Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - LPSN

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A., “Risk Factors.” It is routine for our internal projections and expectations to change as the year or each quarter in the year progresses, and therefore it should be clearly understood that the internal projections and beliefs upon which we base our expectations may change prior to the end of each quarter or the year. Although these expectations may change, we are under no obligation to inform you if they do. Our policy is generally to provide our expectations only once per quarter, and not to update that information until the next quarter. We do not undertake any obligation to revise forward-looking statements to reflect future events or circumstances. All forward-looking statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995.

PART I

Item 1. Business

Overview

LivePerson, Inc. (“LivePerson”, the “Company”, “we”, “our” or “us”) is a leader in digital customer conversation. Over the past two decades, consumers have made digital conversations their primary mode of communication with others. Since 1998, we have enabled meaningful connections between consumers and our customers through our platform and currently power more than one billion conversational interactions each month. These digital and artificial intelligence (“AI”)-powered conversations decrease costs and increase revenue for our brands, resulting in more convenient, personalized and content-rich journeys across the entire consumer lifecycle, and across consumer channels. Our customers’ existing investments in Generative AI and Large Language Models (“LLMs”) are fully compatible with LivePerson’s enterprise-class digital customer conversation platform (the “LivePerson Platform”).

The LivePerson Platform is trusted by the world’s top brands to accelerate their contact center transformation, orchestrate conversations across all channels, departments and systems, increase agent productivity, and deliver more personalized, AI-empowered customer experiences in a safe and secure environment. The LivePerson Platform powers conversations across each of a brand’s primary digital channels, including mobile apps, mobile and desktop web browsers, short messaging service (“SMS”), social media and third-party consumer messaging platforms. Brands can also use the LivePerson Platform to connect conversations across voice and digital channels to give customers additional options and ensure their interactions with brands are seamlessly integrated no matter where they choose to reach out. Agents can manage all conversations with consumers through a single console interface, regardless of where the conversations originated. The LivePerson Platform has been enhanced to provide security with appropriate guardrails where Generative AI and LLMs can be deployed and continually optimized in ways that help consumers and drive results for brands without sacrificing trust.

LivePerson’s robust, cloud-based suite of rich messaging, real-time chat, Generative AI, AI and automation, and conversation orchestration offerings features LLM powered automation (Autopilot), LLM powered agent tools (Copilot: Assist, Summary, Rewrite), Conversation Intelligence tools (Generative Insights, Analytics Studio), integrations (omnichannel solution through Avaya, Inc. partnership, Salesforce connector, iHub workflows powered by Workato), and engagement solutions (proactive messaging, voice to messaging) among others. An extensible application programming interface (“API”) stack facilitates a lower cost of ownership by facilitating robust integration into back-end systems, as well as enabling developers to build their own programs and services on top of the platform. More than 40 APIs and software development kits are available on the LivePerson Platform.

The LivePerson Platform enables what the Company calls “the tango” of humans, LivePerson bots, third-party bots, and LLMs, in which humans oversee and are assisted by AI and can seamlessly step into conversations as needed. Agents become highly efficient, are able to leverage the AI engine (including generative AI capabilities) to surface relevant content, define next-best actions and take over repetitive transactional work so that the agent can focus on relationship building. By integrating customer engagement channels, LivePerson’s proprietary AI, and third-party bots and AI, the LivePerson Platform offers brands a comprehensive approach to scaling automations across all customer conversations.

Complementing the Company’s proprietary digital customer conversation offerings are teams of technical, solutions and consulting professionals that have developed deep domain expertise in the implementation and optimization of conversational services across industries and messaging endpoints. LivePerson’s products, coupled with our domain knowledge, industry expertise and professional services, have been proven to maximize the impact of digital customer service. LivePerson supports and unlocks the power of AI in safe and responsible ways, and delivers measurable return on investment (“ROI”) for our customers.

Customers can realize the following advantages from our offerings:

•the ability for each agent to manage dozens of messaging conversations at a time, as compared to one at a time for a voice agent and two to four at a time for a chat agent. Adding AI and bots provides even greater scale to the number of conversations managed;

•labor efficiency gains of at least two times that of voice agents, effectively cutting labor costs;

•improving the overall customer experience, thereby fueling customer satisfaction score increases by double digit percentage points, and enhancing retention and loyalty;

•more convenient, personalized and content-rich conversations that increase sales conversion by double digit percentages, and increase average order value and reduce abandonment;

•more satisfied contact center agents, thereby substantially reducing agent churn;

•a valued connection with consumers via mobile devices, either through native applications, websites, text messages, or third-party messaging platforms; and

•leveraged spending that drives visitor traffic by increasing visitor conversions.

As a “cloud computing” or software-as-a service (“SaaS”) provider, LivePerson provides solutions on a hosted basis. This model offers significant benefits over premise-based software, including lower up-front costs, faster implementation, lower total cost of ownership, scalability, cost predictability, and simplified upgrades. Organizations that adopt a fully-hosted, multi-tenant architecture that is maintained by LivePerson eliminate the majority of the time, server infrastructure costs, and information technology (“IT”) resources required to implement, maintain, and support traditional on-premise software.

Hundreds of the world’s biggest brands, including HSBC, Virgin Media, and Burberry use our digital customer conversation solutions to integrate humans and AI, at scale, and create a convenient personalized relationship with their customers.

LivePerson was incorporated in the State of Delaware in November 1995 and the LivePerson service was introduced in November 1998. The Company completed an initial public offering in April 2000 and is currently traded on The Nasdaq Global Select Market and the Tel Aviv Stock Exchange (“TASE”).

Market Opportunity

LivePerson’s proprietary digital customer conversation solutions enable consumers and businesses to communicate with each other on conversational channels such as voice, messaging apps, a brand’s own website and apps, and social platforms, in order to get answers to questions, make purchases and resolve customer care inquiries.

Consumers today expect seamless, personalized, and AI-driven digital experiences, yet many brands still rely on outdated, disconnected communication channels. LivePerson is transforming customer engagement by enabling brands to shift from legacy systems to a modern digital core powered by messaging and AI. We see a significant opportunity in voice as a channel, seamlessly integrating voice and messaging to enhance both agent and customer experiences with AI-driven insights and automation. Additionally, our conversational commerce solutions empower brands to drive revenue by allowing buyers to engage on their own terms—when, where, and how they choose. The next generation of customer engagement is being shaped by Generative AI-powered agent and customer experiences, where LivePerson’s AI capabilities work alongside human agents and automation to deliver exceptional efficiency and value. Finally, our unified conversational analytics unlock the power of conversation data across channels, providing deep insights that maximize business outcomes. As brands increasingly shift investments from legacy systems to AI-powered, digital-first experiences, LivePerson is at the forefront of this transformation, enabling businesses to drive efficiency, revenue, and customer satisfaction at scale.

LivePerson believes that AI and automation are the foundation for transforming the conversational experience, disrupting how agents operate and how brands engage with consumers. With AI at the center of the solution and by harnessing data from all primary channels, including voice, messaging, chat, and human agents, LivePerson is in a unique position to provide the best conversational experiences for consumers. In addition, our deep integrations with CRM, service, and IT systems allows us to deliver a unified agent experience through a single pane of glass.

We believe that LivePerson’s proprietary digital customer conversation offerings provide a superior alternative to traditional customer experiences. Brands that shift to digital-first customer service and support stand to outperform their competitors by giving consumers the experiences they clearly prefer.

Products and Services

Business solutions offerings

The LivePerson Platform enables businesses and consumers to connect through conversational channels, such as voice, in-app and mobile messaging, while leveraging bots and AI to increase efficiency. The platform, which is marketed primarily to customer care, contact center, customer experience, e-commerce, marketing, and technology executives, combines sophisticated mobile and online engagement technology with robust business intelligence and operational and conversational data to produce compelling, measurable results by intelligently engaging consumers based on a real-time understanding of consumer needs. Rich, contextually aware targeting, actionable insights and personalized experiences empower businesses to get the most out of their existing online, mobile and social platforms. Benefits of the LivePerson Platform include increased agent efficiency, decreased customer care costs, improved customer experiences, higher conversion rates and increased customer lifetime value.

The LivePerson Platform powers the Conversational Flywheel, a powerful framework for driving velocity and continuous improvement across our brands’ conversational AI journey. The Conversational Flywheel, comprising four stages, empowers brands to: (1) understand what customers want by analyzing conversational data to drive actionable business decisions through proprietary analytics utilizing data to target end users with compelling engagement options at any step in the conversion funnel and throughout the customer lifecycle; (2) connect business systems to channels, engaging consumers where they are and feeding those conversations back into the systems brands use every day, maximizing online revenue opportunities, improving conversion rates and reducing shopping cart abandonment by proactively engaging the right visitor, using the right channel, at the right time; (3) assist teams with AI-powered tools and insights designed to help them focus on the tasks and interactions that matter most, providing real-time recommendations to human agents, and leveraging automation and human agents working together seamlessly to support consumers, all over our best-in-class agent workspace; and (4) automate to enable self-service and drive faster resolutions, through personal, connected interactions; all feeding data back into the system. This comprehensive solution blends a proven value-based methodology with an active rules-based engagement engine and deep domain expertise to increase first-contact resolution, improve consumer satisfaction, and reduce attrition rates.

LivePerson’s Conversational AI. LivePerson’s Conversational AI, announced in December 2018, operates as the brains behind LivePerson AI-based products, and was developed using our conversational data set of billions of brand-to-consumer interactions. The LivePerson Platform enables what we call “the tango” of humans, LivePerson bots, third-party bots, and LLMs, in which humans oversee and are assisted by AI and can seamlessly step into conversations as needed. Through the LivePerson Platform, agents become highly efficient, leveraging the AI engine (including generative AI capabilities) to surface relevant content, define next-best actions and take over repetitive transactional work so that the agent can focus on relationship building. By seamlessly integrating the LivePerson Platform with our proprietary AI, as well as bots, the platform provides businesses with a comprehensive view of all AI-based and human-based conversations from a single console. Products developed on LivePerson’s Conversational AI engine include:

•Conversation Builder, which non-technical staff such as contact center agents use to design high-quality automated conversations. The conversations are not built from scratch. Conversation Builder creates the initial versions by mining a brand’s existing conversation transcripts. Prebuilt industry templates are also available, providing the dialogue and integrations necessary for common use cases such as billing.

•Conversation Manager, a console that suggests automated responses and next best actions to contact center agents, who edit and select from them. Edits and selections dynamically improve the responses and next best actions. When the content reaches a brand-set accuracy threshold, it can be offered to consumers without human intervention. Conversation Manager also includes sentiment monitoring to alert contact center agents to conversations that require their attention. Designed for use in large contact centers, Conversation Manager sends these requests to agents who have the capacity and appropriate skills to respond. A major retail brand that adopted this approach in its sales operation increased agent productivity up to 220% within 12 weeks of launch.

•Conversational Intelligence, dashboards and reporting which take the true voice of the customer - their direct discussions with a brand, spoken in their natural language - and turn it into actionable sales and service intelligence. Generative Insights discovers trends in what customers are saying and delivers them in an LLM-powered conversational experience that is easy to understand. Report Center measures how both AI and human-powered messaging and voice conversations are performing. Analytics Studio converts the content of voice and messaging conversations into actionable data that makes sense of customer behaviors, preferences, and signals across channels. A major wireless provider using Conversational Intelligence reported the product identifies the root cause of service

issues faster than monitoring software, enabling the provider to accelerate the fix and reduce inbound customer inquiries. A leading hospitality firm used Conversational Intelligence to identify and add new, top-selling items to its menu selection.

•Intent Manager, a real-time intent recognition and classification engine that analyzes consumer intentions at every turn of the conversation. Intent Manager is powered by LivePerson’s proprietary natural language understanding (“NLU”) capabilities and machine learning algorithms, which are grounded in over 20+ years of conversational data and more than one billion messaging transcripts across a variety of industries. Intent Manager is currently being used by top brands to gain real-time insights and take action to improve customer service, marketing, and sales automation.

Professional Services

The mission of our LP 360 Professional Services team is to help customers optimize the performance of our products in order to drive incremental value through their mobile and online sales and/or service channel(s). This talented group utilizes their deep domain expertise and years of hands-on experience to provide customers with detailed analyses and measurements of their LivePerson deployment that drive strategies and decisions on how to optimize mobile and online messaging, real-time chat, and bot and AI integration. Deliverables of the team include scorecards that measure and chart performance trends, analyses and recommendations for conversational design, web design and process improvement, transcript reviews to discover both voice of the consumer insight and agent improvement opportunities, custom training of call center agents and management, and ongoing management of messaging programs to ensure alignment with current business practices and objectives. The team’s value-added methodology and approach to guiding customers towards messaging channels and human/bot agent optimization is an important component of the LivePerson offering, and gives our customers a competitive advantage in the digital world.

Customers

Our solutions benefit organizations of all sizes conducting business or communicating with consumers through messaging and chat. Our customers include Fortune 500 companies, dedicated internet businesses, a broad range of online merchants, automotive dealers, educational institutions, the public sector and not-for-profit organizations. We plan to continue to focus on key target markets: telecommunications, financial services, travel/hospitality, technology, healthcare, automotive, and consumer/retail within the United States of America (“U.S.”) and Canada, Latin America, Europe, and the Asia-Pacific (“APAC”) region.

No single customer accounted for or exceeded 10% of our total revenue for 2024, 2023, or 2022.

Sales and Marketing

Sales. Our mobile and online messaging solutions are targeted at corporate executives whose primary responsibility is optimization of customer care, sales and marketing, or optimizing a consumer’s journey across the brand’s digital properties. Our solutions enable organizations to provide effective customer service, sales and marketing by orchestrating conversations across all channels, departments and systems and delivering more personalized, AI-empowered customer experiences in a safe and secure environment. We focus on the value that our solutions deliver in the form of increased agent efficiency, reduced contact center costs, increased customer satisfaction, improved customer lifetime value, maximized digital consumer acquisition, and optimized website and mobile business outcomes.

Within the business solutions segment we have aligned our field organization to address the different sales strategies of our target markets:

Enterprise and large mid-market. We target enterprises which have thousands of agents in their contact centers and collectively connect with billions of consumers each year. We leverage thought leadership and related events to showcase our strength in messaging and AI, and highlight existing reference customers who share their successes on our platform and how they achieved positive ROIs. Increasingly, we are working with large third-party system integrators, technology providers and business process outsourcers to supplement our direct sales effort.

Small business and small mid-market. We target small business and small mid-market customers with a mix of direct, online self-service, and third-party partner channels. Our customer acquisition strategy centers on leveraging customer word-of-

mouth, our leading brand name, online marketing and partnerships. We also leverage marketing programs and partner resources to promote increased usage and product adoption within these customers.

Customer Support. Our LP 360 Professional Services team provides deployment support and ongoing business consulting to enterprise and mid-market customers and maintains involvement throughout the engagement lifecycle. All LivePerson customers have access to 24/7 help desk services through messaging, chat, and technical support ticketing.

Marketing. We have a global team, spread across key geographies, that is focused on marketing our brand, products and services to executives responsible for the digital channel, the consumer experience, marketing, sales, IT, and consumer service operations of their organization.

Our marketing strategy encompasses a strategic communications approach that integrates public relations, social media, and analyst/influencer relations. Communications seek to highlight key customer success stories, and promote executive thought leadership via contributed content, speaking opportunities and press interviews, to raise LivePerson’s profile and reinforce our position as an industry leader.

Competition

The markets for AI-enhanced customer interaction, mobile and online business messaging, and digital engagement technology are intensely competitive, rapidly changing and characterized by aggressive marketing, pricing pressure, evolving industry standards, rapid technology developments, and frequent new product introductions.

We believe that most contact center technology vendors incorrectly view messaging as simply a feature or channel. They are content with building integrations to a messaging endpoint and offering messaging as just another product in their suite. We believe that messaging and AI are the foundation for conversational experiences, which transform how agents operate and how brands engage with consumers across service, sales, marketing, and brick and mortar. Brands must adapt their contact centers to an asynchronous messaging environment and leverage a combination of human agents, bots and AI to achieve scale and efficiencies.

