Clear Secure (YOU) Risk Analysis

We have expanded rapidly since we launched our platform in 2010, and our business growth depends on the continued expansion of our membership, network of partners and services. Our expansion and growth plans may not be successful and any future expansion will likely place additional demands on our managerial, operational, technological, administrative and financial resources. If we are not able to respond effectively to new or increased demands that arise because of our growth, or, if in responding, our management is materially distracted from our current operations, our business and prospects may be adversely affected. In addition, while we seek to develop new offerings and expand into new markets and industries, we may have limited or no experience in these areas, and our Members may not adopt our offerings. We may incur significant expense in our attempts to innovate and create new offerings, and these attempts may ultimately not be successful. New offerings, which can present new and difficult technology challenges, may subject us to claims if Members or partners experience service disruptions or failures or other quality issues. In addition, profitability, if any, in our newer activities may not meet our expectations, and we may not be successful enough to recoup our investments. Failure to realize the benefits of amounts we invest in new technologies, products or services could result in the value of those investments being written down or written off. Maintaining adequate research and development resources, such as the appropriate personnel and development technology, to meet Member, partner and market demands is essential. If we elect not to or are unable to develop solutions internally, we may choose to, or be required to, expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations. Our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors would give an advantage to such competitors and our business, results of operations and financial condition could be adversely affected. Moreover, there is no assurance that our research and development or acquisition efforts will successfully anticipate market needs and result in significant new marketable solutions or enhancements to our solutions, design improvements, cost savings, revenues or other expected benefits. If we are unable to generate an adequate return on such investments, we may not be able to compete effectively and our business and results of operations may be materially and adversely affected.

Our business requires us to use, store, process and transmit data, including a large amount of sensitive and confidential personal information, including personally identifiable information ("PII"). This may include, for example: biographic information, such as names, addresses, phone numbers, email addresses; biometric information; government-issued identification; health information; and payment information. Although malicious attacks to gain access to personal information or PII affect many companies across various industries, we are at a relatively greater risk of being targeted because of our high profile and the types of personal information we manage. Our business depends on earning and maintaining the trust of our Members and our partners and any actual or alleged breaches of our systems could adversely affect our business, including by impacting the trust that we have gained. See "Risks Related to Our Business, Brand and Operations-If we are not able to meet evolving stakeholder expectations or to maintain the value and reputation of our brand, our business and financial results may be harmed." We devote significant resources to network security, data encryption and other security measures to protect our systems and data, and have been certified by the federal government as operating certain of our information security systems at a FISMA High Rating in accordance with the Federal Information Security Modernization Act and National Institute of Standards and Technology, but these security measures cannot provide, and we cannot guarantee, absolute security. We require user names and passwords, as well as multifactor authentication, in order to access our information technology systems. We also use encryption and authentication technologies designed to secure the transmission and storage of data and prevent access to our data or accounts. Increasingly, companies are subject to a wide variety of attacks on their systems on an ongoing basis that are continually evolving. In addition to threats from traditional computer "hackers," malicious code (such as malware, viruses, worms, and ransomware), employee theft, error or misuse, password spraying, phishing, social engineering (predominantly spear phishing attacks), credential stuffing, and denial-of-service attacks, we also face an increasing number of threats (including advanced persistent threat intrusions) to our information technology systems from a broad range of actors, including sophisticated organized crime, nation-state and nation-state supported actors (independently or in connection with broader international conflicts), and we cannot assure you that our systems will not be compromised or disrupted by these tactics. Our solutions integrate and rely in part on products, services and technologies developed and supplied by third-party vendors and service providers. Although we make efforts to review our third-party vendors and service providers and the products, services and technologies on which our solutions rely, vulnerabilities in our vendors' and service providers' products, services and technologies may make our own solutions and information technology systems vulnerable to breach, attack and other risks. See "We rely on third-party technology and information systems to help complete critical business functions. If that technology fails to adequately serve our needs, and we cannot find alternatives, it may negatively impact our business, financial condition and results of operations" below. Breaches and attacks on us or our third-party vendors or service providers may cause interruptions to the services we provide, degrade the Member experience, cause Members or partners to lose confidence and trust in our platform and decrease or discontinue their use of our platform, impair