Yelp (YELP) Risk Factors

Our industry is prone to cyber-attacks by third parties seeking unauthorized access to our data or users’ data, or to disrupt our ability to provide our services. Any failure to prevent or mitigate security breaches could expose us to the risk of loss or misuse of private user and business information, which could result in potential liability and litigation. We may be a particularly compelling target for such attacks as a result of our brand recognition. Computer viruses, break-ins, malware, social engineering (particularly spear phishing attacks), attempts to overload servers with denial-of-service or other attacks and similar disruptions from unauthorized use of computer systems have become more prevalent in our industry, have occurred on our systems in the past and are expected to occur periodically on our systems in the future. The changes in our work environment as a result of the COVID-19 pandemic and our decision to continue operating with a distributed workforce could impact the security of our systems, as well as our ability to protect against attacks and detect and respond to them quickly. We may also be subject to increased cyber-attacks, such as phishing attacks by threat actors using the attention placed on the pandemic as a method for targeting our personnel. In addition, we face risks associated with security breaches affecting our third-party partners and service providers. A security breach at any such third party could be perceived by consumers as a security breach of our systems and result in negative publicity, damage to our reputation and expose us to other losses. Cyber-attacks continue to evolve in sophistication and volume, and may be inherently difficult to detect for long periods of time. Although we have developed systems and processes that are designed to protect our data and prevent data loss and other security breaches, the techniques used to obtain unauthorized access, disable or degrade service or sabotage systems change frequently, often are not recognized until launched against a target or long after, and may originate from less regulated and more remote areas around the world. As a result, these preventative measures may not be adequate and we cannot assure you that they will provide absolute security. Although none of the disruptions we have experienced to date have had a material effect on our business, any future disruptions could lead to interruptions, delays or website shutdowns, causing loss of critical data or the unauthorized disclosure or use of personally identifiable or other confidential information. Even if we experience no significant shutdown or no critical data is lost, obtained or misused in connection with an attack, the occurrence of such attack or the perception that we are vulnerable to such attacks may harm our reputation, degrade the user experience, cause loss of confidence in our products or result in financial harm to us. Any or all of these issues could negatively impact our ability to attract new users, deter current users from returning to our platform, cause existing or potential advertisers to cancel their contracts or subject us to third-party lawsuits or other liabilities. For example, we work with a third-party vendor to process credit card payments by users and businesses, and are subject to payment card association operating rules. Compliance with applicable operating rules, however, will not necessarily prevent illegal or improper use of our payment systems, or the theft, loss or misuse of payment information. If our security measures fail to prevent fraudulent credit card transactions and protect payment information adequately as a result of employee error, malfeasance or otherwise, or we fail to comply with the applicable operating rules, we could be liable to the users and businesses for their losses, as well as the vendor under our agreement with it, and be subject to fines and higher transaction fees. In addition, government authorities could also initiate legal or regulatory actions against us in connection with such incidents, which could cause us to incur significant expense and liability or result in orders or consent decrees forcing us to modify our business practices.

We compete in rapidly evolving and intensely competitive markets, and we expect competition to intensify further in the future with the emergence of new technologies and market entrants. We face competition for users, content, and advertising and other customers, including from: online search engines and directories; traditional, offline business guides and directories; online and offline providers of consumer ratings, reviews and referrals; providers of online marketing and tools for managing and optimizing advertising campaigns; various forms of traditional offline advertising; restaurant reservation and seating tools; food ordering and delivery services; and home and/or local services-related platforms and offerings. Our competitors may enjoy competitive advantages, such as greater name recognition, longer operating histories, substantially greater market share, large existing user bases and substantially greater financial, technical and other resources. These companies may use these advantages to offer products similar to ours at a lower price, develop different products to compete with our current solutions and respond more quickly and effectively than we do to new or changing opportunities, technologies, standards or client requirements. In particular, major Internet companies, such as Google, Facebook, Amazon and Microsoft, may be more successful than us in developing and marketing online advertising and other services directly to local businesses, and may leverage their relationships based on other products or services to gain additional share of advertising budgets. Certain competitors could also use strong or dominant positions in one or more markets to gain competitive advantage against us in areas in which we operate, including by: •integrating review platforms or features into products they control, such as search engines, web browsers or mobile device operating systems; •making acquisitions; •changing their unpaid search result rankings to promote their own products; •refusing to enter into or renew licenses on which we depend; •limiting or denying our access to advertising measurement or delivery systems; •limiting our ability to target or measure the effectiveness of ads; or •making access to our platform more difficult. These risks may be exacerbated by the trend in recent years toward consolidation among online media companies, potentially allowing our larger competitors to offer bundled or integrated products that feature alternatives to our platform. To compete effectively, we must continue to invest significant resources in product development to enhance user experience and engagement, as well as sales and marketing to expand our base of advertisers. However, there can be no assurance that we will be able to compete successfully for users and customers against existing or new competitors, and failure to do so could result in loss of existing users, reduced revenue, increased marketing expenses or diminished brand strength, any of which could harm our business.

