Full Truck Alliance (YMM) Risk Factors

Regulatory authorities in China have enhanced regulatory requirements to cybersecurity, data security and personal information protection, and the PRC government may adopt other rules and restrictions in the future. As we generate and process a large amount of data through the FTA platform, we face risks inherent in handling and protecting large volumes of data, including protecting the data hosted in our system, detecting and prohibiting unauthorized data share and transfer, preventing attacks on our system by outside parties or fraudulent behavior or improper use by our employees, and maintaining and updating our database. Any privacy or data security breach or failure to comply with these laws and regulations could have a material adverse impact on the Group's reputation, brand, business and results of operations. In April 2020, the Cyberspace Administration of China, or CAC, and eleven other regulatory authorities of the PRC jointly promulgated the Rules on Cybersecurity Review. Pursuant to the Rules on Cybersecurity Review, if an operator of critical information infrastructure purchases internet products and services that implicate or may implicate national security, such operator should be subject to cybersecurity review by the Cybersecurity Review Office of the CAC, or CRO. The CRO announced the initiation of a cybersecurity review of the Yunmanman and Huochebang apps on July 5, 2021. During the cybersecurity review, the Yunmanman and Huochebang apps were required to suspend new user registration. The Group fully cooperated with the CRO to facilitate its review process. Based on notification by the CRO, we have resumed new user registration on the Yunmanman and Huochebang apps since June 29, 2022. On July 10, 2021, the CAC and other related authorities released the draft amendment to the Rules on Cybersecurity Review for public comments through July 25, 2021. On December 28, 2021, the CAC and certain other government authorities promulgated the Revised Cybersecurity Review Measures that replaced the last version and took effect from February 15, 2022. Pursuant to the Revised Cybersecurity Review Measures, online platform operator holding over one million users' information must apply for a cybersecurity review before listing abroad, and operators of "critical information infrastructure" that intend to purchase internet products and services that will or may affect national security must apply for a cybersecurity review. Furthermore, the competent government authorities may also initiate a cybersecurity review against the relevant operators where the authorities believe that the network product or service or data processing activities affect or may affect national security. On November 14, 2021, the CAC published the Draft Regulations on Network Data Security Management, which provides that data processors conducting the following activities shall apply for cybersecurity reviews: (i) merger, reorganization or division of internet platform operators that have acquired a large number of data resources related to national security, economic development or public interests, which affects or may affect national security; (ii) listing abroad of data processors that process over one million users' personal information; (iii) listing in Hong Kong which affects or may affect national security; or (iv) other data processing activities that affect or may affect national security. The CAC has solicited comments on this draft until December 13, 2021, but there is no definite timetable as to when it will be enacted. As such, substantial uncertainties exist with respect to the enactment timetable, final content, interpretation and implementation of such measures. We cannot predict the impact of the Draft Regulations on Network Data Security Management, if any, at this stage, and we will closely monitor and assess future development in the rule-making process. If the enacted versions of the Draft Regulations on Network Data Security Management mandate clearance of cybersecurity review and other specific actions to be completed by China-based companies listed on a U.S. stock exchange, including us, we face uncertainties as to whether such clearance can be timely obtained, or at all. On July 30, 2021, the PRC State Council promulgated the Regulations on Security Protection of Critical Information Infrastructure, which became effective on September 1, 2021. Pursuant to such regulations, critical information infrastructure, or the CII, refers to any important network facilities or information systems of the important industry or field, such as public communication and information service, energy, transportation, water conservancy, finance, public services, e-government affairs and national defense science, which may endanger national security, people's livelihood and public interest in the case of damage, function loss or data leakage. Relevant administration departments of each critical industry and sector are required to formulate detailed guidance to recognize the CII in the respective sectors, and a critical information infrastructure operator, or a CIIO, must take the responsibility to protect the security of CII by performing certain prescribed obligations. As of the date of this annual report, no detailed implementation rules have been formally issued by the relevant governmental authorities. However, as this regulation was newly issued, the relevant governmental authorities may formulate further detailed rules or explanations with respect to the interpretation and implementation of this regulation. As of the date of this annual report, we have not been informed by any governmental authority that we are a critical information infrastructure operator. On August 23, 2022, the PRC Ministry of Transport published the Administrative Measures for the Security Protection of Highway and Waterway Critical Information Infrastructure (Draft for comments), or the Draft Measures, which stipulates that the Ministry of Transport shall formulate and improve the rules for identification of highway