We believe that our differentiated approach to enterprise conversations, combined with our unique technology and expertise, has established the Company as a market leader, with an ability to deliver superior returns on investment:

•The LivePerson Platform was designed for AI-assisted and human-powered messaging in mobile and online channels. The platform is designed for security and scalability, offers the broadest ecosystem of messaging endpoints, is designed for ease of use, and features an AI engine custom built for enterprise conversations, intent recognition, robust real-time reporting, role-based real-time analytics, predictive intelligence, and innovations in customer satisfaction and connection measurement. Additionally, our platform offers pre-built, enterprise-grade integrations into back-end systems as well as the ability to work across NLU providers.

•The platform has expanded to power conversations across a broad spectrum of channels and use cases, from traditional sales and customer service, to marketing, social, email, advertising and brick and mortar.

•We have billions of conversations across industries, geographies and use cases. This data is used to feed machine learning models that can understand and handle conversations, and can customize generative AI for enterprise-level performance and safety.

•LivePerson has deep domain expertise across verticals and messaging endpoints, a global footprint, referenceable enterprise brands and a team of technical, solutions and consulting professionals to assist customers along their transformational journeys.

We believe this focus on technological innovation, expertise and enterprise-class capabilities is positioning LivePerson as a leader in digital customer conversations.

We have current and potential competition from providers of messaging and digital engagement solutions that enable companies to engage and connect with their consumer customers, as well as technology providers that offer customer relationship management and contact center solutions. We have current and potential competitors in many different industries, including:

•technology or service providers offering or powering competing digital engagement, contact center, communications, or customer relationship management solutions such as eGain, Genesys, Nuance, Oracle, Salesforce.com, and Twilio;

•service providers that offer basic messaging products or services with limited functionality free of charge or at significantly reduced entry level prices;

•social media, social listening, messaging, AI, bots, e-commerce, and/or data and data analytics companies, such as Facebook, Google, and WeChat, which may leverage their existing or future capabilities and consumer relationships to offer competing business-to-business solutions; and

•customers that develop and manage their messaging solutions in-house.

Technology

Four key technological features distinguish the LivePerson services:

•LivePerson’s powerful Conversational AI capabilities have historically enabled brands to successfully automate conversations, and these tools are now made even more powerful with the advent of generative AI. To make generative AI systems usable for the enterprise, proprietary data integrations are required, along with Conversational AI test and release management capabilities, and the ability to leverage human feedback and customize models and other system behavior. LivePerson’s Conversational AI systems have these capabilities, and are integrated with best-in-class generative AI systems including OpenAI, Microsoft, Google, and others, situating the LivePerson technology stack to benefit from the anticipated growth in the generative AI space.

•We support our customers through a secure, scalable server infrastructure. Currently, in North America, our servers are hosted in a secure, top-tier, third-party server center located in the Mid-Atlantic United States, and have data backups in a top-tier facility located in the Western United States. In Europe, our servers are hosted in a secure, top-tier, third-party server center located in the United Kingdom (“U.K.”) and have data backups in a top-tier facility located in The Netherlands. In the Asia Pacific region, our servers and data backups are hosted in secure, top-tier, third-party server centers located in Australia. Utilizing scalable network infrastructure and protocols, our network, hardware and software are designed to accommodate our customers’ demand for secure, high-quality 24/7 service, including during peak times such as the holiday shopping season. Components of our platform are currently hosted on various hyperscalers, and we intend to continue to shift our footprint to the public cloud over the coming years.

•As a hosted service, we are able to add additional capacity and new features quickly and efficiently. This has enabled us to provide these benefits simultaneously to our entire customer base. In addition, it allows us to maintain a relatively short development and implementation cycle.

•As a SaaS provider, we focus on the development of tightly integrated software design and network architecture. Dedicated resources are allocated to designing our software and network architecture based on the fundamental principles of security, reliability and scalability.

Network Architecture and Security. Our network is scalable. Our backup data is housed in separate locations from our primary hosting facilities. We comply with security standards such as System and Organization Controls (“SOC”) 2, and Payment Card Industry (“PCI”) Data Security Standards (“DSS”), and International Standards Organization / International Electrotechnical Commission (“ISO/IEV”) 27001. For increased security, through a multi-layered approach, we use next-generation endpoint detection and response, offer enterprise encryption standards and employ third-party independent service providers to further validate our systems’ security. We also enable our customers to mask certain sensitive data.

Government Regulation

We and our customers are subject to numerous laws and regulations applicable to our and their businesses throughout the world, including laws regarding data privacy, data protection, information security, cybersecurity, restrictions on the collection, use, storage, protection, disposal, transfer or other processing of consumer data, content, consumer protection, advertising,

taxation, provision of online payment services (including credit card processing), and intellectual property rights, which are continuously evolving and developing. Compliance with these laws and regulations may be costly, and any failure to comply could have a material adverse effect on our and our customers’ reputation and results of operations.

Intellectual Property and Proprietary Rights

We own a portfolio of patents and patent applications in the United States and internationally and regularly file patent applications to protect intellectual property that we believe is important to our business. As of December 31, 2024, we have 372 patents issued in the U.S. and abroad, and 222 patents pending. We had 27 patents awarded in the U.S. during 2024, and added 65 global patents. Our patents cover Conversational AI and insights, messaging across various consumer channels, behavioral analytics and personalization, and agent effectiveness and call center operations.

Human Capital Management

As a leading provider of digital customer conversation solutions, we are at the forefront of a consumer-led shift to Conversational AI, and our platform is setting the industry standard for this future.

As of December 31, 2024, we had 928 full-time employees worldwide, located in more than 20 countries. Of these, 356 were located in the Americas, 380 in Europe, the Middle East, and Africa (“EMEA”), and 184 in APAC. Although we have statutory employee representation obligations in certain countries, our U.S. employees are not covered by collective bargaining arrangements. We believe we have good relations with our employees. For 2024, our key human capital management efforts focused on the following:

We place a high priority on attracting, recruiting, developing and retaining diverse global talent. As a company, we are focused on benefits and programs that support our employees across the entire employee lifecycle, from recruitment and onboarding, to well-being, learning and development.

We support employee training and development through our online Learning Management Systems which provides access to LivePerson product and process training. In addition, employees have access to thousands of learning courses focused on a myriad of topics that include professional skills, technical skills, leadership skills, communication skills, time management skills, AI and machine learning, project management, professional certification prep courses, and additional topics that support an engaged and balanced workforce. We encourage employees to create developmental goals to support their ongoing learning.

We strive to foster an environment in which all employees are supported and enabled to perform at their best individually and collectively. We value a wide range of perspectives, and believe this supports our successful delivery of innovative AI solutions and consumer experience products and services to our global customer base.

Website Access to Reports

We make available on our website (ir.liveperson.com), our annual reports on Form 10-K, our quarterly reports on Form 10-Q, and our current reports on Form 8-K and any amendments to those reports filed or furnished pursuant to Sections 13(a) or 15(d) of the Securities Exchange Act of 1934 as soon as reasonably practicable after we have electronically filed such material with, or furnished it to, the Securities and Exchange Commission (“SEC”). The Company’s website address provided above is not intended to function as a hyperlink, and the information on the Company’s website is not and should not be considered part of this Annual Report on Form 10-K and is not incorporated by reference herein. The SEC maintains an internet site that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC at www.sec.gov.

Item 1A. Risk Factors

The following are certain of the important risk factors that make an investment in our securities speculative or risky. The risks described below are not the only ones we face. Additional risks not presently known to us, or that we currently deem to be immaterial, could also materially and adversely affect our business, results of operations, financial condition, cash flows or prospects, or the price of our outstanding securities.

Summary of Risk Factors

Our business is subject to risks and uncertainties that make an investment in our securities speculative or risky and could materially adversely affect our business, results of operations, financial condition, cash flows or prospects, or the price of our outstanding securities. These risks are discussed more fully below and include:

•The success of our business depends on retention of existing customers and their purchase of additional services, and attracting new customers.

•

•Our business depends significantly on our ability to retain our key personnel, attract new personnel, and manage attrition.

•Our contingent pricing arrangement program offers contingent pricing and if we are unsuccessful at achieving customer objectives, the program could result in operating losses.

•Our expansion into new products, services, and technologies could subject us to additional risks.

•If we do not successfully integrate past or potential future acquisitions, we may not realize the expected business or financial benefits and our business could be adversely impacted.

•We may not be able to refinance our substantial indebtedness before it becomes due. In addition, capital needs necessary to execute our business strategy could increase substantially. There is a significant risk that we may not be able to secure necessary financing on commercially reasonable terms, or at all.

•

•Delays in our implementation cycles could have an adverse effect on our results of operations.

•Our quarterly revenue and operating results may fluctuate significantly, which may cause a substantial decline in the trading price of our securities.

•In the past we have experienced losses, we had an accumulated deficit of $991.3 million as of December 31, 2024 and we may incur losses in the future.

•The non-payment or late payment of amounts due to us from a significant number of customers may negatively impact our financial condition or make it difficult to forecast our revenues accurately.

•There are inherent limitations on the effectiveness of our controls.

•As a “smaller reporting company,” we may comply with certain reduced reporting and disclosure requirements which could make our common stock less attractive to investors.

•Because we recognize revenue from subscriptions for our service over the term of the subscription, declines in business may not be immediately reflected in our operating results.

•If our goodwill or long-lived assets become impaired, we may be required to record a significant charge to earnings.

•If we are unable to develop and maintain successful relationships with partners, service partners, social media, and other third-party consumer messaging platforms and endpoints, our business, results of operations, and financial condition could be adversely affected.

•If we are unable to effectively operate on mobile devices, our business could be adversely affected.

•The markets in which we participate are highly competitive, and we may lose customers and revenue if we are not able to innovate or effectively compete.

•Downturns in the global economic environment or in particular industries in which our sales are concentrated may adversely affect our business and results of operations.

•Failures or security breaches in our services or systems, those of our third-party service providers, or in the websites of our customers, including those resulting from cyber-attacks, security vulnerabilities, defects, or errors, could harm our business.

•We may be liable if third parties access or misappropriate confidential or personal data from our systems or services.

•We provide service-level commitments to certain customers. If we do not meet these contractual commitments, we could be obligated to provide credits or refunds or face contract terminations, which could adversely affect our revenue and harm our reputation.

•Failure to license necessary third-party software for use in our products and services, or failure to successfully integrate third-party software, could cause delays or reductions in our sales, or errors or failures of our service.

•Our business is subject to a variety of U.S. and international laws and regulations regarding privacy, data protection, and AI, and increased public scrutiny of privacy, security, and AI issues could result in increased government regulation, industry standards, and other legal obligations that could adversely affect our business.

•We are the subject of a number of ongoing actions that have resulted in significant expense, and adverse developments in our ongoing actions and/or future actions could have a material adverse effect on our business results of operations and financial condition.

•We may be subject to governmental export controls and economic sanctions regulations that could impair our ability to compete in international markets due to licensing requirements and could subject us to liability if we are not in compliance with applicable laws.

•Industry-specific regulation is evolving and unfavorable industry-specific laws, regulations, or interpretive positions could harm our business.

•

•Our products and services may infringe upon intellectual property rights of third parties and any infringement could require us to incur substantial costs and may distract our management.

•Our business and prospects would suffer if we are unable to protect and enforce our intellectual property rights.

•Issues in the use of AI in our product offerings or by our vendors may result in reputational harm or liability.

•Our results of operations may be adversely impacted due to our exposure to foreign currency exchange rate fluctuations.

•

•Our operations may expose us to greater than anticipated income, non-income, and transactional tax liabilities, which could harm our financial condition and results of operations.

•Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.

•Political, economic, and military conditions in Israel could negatively impact our Israeli operations.

•Servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business to pay our indebtedness.

•The terms of our First Lien Convertible Senior Notes due 2029 require us to meet certain operating and financial covenants and place restrictions on our operating and financial flexibility. If we raise additional capital through debt financing, the terms of any new debt could further restrict our ability to operate our business.

•We may not have the ability to raise the funds necessary to settle conversions of our outstanding convertible debt securities and cash-settled warrants in cash or to repurchase our outstanding convertible debt securities upon a fundamental change, and any future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our outstanding convertible debt securities and cash-settled warrants.

•Provisions in the indentures for our outstanding convertible debt securities may deter or prevent a business combination that may be favorable to security holders.

•Our stock price has been, and may continue to be, highly volatile, which could reduce the value of your investment and subject us to litigation.

•If our common stock continues to trade below $1.00, we may fail to meet the continued listing requirements of The Nasdaq Stock Market LLC, which could result in a delisting of our common stock.

•Our common stock is traded on more than one market and this may result in price variations.

•Provisions in our charter documents, Delaware law and the indentures for our outstanding convertible debt securities could discourage, delay or prevent a takeover that stockholders may consider favorable.

Risks Related to Operating our Business

The success of our business depends on retention of existing customers and their purchase of additional services, and attracting new customers.

Our customers typically subscribe for our services for a twelve-month term and have no obligation to renew their subscription after expiration of the twelve-month term. In some cases, our agreements are terminable or may terminate upon 30 to 90 days’ notice without penalty. If a significant number of our customers, or any one customer to whom we provide a significant amount of services, were to terminate services, reduce the amount of services purchased, or fail to purchase additional services, our results of operations may be negatively and materially affected.

While this interaction-based fee model has demonstrated success in our business to date, it could potentially produce greater variability in our revenue as revenue in this model is impacted by the number of interactions that our customers generate through use of our products.

If we are able to obtain additional customers or if existing customers decline to purchase additional services, our revenues will be adversely affected.

We anticipate that additional investments in our infrastructure, research; and development and customer support and development will be required to scale our operations and increase productivity, to address the needs of our customers, to further develop and enhance our services; and to expand our business into new geographic areas.

We regularly upgrade or replace our various software systems. If the implementations of these new applications are delayed, or if we encounter unforeseen problems with our new systems or in migrating away from our existing applications and systems, our operations and our ability to manage our business could be negatively impacted.

Our success depends in part upon the ability of our senior management to manage our business effectively. If we fail to successfully scale our operations and increase productivity, we may be unable to execute our business plan and the market price of our securities could decline.

Our business depends significantly on our ability to retain our key personnel, attract new personnel, and manage attrition.

Our success depends largely on the continued services of our senior management team. The loss of one or more members of senior management could have a material adverse effect on our business, results of operations, and financial condition. We are also substantially dependent on the continued service of other key personnel, including key sales executives responsible for revenue generation and key development personnel accountable for product and service innovation and timely development and delivery of upgrades and enhancements to our existing products and services. Changes to senior management and key employees could also lead to additional unplanned losses of key employees. The loss of key employees could seriously harm our ability to release new products and services and upgrade existing products and services on a timely basis, and put us at a competitive disadvantage.

In the technology industry, there is substantial competition for key personnel, including skilled engineers, sales executives and operations personnel. We may not be able to successfully recruit, integrate and retain qualified personnel in the future, which could impact our ability to innovate and deliver new or updated products to our customers, which could harm our business. If our retention and recruitment efforts are ineffective, employee turnover could increase and our ability to provide services to our customers would be materially and adversely affected.

Following the onset of the global novel coronavirus disease (“COVID-19”) pandemic, we vacated most of our physical offices around the world, and transitioned to a work-from-anywhere model. While we have been able to operate effectively from remote locations, the long-term impact of such work arrangements remains unknown.

If the size of our staff is significantly reduced, either by our choice or otherwise, it may become more difficult for us to manage existing, or establish new, relationships with customers and other counterparties, or to expand and improve our service offerings. It may also become more difficult for us to implement changes to our business plan or to respond promptly to opportunities in the marketplace. Further, it may become more difficult for us to devote personnel resources necessary to maintain or improve existing systems, including our financial and managerial controls, billing systems, reporting systems and procedures. Thus, any significant amount of staff attrition could cause our business and financial results to suffer.

Our contingent pricing arrangement program offers contingent pricing and if we are unsuccessful at achieving customer objectives, the program could result in operating losses.

The Company has developed a fully managed solution where LivePerson provides messaging and AI automation technology as well as labor, automation, and end-to-end program management.

Our expansion into new products, services, and technologies could subject us to additional risks.

We have invested in new products, services, and technologies. We may have limited or no experience in new market segments that we enter or new services that we decide to offer, and customers may not choose to buy or use our service offerings. These offerings, which can present new and difficult technology challenges, may subject us to claims if customers of these offerings experience service disruptions or failures or other quality issues. Our newer activities may involve significant risks and uncertainties, including diversion of resources and management attention from current operations, as well as, in certain circumstances, the use of alternative investment, governance, or revenue strategies that may fail to adequately align incentives across our business or otherwise accomplish our objectives. In addition, new and evolving products, services, and technologies, including those that use AI, machine learning, and blockchain, can raise ethical, technological, legal, regulatory, and other challenges, which may negatively affect our business and demand for our products and services. Failure to realize the benefits of amounts we invest in new technologies, products, or services could result in the value of those investments being written down or written off.