We derive a substantial majority of our revenue based on our users' engagement with the ads that we display. Because traffic to our platform and user engagement on our platform together determine the number of ads we are able to show, affect the value of those ads to businesses and support the content creation that drives further traffic, our ability to attract, retain and engage visitors on our platform is critical to our business and financial success. A number of factors could adversely affect our traffic and user engagement, including, but not limited to: •our reliance on Internet search engines; •if users engage with other products, services or activities as an alternative to our platform; •if we fail to introduce new and improved products or features that users find engaging, or we introduce new products or features that do not effectively address consumer needs or otherwise alienate consumers; •the quantity and quality of the content contributed by our users, as well as the perceived distribution of such content across the categories of businesses on our platform; •increasing competition in the market for information regarding local businesses; •our ability to manage and prioritize information to ensure users are presented with content that is relevant and helpful to them, including through the effective operation of our automated recommendation software; •technical or other problems that negatively impact the availability and reliability of our platform or otherwise affect the user experience, including as a result of infrastructure performance problems and security breaches; •if users have difficulty installing, updating or otherwise accessing our platform as a result of actions by us or third parties that we rely on to distribute our products, such as application marketplaces and device manufacturers; •if users believe that their experience is diminished as a result of the decisions we make with respect to the frequency, relevance and prominence of the advertising we display; •adverse macroeconomic conditions and their negative impact on consumer spending at local businesses; •the adoption of any laws or regulations that adversely affect the growth, popularity or use of our platform or the Internet in general, such as the repeal of Internet neutrality regulations in the United States; •any actions taken by companies with significant market power in the broadband and Internet marketplace that degrade, disrupt or increase the cost of user access to our products and services; and •if we do not maintain our brand image or our reputation is damaged. While we believe that traffic will rebound organically as the pandemic recedes, we cannot predict the remaining duration of the pandemic or the magnitude of its impact on our traffic, and we expect that our traffic levels will continue to fluctuate with consumers’ level of confidence, particularly in our Restaurants, Retail and Other categories. We further anticipate that our traffic growth rate will continue to slow over the medium and long term, and potentially decrease in certain periods due to the maturation of our business and our high penetration rates in most major geographic markets within the United States and Canada. As our traffic growth rate slows, our business and financial performance will become increasingly dependent on our ability to drive user engagement with our platform and the ads that we display.

We have developed a strong brand that we believe has contributed significantly to the success of our business. Maintaining, protecting and enhancing the “Yelp” brand are critical to expanding our base of users and advertisers and increasing the frequency with which they use our solutions. If we fail to maintain and enhance our brand successfully, or if we incur excessive expenses in this effort, our business and financial results may be adversely affected. Our ability to do so will depend largely on our ability to maintain business owner and consumer trust in the integrity of our products and in the quality of the user content and other information found on our platform, which we may not do successfully. Although we dedicate significant resources to these goals, we may fail to respond to user or business owner concerns expeditiously or in a manner they perceive to be appropriate, which could erode confidence in our brand. For example, some consumers and businesses have alternately expressed concern that our technology either recommends too many reviews, thereby recommending some reviews that may not be legitimate, or too few reviews, thereby not recommending some reviews that may be legitimate. The actions of our partners, over whom we have limited, if any, control, may also affect the perceived integrity of our brand if users or advertisers do not have a positive experience interacting with or through them. In addition, our website and mobile app serve as a platform for expression by our users, and third parties or the public at large may attribute the political or other sentiments expressed by users on our platform to us, which could harm our reputation. Negative publicity about our company, including our technology, sales practices, personnel, customer service, litigation, strategic plans or political activities, could also diminish confidence in our brand and the use of our products. Certain media outlets have previously reported allegations, although untrue, that we manipulate our reviews, rankings and ratings in favor of our advertisers and against non-advertisers. Although we have taken action to combat this perception, our reputation and brand, and our traffic and business in turn, may suffer if negative publicity about our company persists or if users otherwise perceive that our content is manipulated or biased. Allegations and complaints regarding our business practices, and any resulting negative publicity, may also result in increased regulatory scrutiny of our company. In addition to requiring management time and attention, any regulatory inquiry or investigation could itself result in further negative publicity regardless of its merit or outcome. Trademarks are also an important element of our brand and require substantial investments to maintain, which may not be successful. We have faced in the past, and may face in the future, oppositions from third parties to our applications to register key trademarks. If we are unsuccessful in defending against these oppositions, our trademark applications may be denied. Whether or not our trademark applications are denied, third parties may claim that our trademarks infringe their rights. As a result, we could be forced to pay significant settlement costs or cease the use of these trademarks and associated elements of our brand. Doing so could harm our brand recognition and adversely affect our business. Conversely, if we are unable to prevent others from misusing our brand or passing themselves off as being endorsed or affiliated with us, it could harm our reputation and our business could suffer. For example, we have encountered instances of reputation management companies falsely representing themselves as being affiliated with us when soliciting customers; this practice could be contributing to the perception that business owners can pay to manipulate reviews, rankings and ratings.