our internal systems, or otherwise result in financial harm to us. As we grow within the United States, and expand our international presence, our heightened visibility has increased, and will continue to increase, the risk that we become a target of such attacks. Any failure to prevent or mitigate security breaches and unauthorized access to or disclosure of our data or personal information, could result in the loss, modification, disclosure, destruction or other misuse of such data, which could subject us to legal liability, harm our business and reputation and diminish our competitive position, or lead to decreases in the price of our Class A Common Stock. We may incur significant costs in protecting against or remediating such incidents and as cybersecurity incidents continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measure or to investigate and remediate any information security vulnerabilities. Our efforts to protect our confidential and sensitive data and the personal information we receive may also be unsuccessful due to software bugs, defects, misconfigurations or other technical malfunctions; employee, contractor, or service provider error or malfeasance, including defects, misconfigurations or vulnerabilities in our suppliers' or service providers' information technology systems or offerings, including products and offerings that we integrate into our products and services; breaches of physical security of our facilities or technical infrastructure; or other threats that may surface or evolve. If we were to experience a breach of our systems and were unable to protect sensitive data, we may not be able to remedy such breach, we may be required by law to notify regulators and individuals whose personal information was used or disclosed without authorization and compensate them for any damages, we may be subject to claims against us, including government enforcement actions or investigations, fines and litigation, and we may have to expend significant capital and other resources to mitigate the impact of such events, including developing and implementing protections to prevent future events of this nature. Additionally, such a breach could curtail or otherwise adversely impact access to our services, materially damage partner and Member relationships, and cause us to lose Members or partners. Moreover, if a security breach affects our systems or results in the unauthorized release of personal information, our reputation and brand could be materially damaged, use of our platform and services could decrease, and we could be exposed to a risk of loss or litigation and possible liability. We are also subject to payment card association rules and obligations under our contracts with payment card processors. Under these rules and obligations, if information is compromised, we could be liable to payment card issuers for associated expenses and penalties. In addition, if we fail to follow payment card industry security standards, even if no customer information is compromised, we could incur significant fines or remediation costs, experience a significant increase in payment card transaction costs or be refused by credit card processors to continue to process payments on our behalf, any of which could materially adversely affect our business, financial condition and results of operations. Additionally, we accept payment from our CLEAR Plus Members through credit card transactions, certain online payment service providers and mobile payment platforms. The ability to access credit card information on a real-time basis without having to proactively reach out to the Members each time we process an auto-renewal payment is critical to our success and a seamless experience for our users. However, if we or a third party experiences a data security breach involving credit card information, affected cardholders will often cancel their credit cards. In the case of a breach experienced by a third party, the more sizable the third party's customer base and the greater the number of credit card accounts impacted, the more likely it is that our users would be impacted by such a breach. To the extent our CLEAR Plus Members are affected by such a breach experienced by us or a third party, affected Members would need to be contacted to obtain new credit card information and process any pending transactions. It is likely that we would not be able to reach all affected Members, and even if we could, some Members' new credit card information may not be obtained and some pending transactions may not be processed, which could materially adversely affect our business, financial condition and results of operations.

In the ordinary course of business, from time to time, we have been involved in legal proceedings and in the future may be subject to claims, lawsuits, government investigations and other proceedings. Litigation and regulatory proceedings may be protracted and expensive, and the results are difficult to predict. Certain of these matters may include speculative claims for substantial or indeterminate amounts of damages and include claims for injunctive relief. Additionally, our litigation costs could be significant. Adverse outcomes with respect to litigation or any of these legal proceedings may result in significant settlement costs or judgments, penalties and fines, or require us to modify our products or services, harm our reputation or require us to stop offering certain features, all of which could negatively affect our membership and revenue growth. Should the ultimate judgments or settlements in any future litigation or investigation significantly exceed our insurance coverage, they could adversely affect our business, results of operations and financial condition. See "Business-Legal Proceedings." The results of litigation, investigations, claims and regulatory proceedings cannot be predicted with certainty, and determining reserves for pending litigation and other legal and regulatory matters requires significant judgment. There can be no assurance that our expectations will prove correct, and even if these matters are resolved in our favor or without significant cash settlements, these matters, and the time and resources necessary to litigate or resolve them, could harm our business, financial condition and operating results.

