by tax authorities for not being at arm's-length or that are otherwise potentially less tax efficient than our licenses and arrangements. Any subsequent integration or continued operation of such acquired businesses may result in an increased effective tax rate in certain jurisdictions or potential indirect tax costs, which could result in us incurring additional tax liabilities or having to establish a reserve in our consolidated financial statements, and could adversely affect our financial results.

The nature of our business exposes us to claims, including civil lawsuits in the United States such as those related to the 2016 Breach. These and any past or future privacy or security incidents could result in violation of applicable U.S. and international privacy, data protection, and other laws. Such violations subject us to individual or consumer class action litigation as well as governmental investigations and proceedings by federal, state, and local regulatory entities in the United States and internationally, resulting in exposure to material civil or criminal liability. Our data security and privacy practices have been the subject of inquiries from government agencies and regulators, not all of which are finally resolved. In April 2018, we entered into an FTC consent decree pursuant to which we agreed, among other things, to implement a comprehensive privacy program, undergo biennial third-party assessments, and not misrepresent how we protect consumer information through 2038. In October 2018, the FTC approved the final settlement, which exposes us to penalties for, amongst other activities, future failure to report security incidents. In November and December 2018, UK, Dutch and French supervisory authorities imposed fines totaling approximately $1.6 million. We have also entered into settlement agreements with numerous state enforcement agencies. For example, in January 2016, we entered into a settlement with the Office of the New York State Attorney General under which we agreed to enhance our data security practices. In addition, in September 2018, we entered into stipulated judgments with the state attorneys general of all 50 U.S. states and the District of Columbia relating to the 2016 Breach, which involved payment of $148 million and assurances that we would enhance our data security and privacy practices. In addition, in March 2022, Uber Technologies, Inc. and Uber B.V. were each fined €2.12 million by the Italian data protection authority for alleged privacy violations stemming from an investigation conducted in 2018. Additionally, in July 2022, we entered into a non-prosecution agreement with the DOJ concerning its investigation into our handling of the 2016 Breach. Failure to comply with these and other orders could result in substantial fines, enforcement actions, injunctive relief, and other penalties that may be costly or that may impact our business. We may also assume liabilities for breaches experienced by the companies we acquire as we expand our operations. For example, in April 2018, Careem publicly disclosed and notified relevant regulatory authorities that it had been subject to a data security incident that allowed access to certain personal information of riders and drivers on its platform as of January 14, 2018. If Careem becomes subject to liability as a result of this or other data security incidents or if we fail to remediate this or any other data security incident that Careem or we experience, we may face harm to our brand, business disruption, and significant liabilities. In addition, in July 2020, Drizly publicly disclosed that it had been subject to a data security incident that allowed access to certain personal information of customers on its platform, and in November 2021 Drizly obtained final court approval of a settlement in a resulting class action litigation. Moreover, in January 2023, the FTC announced a final order relating to the data security incident. If we fail to remediate any other data security incident that we experience, we may face harm to our brand, business disruption, and significant liabilities. Our insurance programs may not cover all potential claims to which we are exposed and may not be adequate to indemnify us for the full extent of our potential liabilities. We may also be impacted by privacy or security incidents at third-party service providers. We rely on third-party service providers to host or otherwise process some of our data and that of platform users, and they have experienced, and may again experience, security and privacy incidents. Any failure by such third party to prevent or mitigate security breaches or improper access to, or use, acquisition, disclosure, alteration, or destruction of, such data could have similar adverse consequences for us. This risk is enhanced in certain jurisdictions with stringent privacy laws and, as we expand our products, offerings, and operations domestically and internationally, we have been, and may continue to become, subject to amended or additional laws that impose substantial additional obligations related to data privacy and security. The EU adopted the GDPR in 2016, and it became effective in May 2018. The GDPR applies extraterritorially and imposes stringent requirements for controllers and processors of personal data. Such requirements include higher consent standards to process personal data, robust disclosures regarding the use of personal data, strengthened individual data rights, data breach requirements, limitations on data retention, strengthened requirements for special categories of personal data and pseudonymised (i.e., key-coded) data, and additional obligations for contracting with service providers that may process personal data. In addition, the GDPR contains a provision that individuals shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. Decisions based on AI or on automated processing of data, or insufficient disclosures regarding this processing, have and could impair our business and have and could subject us to lawsuits, regulatory investigations or other harm. The GDPR further provides that EU member states may institute additional laws and regulations impacting the processing of personal data, including (i) special categories of personal data (e.g., racial or ethnic origin, political opinions, and religious or