We are subject to numerous domestic and foreign laws and regulations that involve matters central to our business, including laws regarding privacy, data protection, data security, user-generated content and consumer protection, among others, as described in more detail under "Business—Government Regulation" under Item 1 of this Annual Report. For example, we are subject to numerous laws around the world that restrict the collection, use, storing, processing and disclosure of personal information and other user data. We are also subject to a variety of laws, regulations and guidelines that regulate the way we distinguish paid search results and other types of advertising from unpaid search results. We operate in a rapidly evolving industry, and many laws and regulations that impact our business are being proposed, are still evolving or are being tested in courts, which adds to the complexity of operating our business. Our business could be adversely affected if we are required to change our current policies, practices or the design of our platform, products or features based on new laws, regulations or judicial interpretations. For example, there have been ongoing Congressional efforts to restrict the scope of the critical liability protections afforded to online platforms like ours under CDA 230, which could increase our content moderation costs and our exposure to liability in connection with the publication of third-party content, including user-generated reviews. Changes to CDA 230 could also cause us to remove more third-party content from our platform, particularly critical consumer commentary, in response to takedown demands that may or may not be legitimate, which would negatively affect the quality and quantity of information available through our service. Similarly, regulatory frameworks for privacy issues and behavioral advertising are currently in flux worldwide and are trending toward more restrictive obligations, reflecting increased public scrutiny of the practices of companies offering online services with respect to the personal information and behavior of their users. Changes to privacy and data security laws in particular could make it more difficult for consumers to use our platform, resulting in lower traffic and revenue, or make it more difficult for us to provide effective advertising tools to businesses on our platform, resulting in fewer advertisers and lower revenue. For example, in addition to giving residents expansive rights related to their personal information, California law restricts the “sale” of personal information and the use of cookies and similar technologies for certain advertising purposes. If these and other future restrictions negatively impact our ability to offer ad products that are highly targeted to audience interests, or to measure the effectiveness of our ad products, such as our ability to offer store-level attribution through integrations with third-party data partners, our ability to maintain and expand our base of advertisers will be harmed. These challenges may be compounded to the extent that different jurisdictions adopt inconsistent or conflicting laws and regulations applicable to our business, which would add complexity to our operations and increase our compliance costs. For example, laws in all states and U.S. territories require businesses to notify affected individuals and governmental entities of the occurrence of certain security breaches affecting personal information. However, these laws are not consistent, and compliance with them in the event of a widespread data breach would be complex and costly. It is also possible that the interpretation and application of various laws and regulations may conflict with other rules or our practices, such as industry standards to which we adhere, our privacy policies and our privacy-related obligations to third parties (including, in certain instances, voluntary third-party certification bodies). Uncertainty regarding the application and interpretation of existing laws and regulations due to court challenges or evolving legislation may also result in a significantly greater compliance burden for us. For example, a decision by the European Court of Justice of the European Union called into question one of the primary safeguards allowing transfers of personal information from Europe to the United States and most other countries under the U.S.-E.U. Privacy Shield Framework. The E.U. and the United States continue to negotiate a new set of safeguards that may impose additional obligations and requirements with respect to the transfer of E.U. personal data to other jurisdictions, which in turn may increase the legal risks and liabilities under the GDPR and local E.U. laws associated with cross-border data transfers, as well as result in material increases in our compliance and operational costs. If we are unable to implement a valid solution for personal information transfers from Europe, we will face increased exposure to regulatory actions, substantial fines, and injunctions against processing or transferring personal information from Europe and may be required to increase our data processing capabilities in Europe at significant expense. Similarly, in November 2020 California voters approved a ballot measure to enact the CPRA, which will come into effect in 2023 and significantly modifies the privacy obligations under the CCPA, creating uncertainty and requiring us to incur additional costs and expenses. Other states and countries have passed their own privacy legislation (for example, Virginia and Canada) or have such legislation pending. Aspects of the CCPA, CPRA and other laws remain unclear and we may be required to modify our practices further in an effort to comply with them. In addition to various laws and regulations, we must comply with the technical requirements and policies of the search engines, application marketplace operators, mobile operating systems and other third-party products and services on which we rely. For example, Apple recently made certain changes to its products and