As part of our normal operations, we collect, process and retain personal information about individuals, including sensitive personal information such as biometrics data. We are subject to various federal and state laws and rules regarding the collection, use, disclosure, storage, transmission, and destruction of this personal information, and as we move into new markets, we will be subject to international laws applicable to our data practices as well. We collect and use personal information, including sensitive personal information, when our Members enroll in our platform and use our platform after they have completed their enrollment. The laws of many states and countries require businesses that maintain such personal data to obtain consent before collecting or processing certain types of data, to implement measures to keep such information secure and otherwise restrict the ways in which such information can be collected and used. As examples, numerous states and municipalities have enacted or are in the process of enacting state level data privacy laws and regulations governing the collection, use and processing of state residents' personal data. For example, CCPA took effect on January 1, 2020 and was amended by the Consumer Privacy Rights Act, which went into effect in 2023. CCPA provides enhanced data privacy rights to California consumers, including the right to access and delete their information and to opt out of certain sharing and sales of personal information. The law also prohibits covered businesses from discriminating against consumers (for example, charging more for services) for exercising any of their CCPA rights. These rights are enforced by the California Attorney General and California Privacy Protection Agency. In addition, CCPA imposes severe statutory damages as well as a private right of action for certain data breaches that result in the loss of personal information. This private right of action is expected to increase the likelihood of, and risks associated with, data breach litigation. It remains unclear how various provisions of CCPA will be interpreted and enforced. Numerous states have passed laws that provide similar privacy and security protections to their residents, including Virginia, Colorado, Texas, and Oregon, and many other states are actively developing legislation in this area. In addition, states such as Illinois, Texas, Colorado and Washington, have laws that specifically regulate the collection and use of biometric information, and numerous states and municipalities are considering similar legislation. Illinois' BIPA includes both a private right of action and liquidated damages for companies that violate its provisions, and the Texas Attorney General has announced settlements with private parties under its biometric laws with penalties in excess of $1 billion. Regardless of any company's efforts to comply with the requirements of BIPA, the private right of action available under laws like BIPA have created strong incentives for plaintiffs counsel to push the interpretation of BIPA in new areas and has increased the general likelihood of, and costs and risks associated with, biometrics litigation. Recent BIPA case law has increased liability exposure and the scope of damages that may be collected for alleged violations. The effects of state privacy, data protection and biometrics laws and other similar state or federal laws, are significant and may require us to modify our products, data processing practices and policies and to incur substantial costs and potential liability as we attempt to implement new requirements or guidance under such laws, which are often not well defined, or to defend assertions of liability under these laws, given the significant penalties available. Various other governments and consumer agencies around the world have also called for new regulation and changes in industry practices and many have enacted and may in the future enact different and potentially contradictory requirements for protecting personal information, including biometric information, as well as data that is collected and maintained electronically. These regulations have become particularly relevant to us as we expand our operations beyond the United States. For example, GDPR, which became effective on May 25, 2018, includes operational requirements for companies that are established in the EEA or process personal data of individuals located in the EEA. These requirements govern the processing of personal data in certain contexts and include significant penalties for non-compliance. Failure to comply with GDPR may result in fines of up to 20 million euro or up to 4% of the annual global revenue of a company processing information about EEA data subjects. It may also lead to regulatory inquiries initiated by data subjects as well as civil litigation, with the risks of damages or injunctive relief, or regulatory orders adversely impacting on the ways in which our business can use personal data. Additionally, the United Kingdom has transposed GDPR into domestic law with a United Kingdom version of GDPR (combining GDPR and the Data Protection Act of 2018) that took effect in January 2021, which exposes us to two parallel regimes, each of which authorizes similar fines and other potentially divergent enforcement actions for certain violations. Other jurisdictions where we may operate in the future like Canada, Brazil and India have implemented comprehensive data protection regulations that also may diverge from or overlap with these laws. Compliance with numerous and contradictory requirements of different jurisdictions is inherently challenging and costly for any business that collects and processes personal information as well as biometrics from individuals based in different jurisdictions, particularly since the interpretation and application of these laws is unresolved. If any jurisdiction in which we currently, or in the future may, operate, or where one of the partners we service operates, adopts new laws or changes its interpretation of its laws, rules or regulations relating to data use and processing such that our compliance obligations are unclear, or we are unable to comply in a timely manner or at all, we could