If we do not successfully integrate past or potential future acquisitions, we may not realize the expected business or financial benefits and our business could be adversely impacted.

Acquiring and integrating technology companies presents unique risks including difficulties in adapting and developing new software technologies and systems protocols, increased software integration expenses, and incompatibility of acquired technologies. Acquisitions and investments also involve numerous other risks to us, including:

• potential failure to achieve the expected benefits of the combination or acquisition;

• inability to generate sufficient revenue to offset acquisition or investment cost;

• difficulties in integrating operations, technologies, products, and personnel;

• diversion of financial and management resources from efforts related to existing operations;

• risks of entering new markets in which we have little or no experience or where competitors may have stronger market positions;

• potential loss of our existing key employees or key employees of the company we acquire;

• inability to maintain relationships with customers and partners of the acquired business;

• potential unknown liabilities associated with the acquired businesses; and

• the tax effects of any such acquisitions.

These difficulties could disrupt our ongoing business, expose us to unexpected costs, distract our management and employees, increase our expenses, and adversely affect our results of operations. Furthermore, we may incur debt or issue equity securities to pay for any future acquisitions. The issuance of equity securities could be dilutive to our existing stockholders.

This initiative is a major undertaking as we migrate and reconfigure our current system processes, transactions, data and controls to a new cloud-based platform. It could have a significant impact on our business processes, financial reporting, information systems and internal controls.

Additionally, we may experience difficulties as we manage these changes and transition our technology infrastructure to the public cloud, including loss or corruption of data, interruptions in service and downtime, increased cyber threats and activity, delayed financial reporting, unanticipated expenses including increased costs of implementation and of conducting business, and lost revenue. Although we are conducting design validations and user testing, these may cause delays in transacting our business due to system challenges, limitations in functionality, inadequate management or process deficiencies in the development and use of our systems. Difficulties in implementing or an inability to effectively implement our migration plans could disrupt our operations and harm our business.

As we increase our reliance on public cloud infrastructure, our products and services will become increasingly reliant on continued access to, and the continued stability, reliability, and flexibility of third-party public cloud services. Additionally, we may in the future be unable to secure additional cloud hosting capacity on commercially reasonable terms or at all. If any of our public cloud providers increases pricing terms, terminates or seeks to terminate our contractual relationship, establishes more favorable relationships with our competitors, or changes or interprets their terms of service or policies in a manner that is unfavorable to us, we may be required to transfer to another provider and may incur significant costs and experience service interruptions. We have limited control over the public cloud operations and facilities on which we plan to host our technology infrastructure. Although our transition and migration to the public cloud may increase our risk of liability and cause us to incur significant technical, legal or other costs, we may have limited remedies against third-party providers in connection with such liabilities.

Additionally, our public cloud providers may not be able to effectively manage existing traffic levels or increased demand in capacity requirements, especially to cover peak levels or spikes in traffic, and as a result, our customers may experience delays in accessing our solutions or encounter slower performance in our solutions, which could significantly harm the operations of our customers. Interruptions in our services might reduce our revenue, cause us to issue credits to customers, subject us to potential liability, and cause customers to terminate their subscriptions or harm our renewal rates.

We may not be able to refinance our substantial indebtedness before it becomes due. In addition, capital needs necessary to execute our business strategy could increase substantially. There is a significant risk that we may not be able to secure necessary financing on commercially reasonable terms, or at all.

Our substantial level of indebtedness increases the possibility that we may be unable to generate cash sufficient to refinance our outstanding indebtedness. In particular, we have $361.2 million in aggregate principal amount of 0% Convertible Notes due in December 2026 (“2026 Notes”) and $207.1 million in aggregate principal amount of First Lien Convertible Senior Notes due 2029 (“2029 Notes”). Further, our 2029 Notes will come due 91 days before the maturity of the 2026 Notes, if greater than $60.0 million principal amount of our 2026 Notes remains outstanding on such date. From time to time, we have explored, and expect to continue to explore, a variety of transactions to improve our liquidity and/or to refinance our indebtedness, including issuing new debt or equity and repurchasing outstanding notes in the open market with available liquidity. We cannot assure you that we will enter into or consummate successfully any liquidity-generating or debt refinancing transactions, and we cannot currently predict the impact that any such transactions, if consummated, would have on us.

If additional funds are raised through the issuance of additional equity or convertible securities, our stockholders could suffer dilution. We cannot assure you that additional funding, if required, will be available to us in amounts or on terms acceptable to us. Those limitations would materially and adversely affect our business, results of operations, cash flows, and financial condition. If we cannot make scheduled payments on our indebtedness, we will be in default under one or more of the agreements governing our indebtedness, and as a result, we could be forced into bankruptcy or liquidation.

The sales cycle for our products can be several months or more and varies substantially from customer to customer, particularly for sales to enterprise customers. Because we sell complex, integrated solutions, it can take many months to close sales as customers evaluate our product offering against available alternatives and define their requirements. We are often required to spend substantial time, effort, and money educating potential customers about the value of our offerings.

Additionally, our quarterly sales have historically reflected an uneven pattern in which a disproportionate percentage of a quarter’s total sales occur in the last month, weeks and days of each quarter. In addition, historically a large portion of our revenue has derived from large orders from large clients. Consequently, delays in the closing of sales, especially from large clients, could have a material impact on the timing of revenue and results of operations.

Delays in our implementation cycles could have an adverse effect on our results of operations.

Certain of our products require some implementation services, including but not limited to training our customers. We have historically experienced a lag between signing a customer contract and recognizing revenue from that customer. Although this lag has typically ranged from 30 to 90 days, it may take more time between contract signing and recognizing revenue in certain situations. If we experience delays in implementation or do not meet project milestones in a timely manner, we could be obligated to devote more customer support, engineering and other resources to a particular project. If new or existing customers cancel or have difficulty deploying our products or require significant amounts of our professional services, support, or customized features, revenue recognition could be canceled or delayed and our costs could increase, which could negatively impact our operating results.

Our services are subject to payment-related risks.

For certain payment methods, including credit and debit cards, we pay interchange and other fees, which may increase over time and raise our operating costs and lower our profit margins. We rely on third parties to provide payment processing services, including the processing of credit cards and debit cards and it could disrupt our business if these companies become unwilling or unable to provide these services to us. We are also subject to payment card association operating rules, certification requirements and rules governing electronic funds transfers, which could change or be reinterpreted in such a way as to make compliance infeasible. If we fail to comply with these rules or requirements, we may be subject to fines and higher transaction

fees and lose our ability to accept credit and debit card payments from our customers or facilitate other types of online payments, and our business and operating results could be adversely affected.

We are also subject to a number of other laws and regulations relating to money laundering, international money transfers, privacy and information security, and electronic fund transfers. If we were found to be in violation of applicable laws or regulations, we could be subject to civil and criminal penalties or forced to cease our payments services business.

Our reputation depends, in part, on factors which are partially or entirely outside of our control.

Our services typically appear under the LivePerson brand or as a LivePerson-branded icon on our customers’ websites. If a user were to have a negative experience in a LivePerson-powered real-time dialogue, it is possible that this experience could be attributed to us, which could diminish our brand and harm our business. Additionally, we have no control over the content of our customers’ websites on which our website chat icon appears.

Increased regulatory uncertainty and conflicting stakeholder views regarding environmental, social and governance (“ESG”) matters may increase our costs, harm our reputation, or otherwise adversely impact our business.

Governmental authorities, non-governmental organizations, rating agencies, customers, investors, employees, and other stakeholders remain focused on ESG concerns, such as diversity and inclusion, climate change, sustainability, social responsibility, and corporate governance and transparency. However, stakeholder expectations on ESG matters continue to evolve and are not uniform. This focus on ESG concerns and efforts to comply with shifting and sometimes conflicting expectations could result in increased compliance costs and other complexities, including with respect to collecting, measuring, and reporting ESG-related information in connection with expanding mandatory and voluntary reporting, diligence and disclosure requirements. Responding to ESG considerations and implementation of our ESG goals and initiatives involves risks and uncertainties, requires investments, may subject us to governmental and political scrutiny, and depends in part on third-party performance or data that is outside of our control. In addition, some stakeholders may disagree with our ESG goals and initiatives, and we could be criticized for the timing, scope or nature of our ESG goals or initiatives. If we fail to meet our goals and initiatives or otherwise do not act responsibly, or if we are perceived to not be acting responsibly, or if we become subject to regulatory scrutiny in key ESG areas, we risk negative stockholder reaction, including from proxy advisory services, as well as damage to our reputation, loss of customers or business partners, inability to attract and retain employee talent, and other material adverse effects on our business, results of operations and cash flows.

Risks Related to our Financial Condition and Operating Results

Our quarterly revenue and operating results may fluctuate significantly, which may cause a substantial decline in the trading price of our securities.

Our quarterly revenue and operating results may fluctuate significantly as a result of a variety of factors, many of which are outside of our control. Some of the important factors that may cause our revenue and operating results to fluctuate include:

•our ability to attract and retain new customers;

•our ability to retain and increase sales to existing customers;

•demand from customers for our services;

•our ability to innovate and provide new services to current and future customers;

•our ability to add AI, machine learning, and automation into our services;

•the introduction of new services by us or our competitors;

•our ability to avoid and/or manage service interruptions, disruptions, or security incidents;

•changes in our pricing models or policies or in those of our competitors;

•our ability to maintain and add integrations with third-party consumer messaging platforms and endpoints;

•levels of adoption by companies of mobile and cloud-based messaging solutions;

•investments in growing our sales and marketing programs;

•levels of adoption by users of conversational AI and web and mobile-based conversation technology;

•exposure to foreign currency exchange rate fluctuations; and

•the amount and timing of capital expenditures and other costs related to operation and expansion of our business, including those related to acquisitions.

Our revenue and operating results may also fluctuate significantly in the future due to the following factors that are entirely outside of our control:

•new laws, regulations, or regulatory or law enforcement initiatives;

•economic conditions specific to the web, mobile technology, electronic commerce, and cloud computing; consequences of unexpected geopolitical events, natural disasters, acts of war or terrorism, outbreaks of contagious disease, or climate change; and

•general, regional, and/or global economic and political conditions.

As a result, comparing our operating results on a period-to-period basis may not be meaningful. You should not rely upon these comparisons or our past results as indicators of our future performance. Due to the foregoing factors, it is possible that our operating results in one or more future quarters may fall below the expectations of securities analysts and investors or below any guidance we may provide to the market. If this occurs, the trading price of our securities could decline significantly.

In the past we have experienced losses, we had an accumulated deficit of $991.3 million as of December 31, 2024 and we may incur losses in the future.

We have in the past experienced, and we may in the future experience, losses and negative cash flow, either or both of which may be significant. We recorded a net loss of $134.3 million for the year ended December 31, 2024, and as of December 31, 2024, our accumulated deficit was $991.3 million. We cannot assure you that we can sustain or increase profitability on a quarterly or annual basis in the future.

The non-payment or late payment of amounts due to us from a significant number of customers may negatively impact our financial condition or make it difficult to forecast our revenues accurately.

For the years ended December 31, 2024, 2023 and 2022, our allowance for credit losses was $8.6 million, $9.3 million and $9.2 million, respectively. A large proportion of receivables is due from larger corporate customers that typically have longer payment cycles. As a result of increasingly long payment cycles, we have experienced unanticipated fluctuations in our revenues from period to period. Any failure to achieve anticipated revenues in a period could cause the market price of our securities to decline.

There are inherent limitations on the effectiveness of our controls.

We do not expect that our disclosure controls or our internal control over financial reporting will prevent or detect all errors and all fraud. A control system, no matter how well-designed and operated, can provide only reasonable, not absolute, assurance that the control system’s objectives will be met. The design of a control system must reflect the fact that resource constraints exist, and the benefits of controls must be considered relative to their costs. Further, because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that misstatements due to error or fraud will not occur or that all control issues and instances of fraud, if any, have been detected. The design of any system of controls is based in part on certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving its stated goals under all potential future conditions. Projections of any evaluation of the effectiveness of controls to future periods are subject to risks. Over time, controls may become inadequate due to changes in conditions or deterioration in the degree of compliance with policies or procedures.

As a non-accelerated filer, we are no longer required to include, and have not included in this Annual Report, an attestation report from our independent registered public accounting firm as to the effectiveness of our internal control over financial reporting pursuant to Section 404(b) of the Sarbanes-Oxley Act. If and when we again become subject to the auditor attestation requirements under Section 404(b) of the Sarbanes Oxley Act, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed or operating. Including such an attestation report would also cause us to incur additional expenses, which may be significant.

There can be no assurance that control issues will not be identified in the future. If we cannot remediate future material weaknesses or significant deficiencies in a timely manner, or if we identify additional control deficiencies that individually or together constitute significant deficiencies or material weaknesses, our ability to accurately record, process, and report financial information and our ability to prepare financial statements within required time periods, could be adversely affected. Failure to maintain effective internal controls could result in violations of applicable securities laws, stock exchange listing requirements, subject us to litigation and investigations, negatively affect investor confidence in our financial statements, and adversely impact our stock price and our ability to access capital markets.

As a “smaller reporting company,” we may comply with certain reduced reporting and disclosure requirements which could make our common stock less attractive to investors.

As a smaller reporting company, we are permitted to comply with scaled-back disclosure obligations in our SEC filings compared to other issuers, including with respect to disclosure obligations regarding executive compensation in our periodic reports and proxy statements. In addition, we are only required to provide two years of audited financial statements in our SEC reports. If we rely on these exemptions, less information will be available in our SEC reports than SEC reports filed by other public companies. We cannot predict if investors will find our common stock less attractive because we may rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile

Because we recognize revenue from subscriptions for our service over the term of the subscription, declines in our business may not be immediately reflected in our operating results.

We generally recognize revenue from customers ratably over the terms of their subscription agreements, which are typically 12 or more months. As a result, much of the revenue we report in each quarter is the result of subscription agreements entered into during previous quarters. Consequently, a decline in new or renewed subscriptions or cancellations of existing subscriptions in any one quarter may not be reflected in our revenue results for that quarter. Any such decline, however, could negatively affect our revenue in future quarters. Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, because revenue from new customers and additional revenue from existing customers is generally recognized over the applicable subscription term, rather than immediately.

If our goodwill or long-lived assets become impaired, we may be required to record a significant charge to earnings.

We review our goodwill for impairment at least annually and when events or changes in circumstances indicate that the carrying value may not be recoverable. Factors that may be considered a change in circumstances indicating that the carrying value of our goodwill or amortizable intangible assets may not be recoverable include a decline in stock price and market capitalization, reduced future cash flow estimates, and slower growth rates in our industry. As discussed in Note 5 – Goodwill and Intangible Assets, Net in the Notes to the Consolidated Financial Statements under Item 8 of this Annual Report on Form 10-K, we have experienced impairments in the past, and from time to time, we may be required to record a significant charge to earnings in our consolidated financial statements during the period in which any impairment of our goodwill or amortizable intangible assets is determined, resulting in a negative impact on our results of operations.

Risks Related to Industry Dynamics and Competition

If we are unable to develop and maintain successful relationships with partners, service partners, social media, and other third-party consumer messaging platforms and endpoints, our business, results of operations, and financial condition could be adversely affected.

We believe that continued growth for companies in our industry depends, in part, on enabling brands to connect with consumers across consumers’ preferred conversational channels and messaging endpoints, such as SMS, Facebook Messenger,

WhatsApp, Apple Business Chat, Google Rich Business Messenger, Line, Kakao Talk, Instagram, and WeChat. Accordingly, we have identified and developed, and maintain, strategic relationships with many key technology partners. As part of our growth strategy, we plan to further develop partnerships and specific solution areas with additional technology partners. We typically rely on our strategic partners and third-party service providers to supplement our own subject matter expertise and to leverage industry best practice, provide enhanced products and services, and reduce costs. If we fail to establish these relationships in a timely and cost-effective manner or at all, if these strategic partners or third-party service providers fail to provide the services expected, or if we lose any or all of our current relationships, then our business, results of operations, and financial condition could be adversely affected. Additionally, even if we are successful at developing these relationships, but there are problems or issues with the integrations, or our ability to scale and onboard our customers onto new endpoints, our reputation and our prospects may be adversely affected.