data use policies in connection with changes to its iOS operating system that reduce our ability to target and measure advertising. If we do not comply with these requirements, we could lose access to such products and services, which would harm our business. Our actual or perceived failure to comply with laws, regulations and other obligations could lead to costly legal action, adverse publicity, significant liability and decreased demand for our services, which could adversely affect our business, results of operations and financial condition. For example, our failure or perceived failure to comply with applicable laws and regulations may result, and in some cases has resulted, in inquiries and other proceedings and actions against us by governments, regulations or others. Responding to and resolving any future litigation, investigations, settlements or other regulatory actions may require significant time and resources, and could diminish confidence in, and the use of, our products. We may also be forced to implement new measures to reduce our legal exposure, which may require us to expend substantial resources, delay development of new products or discontinue certain products or features, which would negatively impact our business. For example, if we fail to comply with our privacy-related obligations to users or third parties, or any compromise of security that results in the unauthorized release or transfer of personal information or other user data, we may be compelled to provide additional disclosures to our users, obtain additional consents from our users before collecting or using their information or implement new safeguards to help our users manage our use of their information, among other changes. Any resulting negative publicity could adversely affect our reputation and brand, regardless of whether the internal resources expended and expenses incurred in connection with such inquiries and their resolutions are material.

We rely on relationships with various third parties to grow our business, including strategic partners and technology and content providers. For example, we rely on third parties for data about local businesses, mapping functionality, payment processing, information technology and systems, network infrastructure and administrative software solutions. We also rely on partnership integrations for various transactions available through Yelp, including Grubhub for food-ordering services. Identifying, negotiating and maintaining relationships with third parties require significant time and resources, as does integrating their data, services and technologies onto our platform. This may divert the attention of our management and employees from other aspects of our business operations, and there can be no assurance that we will be able to continue to realize the intended benefits of any given partnership. It is possible that third-party providers and strategic partners may not be able to devote the resources we expect to the relationships. We may also have competing interests and obligations with respect to certain of our partners, which may make it difficult to maintain, grow or maximize the benefit for each partnership. For example, we rely on the integration of our content into Apple Maps to drive a significant amount of traffic to our website and downloads of our application. If Apple were to offer products competitive with ours, such as local business reviews, our relationship with Apple would be negatively impacted and our longstanding partnership may be difficult to maintain as a result; if our partnership with Apple ended, we would be required to increase our marketing spend to drive traffic and downloads from alternate sources, which would adversely affect our financial results. Similarly, our entry into the online reservations space with our acquisition of SeatMe, Inc. in 2013 put us in competition with OpenTable, which led to the end of our partnership with OpenTable in 2015. If our relationships with our partners and providers deteriorate, we could suffer increased costs and delays in our ability to provide consumers and advertisers with content or similar services. As in the case of the expiration or termination of any of our agreements with third-party providers, transitioning from one partner or provider to another could subject us to operational delays and inefficiencies and we may not be able to replace the services provided to us in a timely manner or on terms that are favorable to us, if at all. In addition, we exercise limited control over our third-party partners and vendors, which makes us vulnerable to any errors, interruptions or delays in their operations. If these third parties experience any service disruptions, financial distress or other business disruption, or difficulties meeting our requirements or standards, it could make it difficult for us to operate some aspects of our business. For example, we rely on a single supplier to process payments of all transactions made through Yelp. Any disruption or problems with this supplier or its services could have an adverse effect on our reputation, results of operations and financial results. Similarly, the actions of our partners may affect our brand if users or customers do not have a positive experience interacting with or through them. For example, if advertisers do not have a positive experience purchasing our advertising products through our resale partners, such as Thryv, or the agency participants in our Yelp Ads Certified Partners Program, they may not continue advertising with us, which would negatively affect our revenue and operating results. Although such partners are contractually obligated to observe certain standards and best practices while selling our advertising products, our ability to ensure their compliance is limited. Any disagreements or disputes with these or other partners about our respective contractual obligations — which we have had in the past and may have again from time to time in the future — could result in legal proceedings or negatively affect our brand and reputation.