risk losing our rights to operate in such jurisdictions or losing the ability to partner with companies who do business in such jurisdictions, as well as face significant and uncertain risks of regulatory investigations, penalties or liability in these jurisdictions. Various state and international governments recently have passed or issued or are in the process of considering laws, regulations or directive governing the use of artificial intelligence or automated decisionmaking technology for certain use cases, which may be interpreted to apply to CLEAR when we or our commercial partners utilize our technology to support particular use cases. For example, in November 2024, the California Privacy Protection Agency issued draft regulations under CCPA governing the use of automated decisionmaking technology that would apply to the use of "physical or biological identification or profiling" in certain contexts, and the EU has implemented the AI Act which prohibits certain types of high risk biometric systems from being deployed. The scope and interpretation of this emerging area of regulation and legislation, and the application to CLEAR's business or business roadmap is unclear, but these laws could be interpreted or applied in ways that would impose new costly and burdensome requirements on CLEAR or its commercial partners and could increase the risk of regulatory actions directed to CLEAR or otherwise adversely impact our business. HIPAA imposes specified requirements relating to the privacy, security and transmission of sensitive patient health information ("PHI"). Among other things, HITECH makes HIPAA's security standards directly applicable to "business associates." As our business evolves, we expect to increasingly enter into agreements in which we are a "business associate" for partners in the healthcare industry that are HIPAA covered entities and service providers, and therefore we are and will increasingly be regulated under these agreements as a business associate for the purposes of HIPAA. If we are unable to comply with our obligations as a HIPAA business associate, we could face substantial civil and even criminal liability. HITECH imposes four tiers of civil monetary penalties and gives state attorneys general authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys' fees and costs associated with pursuing federal civil actions. In addition, many state laws govern the privacy and security of health information in certain circumstances, many of which differ from HIPAA and each other in significant ways and may not have the same effect. HIPAA imposes specified requirements relating to the privacy, security and transmission of sensitive patient health information ("PHI"). Among other things, HITECH makes HIPAA's security standards directly applicable to "business associates." As our business evolves, we expect to increasingly enter into agreements in which we are a "business associate" for partners in the healthcare industry that are HIPAA covered entities and service providers, and therefore we are and will increasingly be regulated under these agreements as a business associate for the purposes of HIPAA. If we are unable to comply with our obligations as a HIPAA business associate, we could face substantial civil and even criminal liability. HITECH imposes four tiers of civil monetary penalties and gives state attorneys general authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys' fees and costs associated with pursuing federal civil actions. In addition, many state laws govern the privacy and security of health information in certain circumstances, many of which differ from HIPAA and each other in significant ways and may not have the same effect. When we process PHI on behalf of a covered entity, we are required by HIPAA to maintain HIPAA-compliant business associate agreements with our partners that are HIPAA covered entities and service providers, as well as certain of our subcontractors, that access, maintain, create or transmit sensitive patient health information on our behalf for the rendering of services to our HIPAA covered entity and service provider Members. These agreements impose stringent data security and other obligations on us. If we or our subcontractors are unable to meet the requirements of any of these business associate agreements, we could face contractual liability under the applicable business associate agreement as well as possible civil and criminal liability under HIPAA, all of which can have an adverse impact on our business and generate negative publicity, which, in turn, can have an adverse impact on our ability to attract and retain Members and to maintain existing or enter into new health care partnerships. In addition to government regulation, self-regulatory standards and other industry standards may legally or contractually apply to us, be argued to apply to us, or we may elect to comply with such standards or to facilitate our customers' compliance with such standards. We may make statements on our website, in marketing materials, or in other settings about our data practices and security measures and our compliance with, or our ability to facilitate our customers' compliance with, these standards. Furthermore, because the interpretation and application of laws, standards, contractual obligations and other obligations relating to privacy, data protection, and information security are uncertain, these laws, standards, and contractual and other obligations may be interpreted and applied in a manner that is, or is alleged to be, inconsistent with our data management practices, our policies or procedures, the features of our platforms or the manner in which our partners use CLEAR services. If so, in addition to the possibility of fines, lawsuits, and other claims, we could be required to fundamentally change our business activities and practices or modify our platforms, which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to fulfill existing commercial obligations, make enhancements, or develop new platforms and features could be limited. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our platforms. In addition to government regulation, self-regulatory standards and other industry standards may legally or contractually apply to us, be argued to apply to us, or we may elect to comply with such standards or to facilitate our customers' compliance with such standards. We may make statements on our website, in marketing materials, or in other settings about our data practices and security measures and our compliance with, or our ability to facilitate our customers'compliance with, these standards. Furthermore, because the interpretation and application of laws, standards, contractual obligations and other obligations relating to privacy, data protection, and information security are uncertain, these laws, standards, and contractual and other obligations may be interpreted and applied in a manner that is, or is alleged to be, inconsistent with our data management practices, our policies or procedures, the features of our platforms or the manner in which our partners use CLEAR services. If so, in addition to the possibility of fines, lawsuits, and other claims, we could be required to fundamentally change our business activities and practices or modify our platforms, which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to fulfill existing commercial obligations, make enhancements, or develop new platforms and features could be limited. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our platforms. While we make significant efforts to comply with all laws, regulations, standards and obligations applicable to us, we cannot guarantee that we have always been or will always be successful. Privacy, biometrics, artificial intelligence, and data protection laws, rules and regulations are complex, and their interpretation is rapidly evolving, making implementation and enforcement, and thus compliance requirements, ambiguous, uncertain and potentially inconsistent. Compliance with such laws may require changes to our operations and business practices and may thereby increase compliance costs on CLEAR, our vendors or our partners or have other material adverse effects on our business. In addition, even alleged violations of such laws could be costly to defend and divert management's attention. Failure or perceived failure to comply with such laws and regulations could have an adverse impact on our business and results. While we have invested and continue to invest significant resources to comply with data and technology-focused laws and regulations, enforcement or litigation under these laws and regulations could expose us to the possibility of material penalties, significant legal liability, changes in how we operate or offer our products, a loss of commercial revenue or opportunities, and interruptions or cessation of our ability to operate for key partners or in key industries or geographies, any of which could materially adversely affect our business, results of operations and financial condition. While we make significant efforts to comply with all laws, regulations, standards and obligations applicable to us, we cannot guarantee that we have always been or will always be successful. Privacy, biometrics, artificial intelligence, and data protection laws, rules and regulations are complex, and their interpretation is rapidly evolving, making implementation and enforcement, and thus compliance requirements, ambiguous, uncertain and potentially inconsistent. Compliance with such laws may require changes to our operations and business practices and may thereby increase compliance costs on CLEAR, our vendors or our partners or have other material adverse effects on our business. In addition, even alleged violations of such laws could be costly to defend and divert management's attention. Failure or perceived failure to comply with such laws and regulations could have an adverse impact on our business and results. While we have invested and continue to invest significant resources to comply with data and technology-focused laws and regulations, enforcement or litigation under these laws and regulations could expose us to the possibility of material penalties, significant legal liability, changes in how we operate or offer our products, a loss of commercial revenue or opportunities, and interruptions or cessation of our ability to operate for key partners or in key industries or geographies, any of which could materially adversely affect our business, results of operations and financial condition. Any failure or perceived failure by us (or by our vendors or commercial partners) to comply with privacy, biometrics, cybersecurity, artificial intelligence and data protection policies, notices, laws, rules and regulations could result in proceedings or actions against us by individuals, consumer rights groups, regulators, government agencies, commercial partners or others. We could incur significant costs in investigating and defending such claims and, if found liable or if resolving such claims through settlement is desirable, pay significant damages, penalties or fines and/or be required to make substantial changes to our business. Further, these proceedings and any subsequent adverse outcomes may subject us to significant negative publicity, and an erosion of trust and commercial opportunity. If any of these events were to occur, our business, results of operations and financial condition could be materially adversely affected. Any failure or perceived failure by us (or by our vendors or commercial partners) to comply with privacy, biometrics, cybersecurity, artificial intelligence and data protection policies, notices, laws, rules and regulations could result in proceedings or actions against us by individuals, consumer rights groups, regulators, government agencies, commercial partners or others. We could incur significant costs in investigating and defending such claims and, if found liable or if resolving such claims through settlement is desirable, pay significant damages, penalties or fines and/or be required to make substantial changes to our business. Further, these proceedings and any subsequent adverse outcomes may subject us to significant negative publicity, and an erosion of trust and commercial opportunity. If any of these events were to occur, our business, results of operations and financial condition could be materially adversely affected.