and waterway critical information infrastructure, considering following factors: (i) the degree of importance of network facilities and information systems for key core business of highway and waterway; (ii) the possible degree of harm in the event of destruction or disfunction of network facilities and information systems, or data leakage; and (iii) the relevant impact to other industries and fields. As of the date of this annual report, the Draft Measures were released for public comment only and it is still uncertain when the final versions of these new provisions and measures will be issued and take effect, how they will be enacted, interpreted or implemented, and whether they will affect us. As of the date of this annual report, we have not been informed by relevant governmental authority that we are a highway and waterway critical information infrastructure operator. On July 7, 2022, the CAC promulgated the Security Assessment Measures for Outbound Data Transfer, or the Security Assessment Measures, effective from September 1, 2022 to regulate outbound data transfer activities, protect the rights and interests of personal information, safeguard national security and social public interests, and promote the cross-border security and free flow of data. The Provisions on Promoting and Regulating Cross-border Data Flows, or the Provisions on Cross-border Data Flows, issued and become effective on March 22, 2024, further clarify and elaborate the relevant provisions of the Security Assessment Measures. The Security Assessment Measures and the Provisions on Cross-border Data Flows require the data processor providing data overseas and falling under certain circumstances to apply for the security assessment of cross-border data transfer with the local provincial-level counterparts of the national cybersecurity authority. For details, see "Item 4. Information on the Company. - B. Business Overview - Regulatory Matters - Regulations Related to Internet Security and Privacy Protection." As of the date of this annual report, we believe the Group is not involved in outbound data transfers in its daily operations, and therefore, we do not currently expect the Security Assessment Measures or the Provisions on Cross-border Data Flows to have a material impact on the Group's daily operations. However, if we engage in any capital markets transaction in overseas markets in the future, we may need to transfer certain data outside of the PRC, and such outbound data transfer may be subject to the restrictions under the Security Assessment Measures. Moreover, given the Security Assessment Measures were recently promulgated, there are substantial uncertainties as to the interpretation of such measures, and the PRC government authorities have discretion in the interpretation and enforcement of the applicable laws. Therefore, it is uncertain whether we would be required to report any security assessment for cross-border data transfers to the CAC. Non-compliance with cybersecurity and personal information protection laws and regulations could result in administrative penalties, such as warnings, fines, service suspension, removal of the Group's apps from the relevant app stores, revocation of relevant business permits and/or licenses, or penalties of other nature that may cause a material adverse impact on the Group's business, results of operations and financial condition.

The road transportation market is intensely competitive and characterized by fragmentation and shifting user preferences. We face competition from regional players in local markets and players that focus on certain segments of the road transportation market. We also compete with other companies for value-added services that cater to various essential needs of shippers and truckers. Players that focus on certain segments of the road transportation market may enter into new segments in which we operate and compete with us. Furthermore, large technology companies that have strong brand recognition, substantial financial resources and sophisticated technology capabilities may develop their own digital freight platforms in the future. The Group operates as a digital freight marketplace, which is a relatively new business model. Our competitors may operate different business models, have different cost structures or participate selectively in different industry segments. They may ultimately prove to be more successful or more adaptable to customer demand and new regulatory, technological and other developments. Some of our current and potential competitors may have significantly more financial, technological, marketing and other resources than we do and may be able to devote greater resources to the development, promotion and support of their platforms and service offerings. Our competitors may also have longer operating history and greater brand recognition than us. Additionally, a current or potential competitor may acquire, or form a strategic alliance with, one or more of our other competitors. Our competitors may be better at developing new solutions and services, offering more attractive fees, responding more quickly to new technologies and undertaking more extensive and effective marketing campaigns. More players may enter the road transportation market and intensify the market competition. In response to competition, we may have to lower and/or adjust the various fees that the Group charges to shippers and truckers or increase its operating expenses and capital expenditures to attract more shippers and truckers, which could materially and adversely affect its business, margins and results of operations. If the Group is not able to compete effectively, its ability to attract and retain shippers, truckers and other ecosystem participants may be adversely affected, the level of transaction activities and user engagement on the FTA platform may decrease and the Group's market share may be negatively affected, which could materially and adversely affect the Group's business, financial condition, results of operations and prospects, as well as its reputation and brands.