philosophical beliefs) and (ii) certain decisions based solely on automated processing, including profiling. Such additional laws and regulations could limit our ability to use and share personal or other data, thereby increasing our costs and harming our business and financial condition. Non-compliance with the GDPR (including any non-compliance by any acquired business) is subject to significant penalties, including fines of up to the greater of €20 million or 4% of total worldwide revenue, and injunctions against the processing of personal data. Other jurisdictions outside the EU are similarly introducing or enhancing privacy and data security laws, rules, and regulations, including for automated processing, decision making, and profiling, which will increase our compliance costs and the risks associated with non-compliance. For example, the California Consumer Privacy Act ("CCPA"), which provided new privacy rights for consumers and new operational requirements for businesses, went into effect in January 2020. The CCPA includes a statutory damages framework and private rights of action against businesses that fail to comply with certain CCPA terms or implement reasonable security procedures and practices to prevent data breaches. Other U.S. states have adopted, and likely will continue to adopt, similar laws that provide new consumer privacy rights and business operational requirements. Brazil provides another example, having passed the General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, or LGPD) in 2018, which is now in effect. These laws may be subject to amendments and regulations that may change over time, or result in additional follow-on laws such as the California Privacy Rights Act ("CPRA") passed in California in November 2020. For further information on risks related to our use of certain decisions based solely on automated processing or profiling, see the risk factor titled "-Our growing use of artificial intelligence and machine learning may present additional risks, including risks associated with algorithm development or use, the tools and data sets used, and/or a complex, developing regulatory environment." Additionally, we are subject to laws, rules, and regulations regarding cross-border transfers of personal data, including laws relating to transfer of personal data outside the EEA. We rely on transfer mechanisms permitted under these laws. Such mechanisms have received heightened regulatory and judicial scrutiny and have undergone modifications, and a 2020 decision by the Court of Justice of the European Union had cast doubt on the adequacy of all of the formerly-approved mechanisms for transferring personal data from countries in the EEA to certain other countries such as the United States. While in July 2023 the European Commission deemed a new EU-US Data Privacy Framework adequate for personal data transfers from the EU (and the rest of the EEA) to the US, this Framework has been challenged. If we cannot rely on existing mechanisms for transferring personal data from the EEA, the United Kingdom, or other jurisdictions, we may be unable to transfer personal data of Drivers, consumers, or employees in those regions, which could have an adverse effect on our business, financial condition, and operating results, and has resulted in and may result in substantial fines, enforcement actions, litigation, injunctive relief, and other penalties that may be costly or that may impact our business. In addition, we may be required to disclose personal data pursuant to demands from government agencies, including from state and city regulators as a requirement for obtaining or maintaining a license or otherwise, from law enforcement agencies, and from intelligence agencies. This disclosure or potential disclosure may result in a failure or perceived failure by us to comply with privacy and data protection policies, notices, laws, rules, and regulations, could result in proceedings or actions against us in the same or other jurisdictions, and could have an adverse impact on our reputation and brand. In addition, Careem has historically shared certain user data with certain government authorities, which conflicts with our global policies regarding data use, sharing, and ownership. We expect to maintain our data use, sharing, and ownership practices for both our business and Careem's business, and doing so may cause our relationship with government authorities in certain jurisdictions to suffer, and may result in such government authorities assessing fines or penalties against us. Further, if any jurisdiction in which we operate changes its laws, rules, or regulations relating to data residency or local computation such that we are unable to comply in a timely manner or at all, we may risk losing our rights to operate in such jurisdictions. This could adversely affect the manner in which we provide our products and offerings and thus materially affect our operations and financial results. Such data protection laws, rules, and regulations are complex and their interpretation is rapidly evolving, making implementation and enforcement, and thus compliance requirements, ambiguous, uncertain, and potentially inconsistent. This includes, for example, those relating to the processing of data for purposes of advertising and profile creation, which are subject to evolving disclosure, choice, and consent requirements in the EU, US states, and other jurisdictions. Compliance with such laws may require changes to our data collection, use, transfer, disclosure, and other processing and certain other related business practices and may thereby increase compliance costs or otherwise adversely affect our operations. Additionally, any failure or perceived failure by us to comply with privacy and data protection policies, notices, laws, rules, orders and regulations could result in proceedings or actions against us by individuals, consumer rights groups, governmental entities or agencies, or others. We could incur significant costs investigating and defending such claims and, if found liable, significant damages. Further, these proceedings and any subsequent adverse outcomes may subject us to significant penalties and negative publicity. If any of these events were to occur, our business and financial results could be significantly disrupted and adversely affected.