Our market is intensely competitive with respect to every aspect of our business, and we expect competition to increase in the future. We anticipate that both our existing and future services and our expansion into new verticals will face competition from a variety of other companies and organizations. Other companies may strive or choose to perform services related to confirming an individual's identity as a standalone task or related to a specific transaction, which would increase the competition we currently face. For example, large, well-established technology platforms, such as Alphabet/Google, Amazon, Apple, Microsoft or Meta or well-known companies in the credit card industry may currently be developing, or in the future could acquire, develop or expand, a platform that competes directly with some or all of our solutions. Other potential competitors include providers of decentralized identity verification platforms or verification services, including know your customer services. Additionally, biometric hardware companies and platform companies that also offer hardware may develop applications that directly or indirectly compete with our platform. We face competition from two other private entities that are authorized to compete with us in enrolling Members on TSA's behalf for TSA PreCheck. We also face competition from solutions that could be developed in-house by our existing and future partners, and by governmental agencies, which could result in lost revenues and otherwise have a material adverse effect on our business, results of operations and financial condition. Many of our existing and potential competitors have substantial competitive advantages, such as greater name recognition and longer operating histories, economies of scale, larger sales and marketing departments, budgets and resources, broader distribution and established relationships with channel partners and customers, greater customer support resources, greater resources to make acquisitions or to spend on research and development, lower labor and development costs, larger and more mature intellectual property portfolios and substantially greater financial, technical and other resources. Additionally, some of our larger competitors have substantially broader product offerings and could leverage their relationships based on other products they offer or incorporate functionality into, or completely repurpose, existing products or offerings to gain business or have other advantages that can allow them to develop and deploy new solutions more quickly than we do. Start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our solutions. Acquisitions of our competitors by companies that have more resources than us could have a negative impact on our competitive position. Some of our competitors may enter into alliances with each other or other companies or governmental agencies, or may establish or strengthen cooperative relationships with system integrators, third-party consulting firms or other parties. Any such consolidation, acquisitions, alliances or cooperative relationships could lead to pricing pressure and loss of market share and could result in one or more competitors with greater financial, technical, marketing, service and other resources, all of which could harm our competitive position. Furthermore, organizations may be more willing to incrementally add solutions to their existing infrastructure from our competitors than to replace their existing infrastructure with our solutions. These competitive pressures in our market or our failure to compete effectively may result in fewer Members and partners and reduced revenue and gross margins. Any failure to meet and address these factors could adversely affect our business, results of operations and financial condition.

Private industry and governmental agencies continue to increase their efforts related to developing and launching identity verification and credential authentication solutions, and we expect this trend to continue. For example, certain airlines, technology providers and the Transportation Security Administration ("TSA") are developing technological solutions, in some cases including the use of identity verification technology or biometrics, that may gain widespread acceptance in locations where we operate, such as airports, or where we may operate in the future. In addition, the federal government has conducted a number of proof of concept demonstrations to evaluate identity verification technologies and other credential authentication technologies at airport checkpoints, intends to expand use of its own biometric credential authentication technologies ("CAT"), at additional airport checkpoints, and is continuing to explore digital identities at checkpoints generally. The TSA has publicly stated its intent to require all travelers to be processed through CAT machines in the future, either through travelers presenting physical IDs or through the transmission of digital ID credentials. Additionally, state governments are issuing driver's licenses in digital formats, and airlines have launched their own identity and credential authentication initiatives, in some cases with other identity verification partners. In many cases these initiatives also include use of biometrics, either via centralized or decentralized platforms, and any of these platforms or standards may become universally accepted and preferred by the industry, the TSA, airlines, and our other partners. Widespread adoption of competing identity verification solutions or credential authentication solutions or standards (including TSA's own solutions) at airport checkpoints or other locations where we operate could adversely impact our ability to operate in the same manner as we operate today.

Our profitability depends, in part, on public confidence in and acceptance of identity platforms and biometrics generally. Continued acceptance of identity platforms and biometric information as a secure and reliable method to identify individuals, mitigate risk and minimize fraud is an important factor in our continued growth. While both identity platforms and biometrics have become more widely adopted, they may not achieve universal acceptance. The attractiveness of our solutions to Members, partners and the locations where we operate is impacted by a number of factors, including the willingness of individuals to provide their personal information, including biometric information, to private or governmental entities, the level of confidence that such information can be stored safely and securely, and trust that such information will not be misused. Certain individuals may never accept the use of biometrics as being safe. If identity platforms and biometrics do not achieve universal acceptance, our growth could be limited, which could materially adversely affect our business, results of operations and financial condition.