We have begun the process of migrating our technology infrastructure to the public cloud and may in the future be unable to secure additional cloud hosting capacity on commercially reasonable terms or at all. If any of our public cloud providers increases pricing terms, terminates or seeks to terminate our contractual relationship, establishes more favorable relationships with our competitors, or changes or interprets their terms of service or policies in a manner that is unfavorable to us, we may be required to transfer to another provider and may incur significant costs and experience service interruptions.

If we are unable to effectively operate on mobile devices, our business could be adversely affected.

We have extended our products and services to support messaging on mobile phone and tablet applications (together, “mobile solutions”) belonging to our company and our customers.

Additionally, our mobile phone and tablet applications and those of our customers depend on their interoperability with popular mobile operating systems, networks, and standards that we and they do not control, such as Android and iOS operating systems, and any changes in such systems and terms of service that degrade the functionality of our solutions or give preferential treatment to competitive products could adversely affect our revenue. We may not be successful in developing products that operate effectively with these technologies, systems, networks, or standards.

The markets in which we participate are highly competitive, and we may lose customers and revenue if we are not able to innovate or effectively compete.

The markets for mobile and online business messaging, digital engagement and AI technology are intensely competitive, rapidly changing, and characterized by aggressive marketing, pricing pressure, evolving industry standards, rapid technology developments, and frequent new product introductions. We believe that competition will continue to increase as our current competitors increase the sophistication of their offerings and as new participants enter the market, which may cause additional pressure.

•technology or service providers offering or powering competing digital engagement, contact center, communications, or customer relationship management solutions, such as eGain, Genesys, Nuance, Oracle, Salesforce.com and Twilio;

•service providers that offer basic messaging products or services with limited functionality free of charge or at significantly reduced entry level prices;

•social media, social listening, messaging, AI, bots, e-commerce, and/or data and data analytics companies, such as Meta Platforms, Google and WeChat, which may leverage their existing or future capabilities and consumer relationships to offer competing B2B solutions; and

•customers that develop and manage their messaging solutions in-house.

In addition, many of our current and potential competitors have substantial competitive advantages, such as greater brand recognition, significantly larger financial, marketing, and resource and development budgets, access to larger customer bases, larger and more established marketing and distribution relationships, and/or more diverse product and service offerings. As a result, these competitors may be able to respond more quickly and effectively than we can to any change in the general market acceptance of messaging services or any new or changing opportunities, technologies, standards, pricing strategies, or customer requirements. Also, because of these advantages, potential customers may select a competitor’s products and services, even if our services are more effective. For all of these reasons, we may not be able to compete successfully against our current and future competitors.

We may be unable to respond to rapid technological change and changing customer preferences in the online sales, marketing, customer service, and/or online e-commerce industries and this may harm our business.

If we are unable, for technological, legal, financial, or other reasons, to adapt in a timely manner to changing market conditions in the online sales, marketing, customer service, and/or e-commerce industries or our customers’ requirements or preferences, our business, results of operations, and financial condition would be materially and adversely affected. Online business is characterized by rapid technological change. Our success depends, in part, on our ability to:

•enhance the features and performance of our services;

•develop and offer new services that are valuable to companies doing business online; and

•respond to technological advances and emerging industry and regulatory standards and practices in a cost-effective and timely manner.

If any of our new services, including upgrades to our current services, do not meet our customers’ or consumers’ expectations, we could lose customers and our business may be harmed.

Our failure to update our technology or expand our operations in an efficient manner could cause our expenses to grow, our revenue to decline and could otherwise have a material adverse effect on our business, results of operations, and financial condition.

Downturns in the global economic environment or in particular industries in which our sales are concentrated may adversely affect our business and results of operations.

The U.S. and other global economies have experienced in the past and could in the future experience economic downturn that affects all sectors of the economy, resulting in declines in economic growth and consumer confidence, increases in unemployment rates and uncertainty about economic stability. Further, there is increased uncertainty regarding social, political, immigration and trade policies in the U.S. (including implementation of tariffs on U.S. imports and retaliatory tariffs), which could impact our global operations and our business. Global credit and financial markets have in the past experienced extreme disruptions, including diminished liquidity and credit availability and rapid fluctuations in market valuations. Our business has been affected by these conditions in the past and could be similarly impacted in the future by any downturn in global economic conditions.

Our business is, and will continue to be, dependent on sales to customers in the telecommunications, financial services, retail, travel, consumer/retail, automotive, and technology industries. A downturn in one or more of these industries could have a material adverse effect on our business, liquidity, results of operations, financial condition and cash flows. In the event that industry conditions deteriorate in one or more of these industries, we could experience, among other things, cancellation or non-renewal of existing contracts, reduced demand for our products and reduced sales. Our customers

may reduce their spending on our services, may not be able to discharge their payment and other obligations to us, may experience difficulty raising capital, or may elect to scale back the resources they devote to customer service and/or sales and marketing technology, including services such as ours. Economic conditions may also lead consumers and businesses to postpone spending, which may cause our customers to decrease or delay their purchases of our products and services.

It could be difficult to predict the timing, strength or duration of any economic slowdown or subsequent economic recovery, either relating to the global economic environment or to any particular industry in which our sales are concentrated, which, in turn, could make it more challenging for us to forecast our operating results, make business decisions and identify risks that may adversely affect our business, sources and uses of cash, financial condition and results of operations. If economic conditions deteriorate for us or our customers, we could be required to record charges relating to restructuring costs or the impairment of assets, may not be able to collect receivables on a timely basis, and our business, financial condition, and results of operations could be materially adversely affected.

Risks Related to Security Vulnerabilities and Service Reliability

Failures or security breaches in our services or systems, those of our third-party service providers, customers or partners, including those resulting from cyber-attacks, security vulnerabilities, defects, or errors, could harm our business.

Our products and services involve the storage and transmission of proprietary information and personal data related to our customers and their users, employees and consumers. Theft and security breaches expose us to a risk of improper use, disclosure or loss of such information, which could result in litigation, regulatory investigation, and potential liability.

In the period prior to the completion of our public cloud migration, we are exposed to risks inherent in maintaining the stability and security of our legacy infrastructure due to prior customization, aging and obsolescence of related legacy systems and third-party technologies. Because our customers are, and may continue to be, dependent upon these legacy systems, we also face an increased level of embedded risk in maintaining the legacy systems. Moreover, our ability to timely mitigate, manage and patch vulnerabilities related to legacy systems and related legacy third-party technologies could impact our system security as well as our day-to-day operations, and the deployment of technology enhancements and innovation. In addition, we face risks related to recently acquired businesses and in-process integration of related technologies and platforms.

We experience cyber-attacks of varying degrees on a regular basis in the ordinary course of our business. Our security measures may also be breached and such breach may be difficult to contain—due to employee or other error, lack of appropriately restricted technical and administrative or privileged access controls, intentional malfeasance and other third-party acts, and system errors or vulnerabilities, including vulnerabilities of our third-party service providers, our customers, partners, or otherwise. We have announced plans to move our technology infrastructure to the public cloud, which will require us to rely on third-party cloud providers to maintain appropriate safeguards.

Additionally, following the COVID-19 pandemic, we elected to maintain a globally distributed, substantially remote workforce. Our use of employees and contractors from countries with higher rates of cybercrime and whose privacy laws reduce our ability to perform full background checks may increase risk of a cybersecurity incident or data breach, including insider risk.

A breach or unauthorized access, or attempts by outside parties to fraudulently induce employees, users, vendors, or customers to disclose sensitive information in order to gain access to our data or data of our customers, users, experts, or consumers, including, but not limited to, individual personal information and financial credit or debit card data that is protected by law or contract, could result in significant legal and financial exposure, damage to our reputation, and a loss of confidence in the security of our products and services that could potentially have an adverse effect on our business.

While we continue to take measures to enhance our information security program and safeguard our products and services, cybersecurity threats and vulnerabilities in desktop computers, mobile phones, smartphones and handheld devices, as well as cyber-attacks, cybersecurity threats, malicious actors and other security incidents continue to evolve in sophistication and frequency industry-wide, and there can be no assurance that we can prevent all security risks. Furthermore, while the Company has designed an information security program to protect our information systems from cybersecurity threats, and to ensure the confidentiality, integrity and availability of systems and information used, owned or managed by the Company related to our

employees, our customers and their users, implementation of the supporting controls has coverage gaps and weaknesses and potential for human error that could provide threat actors a window of time to exploit such weaknesses before they are identified and/or addressed. The goal of the information security program is to manage risks in a prioritized fashion; however, control gaps and/or effectiveness, resource constraints, and execution failure can pose cybersecurity risk to LivePerson. In addition, although we work to continuously improve our internal controls and procedures on cybersecurity incident management, prevention, detection, mitigation, response, and recovery, we may be unsuccessful in detecting, reporting or responding to these events in a timely manner, accurately assessing the severity of an event, or sufficiently preventing, limiting, or containing harm arising out of an event.

And while technological advancements enable more data and processes, such as mobile computing and mobile payments, they also increase the risk that cyber-attacks and other security incidents will occur. An advanced threat actor of high sophistication, such as a nation state, with essentially unlimited resources, poses a significant risk to LivePerson and arguably all similarly situated firms with LivePerson’s size and resources. A significant cyber-attack, or a security incident of any magnitude that is profiled in the media, involving our, our third-party service providers’ or our customers’ systems, could result in material harm to our brand and reputation, and our ability to deliver our services or retain customers, and expose us to lawsuits, regulatory investigations, and significant damages, fines or penalties.

Because we do not control the transmissions to customer-authorized third parties, or the processing of such data by customer-authorized third parties, we cannot ensure the integrity or security of such transmissions or processing. Because our services are responsible for critical communication between our customers and consumers, any security failures, defects or errors in our components, materials or software or those used by our customers could have an adverse impact on us, on our customers and on the end users of their websites and applications. Such adverse impact could include a decrease in demand for our services, damage to our reputation and to our customer relationships, legal exposure, and other financial liability or harm to our business.

We may be liable if third parties access or misappropriate confidential or personal data from our systems or services.

The dialogue transcripts of the text-based chats, email interactions and other interactions between our customers and their users may include sensitive and/or personally identifiable information such as personal contact and demographic information, financial information, personal health matters, and account numbers. Although we employ and continually test and update our security measures to protect this information from unauthorized access, it is still possible that our security measures could be breached and such a breach could result in unauthorized access to our customers’ data or our data, including our intellectual property and other confidential business information. These risks could arise from acts of external parties or from acts or omissions of employees or third-party service provider personnel to whom we have granted access to our systems, including if the information systems used by such third parties are penetrated or compromised by an insider or by external third parties. Because the techniques employed by hackers to obtain unauthorized access or to sabotage systems change frequently and are becoming more sophisticated in circumventing security measures and avoiding detection, we may be unable to anticipate all techniques or to implement adequate preventative measures. In the event of a security incident, we could be required to comply with a myriad of breach notification laws at the state, federal and international level, which may cause business disruption and extensive notification costs, and could lead to penalties, government investigations and lawsuits for compliance failures. We may as a result of a security incident be deemed out of compliance with U.S. federal and state laws, international laws, securities laws or contractual commitments, and we may be subject to government investigations, lawsuits, fines, criminal penalties, statutory damages, and other costs to respond to breach or security incidents, which could have a material adverse effect on our business, results of operations, and financial condition. We may incur significant costs to protect against the threat of security breaches or to mitigate the harm and alleviate problems caused by such breaches.

Furthermore, certain software and services that we use to operate our business are hosted and/or operated by third parties or integrated with our systems. As we expand our use of cloud-based services, we will increasingly rely on third-party cloud

providers to maintain appropriate safeguards to protect confidential or personal data we receive. If third-party services do not have adequate security measures in place, experience service interruptions, or have their security breached, our business operations could be similarly disrupted and we could be exposed to liability and costly investigations or litigation. The risk of circumvention of our security measures or those of third parties on which we rely has been heightened by advances in computer and software capabilities and the increasingly complex techniques employed by, bad actors. In particular, supply-chain attacks have increased in frequency and severity, and there can be no assurance that third parties’ infrastructure in our supply chain or our third-party service providers’ supply chains have not been compromised.

The need to properly secure, and securely transmit and store, confidential information online requires caution and has shaped the e-commerce and online communications landscape, and increasingly has become an area of consumer and regulatory focus and concern. Any publicized compromise of security could deter people from using online services such as the ones we offer or from using them to conduct transactions, which involve transmitting confidential information. Because our success depends on the general acceptance and reputation of our services and electronic commerce, we may incur significant costs to protect against the threat of security breaches or to alleviate problems caused by these breaches.

We provide service-level commitments to certain customers.

We offer service-level commitments in certain of our customer contracts, primarily related to uptime of our service.

We are dependent on technology systems and third-party content that are beyond our control.

The success of our services depends in part on our customers’ online services as well as the internet and mobile connectivity of consumers, both of which are outside of our control. As a result, it may be difficult to identify the source of problems if they occur. In the past, we have experienced problems related to connectivity, which has resulted in slower than normal response times to user messaging requests and interruptions in service. Our services rely both on the internet and on our connectivity vendors for data transmission. Therefore, even when connectivity problems are not caused by our services, our customers or their consumers may attribute the problem to us.

We also rely on the security of our third-party service providers to protect our proprietary information and information of our customers and their end users. Additionally, despite our security procedures or those of our third-party

service providers, information systems may be vulnerable to threats such as computer hacking, ransomware, cyber-terrorism or other unauthorized attempts by third parties to access, obtain, modify or delete our or our customers’ data. Any such breach could have a material adverse effect on our operating results and our reputation as a provider of business collaboration and communications solutions and could subject us to significant penalties and negative publicity, as well as government investigations and claims for damages or injunctive relief under state, federal and foreign laws or contractual agreements.

Such products could contain errors, defects, software bugs, material vulnerabilities, or inaccurate information that may be difficult to detect and correct, and could require us to incur significant costs or divert the attention of our technical or other personnel from our product development efforts. To the extent any such problems require us to replace such hardware or software, we may not be able to do so on acceptable terms, if at all.

Technological or other defects could disrupt or negatively impact our services, which could harm our business and reputation.

We face risks related to the technological capabilities of our services. We expect the number of interactions between our customers’ operators and consumers over our system to increase significantly as we expand our customer base. Our network hardware and software may not be able to accommodate this additional volume. Additionally, we must continually upgrade our software to improve the features and functionality of our services in order to be competitive in our markets. If future versions of our software contain undetected errors, our business could be harmed. As a result of software upgrades at LivePerson, our customer sites have, from time to time, experienced slower than normal response times and interruptions in service. If we experience system failures or degraded response times, our reputation and brand could be harmed. We may also experience technical problems in the process of installing and initiating the LivePerson services on new web hosting services, including in connection with our plans to migrate our technology infrastructure to the public cloud. These problems, if not remedied, could harm our business.

Our services also depend on complex software which may contain defects, particularly when we introduce new versions. We may not discover software defects that affect our new or current services or enhancements until after they are deployed. It is possible that, despite testing by us, defects may occur in the software. These defects could result in:

•damage to our reputation;

•lost sales;

•contract terminations;

•loss of market share;

•delays in or loss of market acceptance of our products; and

•unexpected expenses and diversion of resources to remedy errors.

Our products are complex, and errors, failures, or “bugs” may be difficult to correct.

Our products are complex, integrating hardware, software and elements of a customer’s existing infrastructure. Despite quality assurance testing conducted prior to the release of our products, our software may contain “bugs” that are difficult to detect and fix. Any such issues could interfere with the expected operation of a solution, which might negatively impact customer satisfaction, reduce sales opportunities or affect gross margins. Depending upon the size and scope of any such issue, remediation may have a negative impact on our business. Our inability to cure an application or product defect, should one occur, could result in the failure of an application or product line, damage to our reputation, litigation, and/or product reengineering expenses.

Failure to license necessary third-party software for use in our products and services, or failure to successfully integrate third-party software, could cause delays or reductions in our sales, or errors or failures of our service.