Enhancing the recognition and reputation of the Group's brands is critical to its business and competitiveness. Factors that are vital to this objective include but are not limited to the Group's ability to: -   maintain the quality and reliability of services offered on the FTA platform;-   maintain and develop relationships with shippers, truckers and other ecosystem participants;-   provide prospective and existing shippers and truckers with superior experiences;-   effectively manage and resolve user complaints; and -   effectively protect personal information and privacy of, and any sensitive data received from, shippers and truckers. Any malicious or inadvertent negative allegations made by the media or other parties about the foregoing or other aspects of the Group, including but not limited to its management, business, regulatory compliance, financial condition or prospects, whether with merit or not, could severely hurt the Group's reputation and harm its business and results of operations. In addition, the Group makes postings on various third-party media platforms to enhance our engagement with users. However, if the content posted on such platforms is viewed as inappropriate or controversial by the public, whether due to oversight in the Group's content review process, inappropriate conduct or mistake of the Group's employees or other reasons, the Group may face adverse reactions of users, negative social sentiment, potential regulatory investigation or even fines or penalties, which may in turn adversely affect the Group's reputation, business operation and financial condition. As the road transportation market in China is under constant development and the regulatory framework for this market is subject to changes and developments, negative publicity about this industry may arise from time to time. Negative publicity about the road transportation market in general may also have a negative impact on the Group's reputation, regardless of whether we have engaged in any inappropriate activities. Any actual or perceived failure of other digital freight platforms to detect or prevent illegal activities or provide high-quality services could compromise the Group's image, undermine the trust and credibility we have established and have a negative impact on the Group's ability to attract new shippers, truckers and other ecosystem participants. Negative developments in the road transportation market, such as fraudulent or illegal behavior by industry participants, may also lead to tightened regulatory scrutiny of the sector and limit the scope of permissible business activities that may be conducted by us. If any of the foregoing takes place, the Group's business and results of operations could be materially and adversely affected. The Group collaborates with various road transportation industry participants in providing its solutions and services. Such participants include financial institutions, insurance companies, gas station operators and other business partners. Negative publicity about such counterparties, including any failure by them to adequately protect the information of shippers and truckers, to comply with applicable laws and regulations or to otherwise meet required quality and service standards could harm the Group's reputation.

We apply technologies to serve the Group's ecosystem participants more efficiently and bring them better user experience. The Group's success will in part depend on its ability to keep up with the changes in technologies and the continued successful implementation of advanced technology, including AI, data analytics and autonomous driving. If we fail to adapt the FTA platform and services to changes in technological developments in an effective and timely manner, the Group's business operations may suffer. Changes in technologies may require substantial expenditures in research and development as well as in modification of the Group's services, which may be disruptive to its business and can be time-consuming and expensive, and may increase management responsibilities and divert management attention. Hurdles in implementing technological advances may result in the Group's services becoming less attractive to ecosystem participants, which, in turn, may materially and adversely affect its business, results of operations and prospects.