Our success depends in large part on our ability to attract and retain high-quality management, operations, engineering and other personnel who are in high demand, as well as our Ambassadors. The loss of qualified executives, employees or Ambassadors, or an inability to attract, retain and motivate high-quality executives, employees and Ambassadors required for the planned expansion of our business, may harm our operating results and impair our ability to grow. In addition, we depend on the continued services and performance of our key personnel, including our Chairman and Chief Executive Officer, Ms. Seidman Becker who co-founded our Company and has been instrumental in devising and implementing our strategies for growth and scaling our business. We do not have an employment agreement with Ms. Seidman Becker, and she and, other key members of our senior management team, are at-will employees. As these individuals are able to terminate their employment with us at any time, such termination could materially adversely affect our business, results of operations and financial condition, as well as our future prospects. Certain key members of our management team have a shorter employment history at our company and did not previously work within our industry. Recently hired executives may view our business differently than members of our prior management team and, over time, may make changes to our personnel and their responsibilities as well as our strategic focus, operations or business plans. We may not be able to properly manage any such shift in focus, and any changes to our business may ultimately prove unsuccessful. In addition, our failure to put in place adequate succession plans for senior and key management roles or the failure of key employees to successfully transition into new roles could have an adverse effect on our business and operating results. The unexpected or abrupt departure of one or more of our key personnel and the failure to effectively transfer knowledge and effect smooth key personnel transitions has had and may in the future have an adverse effect on our business resulting from the loss of such person's skills, knowledge of our business and years of industry experience. If we cannot effectively manage leadership transitions and management changes in the future, our reputation and future business prospects could be adversely affected. To attract and retain key personnel, we use equity incentives, among other measures. These measures may not be sufficient to attract and retain the personnel we require to operate our business effectively. As we continue to mature, the equity incentives we currently use to attract, retain and motivate employees may not be as effective as in the past. Our ability to attract, retain and motivate employees may be adversely affected by declines in our stock price. If we issue significant equity to attract employees or to retain our existing employees, we would incur substantial additional equity-based compensation expense and the ownership of our existing stockholders would be further diluted.

The growth of our business, including our membership base, geographic footprint and financial results, also depends on adding new and retaining existing partners, as well as increasing the revenue generated from partners. Our partners help increase our opportunities to attract new Members and, in some cases, help subsidize memberships. However, we may be unsuccessful at adding new partners, retaining existing partners or monetizing our partner relationships, and our success is subject to a number of the risks that we face in expanding our membership base. See "- If we fail to add new and retain existing Members, including Active CLEAR Plus Members, or increase the utilization of our platform, our business, results of operations and financial condition would be materially and adversely affected" above. If our partners stop trusting our platform, or if our partners or our Members have an unsatisfactory experience with our platform, we are unable to offer new and relevant offerings and features or we are unable to increase the adoption of our platform, we could be unsuccessful at continuing to grow our partner network or increase the revenue generated from existing partners, which could hamper our prospects. This could in turn have an adverse impact on our ability to grow our membership base. If certain partners that subsidize memberships do not renew their agreements with us we could lose a portion of the affected Members, which could impact our revenue and retention rates. Any of the foregoing could materially and adversely affect our business, results of operations and financial condition.

Our insurance policies may be inadequate to compensate us for the potentially significant losses that may result from claims arising from failure to meet our contractual obligations, disruptions in our services, including those caused by cybersecurity incidents, failures or disruptions to our infrastructure, catastrophic events and disasters or otherwise. In addition, such insurance may not be available to us in the future on economically reasonable terms, or at all. Further, our insurance may not cover all claims made against us and defending a suit, regardless of its merit, could be costly and divert management's attention. Additionally, we procure insurance policies to cover various operations-related risks, including general business liability, workers' compensation, employment practices liability, cyber liability and data breaches, and directors' and officers' liability insurance. Our costs for obtaining insurance policies will increase as our business grows and continues to evolve. Furthermore, as our business continues to develop and expand, we may experience difficulty in obtaining insurance coverage for new and evolving offerings, which could require us to incur greater costs and materially adversely affect our business, results of operations and financial condition. For example, the cyber insurance market continues to evolve and may be less available than in the past. Accordingly, appropriate insurance coverage may not be available to us in the future on economically reasonable terms or at all to cover all of our business exposure. If we fail to comply with insurance regulatory requirements in the regions where we operate, or other regulations governing insurance coverage, our brand, reputation, business, results of operations and financial condition could be materially adversely affected. For example, if the DHS were to increase the insurance coverage requirements for us related to our certification as a Qualified Anti-Terrorism Technology under the SAFETY Act, such insurance coverage may significantly increase our costs or may not be available to us. See "Liability protections provided by the SAFETY Act may be limited."