We license third-party software that we incorporate into our products and services. In the future, we might need to license other software to enhance our products and meet evolving customer requirements. These licenses may not continue to be available on commercially reasonable terms or at all. Some of this technology could be difficult to replace once integrated. The loss of, or inability to obtain, these licenses could result in delays or reductions of our products and services until we identify, license and integrate or develop equivalent software, and new licenses could require us to pay higher royalties. If we are unable to

successfully license and integrate third-party technology, we could experience a reduction in functionality and/or errors or failures of our products, which may reduce demand for our products and services.

Third-party licenses may expose us to increased risks, including risks associated with the integration of new technology, the impact of new technology integration on our existing technology, open-source software disclosure requirements, the diversion of resources from the development of our own proprietary technology, and our inability to generate revenue from new technology sufficient to offset associated acquisition and maintenance costs.

Our business is subject to the risks of earthquakes, fires, floods, and other natural catastrophic events and to interruption by man-made problems such as terrorism or cyber-attacks.

Although we intend to migrate our technology infrastructure to the public cloud, a substantial majority of our computer and communications infrastructure is running in our private cloud on hardware that is located at a limited number of facilities in the United States, Europe, and Australia. For example, a significant natural disaster, such as an earthquake, fire or flood, could have a material adverse impact on our business, operating results and financial condition, and our insurance coverage may be insufficient to compensate us for losses that may occur. Our global data providers could be vulnerable to the physical effects of climate change, including increased frequency and duration of extreme weather events and natural disasters. In addition, acts of terrorism could cause disruptions in our business or the economy as a whole. Our servers may also be vulnerable to computer viruses, break-ins, cyber-attacks, such as coordinated denial-of-service attacks or ransomware, or other failures, and similar disruptions from unauthorized tampering with our computer systems, which could lead to interruptions, delays, loss of critical data or the unauthorized disclosure of confidential customer data. As we rely heavily on our servers, computer and communications systems and the internet to conduct our business and provide high quality service to our customers, such disruptions could negatively impact our ability to run our business, result in loss of existing or potential customers and increased expenses, and/or have an adverse effect on our reputation and the reputation of our products and services, any of which would adversely affect our operating results and financial condition.

Risks Related to Regulatory and Data Privacy Issues

Our business is subject to a variety of U.S. and international laws and regulations regarding privacy, data protection and AI, and increased public scrutiny of privacy, security and AI issues could result in increased government regulation, industry standards, and other legal obligations that could adversely affect our business.

We post our privacy policies and practices on our websites and we also often include privacy commitments in our contracts. Our business is subject to numerous federal, state and international laws and regulations regarding privacy, data protection, personal information, security, data collection, storage, use and transfer, and the use of cookies and similar tracking technologies. To the extent that additional legislation regarding user privacy is enacted, such as legislation governing the collection and use of information regarding internet or mobile users through the use of cookies or similar technologies, the effectiveness of our services could be impaired by restricting us from collecting or using information that may be valuable to our customers and/or exposing us to lawsuits or regulatory investigations.

U.S. and international privacy laws and regulations are evolving and changing, subject to differing interpretations, may be costly to comply with, and may be inconsistent among countries and jurisdictions or conflict with other rules.

Laws and practices regarding handling and use of personal and other information by companies have come under increased public scrutiny, and governmental entities, consumer agencies and consumer advocacy groups have called for, and in many instances, enacted increased regulation and changes in industry practices. For example, we are subject to the European Union (“E.U.U. and, for noncompliance, provides for considerable fines up to the higher of 20 million Euros or 4% of global annual revenue. Additionally, following the United Kingdom’s withdrawal from the E.U., we also are subject to the U.K. General Data Protection Regulation (“U.K. GDPR”), a version of the GDPR as implemented into the laws of the U.K. While the GDPR and U.K. GDPR remain substantially similar for the time being, the U.K. government has announced that it would seek to chart its own path on data protection and reform its relevant laws, including in ways that may differ from the GDPR in some respects. While these developments increase uncertainty with regard to data protection regulation in the U.K., even in their current, substantially similar form, the GDPR and U.K. GDPR can expose businesses to divergent parallel regimes that may be subject to potentially different interpretations and enforcement actions for certain violations and related uncertainty. The GDPR and U.K. E.U. and U.K.K. GDPR, respectively. Ensuring compliance with the GDPR and U.K. We also must require vendors that process personal data to take on additional privacy and security obligations, and some may refuse, causing us to incur potential disruption and expense related to our business processes. If our policies and practices, or those of our vendors, are, or are perceived to be, insufficient, we could be subject to enforcement actions or investigations by Data Protection Authorities (including in the E.U. and U.K.) or lawsuits by private parties, and our business could be negatively impacted.

The E.U. has also released a proposed Regulation on Privacy and Electronic Communications (“e-Privacy Regulation”) to replace the E.U.’s Privacy and Electronic Communications Directive (“e-Privacy Directive”) to, among other things, better align with the GDPR, to amend the current e-Privacy Directive’s rules on the use of cookies and other tracking technologies, and to harmonize across current E.U. member state e-privacy data protection laws.

For example, on October 7, 2022, President Biden signed an Executive Order on “Enhancing Safeguards for United States Intelligence Activities,” which introduced new redress mechanisms and binding safeguards to address concerns raised in 2020 by the Court of Justice of the European Union in relation to data transfers from the EEA to the United States and which formed the basis of the new E.U.-US Data Privacy Framework (“DPF”), as released on December 13, 2022. The European Commission adopted its Adequacy Decision in relation to the DPF on July 10, 2023, rendering the DPF effective as an E.U. GDPR transfer mechanism to U.S. entities self-certified under the DPF.K. Extension to the DPF came into effect (as approved by the U.K. Government), as a U.K. GDPR data transfer mechanism to U.S. entities self-certified under the U.K. Extension to the DPF. We currently rely on the DPF and on a similar Swiss-US Data Privacy Framework to transfer certain personal data from the EEA and Switzerland, respectively to the United States and on the U.K. Extension to the DPF to transfer certain personal data from the U.K. to the United States. In recent years, the UK government has introduced proposed legislation intended to create a more business-friendly regime in the UK through changes to the existing data protection legislation. At this stage it is unclear whether and when changes to the legislation will be adopted and whether such legislative reforms could potentially lead the European Commission not to extend or to revoke the UK adequacy decision. We also currently rely on the E.U. standard contractual clauses and the U.K. Addendum to the E.U. standard contractual clauses and the U.K. International Data Transfer Agreement as relevant to transfer personal data outside the EEA and the U.K. with respect to both intragroup and third-party transfers. We expect the existing legal complexity and uncertainty regarding international personal data transfers to continue. In particular, we expect the DPF Adequacy Decision to be challenged and international transfers to the United States and to other jurisdictions more generally to continue to be subject to enhanced scrutiny by regulators.

If the transfer mechanisms we rely on are not sufficient and we are unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services and could adversely affect our financial results, and, until the legal uncertainties regarding how to legally continue transfers pursuant to the standard contractual clauses and other mechanisms are settled, we will continue to face uncertainty as to whether our efforts to comply

with our obligations under the GDPR and U.K. GDPR will be sufficient. Failure to comply with existing or new rules may result in significant penalties or orders to stop the alleged noncompliant activity.

In addition to the changing regulatory landscape in the E.U. and the U.K., we are subject to U.S. laws and regulations, including at the state level, such as the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (“CPRA”), which took effect on January 1, 2023 (the “CCPA”). Among other things, the CCPA gives California residents expanded data privacy rights, allowing consumers to opt out of certain data sharing with third parties, provides a private cause of action for data breaches, imposes additional obligations such as data minimization and storage limitations; on covered businesses; and forms a dedicated privacy regulator in California, the California Privacy Protection Agency, to implement and enforce the law. For example, comprehensive privacy laws in multiple U.S. states have gone, or will go, into effect between 2024 and 2026, and a number of other states are considering similar laws related to the protection of consumer personal information. Moreover, laws in all 50 U.S. states require businesses to provide notice under certain circumstances to consumers whose personal information has been disclosed as a result of a data breach. Many similar laws have been proposed at the federal and state level; accordingly, we also may be subject to additional compliance obligations as such legislation is considered and adopted, which may require us to modify our data processing practices and policies and incur substantial costs and expenses to comply.

In addition to government activity, privacy advocacy and other industry groups have established and may continue to establish new self-regulatory standards that may place additional burdens on us. Even the perception of data security and data privacy concerns, whether or not valid, could inhibit sales and market acceptance of our products and services.

Our business is subject to a variety of U.S. and foreign laws, and existing, new and developing regulatory or other legal requirements could subject us to claims or materially impact our business.

We and our customers are subject to a number of laws and regulations in the United States and abroad, including laws related to conducting business on the internet and on mobile devices, such as laws regarding data privacy, data protection, information security, cybersecurity, restrictions or technological requirements regarding the collection, use, storage, protection, disposal, transfer or other processing of consumer data, content, consumer protection, internet (or net) neutrality, advertising, electronic contracts, taxation, provision of online payment services (including credit card processing), and intellectual property rights, which are continuously evolving and developing. Because our services are accessible worldwide, certain foreign jurisdictions may claim that we are required to comply with their laws, even if we do not have a local entity, employees or infrastructure. Foreign data protection, privacy, and other laws and regulations may often be more restrictive than those in the United States. The scope and interpretation of the laws and other obligations that apply to us, including those related to user privacy and data security, are often uncertain and may be conflicting, particularly laws and obligations outside the U.S. There is a risk that these laws may be interpreted and applied differently in any given jurisdiction in a manner that is not consistent with our current practices, which could cause us to incur substantial cost and could negatively impact our brand, reputation and business.

Businesses using our products and services may collect data from their users. Various federal, state and foreign government bodies and agencies impose laws regarding collection, use, storage, retention, disposal, transfer or other processing of data from website visitors. We offer our customers a variety of data security procedures and practices, such as encryption for data at rest and masking algorithms for sensitive data prior to transfer to our database, in an effort to protect information. Changes to applicable laws and how they are interpreted relating to privacy and data security could significantly increase the cost to us and our customers of regulatory compliance and could negatively impact our business.

For instance, some states in the U.S. have enacted legislation designed to protect consumer privacy by prohibiting the distribution of “spyware” over the internet. Such legislation typically focuses on restricting the proliferation of software that, when installed on an end user’s computer, is used to intentionally and deceptively take control of the end user’s machine. We do not believe that the data monitoring methods that we employ constitute “spyware” or are prohibited by applicable laws. However, federal, state and foreign laws and regulations, many of which can be enforced by government entities or private parties, are constantly evolving and can be subject to significant changes in application and interpretation. If, for example, the scope of the

previously mentioned “spyware” legislation were changed to include web analytics, such legislation could apply to the technology we use and potentially restrict our ability to conduct our business.

Similarly, some U.S. courts have interpreted certain two-party consent wiretap statutes, such as the California Invasion of Privacy Act, to require the collection of prior consent from consumers who engage in a dialogue with chatbots. Requirements that a website must first obtain consent from its web visitors before using our technology could reduce the amount and value of the services we provide to customers, which might impede sales and/or cause some existing customers to discontinue using our services or could subject us to fines and/or proceedings by governmental agencies, regulatory bodies, and/or private litigation, which could materially and adversely affect our business, financial condition and results of operations.

There has been an increased focus in 2024 on laws and regulations related to AI. For example, states, regions and supranational bodies, including the European Union and the United States, have passed or proposed new rules and regulations related to the development and use of AI technology, which cover, among other things, consumer protection, algorithmic accountability, privacy and transparency. In the United States, there is uncertainty at the federal level regarding applicable regulations that will apply to the development and use of AI. In January 2025, the Trump administration rescinded an Executive Order implemented by the Biden administration in 2023 aimed at establishing new standards for AI safety and security, privacy, consumer and employee protection and innovation and competition associated with the use of AI. The Trump administration then issued a new Executive Order that, among other things, directed the heads of various federal governmental bodies to review actions taken under the Biden Executive Order and develop a new action plan with respect to AI-related matters. In Europe, the EU AI Act, enacted on August 1, 2024, began to apply in February 2025, with the remaining requirements to become effective on a staggered basis through August 2027. The EU AI Act establishes, among other things, a risk-based governance framework for regulating AI systems operating in the EU. This framework categorizes AI systems, based on the risks associated with such AI systems’ intended purposes, as creating unacceptable or high risks, with all other AI systems being considered low risk. The EU AI Act prohibits certain uses of AI systems and places numerous obligations on providers and deployers of permitted AI systems, with heightened requirements based on AI systems that are considered high risk. The EU AI Act establishes requirements for the provision and use of products that leverage AI, machine learning, and similar technologies, including chatbots, with potential fines reaching up to the greater of €35 million and 7% of global income. We may not be able to anticipate how to respond to these rapidly evolving frameworks, which could impact our ability to develop and deploy AI-powered features in a timely manner. This could include requirements to retrain our algorithms, disclose or provide greater transparency regarding the nature of our AI systems and the data we have employed to train them, or prevent or limit our use of AI. Furthermore, because AI technology itself is highly complex and rapidly developing, it is not possible to predict all of the legal, operational or technological risks that may arise relating to the use of AI. Additionally, other countries have proposed legal frameworks on AI, which is a trend that is expected to increase, and existing laws and regulations may be interpreted in ways that may affect our use of AI. Any failure or perceived failure by us to comply with such requirements could have an adverse impact on our business. Our competitors may be developing their own AI products and technologies, which may be superior in features, functionality, compliance readiness, or cost efficiency compared to our offerings, potentially impacting our competitive position. Any of these factors could adversely affect our business, reputation, or operating results.

Further, various federal, state and foreign government bodies and agencies are highly focused on consumer protection initiatives, particularly in light of the increase in new technologies and services that incorporate or use bots, AI and/or machine learning. For example, the California B.O.T. Act requires that companies using bots on platforms with more than ten million unique monthly visitors from the U.S. use clear and conspicuous disclosure to inform consumers that they are not speaking to a human. Similar bills have been introduced from time to time at the state and federal level in recent years. Further, the use of certain AI and machine learning may be subject to laws and evolving regulations, controlling for, among other things, data bias and antidiscrimination. For example, the Federal Trade Commission (“FTC”) enforces consumer protection laws such as Section 5 of the FTC Act, which prohibits unfair and deceptive practices, including use of biased algorithms in AI. Regulation in this area could impact how businesses use our products and services to interact with consumers and how we provide our

services to our customers. As regulatory scrutiny of AI continues to grow, we may need to modify or restrict certain AI-driven functionalities in our products or services, which could impact their adoption or effectiveness.

AI algorithms or automated processing of data may be flawed, and datasets may be insufficient or contain inaccurate, incomplete, poor-quality or biased information, which can create discriminatory outcomes or reduce the effectiveness of AI-driven insights. Deficiencies such as these could cause us reputational harm and subject us to legal liability, including claims of product liability, breach of warranty, or negligence. Additionally, AI-generated content and AI-assisted decision-making may raise unresolved intellectual property concerns, including uncertainty regarding ownership, licensing rights, and third-party claims over training data. The scope of these laws and regulations is rapidly evolving, subject to differing interpretations, may be inconsistent among jurisdictions, or conflict with other rules and is likely to remain uncertain for the foreseeable future. Evolving regulations, legal uncertainties, and enforcement actions could increase our compliance burden, limit our ability to deploy AI-driven solutions, and create additional operational challenges. If we fail to stay ahead of these developments, we may face additional costs, disruptions in our product development roadmap, and potential competitive disadvantages.

In addition, regulatory authorities and governments around the world are considering a number of legislative and regulatory proposals concerning privacy, collection and use of website visitor data, data storage, data protection, the “right to be forgotten,” content regulation, cybersecurity, government access to personal information, online advertising, email and other categories of electronic spam, and other matters that may be applicable to our business. Compliance with these laws may require substantial investment or may be technologically challenging for us. For example, some jurisdictions, including in the United States, are considering whether the collection of anonymous data may invade the privacy of website visitors. If laws or regulations are enacted that limit data collection or use practices related to anonymous data, we and/or our customers may be required to obtain the express consent of web visitors in order for our technology to perform certain basic functions that are based on the collection and use of technical data. Requirements that a website must first obtain consent from its web visitors before using our technology could reduce the amount and value of the services we provide to customers, which might impede sales and/or cause some existing customers to discontinue using our services.