To continue to retain and attract Drivers, consumers, merchants, Shippers, and Carriers to our platform, we will need to continue to invest in the development of new products, offerings, and features that add value for Drivers, consumers, merchants, Shippers, and Carriers and that differentiate us from our competitors. For example, in January 2020, we introduced a number of product changes in California intended to, among other things, provide Drivers with more information about rider destinations, trip distance, and expected fares, display prices more clearly, and allow users to select preferred Drivers, all of which are intended to further strengthen the independence of Drivers in California and protect their ability to work flexibly when using the Uber platform. Developing and delivering new or upgraded products, offerings, and features is costly, and the success of such new products, offerings, and features depends on several factors, including the timely completion, introduction, and market acceptance of such products, offerings, and features. Moreover, any such new or upgraded products, offerings, or features may not work as intended or may not provide intended value to platform users. For example, some product changes in California have resulted in, and may continue to result in, reduced demand for rides and reduced supply of Drivers on our platform, Driver dissatisfaction, and adverse impacts on the operation of our platform. If we are unable to continue to develop new or upgraded products, offerings, and features, or if platform users do not perceive value in such new or upgraded products, offerings, and features, platform users may choose not to use our platform, which would adversely affect our operating results.

We collect, use, and process a variety of personal data, such as email addresses, mobile phone numbers, profile photos, location information, drivers' license numbers and Social Security numbers of Drivers, consumer payment card information, and Driver and merchant bank account information. As such, we are an attractive target of data security attacks by third parties and insiders. Any failure to prevent or mitigate security breaches or improper access to, or use, acquisition, disclosure, alteration or destruction of, any such data could result in significant liability and a material loss of revenue resulting from the adverse impact on our reputation and brand, a diminished ability to retain or attract new platform users, and disruption to our business. We rely on third-party service providers to host or otherwise process some of our data and that of platform users, and they have experienced, and may again experience, security and privacy incidents. Any failure by such third party to prevent or mitigate security breaches or improper access to, or use, acquisition, disclosure, alteration, or destruction of, such data could have similar adverse consequences for us. Because the techniques used to obtain unauthorized access, disable or degrade services, or sabotage systems change frequently and are often unrecognizable until launched against a target, we may be unable to anticipate these techniques and implement adequate preventative measures. Our servers, internal systems, and platform may be vulnerable to computer viruses or physical or electronic break-ins that our security measures may not detect. Individuals able to circumvent our security measures may misappropriate confidential, proprietary, or personal information held by or on behalf of us, disrupt our operations, damage our computers, or otherwise damage our business. In addition, we may need to expend significant resources to protect against security breaches or mitigate the impact of any such breaches, including potential liability that may not be limited to the amounts covered by our insurance. Security breaches could also expose us to liability under various laws and regulations across jurisdictions and increase the risk of litigation and governmental investigation. We have been subject to security and privacy incidents in the past and may be again in the future. For example, in September 2022, we experienced a cybersecurity incident where an attacker accessed certain internal corporate systems, tools and data. In October and November of 2016, outside actors downloaded the personal data of approximately 57 million Drivers and consumers worldwide (the "2016 Breach"). The accessed