We have derived substantially all of our historical revenue from Members who enroll in CLEAR Plus, which includes our RT Program service at U.S. airports. Accordingly, our performance is dependent on the strength of the travel industry and our revenue is susceptible to declines in or disruptions to leisure and business travel that may be caused by factors entirely out of our control, such as COVID-19. Additionally, platform usage beyond airports is driven by the operations of our partners, such as their ability to host events, provide hotel rooms, rent cars, and workplaces being open for workers. Other events or factors beyond our control can disrupt, and have in the past disrupted, travel and operations within the United States and globally or otherwise result in declines in travel demand and the demand to attend events. These events include prolonged extreme weather, natural disasters or man-made disasters, travel-related health concerns (including pandemics and epidemics, such as COVID-19, Monkeypox, Ebola, Zika, Middle East Respiratory Syndrome, bird flu or other outbreak of contagious diseases), restrictions related to travel, stay-at-home orders, wars and military actions, terrorist attacks, sources of political uncertainty or political events, protests, foreign policy changes, regional hostilities, general economic conditions (such as a recession or inflation), changes in regulations, labor unrest or travel-related accidents. Because these events or concerns, and the full impact of their effects, are largely unpredictable, they can dramatically and suddenly affect travel behavior and other activities by consumers, and therefore demand for our airport and platform services, which could materially adversely affect our business, results of operations and financial condition. Additionally, as the Real ID Act will require passengers having compliant identification to travel by air in the United States by May 7, 2025, such regulation, if not extended, may decrease the number of travelers with compliant identification and, therefore, negatively impact the demand for our airport services, which could materially adversely affect our business, results of operations and financial condition. Our financial performance is also subject to global economic conditions and their impact on levels of discretionary consumer spending. Consumer preferences tend to shift to lower-cost alternatives during recessionary periods and other periods in which disposable income is adversely affected, which could lead to a decline in enrollments or renewals of CLEAR Plus, less interaction with our platform products related to discretionary activities such as travel (such as rental cars and hotel rooms), and thus result in decreasing platform usage and lower revenue. Downturns in worldwide or regional economic conditions, such as the downturn resulting from the COVID-19 pandemic, inflation, and the potential for a recession, have in the past led to a general decrease in travel and travel spending, as well as discretionary spending generally, and similar downturns in the future may materially adversely impact demand for our platform and services. Such a shift in consumer behavior would materially adversely affect our business, results of operations and financial condition.

We have, and in the future we may continue to, expand our operations internationally. For example, in December 2021, we acquired Whyline, Inc., our virtual queuing technology used for CLEAR Mobile, which had partnerships across international markets. In addition, in 2023 our LinkedIn partnership was extended to Members in Mexico and Canada. Further, in 2024, CLEAR Mobile was expanded to Members in Costa Rica. Operating outside of the United States requires significant management attention to oversee operations over a broad geographic area with varying cultural norms and customs. As we continue to expand globally, we may incur significant additional operating expenses and may not be successful in our international expansion for a variety of reasons, including: - compliance with privacy and data protection laws, including laws regulating the use and collection of biometric information and health information (see "Risks Related to Regulation and Litigation-Any actual or perceived failure to comply with applicable laws relating to privacy, biometrics, artificial intelligence, health information and data protection may result in significant liability, negative publicity and erosion of trust and commercial opportunities, and increased regulation could materially adversely affect our business, results of operations and financial condition" and "Business-Government Regulation");- differing international norms and expectations, including but not limited to those related to the use of personal information;- challenges in confirming identities for non-U.S. residents;- expanded information security risk with expanded potential threat actors;- recruiting and retaining talented and capable employees in foreign countries and maintaining our company culture across all of our offices;- complying with varying laws and regulatory standards, including with respect to tax and local regulatory restrictions;- obtaining any required government approvals, licenses or other authorizations, particularly as may be necessary for the use and collection of personal information;- varying levels of Internet and mobile technology adoption and infrastructure;- currency exchange restrictions or costs and exchange rate fluctuations;- operating in jurisdictions that do not protect intellectual property rights to the same extent as the United States;- potential oppositions in foreign patent and trademark offices; and - limitations on the repatriation and investment of funds as well as foreign currency exchange restrictions. Our limited experience in operating our business internationally increases the risk that any potential future expansion efforts that we may undertake may not be successful. If we invest substantial time and resources to expand our operations internationally and are unable to manage these risks effectively, our business, financial condition and results of operations could be adversely affected.

Our primary locations may be vulnerable to the adverse effects of climate change. Extreme weather conditions may disrupt our business and may cause us to experience additional costs to maintain or resume operations and higher attrition. In addition, current and emerging legal and regulatory requirements with respect to climate change and other aspects of environmental, social, governance and other sustainability (e.g., disclosure requirements) may result in increased compliance requirements on our business, which may increase our operating costs and cause disruptions in our operations. We are dependent on CLEAR Plus memberships for a significant portion of our revenue, and a significant reduction in CLEAR Plus memberships would reduce our future revenue and harm our anticipated operating results. Given our dependence on CLEAR Plus for a significant portion of our revenues, a decrease in demand for goods or services that produce significant greenhouse gas emissions or are related to carbon-based energy sources, such as air travel, could have a material negative impact on our revenues.