It is also likely that, as our business evolves, an increasing portion of our business shifts to mobile, and our solutions are offered and used in a greater number of countries, we will become subject to laws and regulations in additional jurisdictions. We may need to expend considerable effort and resources to develop new product features and/or procedures to comply with any such legal requirements. It is difficult to predict how existing laws will apply to our business and what new laws and legal obligations we may become subject to. If we are not able to comply with these laws or other legal obligations, or if we become liable under them, we may be forced to implement material changes to our business practices, delay release of new and enhanced services and expend substantial resources, which would negatively affect our business, financial condition and results of operations. Any costs incurred as a result of this potential liability could harm our business and operating results.

We monitor pending legislation and regulatory initiatives to ascertain relevance, analyze impact and develop strategic direction surrounding regulatory trends and developments. Due to shifting economic and political conditions, tax policies or rates in various jurisdictions may be subject to significant change. A range of other proposed or existing laws and new interpretations of existing laws could have an impact on our business. For example:

Government agencies and regulators have reviewed, are reviewing and will continue to review, the personal data handling practices of companies doing business online, including privacy and security policies and practices. This review may result in new laws or the promulgation of new regulations or guidelines that may apply to our products and services. For example, the State of California and other states have passed laws relating to disclosure of companies’ practices with regard to global opt-out signals from internet browsers, the ability to delete information of minors, age appropriate design obligations for companies that offer online services, products or features “likely to be accessed” by children, and new data breach notification requirements. Washington State recently enacted the “My Health, My Data Act,” which broadly protects the privacy of certain personal health information and generally requires consent for the collection, use, or sharing of any such information. Similarly, outside the E.U. and the U.S., a number of countries have adopted or are considering privacy laws and regulations that may result in significant greater compliance burdens. Existing and proposed laws and regulations regarding cybersecurity and monitoring of online behavioral data, such as proposed “Do Not Track” regulations, regulations aimed at restricting certain targeted advertising

practices and collection and use of data from mobile devices, new and existing tools that allow consumers to block online advertising and other content, and other proposed online privacy legislation could potentially apply to some of our current or planned products and services. Existing and proposed laws and regulations related to email and other categories of electronic spam could impact the delivery of commercial email and other electronic communications by us or on behalf of customers using our services.

The FTC in particular has aggressively investigated and brought enforcement actions against companies that fail to comply with their privacy or data security commitments to consumers, or fail to comply with regulations or statutes such as the Children’s Online Privacy Protection Act. Any investigation or review of our practices may require us to make changes to our products and policies, which could harm our business. Currently there are many proposals by lawmakers and industry groups in this area, both in the United States and overseas, which address the collection, maintenance and use of personal information, web browsing and geolocation data, and establish data security and breach notification requirements. Further, regulators and industry groups have also released self-regulatory principles and guidelines for various data privacy and security practices. Given that this is an evolving and unsettled area of regulation, the imposition of any new significant restrictions or technological requirements could have a negative impact on our business.

Various governmental bodies and many customers and businesses are increasingly focused on environmental, social and governance issues, which has in the past resulted, and may in the future continue to result, in the adoption of new laws and regulations and changing buying practices. If we fail to keep pace with these developments, our reputation and results of operations could be adversely impacted.

We might unintentionally violate such laws now or in the future; such laws or their interpretation or application may be modified; and new laws may be enacted in the future. Any such developments could subject us to legal liability exposure, and harm our business, operating results and financial condition.

We are the subject of a number of ongoing Actions that have resulted in significant expense, and adverse developments in our ongoing Actions and/or future Actions could have a material adverse effect on our business, results of operations and financial condition.

We are actively involved in a variety of litigation and other legal matters and may be subject to additional legal, administrative, governmental and/or regulatory proceedings, inquiries and investigations as well as actual or threatened litigation, claims and/or demands, which we refer to collectively as Actions. Refer to Note 14 - Legal Matters in the Notes to the Consolidated Financial Statements under Item 8 of this Annual Report on Form 10-K for additional information regarding material ongoing Actions.

Legal proceedings in general, and securities and class action litigation and regulatory investigations in particular, can be expensive and disruptive. Our insurance will not cover all claims that may be asserted against us, and we are unable to predict how long the Actions to which we are currently subject will continue. An unfavorable outcome of any Action may have a material adverse impact on our business, results of operations and financial condition, and regardless of the outcome, Actions can have an adverse impact on the Company because of defense and/or settlement costs, diversion of management resources, reputational risks and other factors.

We may be subject to governmental export controls and economic sanctions regulations that could impair our ability to compete in international markets due to licensing requirements and could subject us to liability if we are not in compliance with applicable laws.

Certain of our products and services may be subject to export control and economic sanctions regulations, including the U.S. Export Administration Regulations and various economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control. Exports of our products and the provision of our services must be made in compliance with these laws and regulations. If we fail to comply with these laws and regulations, we and certain of our employees could be subject to substantial civil or criminal penalties, including: the possible loss of export privileges; fines, which may be imposed on us and responsible employees or managers; and, in extreme cases, the incarceration of responsible employees or managers. Obtaining the necessary authorizations, including any required license, for a particular deployment may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. In addition, changes in our products or services, or changes in applicable export or economic sanctions regulations may create delays in the introduction and deployment of our products and services in international markets, or, in some cases, prevent the export of our products or provision of our

services to certain countries or end users, or for certain end uses. Any change in export or economic sanctions regulations, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could also result in decreased use of our products and services, or in our decreased ability to export our products or provide our services to existing or prospective customers with international operations. Any decreased use of our products and services or limitation on our ability to export our products and provide our services could adversely affect our business, results of operations, and financial condition. Further, we incorporate encryption technology into certain of our products. Various countries regulate the import of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our customers’ ability to import our products into those countries. Encryption products and the underlying technology may also be subject to export control restrictions. Governmental regulation of encryption technology and regulation of exports of encryption products, or our failure to obtain required approval for our products, when applicable, could harm our international sales and adversely affect our revenue.

Beginning on February 24, 2022, the United States, U.K., and E.U. have imposed sanctions on Russia in response to its invasion of Ukraine. Many of these sanctions are targeted at Russian banks and Russian sovereign debt. The range of sanctions includes prohibitions on dealings in the debt or equity of certain Russian companies, as well as blocking sanctions imposed on many Russian individuals and entities. On April 6, 2022, the United States issued Executive Order 14071, prohibiting new investment in Russia by a U.S. person. These measures and any future sanctions imposed by the United States or other countries may impact our ability to deal with certain persons or in certain jurisdictions.

Although we believe that we are in compliance with all applicable export control and sanctions laws and regulations, and intend to maintain such compliance, there can be no assurance that we will be in compliance in the future, particularly as the scope of certain laws may be unclear and may be subject to changing interpretations. Any such violation could result in fines or other penalties and could severely impact our ability to access U.S. capital markets and conduct our business, and could result in some investors deciding, or being required, to divest their interest, or not to invest, in us.

Changes or proposed changes in U.S. or other countries’ trade policies may result in restrictions and economic disincentives on international trade. Tariffs, economic sanctions and other changes in U.S. trade policy have in the past and could in the future trigger retaliatory actions by affected countries, and certain foreign governments have instituted or are considering imposing retaliatory measures on certain U.S. goods. Further, any emerging protectionist or nationalist trends (whether regulatory- or consumer-driven) either in the U.S. or in other countries could affect the trade environment. We conduct a significant amount of business that could be impacted by changes to the trade policies of the U.S. and other countries (including governmental action related to tariffs, international trade agreements, or economic sanctions). Such changes have the potential to adversely impact the U.S. economy or certain sectors thereof or the economy of other countries in which we operate, our industry, the industries of our customers and the global demand for our services.

We cannot predict how these developments will impact us, and existing or future tariffs and trade restrictions could have a material adverse effect on our business, results of operations, and financial condition. Additionally, tariffs and retaliatory trade measures could result in an increase in supply chain costs that we may not be able to offset in full or in part or that may otherwise adversely impact our financial results.

Industry-specific regulation is evolving and unfavorable industry-specific laws, regulations, or interpretive positions could harm our business.

Our customers and potential customers do business in a variety of industries, including financial services, the public sector, healthcare and telecommunications. Regulators of various industries have adopted and may in the future adopt regulations or interpretive positions regarding the use of cloud computing and other outsourced services. The costs of compliance with, and other burdens imposed by, industry-specific laws, regulations and interpretive positions may limit our customers’ use and adoption of our services and reduce overall demand. For example, some financial services regulators have imposed guidelines for use of cloud computing services that mandate specific controls or that require financial services providers to obtain regulatory

approval prior to outsourcing certain functions. If we are unable to comply with these guidelines or controls, or if our customers are unable to obtain regulatory approval to use our service where required, our business may be harmed and we may be unable to conduct business with customers in such industries. In addition, an inability to satisfy the standards of certain third-party certification bodies that our customers may expect, such as the PCI Data Security Standards, may have an adverse impact on our business. If we are unable in the future to achieve or maintain these industry-specific certifications or comply with other similar requirements or standards that are relevant to our customers, our business and our revenue may be adversely impacted.

In some cases, industry-specific laws, regulations or interpretive positions may also apply directly to us as a service provider. Any failure or perceived failure by us to comply with such requirements could have a material adverse impact on our business and results of operations.

In addition, we may become subject to additional regulatory and compliance burdens to the extent we expand our product offerings into new conversational businesses that subject us to additional regulations, laws and new risks.

State, federal and foreign regulators could adopt laws and regulations that impose additional burdens on companies that conduct business online or that adversely affect the growth or use of the internet or mobile commerce. Laws or regulations that affect the use of the internet or mobile devices, including but not limited to laws affecting net neutrality, could also decrease demand for our services and increase our costs.

The continued growth and development of the market for online services may prompt calls for more stringent consumer protection laws or laws that will inhibit the use of internet-based or mobile-based communications or the information contained in these communications or the ways in which information may be collected, stored, used and transferred in the course of providing services. For example, in the United States, the CAN-SPAM Act regulates the transmission and content of commercial emails, and, among other things, obligates the sending of such emails to provide recipients with the ability to opt-out or unsubscribe and other requirements; and the Children’s Online Privacy Protection Act regulates the ability of certain online services to collect or use certain categories of information from children under age 13 absent parental consent. Additionally, several states are considering or have passed social media age design laws that require age verifications and implement additional protections for children. Some of these laws have been halted by courts as violations of the First Amendment, both in regard to age verification and the requirement to disclose documents to the government creating overbroad speech restrictions. The adoption of any additional laws or regulations, or changes to existing laws or regulations or their interpretation or application, may increase our costs of doing business, decrease the expansion of the internet or smartphone usage and, in turn, unfavorably affect demand for our services.

Climate change and environmental and other sustainability regulations or requirements could adversely impact our business.

Climate change has the potential to negatively affect our business and results of operations, cash flows and prospects. The adverse physical impacts of climate change include increased frequency and severity of natural disasters and extreme weather events such as hurricanes, tornados, wildfires (exacerbated by drought), flooding, and extreme heat, which could pose physical risks to the facilities of our global data providers and other suppliers. Such risks include losses incurred as a result of physical damage to facilities, and business interruption caused by such natural disasters and extreme weather events. These risks could disrupt our operations and our supply chain, which may result in increased costs. We also face climate change risks associated with the process of transitioning to a low-carbon economy. For example, in response to concerns about global climate change, governments may adopt new regulations affecting the use of fossil fuels or requiring the use of alternative fuel sources, resulting in increased costs for the energy usage of our global data centers.

Our customers, investors and other stakeholders may require us to demonstrate that we are taking ecologically responsible measures in operating our business and in sourcing services in our supply chain, including our global data center providers.

Risks Related to our Intellectual Property

Our products and services may infringe upon intellectual property rights of third parties and any infringement could require us to incur substantial costs and may distract our management.

We have had patent and other infringement lawsuits filed against us claiming that certain of our products and services infringe third-party intellectual property rights, and we are subject to the future risk of additional third-party claims alleging infringement against us or against our customers for use of our products and services. Many of our customer and partner contracts, including certain suppliers, contain indemnification obligations requiring us to indemnify our customers from certain claims against them or arising from the use of our services. Substantial litigation regarding intellectual property rights exists in the software industry. In the ordinary course of our business, our services and/or our customers’ use of our services may be increasingly subject to third-party infringement claims as claims by non-practicing entities become more prevalent and the number of competitors in our industry segment grows and the functionality of services in different industry segments overlaps. Some of our competitors in the market for digital engagement technology, and/or web and mobile based consumer-facing services or other third parties may have filed or may intend to file patent applications covering aspects of their technology and have asserted and may in the future assert claims against us. Any claims alleging infringement of third-party intellectual property rights could require us to spend significant amounts in litigation (even if the claim is invalid), distract management from other tasks of operating our business, pay substantial damage awards, prevent us from selling our products, delay delivery of our services, require the development of non-infringing software, technology, business processes, systems or other intellectual property (none of which might be successful), or limit our ability to use the intellectual property that is the subject of any of these claims, unless we enter into license agreements with the third parties (which may be costly, unavailable on commercially reasonable terms, or not available at all). Therefore, any such claims could have a material adverse effect on our business, results of operations, cash flows and financial condition. Additionally, over the last few years, there have been multiple class action lawsuits filed against large language model developers in the Northern District of California, the Southern District of New York, and the Middle District of Tennessee, among others, concerning alleged copyright and other intellectual property violations with respect to the information used to train AI models. The outcomes of these litigations may impair our ability to provide our AI technologies.

Our business and prospects would suffer if we are unable to protect and enforce our intellectual property rights.

Our success and ability to compete depend, in part, upon the protection of our intellectual property rights relating to the technology underlying our services. We own a portfolio of patents and patent applications in the U.S. and internationally and regularly file patent applications to protect intellectual property that we believe is important to our business, including intellectual property related to digital engagement technology, and/or web and mobile based consumer-facing services. We believe the duration of our patents is adequate relative to the expected lives of our products and services. We pursue the registration of our domain names, trademarks and trade names in the U.S. and in certain locations outside the U.S. We also own copyrights, including in our software, publications and other documents authored by us. These intellectual property rights are important to our business and marketing efforts. We seek to protect our intellectual property rights by relying on federal, state, and common law rights, including registration, or otherwise in the U.S. and certain foreign jurisdictions, as well as contractual restrictions. However, we believe that factors such as the technological and creative skills of our personnel, new service developments, frequent enhancements and reliable maintenance are more essential to establishing and maintaining a competitive advantage. Others may develop technologies that are similar or superior to our technology. We enter into confidentiality and other written agreements (including invention assignment agreements) with our employees, consultants, customers, potential customers, strategic partners, and other third parties, and through these and other written agreements, we seek to control access to and distribution of our software, documentation and other proprietary information. Despite our efforts to protect our proprietary rights, third parties may, in an unauthorized manner, attempt to use, copy or otherwise obtain and market or distribute our intellectual property rights or technology or otherwise develop a service with the same functionality as our services. Policing unauthorized use of our services and intellectual property rights is difficult, and we cannot be certain that the steps we have taken will prevent misappropriation of our technology or intellectual property rights, particularly in foreign countries where we do business, where our services are sold or used, where the laws may not protect proprietary rights as fully as do the laws of the U.S. or where enforcement of laws protecting proprietary rights is not common or effective.

The duration of the protection afforded to our intellectual property depends on the type of property in question, the laws and regulations of the relevant jurisdiction and the terms of its license agreements with others. With respect to our trademarks and trade names, trademark laws and rights are generally territorial in scope and limited to those countries where a mark has been

registered or protected. While trademark registrations may generally be maintained in effect for as long as the mark is in use in the respective jurisdictions, there may be occasions where a mark or title is not registrable or protectable or cannot be used in a particular country. In addition, a trademark registration may be canceled or invalidated if challenged by others based on certain use requirements or other limited grounds. The duration of property rights in trademarks, service marks and trade names in the U.S., whether registered or not, is predicated on our continued use.

It is possible that:

•any issued patent or patents issued in the future may not be broad enough to protect our intellectual property rights;

•any issued patent or any patents issued in the future could be successfully challenged by one or more third parties, which could result in our loss of the right to prevent others from exploiting the inventions claimed in the patents;

•current and future competitors may independently develop similar technologies, duplicate our services or design around any patents we may have; and

•effective intellectual property protection may not be available in every country in which we do business, where our services are sold or used, where the laws may not protect proprietary rights as fully as do the laws of the United States or where enforcement of laws protecting proprietary rights is not common or effective.