data included the names, email addresses, mobile phone numbers, and drivers' license numbers of approximately 600,000 Drivers, among other information. For further information on this incident, see the risk factors titled "-We currently are subject to a number of inquiries, investigations, and requests for information from the DOJ, other federal, state and local government agencies and other foreign government agencies, the adverse outcomes of which could harm our business" and "-We face risks related to our collection, use, transfer, disclosure, and other processing of data, which could result in investigations, inquiries, litigation, fines, legislative, and regulatory action, and negative press about our privacy and data protection practices," below. As we expand our operations, we may also assume liabilities for breaches experienced by the companies we acquire. For example, in April 2018, Careem publicly disclosed and notified relevant regulatory authorities that it had been subject to a data security incident that allowed access to certain personal information of riders and drivers on its platform, as of January 14, 2018. If Careem becomes subject to liability as a result of this or other data security incidents, or if we fail to remediate this or any other data security incident that Careem or we experience, we may face harm to our brand, business disruption, and significant liabilities. In addition, in July 2020, Drizly publicly disclosed that it had been subject to a data security incident that allowed access to certain personal information of customers on its platform, and in November 2021 Drizly obtained final court approval of a settlement in a resulting class action litigation. Moreover, in January 2023, the U.S. Federal Trade Commission (the "FTC") announced a final order relating to the data security incident. If we fail to remediate this or any other data security incident that we experience, we may face harm to our brand, business disruption, and significant liabilities. Security and privacy incidents have led to, and may continue to lead to, additional regulatory scrutiny.

Our growing use of artificial intelligence ("AI") (including machine learning) in our business and offerings presents additional risks. This technology presents a number of risks inherent in its use. AI algorithms or automated decision-making or processing of data may be flawed and datasets may be insufficient or contain biased information, which can create inaccurate or discriminatory outcomes. AI tools and algorithms may use third-party AI with unclear intellectual property rights or interests. Intellectual property ownership and license rights, including copyright, of generative and other AI output, have not been fully interpreted by courts or regulations. Europe, the United States and other countries are enacting or may consider comprehensive legal compliance frameworks specifically for AI, which is a trend that may increase now that European lawmakers have passed the first such framework, the European Artificial Intelligence Act ("AI Act"), which came into effect in August 2024. Further, more specific AI-related laws and regulations have been enacted, and are expected to continue to be enacted, around the world. Any failure or perceived failure by us to comply with such requirements could have an adverse impact on our business. AI use or management by us or others, including certain decisions based (whether partially or solely) on automated processing or profiling, inappropriate or controversial data practices, or insufficient disclosures regarding machine learning and algorithms or AI-generated content, have impaired and could impair the acceptance of AI solutions or subject us to lawsuits, regulatory investigations or other harm, such as negative impacts to the value of our intellectual property or our brand. These and other deficiencies could also undermine the decisions, predictions or analysis AI applications produce, or lead to unintentional bias and discrimination, subjecting us to competitive harm, legal liability, and brand or reputational harm. The rapid evolution of AI may require us to allocate additional resources to help implement AI ethically in order to minimize unintended or harmful impacts, and may also require us to make additional investments in the development of proprietary datasets, machine learning models or other systems, which may be costly.