We rely on a combination of patents, trademarks, copyrights, trade secrets and confidentiality agreements to protect the Group's proprietary rights. As of December 31, 2023, the Group had 234 patents, 119 pending patent applications, 1,035 registered trademarks and 271 pending trademark applications and 341 registered software copyrights in China. As of December 31, 2023, the Group had 20 registered trademarks in other countries, including India, Russia and Vietnam. We have invested significant resources to develop these intellectual properties. However, any of the Group's intellectual property rights could be challenged, invalidated or circumvented, or such intellectual property may not be sufficient to provide us with competitive advantages. In addition, other parties may misappropriate the Group's intellectual property rights, which would cause us to suffer economic or reputational damage. Because of the rapid pace of technological change, there can be no assurance that all of the Group's proprietary technologies and similar intellectual property will be patented in a timely or cost-effective manner, or at all. Furthermore, parts of the Group's business rely on technologies developed or licensed by other parties, or co-developed with other parties, including open source software, and we may not be able to obtain or continue to obtain licenses and technologies from these other parties on reasonable terms, or at all. It is often difficult to register, maintain and enforce intellectual property rights in China. Statutory laws and regulations are subject to judicial interpretation and enforcement and may not be applied consistently due to the lack of clear guidance on statutory interpretation. For instance, we may seek to register new trademarks in the future, and there is no assurance that the relevant applications for trademark registrations in the PRC will be approved by competent governmental authority. If such trademarks could not be successfully registered in the categories related to the Group's business, we may fail to prevent others from using such trademarks in businesses similar to ours, and the Group's business, financial condition and results of operations may be materially and adversely affected. In addition, confidentiality, invention assignment and non-compete agreements may be breached by counterparties, and there may not be adequate remedies available to us for any such breach. Accordingly, we may not be able to effectively protect the Group's intellectual property rights or to enforce the Group's contractual rights in China. Preventing any unauthorized use of the Group's intellectual property is difficult and costly and the steps we take may be inadequate to prevent the misappropriation of the Group's intellectual property. In the event that we resort to litigation to enforce the Group's intellectual property rights, such litigation could result in substantial costs and a diversion of the Group's managerial and financial resources. We can provide no assurance that we will prevail in such litigation. In addition, the Group's trade secrets may be leaked or otherwise become available to, or be independently discovered by, our competitors. Any failure in protecting or enforcing the Group's intellectual property rights could have a material adverse effect on its business, financial condition and results of operations. Meanwhile, the Group's operations or any aspects of its business could infringe upon or otherwise violate trademarks, copyrights, know-how, proprietary technologies or other intellectual property rights held by other parties. We may be from time to time in the future subject to legal proceedings and claims relating to the intellectual property rights of others. In addition, other parties' trademarks, copyrights, know-how, proprietary technologies or other intellectual property rights may be infringed by the Group's services or other aspects of the Group's business without its awareness. Holders of such intellectual property rights may seek to enforce such intellectual property rights against us in China, the U.S. or other jurisdictions. If any infringement claims are brought against us, we may be forced to divert management's time and other resources from the Group's business and operations to defend against these claims, regardless of their merits. Additionally, the application and interpretation of China's intellectual property right laws and the procedures and standards for granting trademarks, copyrights, know-how, proprietary technologies or other intellectual property rights in China are still evolving and are uncertain, and there can be no assurance that PRC courts or regulatory authorities would agree with our analysis. If we were found to have violated the intellectual property rights of others, we may be subject to liability for our infringement activities or may be prohibited from using such intellectual property, and we may incur licensing fees or be forced to develop alternatives of our own. As a result, the Group's business and results of operations may be materially and adversely affected.

We face risks inherent in handling and protecting a large amount of data that the Group's business generates and processes from the significant number of transactions the FTA platform facilitates, and such data include sensitive personal information and may include data that may be deemed core data or material data. In particular, we face a number of challenges relating to data from transactions and other activities on the FTA platform, including: -   protecting the data in and hosted on the Group's system, including against attacks on its system by external parties or misbehavior by its employees;-   addressing concerns related to privacy, security and other factors; and -   complying with applicable laws, rules and regulations relating to the processing and security of data that include personal information and data that may be deemed core data or material data, including any requests from regulatory and government authorities relating to such data. In particular, if we fail to secure platform users' sensitive personal information, such as their addresses and contact information, platform users may be vulnerable to harassments, and their assets may also be put at risk due to data leakages. As a result, we may be held liable for these incidents, and platform users may feel insecure and cease to use the Group's services. In addition, any system or technological failure or compromise of our technology system that results in unauthorized access to or release of any personal data of platform users or proprietary information of the Group's business operations could significantly harm the Group's reputation and/or result in litigation, regulatory investigations and penalties against us. We are subject to various data privacy and protection laws and regulations in China, including without limitation, the PRC Cybersecurity Law. Under the Cyber Security Law of China, the owners and administrators