Further, to the extent that the invention described in any U.S. patent was made public prior to the filing of the patent application, we may not be able to obtain patent protection in certain countries. We also rely upon copyright, trade secret, trademark and other common law in the U.S. and other jurisdictions, as well as confidentiality procedures and contractual provisions, to protect our proprietary technology, processes and other intellectual property. Any steps we might take may not be adequate to protect against infringement and misappropriation of our intellectual property by third parties. Similarly, third parties may be able to independently develop similar or superior technology, processes or other intellectual property. Third parties may register marks that are confusingly similar to the trademarks or services marks that we have used in the U.S. and our failure to monitor foreign registrations or mark usage may impact our rights in certain trademarks or services marks. Policing unauthorized use of our services and intellectual property rights is difficult, and we cannot be certain that the steps we have taken will prevent misappropriation of our technology or intellectual property rights, particularly in foreign countries where we do business, where our services are sold or used, where the laws may not protect proprietary rights as fully as do the laws of the U.S. or where enforcement of laws protecting proprietary rights is not common or effective. The unauthorized reproduction or other misappropriation of our intellectual property rights could enable third parties to benefit from our technology without paying us for it. If this occurs, our business, results of operations, and financial condition could be materially and adversely affected. In addition, disputes concerning the ownership or rights to use intellectual property could be costly and time-consuming to litigate, may distract management from operating our business and may result in our loss of significant rights.

Issues in the use of AI in our product offerings may result in reputational harm, regulatory compliance issues or liability.

We envision a future in which AI operating in our devices, applications and the cloud helps our customers be more productive in their business activities and interactions with consumers. As with many disruptive innovations, AI presents risks and challenges that could affect its adoption, and therefore our business. AI algorithms and models may be flawed. Datasets may be insufficient or contain biased information. Content generated by AI systems may be offensive, illegal, or harmful. Inappropriate or controversial data practices by us or others could impair the acceptance of AI solutions. As a result of these and other challenges associated with innovative technologies, our use of AI systems could subject us to competitive harm, regulatory action, legal liability, including under current and proposed legislation regulating AI in jurisdictions such as the E.U., applications of existing data protection, privacy, intellectual property, and other laws, and brand or reputational harm. Social and ethical issues relating to new and evolving uses of AI that we may offer may result in reputational harm and liability and may cause us to incur additional research and development (“R&D”) costs to resolve such issues.

The regulatory landscape regarding AI is evolving globally. Potential government regulation related to AI use and ethics may also increase the burden and cost of operations and R&D efforts in this area, and the risk of regulatory compliance issues or

other liabilities. Failure to properly remediate AI usage, legal or ethics issues may cause public confidence in AI to be undermined, which could slow adoption of AI in our offerings. The rapid evolution of AI will require the application of resources to develop, test and maintain our products and services to help ensure that AI is implemented ethically in order to minimize unintended, harmful impact.

We may be subject to legal liability and/or negative publicity for the services provided to consumers via our technology platforms.

Our technology platforms enable representatives of our customers as well as individual service providers to communicate with consumers and other persons seeking information or advice on the web or via mobile devices. The law relating to the liability of online platform providers, such as us, for the activities of users of their online platforms is often challenged in the U.S. and internationally. We may be unable to prevent users of our technology platforms from providing negligent, unlawful or inappropriate advice, information or content via our technology platforms, or from behaving in an unlawful manner, and we may be subject to allegations of civil or criminal liability for negligent, fraudulent, unlawful or inappropriate activities carried out by users of our technology platforms.

Claims could be made against online services companies under both U.S. and foreign law, such as fraud, defamation, libel, invasion of privacy, negligence, data breach, copyright or trademark infringement, or other theories based on the nature and content of the materials disseminated by users of our technology platforms. In addition, domestic and foreign legislation has been proposed that could prohibit or impose liability for the transmission over the internet of certain types of information. Our defense of any of these actions could be costly and involve significant time and attention of our management and other resources.

The Digital Millennium Copyright Act (“DMCA”) is intended, among other things, to reduce the liability of online service providers for transmitting or storing materials that infringe copyrights of others or referring, listing or linking to third party web properties that include materials that infringe copyrights of others. Additionally, Section 230 of the Communications Decency Act (“CDA”), is intended to provide statutory protections to online service providers who host or distribute third party content. A safe harbor for copyright infringement is also available under the DMCA to certain online service providers that provide specific services, if the providers take certain affirmative steps as set forth in the DMCA. There are various Congressional efforts to restrict the scope of the protections from liability for service providers in certain circumstances. If we are not covered by a safe harbor, for any reason, we could be exposed to claims, which could be costly and time-consuming to defend.

Any costs incurred as a result of this potential liability could harm our business.

In addition, negative publicity and user sentiment generated as a result of fraudulent or deceptive conduct by customers of our technology platforms could damage our reputation, reduce our ability to attract new users or retain our current customers, and diminish the value of our brand.

In the future, we may be required to spend substantial resources to take additional protective measures or discontinue certain service offerings, either of which could harm our business. Any costs incurred as a result of potential liability relating to the sale of unlawful services or the unlawful sale of services could harm our business. In addition to legislation and regulations relating to privacy and data security and collection, we may be subject to consumer protection laws that are enforced by regulators such as the FTC and private parties and include statutes that regulate the collection and use of information for marketing purposes. Any new legislation or regulations regarding the internet, mobile devices, software sales or export and/or the cloud or SaaS industry, and/or the application of existing laws and regulations to the internet, mobile devices, software sales or export and/or the cloud or SaaS industry, could create new legal or regulatory burdens on our business that could have a material adverse effect on our business, results of operations, and financial condition. Additionally, as we operate outside the U.S., the international regulatory environment relating to the internet, mobile devices, software sales or export, and/or the cloud or SaaS industry could have a material adverse effect on our business, results of operations, and financial condition.

Risks Related to our International Operations and Tax Issues

Our results of operations may be adversely impacted due to our exposure to foreign currency exchange rate fluctuations.

We conduct business in currencies other than the U.S. dollar in Europe, Australia, Japan and Israel. Because we conduct business in currencies other than the U.S. dollar but report our financial results in U.S. dollars, fluctuations in currency exchange rates could adversely affect our results of operations. Fluctuations in the value of the U.S. dollar relative to other foreign currencies could materially affect our revenue, cost of revenue and operating expenses, and result in foreign currency transaction gains and losses. Expansion of our international operations increases our exposure to such fluctuations in currency exchange rates. Additionally, these programs rely on our ability to forecast accurately and could expose us to additional risks that could adversely affect our financial condition and results of operations. We cannot predict whether or not we will incur foreign exchange losses. Further, as geopolitical volatility around the world increases, there is increasing risk of the imposition of exchange or price controls, or other restrictions on the conversion of foreign currencies, which could have a material adverse effect on our business.

In addition to our operations in the U.S., we have operations in Australia, Brazil, Bulgaria, Canada, Costa Rica, France, Germany, Israel, India, Italy, Japan, Mexico, the Netherlands, Singapore, Spain, and the U.K.

Our international operations may subject us to other risks inherent in foreign operations, including:

•varied, unfamiliar, unclear and changing legal and regulatory restrictions, including different legal and regulatory standards applicable to internet or mobile services, communications, privacy, data protection, and AI;

•difficulties in staffing and managing foreign operations;

•differing intellectual property laws that may not provide sufficient protection for our intellectual property;

•adverse tax consequences or additional tax liabilities;

•difficulty in addressing country-specific business requirements and regulations including, for instance, data privacy laws;

•fluctuations in currency exchange rates;

•strains on financial and other systems to properly administer value-added tax (“VAT”) and other taxes;

•different consumer preferences and requirements in specific international markets;

•international legal, compliance, political, regulatory or systemic restrictions, or other international governmental scrutiny, applicable to U.S. companies with sales and operations in foreign countries, including, but not limited to, possible compliance issues involving the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act, and similar laws in other jurisdictions;

•the imposition of tariffs, quotas, import duties or other market barriers (including the implementation of tariffs on U.S. imports and potential retaliatory tariffs); and

•local instability and shifting political, economic, and military conditions including armed conflict and terrorist activity.

In addition, we rely in part on third-party service providers with international operations.

Our current and any future international expansion plans will require management attention and resources and may be unsuccessful. In addition, violations of any foreign laws or regulations could result in fines, criminal sanctions against us, our officers or our employees, prohibitions on the conduct of our business and damage to our reputation.

Our operations may expose us to greater than anticipated income, non-income, and transactional tax liabilities, which could harm our financial condition and results of operations.

There is heightened scrutiny by fiscal authorities in many jurisdictions on the potential taxation of e-commerce businesses. The Organization for Economic Co-operation and Development (“OECD”) has issued guidelines, referred to as the Base Erosion and Profit Shifting project, to its member-nations aimed at encouraging broad-based legislative initiatives intended to prevent perceived base erosion transactions and income shifting in a tax-advantaged manner. Further, for the past several years, the OECD has had a specific focus on the taxation implications of e-commerce business, generally referred to by the OECD as the “digital economy.” In the fourth quarter of 2019, the OECD released details on its proposed approach which would, among other changes, create a new right to tax certain “digital economy” income not necessarily based on traditional nexus concepts nor on the “arm’s length principle.” At this point, there is a lack of consensus among the key members, particularly the United States, with the latest OECD proposal. The United States has expressed that it would generally support a solution along the lines proposed by the OECD only if the solution was in the form of a “safe-harbor” rather than a mandatory requirement. A failure to reach full consensus on an executable plan within the tight time frame under which the OECD is operating could result in individual jurisdictions legislating digital tax provisions in an uncoordinated and unilateral manner, and further result in greater or even double taxation that companies may not have sufficient means to remedy. For example, a number of jurisdictions, including the U.K., France and Italy, have already adopted or have formally proposed legislation that would affect the taxation of certain e-commerce businesses based on differing criteria and metrics. Efforts to alleviate this increased tax burden will increase the cost of structuring and compliance as well as the cost of doing business internationally. Any changes to the taxation of our international activities may increase our worldwide effective tax rate and adversely impact our financial position and results of operations.

Further, the prospective taxation by multiple jurisdictions of e-commerce businesses could subject us to exposure to withholding, sales, VAT and/or other transaction taxes on our past and future transactions in such jurisdictions where we currently or in the future may be required to report taxable transactions. A successful assertion by any jurisdiction that we failed to pay such withholding, sales, VAT or other transaction taxes, or the imposition of new laws requiring the registration for, collection of, and payment of such taxes, could result in substantial tax liabilities related to past, current and future sales, create increased administrative burdens and costs, discourage customers from purchasing content from us, or otherwise substantially harm our business and results of operations. We are currently subject to and in the future may become subject to additional compliance requirements for certain of these taxes. Changes in our exposure to withholding, sales, VAT and/or other transaction taxes could have an adverse impact on our financial condition in the future.

In addition, an increasing number of states have considered or adopted laws that attempt to impose tax collection obligations on out-of-state companies. In June 2018, the Supreme Court of the United States issued its decision in the matter of South Dakota v. Wayfair, Inc. This decision effectively reversed the 25-year-old “physical presence doctrine” previously established by the Supreme Court in Quill Corp. v. North Dakota, which required a minimum level of physical presence within a state before the state could impose an obligation to register and remit sales tax on revenue derived within that state. This decision may significantly increase the effort, resources and costs associated with the sales tax collection and compliance burden. Since the decision, a number of states have enacted sales tax enabling legislation which has had the effect of significantly expanding the liability of e-commerce companies to register, collect and remit state sales taxes from customers. A successful assertion by one or more states requiring us to collect taxes where we presently do not do so, or to collect more taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest. The imposition by state governments or local governments of sales tax collection obligations on out-of-state sellers could also create additional administrative burdens for us, put us at a competitive disadvantage if they do not impose similar obligations on our competitors, and decrease our future sales, which could have a material adverse effect on our business and results of operations.

Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.

As of December 31, 2024, we had federal net operating loss carryforwards (“NOLs”) of $644.0 million which are available to offset future federal taxable income. In general, under Section 382 of the Internal Revenue Code of 1986, as amended (the “Code”), a corporation that undergoes an “ownership change” (generally defined as a greater than 50-percentage-point

cumulative change (by value) in the equity ownership of certain stockholders over a rolling three-year period) is subject to limitations on its ability to utilize its pre-change NOLs to offset post-change taxable income. Under Section 382 of the Code, our existing NOLs may be subject to limitations arising from previous ownership changes, and if we undergo an ownership change in the future, our ability to utilize NOLs could be further limited by Section 382 of the Code, or as a result of a corresponding provision of state law. Future changes in our stock ownership, some of which may be outside of our control, could result in an ownership change under Section 382 of the Code. The use of NOLs from acquired businesses may also be limited under Section 382. Federal NOLs generated in taxable years ending on or before December 31, 2017, are eligible to be carried forward for up to 20 tax years (and carried back up to two tax years) following their incurrence. Federal NOLs generated in taxable years ending after December 31, 2017, are eligible to be carried forward indefinitely, but generally may only offset up to 80% of federal taxable income earned in a taxable year. Our ability to utilize our NOLs is conditioned upon our maintaining profitability in the future and generating U.S. federal taxable income. As a result of a change in the treatment of R&D expenses during the period ending December 31, 2022, the Company is required to capitalize and amortize amounts previously deducted currently. This is resulting in U.S. taxable income that is allowing the Company to utilize its pre-2018 NOLs. The capitalized R&D costs will give rise to future deductions that could result in new NOLs being generated, which NOLs would be eligible to be carried forward indefinitely but would only be able to offset up to 80% of federal taxable income earned in a taxable year.

We have entered into a Tax Benefits Preservation Plan (the “Tax Benefits Preservation Plan”), which is designed to reduce the risk of substantial impairment to our NOLs that could result from an “ownership change” within the meaning of Section 382 of the Code. Although the Tax Benefits Preservation Plan is intended to reduce the risk of an “ownership change” within the meaning of Section 382 of the Code, the Company cannot provide any assurance that the Company will not experience such an ownership change or that the Company will otherwise be able to utilize, in full or in part, the Company’s NOLs. Additionally, the Tax Benefits Preservation Plan could deter or prevent a third party from acquiring us even when the acquisition may be favorable to you, make the Company’s common stock less attractive to large institutional holders or otherwise adversely affect the market price of our common stock.

Political, economic, and military conditions in Israel could negatively impact our Israeli operations.

A substantial portion of our product development staff, help desk and online sales support operations are located in Israel. As of December 31, 2024, we had 68 full-time employees in Israel. Although substantially all of our sales to date have been made to customers outside Israel, we are directly influenced by the political, economic and military conditions affecting Israel. Furthermore, Iran has threatened to attack Israel and may be developing nuclear weapons.

In addition, the State of Israel and Israeli companies have been subject to economic boycotts. These restrictive laws and policies may have an adverse impact on our results of operations, financial condition or the expansion of our business. A campaign of boycotts, divestment, and sanctions has been undertaken against Israel, which could also adversely affect our business. Actual or perceived political instability in Israel or any negative changes in the political environment, may individually or in the aggregate adversely affect the Israeli economy and, in turn, our business, financial condition and results of operations.

Parties with whom we do business may sometimes decline to travel to Israel during periods of heightened unrest or tension, forcing us to make alternative arrangements when necessary in order to meet our business partners face to face. In addition, the political and security situation in Israel may result in parties with whom we have agreements involving performance in Israel claiming that they are not obligated to perform their commitments under those agreements pursuant to force majeure provisions in such agreements.

Further, shifting economic and political conditions in the U.S. and in other countries may result in changes in how the U.S. and other countries conduct business and other relations with Israel, which may have an adverse impact on our Israeli operations and a material adverse impact on our business.

Our commercial insurance may not cover losses that could occur as a result of events associated with the security situation in the Middle East. Any losses or damages incurred by us could have a material adverse effect on our business. Armed conflicts or political instability in the region could negatively affect our business and could harm our results of operations.

Continued hostilities and both current and any future armed conflict, terrorist activity or political instability in the region could adversely affect our operations in Israel and adversely affect the market price of our securities.

Risks Related to our Outstanding Convertible Notes

Servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business to pay our indebtedness.