Since our inception, we have experienced rapid growth in the United States and internationally. This expansion increases the complexity of our business and has placed, and will continue to place, significant strain on our management, personnel, operations, systems, technical performance, financial resources, and internal financial control and reporting functions. We may not be able to manage our growth effectively, which could damage our reputation and negatively affect our operating results. As of September 30, 2024, we had approximately 30,800 global employees, of whom approximately 17,800 were located outside the United States. The total number of our employees located outside the United States has increased and may continue to increase as we expand globally. Properly managing our growth will require us to continue to hire, train, and manage qualified employees and staff, including engineers, operations personnel, financial and accounting staff, and sales and marketing staff, and to improve and maintain our technology. If our new hires perform poorly, if we are unsuccessful in hiring, training, managing, and integrating new employees and staff, or if we are not successful in retaining our existing employees and staff, our business may be harmed. Moreover, in order to optimize our organizational structure, we have implemented several reductions in workforce and restructurings, and may in the future implement other reductions in workforce. Any reduction in workforce or restructuring may yield unintended consequences and costs, such as attrition beyond the intended reduction in workforce, the distraction of employees, or reduced employee morale and could adversely affect our reputation as an employer, which could make it more difficult for us to hire new employees in the future and increase the risk that we may not achieve the anticipated benefits from the reduction in workforce. Properly managing our growth or any reductions in workforce will require us to establish consistent policies across regions and functions, and a failure to do so could likewise harm our business. Our failure to upgrade our technology or network infrastructure effectively to support our growth could result in unanticipated system disruptions, slow response times, or poor experiences for Drivers, consumers, merchants, Shippers, and Carriers. To manage the growth of our operations and personnel and improve the technology that supports our business operations, as well as our financial and management systems, disclosure controls and procedures, and internal controls over financial reporting, we will be required to commit substantial financial, operational, and technical resources. In particular, we will need to improve our transaction processing and reporting, operational, and financial systems, procedures, and controls. For example, due to our significant growth, especially with respect to our high-growth emerging offerings like Delivery and Freight, we face challenges in timely and appropriately designing controls in response to evolving risks of material misstatement. These improvements are and will be particularly challenging when we acquire new businesses with different systems. Our current and planned personnel, systems, procedures, and controls may not be adequate to support our future operations. If we are unable to expand our operations and hire additional qualified personnel in an efficient manner, or if our operational technology is insufficient to reliably service Drivers, consumers, merchants, Shippers, or Carriers, platform user satisfaction will be adversely affected and may cause platform users to switch to our competitors' platforms, which would adversely affect our business, financial condition, and operating results. Our organizational structure is complex and will continue to grow as we add additional Drivers, consumers, merchants, Carriers, Shippers, employees, products and offerings, and technologies, and as we continue to expand globally. We will need to improve our operational, financial, and management controls as well as our reporting systems and procedures to support the growth of our organizational structure. We will require capital and management resources to grow and mature in these areas. If we are unable to effectively manage the growth of our business, the quality of our platform may suffer, and we may be unable to address competitive challenges, which would adversely affect our overall business, operations, and financial condition.

Our platform relies on third parties maintaining open marketplaces, including the Apple App Store and Google Play, which make applications available for download. We cannot assure you that the marketplaces through which we distribute our platform will maintain their current structures or that such marketplaces will not charge us fees to list our applications for download. For example, Apple Inc. requires that iOS apps obtain users' permission to track their activities across third-party apps and websites. If iOS users do not grant us such permission, our ability to target those users for advertisements and to measure the effectiveness of such advertisements may be adversely affected, which could decrease the effectiveness of our advertising, and increase our costs to acquire and engage users on our platform. We rely upon certain third parties to provide software for our products and offerings, including Google Maps for the mapping function that is critical to the functionality of our platform. We do not believe that an alternative mapping solution exists that can provide the global functionality that we require to offer our platform in all of the markets in which we operate. We do not control all mapping functions employed by our platform or Drivers using our platform, and it is possible that such mapping functions may not be reliable. If such third parties cease to provide access to the third-party software that we and Drivers use, do not provide access to such software on terms that we believe to be attractive or reasonable, or do not provide us with the most current version of such software, we may be required to seek comparable software from other sources, which may be more expensive or inferior, or may not be available at all, any of which would adversely affect our business.