There is currently an uncertain and inflationary economic environment in the United States, partially as a result of the COVID-19 pandemic and efforts to contain it and manage its impacts, which have created significant macroeconomic disruption and volatility. In addition, the existence of inflation in the economy has resulted in, and may continue to result in, higher interest rates and capital costs, supply shortages, increased costs of labor, as well as weakening exchange rates and other similar effects. These challenging macroeconomic conditions have had, and may continue to have, a significant adverse impact on our business and results of operations. For example, adverse macroeconomic conditions have had, and may continue to have, a negative impact on the ability and willingness of advertisers to spend on our products and services. In 2020, businesses reduced their spending with us as a result of pandemic-related closures and restrictions, resulting in a 14% decrease in net revenue compared to 2019. Although public health restrictions eased in 2021, many businesses continued operating at a limited capacity as a safety precaution or in response to reduced consumer demand, which continued to negatively impact their advertising spending with us as a result. While our business has now surpassed its pre-pandemic performance in many areas and advertiser demand has been strong in 2022, many businesses continue to face supply chain issues, rising commodity prices, and inventory and labor shortages. We have observed increased caution among a subset of multi-location advertisers in the third quarter in response to the macroeconomic environment, which we expect to lead to less incremental spend from such advertisers in the fourth quarter, which may have an adverse impact on our results of operations for the fourth quarter of and full year 2022. Changes in consumer behavior due to adverse economic conditions may also negatively impact our business. For example, although vaccines became available and public health restrictions eased in 2021, consumer traffic to our platform remained below pre-pandemic 2019 levels as the number of COVID-19 cases continued to fluctuate; this impact was particularly pronounced in certain geographies within the United States and in our Restaurants, Retail & Other categories. Subsequent increases in economic uncertainty and inflationary pressures and the ongoing concerns related to COVID-19 and its variants have continued to negatively impact consumer traffic and user activity in 2022 compared to 2019. Additionally, the impacts of inflation are felt by consumers who face rising prices for a variety of goods and services, which could reduce the amount of discretionary spending that would otherwise be available, which could further impact consumer traffic. Because traffic to and user engagement on our platform together impact the number of ads we are able to show as well as the value of those ads to businesses, such negative impacts on consumer activity may also make it more difficult to convince existing and prospective advertisers that our products offer them a material benefit and generate a competitive return relative to other alternatives. Strong advertiser demand combined with less robust consumer activity has significantly increased our average CPC in the first three quarters of 2022 compared to the prior-year periods; if the value our products provide to advertisers does not keep pace with any further price increases, our revenue and results of operations could be harmed. This dynamic may be exacerbated if lower consumer activity is combined with a shift in consumer activity from categories with higher advertiser demand to those with lower advertiser demand, which we believe occurred in the first half of 2022 as consumer activity shifted away from our Services categories towards travel and leisure. As adverse macroeconomic conditions continue, our business is also exposed to a variety of other risks, including: - reductions in cash flows from operations and liquidity, which impact our capital allocation strategy in turn;- setbacks on our progress on our strategic initiatives as we reallocate resources to responding to such adverse conditions;- increased fluctuation in our operating results and volatility and uncertainty in our financial projections;- reductions in the quantity and quality of content provided by users, which may further harm traffic to our platform;- inefficiencies, delays and disruptions in our business due to the illness of key employees or a significant portion of our workforce;- additional restructuring and impairment charges; and - operational difficulties due to adverse effects of such conditions on our third-party service providers and strategic partners. It is not possible for us to predict the remaining duration of the ongoing adverse macroeconomic conditions or of the pandemic, the severity of future COVID-19 variants and resulting restrictions, or the duration or magnitude of any resulting adverse impact on our business.