of networks and network service providers have various personal information security protection obligations, including restrictions on the collection and use of personal information of users, and they are required to take steps to prevent personal data from being divulged, stolen, or tampered with. See "Item 4. Information on the Company - B. Business Overview - Regulatory Matters-Regulations Related to Internet Security and Privacy Protection" for details. We cannot assure you that the governmental authorities will not interpret or implement the laws or regulations in ways that negatively affect us. Moreover, different regulatory bodies in China, including the MIIT, the CAC, the Ministry of Public Security and State Administration of Market Regulation, or the SAMR, have enforced data privacy and protection laws and regulations with various standards and applications. These various standards in enforcing data privacy and protection laws may create difficulties in ensuring full compliance and increase the Group's operating cost, as we need to spend time and resources to deal with various inspections for compliance. While we have adopted a rigorous and comprehensive policy for the collection, processing, storage and other aspects of data use and privacy and taken necessary measures to comply with all applicable data privacy and protection laws and regulations, we cannot guarantee the effectiveness of these policies and measures undertaken by us, or business partners on the FTA platform. In the past, we received notices from regulatory authorities that identified certain compliance defects in our data privacy and protections practices, requiring us to rectify our data privacy measures. We have adopted several remedial measures in response to such notices and submitted our rectification reports to the relevant governmental authorities. Despite the absence of any material cybersecurity breach and our continuous efforts to comply with our internal policies as well as applicable laws and regulations, any failure or perceived failure to comply with all applicable data privacy and protection laws and regulations, any failure or perceived failure of the Group's business partners to do so, or any failure or perceived failure of the Group's employees to comply with internal control measures, may result in warning, negative publicity and legal proceedings or regulatory actions against the Group, and could result in fines, revocation of permits, licenses, suspension of business operations or other penalties or liabilities, which may in turn damage the Group's reputation, discourage current and potential shippers and truckers from using the Group's services, and subject the Group to fines and damages, which could have a material adverse effect on the Group's business and results of operations. Furthermore, the PRC regulatory and enforcement regime with regard to data security and data protection is still evolving. PRC regulators have been increasingly focused on regulation in the areas of data security and data protection. For example, on June 10, 2021, the Standing Committee of the National People's Congress of China, or the SCNPC, promulgated the PRC Data Security Law, which took effect on September 1, 2021. The PRC Data Security Law imposes data security and privacy protection obligations on entities and individuals which carry out data activities, and introduces a data classification and hierarchical protection system based on the importance of data in economic and social development, and the degree of harm it might cause to national security, public interests, or legitimate rights and interests of individuals or organizations when such data is tampered with, destroyed, leaked, illegally acquired or used. On August 20, 2021, the SCNPC promulgated the Personal Information Protection Law, which took effect on November 1, 2021. The Personal Information Protection Law provides the basic regulatory regime for personal information protection, including without limitation, stipulating an expanded definition of personal information, providing a long-arm jurisdiction in cross-border scenarios, emphasizing individual rights, and prohibiting rampant infringement of personal information, such as stealing, selling, or secretly collecting personal information. The Group provides services to individual shippers and truckers who may upload personal information to FTA platform when using the Group's services, which may be deemed to be sensitive personal information under the Personal Information Protection Law. Any failure to comply with the Personal Information Protection Law may subject the Group to liabilities or administrative penalties, including but not limited to suspension or termination of the Group's services. For further details, see "Item 4. Information on the Company - B. Business Overview - Regulatory Matters - Regulations Related to Internet Security and Privacy Protection." Furthermore, on December 8, 2022, the MIIT published the Measures for the Administration of Data Security in the Field of Industry and Information Technology (for Trial Implementation), which became effective from January 1, 2023 and stipulates that telecom data processors (including telecom business operators with telecom business operation licenses) shall sort out data regularly, identify important and core data in accordance with relevant standards and develop their own specific catalogues to ensure data security in data collection, storage, use, processing, transmission, provision and disclosure. These newly promulgated laws and regulations reflect PRC government's further attempts to strengthen the legal protection for personal information, as well as the security of national network and key information infrastructure. The functional designs and interactive logic of the Group's mobile apps may need to be adjusted from time to time in order to comply with evolving laws, regulations, norms and other applicable regulatory requirements, which could increase the Group's compliance costs and may adversely affect its mobile apps' user experience. We cannot assure you that relevant regulators will not interpret or implement the laws or regulations in ways that negatively affect the Group. In addition, the Group may become subject to additional or new laws and regulations in this regard, which may result in additional expenses to the Group and subject the Group to potential liability and risk of negative publicity. We expect that data security and protection will continue to receive significant public attention and scrutiny from regulators going forward, which could increase the Group's compliance costs and subject the Group to heightened risks and challenges associated with data security and protection. If the Group were unable to manage these risks, it could become subject to penalties, fines, suspension of business and revocation of required permits or licenses, and the Group's reputation and results of operations could be materially and adversely affected.