Factors such as inflation, increased fuel prices, and increased vehicle purchase, rental, insurance, or maintenance costs, including increased prices of new and used vehicle parts as a result of recent global supply chain challenges, and increased fuel prices as result of the conflict between Russia and Ukraine and the conflict in the Middle East, have and may continue to increase the costs incurred by Drivers and Carriers when providing services on our platform. Similarly, factors such as inflation, increased food costs, increased labor and employee benefit costs, increased rental costs, and increased energy costs may increase merchant operating costs, particularly in certain international markets, such as Egypt. Many of the factors affecting Driver, merchant, and Carrier costs are beyond the control of these parties. In many cases, these increased costs may cause Drivers and Carriers to spend less time providing services on our platform or to seek alternative sources of income. Likewise, these increased costs may cause merchants to pass costs on to consumers by increasing prices, which would likely cause order volume to decline, may cause merchants to cease operations altogether, or may cause Carriers to pass costs on to Shippers, which may cause shipments on our platform to decline. A decreased supply of Drivers, consumers, merchants, Shippers, or Carriers on our platform would decrease our network liquidity, which could harm our business and operating results. Dependencies on Third Parties

Our historical workplace culture and forward-leaning approach created significant operational and cultural challenges that have in the past harmed, and may in the future continue to harm, our business results and financial condition. Our prior failure to prioritize compliance has led to increased regulatory scrutiny globally. Although we have since made changes in our company's cultural values and composition of our leadership team and have an ongoing commitment to promote transparency and collaboration, regulators may continue to perceive us negatively, which would adversely impact our business, financial condition, operating results, and prospects.

We face climate change related physical and transition risks, which include risks associated with market shifts toward more sustainable or renewable forms of energy and energy conservation. In the context of our business, this includes market shifts toward electric vehicles ("EVs") and lower carbon business models, and potential increased energy costs. Physical climate change risks include risks related to extreme weather events or natural disasters, and include extreme storms and temperatures, flooding, droughts, freezes, wildfires, earthquakes and tsunamis, as well as chronic changes such as sea-level rise. Climate-related events, including the increasing frequency, severity and duration of extreme weather events and their impact on critical infrastructure in the United States and elsewhere, have the potential to disrupt our business, our third-party suppliers, and the business of merchants, Shippers, Carriers and Drivers using our platform, and may cause us to experience higher losses and additional costs to maintain or resume operations. While we and third parties may take various actions to mitigate business risks associated with climate change, this may require incurring substantial costs and may not be successful, due to, among other things, the uncertainty associated with the longer-term projections associated with managing climate risks. Additionally, we are or may become subject to emerging environmental and social laws and regulations, including climate policies such as regulations adopted in California in May 2021 requiring 90% of vehicle miles traveled by rideshare fleets in California to have been in zero emission vehicles by 2030, with interim targets beginning in 2023. In addition, Drivers may be subject to climate-related policies that indirectly impact our business, such as the Congestion Charge Zone and Ultra Low Emission Zone schemes adopted in London that impose fees on drivers in fossil-fueled vehicles, which may impact our ability to attract and maintain Drivers on our platform, and to the extent we experience Driver supply constraints in a given market, we may need to increase Driver incentives. Moreover, environmental and social laws and regulations, including climate regulations, are also increasing with a variety of stakeholders, including regulators seeking more information on related risks and impacts. For example, we are subject to regulation adopted in the European Union in December 2022, the Corporate Sustainability Reporting Directive, with targets beginning in 2024. In the United States, we are subject to regulation and legislation at the state level, for example California recently adopted climate-related disclosure legislation and other states are expected to do so, and at the federal level by the US Securities and Exchange Commission. Additional regulation may require us to incur significant additional costs to comply, including the implementation of significant additional internal controls processes and procedures regarding matters that have not been subject to such levels of controls in the past, and impose increased oversight obligations on our management and board of directors, as well as require us to hire third party experts. Additional regulatory requirements may also end up exposing us to increased activism, litigation and enforcement. All of these risks may also impact our suppliers, business partners or customers, which may impact our business, financial condition, or results of operations.