The Group maintains various insurance policies to safeguard against risks and unexpected events. However, the Group does not maintain business interruption insurance or key-man insurance or any insurance covering liabilities resulting from misconducts or illegal activities committed by its employees, users or business partners. We cannot assure you that the Group's insurance coverage is sufficient to prevent the Group from any loss or that the Group will be able to successfully claim its losses under its current insurance policy on a timely basis, or at all. If the Group incurs any loss that is not covered by its insurance policies, or the compensated amount is significantly less than its actual loss, the Group's business, financial condition and results of operations could be materially and adversely affected. See also "-We face risks associated with the cargo transported using the freight brokerage service and vicarious liability for vehicles registered with the Group." If the Group's insurance carriers change the terms of the Group's policies in a manner unfavorable to the Group, its insurance costs could increase. In addition, the Group is subject to laws, rules, and regulations relating to insurance coverage which could result in proceedings or actions against the Group by governmental entities or others. Furthermore, shippers using the freight brokerage service may require higher levels of coverage as a condition to entering into contracts with the consolidated affiliates. Any failure, or perceived failure, by the Group to comply with laws, rules, and regulations or contractual obligations relating to insurance coverage could result in proceedings or actions against it by governmental entities or others. These lawsuits, proceedings, or actions may subject the Group to significant penalties and negative publicity, require the Group to increase its insurance coverage, require it to amend its insurance policy disclosure, increase its costs, and disrupt its business.

The value of the Renminbi against the U.S. dollar and other currencies may fluctuate and is affected by, among other things, changes in political and economic conditions and the foreign exchange policy adopted by the PRC government, and Renminbi internationalization. For example, On July 21, 2005, the PRC government changed its policy of pegging the value of the Renminbi to the U.S. dollar. Following the removal of the U.S. dollar peg, the Renminbi appreciated more than 20% against the U.S. dollar over the following three years. More recently, on November 30, 2015, the Executive Board of the International Monetary Fund, completed the regular five-year review of the basket of currencies that make up the Special Drawing Right, or the SDR, and decided that with effect from October 1, 2016, Renminbi is determined to be a freely usable currency and will be included in the SDR basket as a fifth currency, along with the U.S. dollar, the Euro, the Japanese yen and the British pound. In the fourth quarter of 2016, the Renminbi depreciated significantly in the backdrop of a surging U.S. dollar and persistent capital outflows of China. In 2017, the value of the Renminbi appreciated further by approximately 6.3% against the U.S. dollar. The value of the Renminbi continued to fluctuate in recent years. With the development of the foreign exchange market and progress towards interest rate liberalization and Renminbi internationalization, the PRC government may in the future announce further changes to the exchange rate system, and we cannot assure you that the Renminbi will not appreciate or depreciate significantly in value against the U.S. dollar in the future. It is difficult to predict how market forces or PRC or U.S. government policy may impact the exchange rate between the Renminbi and the U.S. dollar in the future. All of the Group's revenue and substantially all of its costs are denominated in Renminbi. Any significant revaluation of Renminbi may materially and adversely affect the Group's results of operations and financial position reported in Renminbi when translated into U.S. dollars, and the value of, and any dividends payable on, the ADSs in U.S. dollars. To the extent that we need to convert U.S. dollars we receive from our initial public offering and the concurrent private placement into Renminbi for the Group's operations, appreciation of the Renminbi against the U.S. dollar would have an adverse effect on the Renminbi amount we would receive. Conversely, if we decide to convert our Renminbi into U.S. dollars for the purpose of making payments for dividends on our Class A ordinary shares or ADSs or for other business purposes, appreciation of the U.S. dollar against the Renminbi would have a negative effect on the U.S. dollar amount.