In December 2020, we issued $517.5 million in aggregate principal amount of 2026 Notes, which do not bear any regular interest, in a private placement. In June 2024, we privately exchanged $100.0 million in principal amount of newly issued 2029 Notes, which, depending on time- and event-based conditions, bear cash interest at a rate ranging from 4.375% to 5% and paid-in-kind interest at a rate ranging from 7% to 8%, for $146.0 million aggregate principal amount of outstanding 2026 Notes, and issued $50.0 million in aggregate principal amount of 2029 Notes in a private placement. In December 2024, we issued an additional $57.1 million in aggregate principal amount of 2029 Notes, including $7.1 million in aggregate principal amount of 2029 Notes issued as paid-in-kind interest. The remaining 2026 Notes will need to be refinanced on or prior to their December 15, 2026 maturity. Further, if greater than $60.0 million principal amount of 2026 Notes remains outstanding 91 days prior to such maturity date, then the 2029 Notes will immediately become due and payable.

Our business may not generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional debt financing or equity capital on terms that may be onerous or highly dilutive. Our ability to refinance our current or any future indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations. In addition, any of our future debt agreements may contain restrictive covenants that may prohibit us from adopting any of these alternatives. Our failure to comply with these covenants could result in an event of default which, if not cured or waived, could result in the acceleration of our debt.

The terms of our First Lien Convertible Senior Notes due 2029 require us to meet certain operating and financial covenants and place restrictions on our operating and financial flexibility. If we raise additional capital through debt financing, the terms of any new debt could further restrict our ability to operate our business.

The 2029 Notes are guaranteed on a senior basis by certain of our direct and indirect domestic and foreign subsidiaries and secured by first priority security interests in substantially all of the assets of the Company and the subsidiary guarantors, subject to customary exceptions.

The indenture governing the 2029 Notes restricts our ability to, among other things, pursue certain dispositions, mergers or acquisitions, encumber our intellectual property, incur debt, preferred stock or liens, pay dividends or make other payments in respect of our capital stock, or make investments and engage in certain business transactions. The indenture governing the 2029 Notes also includes a financial covenant that requires us at all times to maintain a minimum cash balance of $60.0 million (excluding proceeds of the 2029 Notes). Our failure to comply with these covenants could result in an event of default which, if not cured or waived, could result in the acceleration of our debt.

If we raise any additional debt financing, the terms of such additional debt could further restrict our operating and financial flexibility.

We may not have the ability to raise the funds necessary to settle conversions of our outstanding convertible debt securities and cash-settled warrants in cash or to repurchase our outstanding convertible debt securities upon a fundamental change, and

any future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our outstanding convertible debt securities and cash-settled warrants.

Holders of our outstanding Notes have the right to require us to repurchase all or a portion of their Notes upon the occurrence of a fundamental change before the maturity date at a fundamental change repurchase price equal to 100% of the principal amount of the Notes to be repurchased, plus accrued and unpaid interest, (including cash and PIK components thereof in the case of the 2029 Notes), if any, plus, in the case of the 2029 Notes, an amount equal to 66% of the remaining future interest payments (including cash and PIK components thereof) that would have been payable through June 15, 2029, discounted at a rate equal to the comparable treasury rate plus 50 basis points. Further, upon the exercise of the cash-settled warrants, we are required to make cash payments in respect of the cash-settled warrants being exercised (except to the extent that, following payment, we would have “available cash” (as defined therein) of less than $100.0 million, in which case we may defer payment of the settlement amount at an annualized interest rate of 6.0%, compounded monthly).

However, we may not have enough available cash or be able to obtain financing at the time we are required to make repurchases of the Notes surrendered therefor, to pay cash with respect to the Notes being converted or to pay cash with respect to the cash-settled warrants being exercised. A default under the governing indenture or the fundamental change itself could also lead to a default under the indenture governing the other series of Notes or agreements governing any future indebtedness.

If a fundamental change occurs prior to the maturity date of the outstanding Notes, the holders of such Notes will have the right, at their option, to require us to repurchase all or a portion of their Notes. These and other provisions in the indentures governing the Notes could deter or prevent a third party from acquiring us even when the acquisition may be favorable to securityholders.

In the event the conditional conversion feature of an outstanding series of Notes is triggered, holders of the relevant series of Notes will be entitled to convert their Notes of such series at any time during specified periods at their option.

In connection with the transaction in which we issued the 2026 Notes, we entered into capped call transactions with certain option counterparties. The capped call transactions are expected generally to reduce the potential dilution to our common stock upon any conversion of the 2026 Notes and/or offset any cash payments we are required to make in excess of the principal

amount of the converted 2026 Notes, as the case may be, upon any conversion of the 2026 Notes, with such reduction and/or offset subject to a cap.

We do not make any representation or prediction as to the direction or magnitude of any potential effect that the transactions described above may have on the price of our common stock or the 2026 Notes. In addition, we do not make any representation that the option counterparties or their respective affiliates will engage in these transactions or that these transactions, once commenced, will not be discontinued without notice.

Risks Related to our Common Stock

Our stock price has been, and may continue to be, highly volatile, which could reduce the value of your investment and subject us to litigation.

The price of our common stock has fluctuated significantly in the past and may continue to be highly volatile, with extreme price and volume fluctuations. Our trading price could fluctuate substantially in the future, including in response to the following factors, some of which are beyond our control:

•quarterly variations in our operating results or those of our competitors;

•earnings announcements that are not in line with analyst expectations;

•changes in recommendations or financial estimates by securities analysts;

•announcements or rumors about mergers or strategic acquisitions by us or by our competitors;

•announcements about customer additions and cancellations or failure to complete significant sales;

•changes in market valuations of companies that investors believe are comparable to us;

•additions or departures of key personnel;

•consequences of unexpected geopolitical events, natural disasters, acts of war or climate change;

•pandemics, epidemics or similar widespread public health concerns; and

•general economic, political and market conditions, such as recessions, political unrest or terrorist attacks, or in the specific locations where we operate, such as the United States, Israel and the U.K.

In addition, extreme price and volume fluctuations in the stock markets generally, and in the markets for technology companies in particular, could cause the market price for our common stock to decline. As a result of such volatility in the market price of our common stock, we have been the subject of securities class action litigation and may in the future be the target of similar litigation, which could result in substantial costs and distract management’s attention and resources.

If our common stock continues to trade below $1.00, we may fail to meet the continued listing requirements of The Nasdaq Stock Market LLC (“Nasdaq”), which could result in a delisting of our common stock.

Our common stock currently is listed on The Nasdaq Global Select Market. We are required to meet specified financial requirements in order to maintain such listing, including a closing bid price of at least $1.00. If the closing bid price of our common stock is less than $1.00 for 30 consecutive trading days, then our common stock will be subject to delisting. As of the date of the filing of this Form 10-K, the closing bid price of our common stock has been below $1.00 for six trading days (not including the date of filing of this Form 10-K). Our common stock closing bid price also was below $1.00 on multiple occasions during 2024, including on March 14, 2024, from March 28, 2024 through July 17, 2024; on July 19, 2024; from November 8, 2024 through November 22, 2024 and from November 26, 2024 through December 27, 2024.

We can provide no assurance that we will be able to maintain or restore our compliance with the listing requirements or that any actions taken by us in an effort to maintain or restore our compliance would allow our common stock to remain listed, stabilize the market price of our common stock, improve the liquidity of our common stock, prevent our common stock from again dropping below the minimum bid price requirement, or prevent future non-compliance with the listing requirements. In addition, to maintain a listing with Nasdaq, we must satisfy minimum financial and other continued listing requirements and standards, including those regarding minimum stockholders’ equity, and certain corporate governance requirements. Further, the failure of our common stock to be listed or quoted on any of The Nasdaq Global Select Market, The Nasdaq Global Market or The New York Stock Exchange would constitute a “fundamental change” under the indentures governing the 2026 Notes and the 2029 Notes.

If our common stock is delisted from Nasdaq, it is unlikely that our common stock would qualify for listing on another national securities exchange in the United States, and trading of our common stock would most likely take place on an over-the-counter market established for unlisted securities, such as the OTCQX, the OTCQB or the Pink Market maintained by OTC Markets Group Inc. We cannot assure you that our common stock, if delisted from Nasdaq, will ever be listed on another securities exchange or quoted on an over-the-counter quotation system. An investor would likely find it less convenient to sell, or to obtain accurate quotations in seeking to buy, our common stock on an over-the-counter market, and many investors would likely not buy or sell our common stock due to difficulty in accessing over-the-counter markets, policies preventing them from trading in securities not listed on a national exchange or other reasons. Accordingly, delisting from Nasdaq could make trading our common stock more difficult for investors, likely leading to declines in our share price, trading volume and liquidity. Delisting from Nasdaq could also result in negative publicity and make it more difficult for us to raise additional capital. The absence of such a listing may adversely affect the acceptance of our common stock as transaction consideration or the value accorded our common stock by other parties. Further, if we are delisted, we would also incur additional costs under state blue sky laws in connection with any sales of our securities. These requirements could severely limit the market liquidity of our common stock and the ability of our stockholders to sell our common stock in the secondary market.

If our common stock is delisted, it may come within the definition of “penny stock” as defined in the Exchange Act and would be covered by Rule 15g-9 of the Exchange Act. This rule imposes additional sales practice requirements on broker-dealers who sell securities to persons other than established customers and accredited investors which may further limit the market liquidity of our common stock and the ability of our stockholders to sell our common stock in the secondary market. The regulations relating to penny stocks, coupled with the typically higher cost per trade to the investor of penny stocks due to factors such as broker commissions generally representing a higher percentage of the price of a penny stock than of a higher-priced stock, would further limit the ability of investors to trade in our common stock.

Our common stock is traded on more than one market and this may result in price variations.

Our common stock is currently traded on The Nasdaq Global Select Market and the TASE. Trading in our common stock on these markets takes place in different currencies (U.S. dollars on The Nasdaq Global Select Market and New Israeli Shekels (“NIS”) on the TASE) and at different times (due to different time zones, trading days and public holidays in the United States and Israel). The trading prices of our common stock on these two markets may differ due to these and other factors. Any decrease in the trading price of our common stock on one of these markets could cause a decrease in the trading price of our common stock on the other market. Differences in trading prices on the two markets could negatively impact our trading price.

Future sales of substantial amounts of our common stock may negatively affect our stock price.

If we or our stockholders sell substantial amounts of our common stock, including shares issuable upon the exercise of outstanding options and warrants, or upon the conversion of 2026 Notes or 2029 Notes, in the public market, or if the market perceives that these sales might occur, the market price of our common stock could fall. These sales also might make it more

difficult for us to sell equity securities in the future at a time and price that we deem appropriate. No prediction can be made as to the effect, if any, that market sales of our common stock will have on the market price of our common stock.

Provisions in our charter documents and Delaware law could discourage, delay, or prevent a takeover that stockholders may consider favorable.

Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of discouraging, delaying or preventing a change in control or changes in our management that stockholders may deem advantageous. These provisions include the following:

•Our board of directors is divided into three classes, with each class serving three-year staggered terms, which prevents stockholders from electing an entirely new board of directors at any annual meeting;

•Vacancies on our board of directors may only be filled by a vote of a majority of directors then in office, even if less than a quorum;

•Our amended and restated certificate of incorporation prohibits cumulative voting in the election of directors or any other matters. This limits the ability of minority stockholders to elect director candidates;

•Our stockholders may only act at a duly called annual or special meeting and may not act by written consent;

•Stockholders must provide advance notice to nominate individuals for election to our board of directors or to propose other matters that can be acted upon at a stockholders’ meeting;

•We require supermajority voting by stockholders to amend certain provisions in our amended and restated certificate of incorporation and to amend our amended and restated bylaws; and

•Our amended and restated bylaws expressly authorize a supermajority of the board of directors to amend our amended and restated bylaws.

As a Delaware corporation, we are also subject to Section 203 of the Delaware General Corporation Law, which generally prohibits a Delaware corporation from engaging in any of a broad range of business combinations with an interested stockholder for a period of three years following the date on which the stockholder became an interested stockholder, unless certain conditions are met.

Item 1B. Unresolved Staff Comments

None.

Cybersecurity

The Company has implemented and maintains a cybersecurity program governed by an information security team responsible for managing and directing strategy, policy, standards, architecture, controls, and processes. The cybersecurity program is underpinned by a cybersecurity risk management framework designed to identify and prioritize cybersecurity risks to the Company and is overseen by our Board of Directors.

Risk management and strategy

Our cybersecurity program is designed to protect our information systems from cyber threats and to ensure the confidentiality, integrity and availability of systems and information used, owned or managed by the Company related to our employees, our customers and their users. This involves an ongoing effort to protect against, detect and respond to cybersecurity threats and vulnerabilities. LivePerson maintains a security risk management program that is tasked with determining the cybersecurity threats that pose the greatest risk to the Company. This program is managed by the Security Risk Committee, chaired by the Chief Security Officer (“CSO”), as well as representative members from security, operations, and internal audit leadership. The committee meets at least twice annually. A resultant risk assessment produced by the committee is leveraged to inform senior leadership and our Board of Directors on top areas of risk, as well as to shape the security and technology team’s roadmap.

Our cybersecurity program includes a number of components, such as:

•regular cybersecurity risk assessments, audits, and penetration tests;

•policies generally aligned with industry standards such as Information Security Standard (“ISO”) / International Electrotechnical Commission –27001 and the PCI Data Security Standard;

•measures to block and prevent certain malicious activity, such as endpoint detection and response controls;

•measures to block and prevent certain network attacks, such as firewalls and Distributed Denial of Service mitigation tools;

•measures to secure remote access, such as virtual private networks and multi-factor authentication;

•cybersecurity training programs for employees, contractors and agents, including regular phishing simulations;

•a vulnerability disclosure program to compensate researchers for responsible disclosure of vulnerabilities in our platform;

•the maintenance of a Security Incident Response Plan with periodic tabletop testing; and

•third-party risk management processes designed to manage risks associated with vendors and suppliers.

The goal of the Company’s information security program is to manage risks in a prioritized fashion; however, control gaps and/or their related control effectiveness, resource constraints, and execution failure can pose cybersecurity risk to the Company. In the event of a cyber incident, the Company has a process in place whereby the information security team will alert the appropriate levels of management, as well as the legal and finance departments so that the materiality of any such event can be determined.

The Company actively engages with key vendors and industry participants, and monitors and analyzes intelligence and law enforcement community security publications as part of its continuing efforts to obtain current threat intelligence, collaborate on security enhancements, and evaluate and improve the effectiveness of its cybersecurity processes. The Company also regularly engages with external parties to perform:

•periodic cybersecurity assessments, such as maturity assessments against the National Institute of Standards and Technology Cybersecurity Framework;

•managed detection and response for certain public cloud environments;

•penetration testing;

•continuous proactive threat hunting;

•cyber threat intelligence services including dark web monitoring; and

•audits against industry standards including Systems and Organization Controls 2 (“SOC 2”), ISO 27001, PCI, and the HITRUST CST.

In the ordinary course of our business, our third-party service providers (“TPSPs”) collect, process and store certain information and other data related to us or our customers and their users. We assess the cybersecurity practices of our TPSPs through a variety of measures, including a due diligence process designed to assess and manage the potential risks of such TPSPs to the Company. This process involves evaluation of security questionnaires, review of available SOC 2 reports, and performance of interviews prior to onboarding TPSPs over certain risk thresholds, with annual re-reviews for our highest risk tier TPSPs. Despite these measures, we are reliant on the security practices of our TPSPs, which may be outside of our direct control.

We experience cyber-attacks of varying degrees on a regular basis in the ordinary course of our business. As of the date of this report and for the time period of January 1, 2024, through December 31, 2024, the Company is not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. However, there can be no assurance that we will not be materially affected by such risks in the future. For information on the cybersecurity threats and risks we face and the potential impacts on the business related thereto, see Item 1A. Risk Factors – Risks Related to Security Vulnerabilities and Service Reliability.

Governance

Our information security team is led by our CSO. Mr. Friedman has held the position of CSO at organizations across multiple industries, including financial services, for over 13 years and holds industry security certifications including Certified

Information Systems Security Professional (“CISSP”), Certified Information Systems Auditor (“CISA”), Certified Information Security Manager, and Certified in Risk and Information Systems Control. Many members of the information security team also hold CISSP, CISA and other security related certifications. The information security team is made aware of security risks and incidents through a number of channels and activities:

•performance of risk assessments on at least an annual basis by the Security Risk Committee;

•providing SOC capabilities for the detection and response of cyber incidents;

•serving as the point of contact for reporting actual or suspected cyber incidents;

•managing compliance and certification for in-scope security related compliance frameworks and regulations;

•managing internal and external penetration tests, vulnerability scans, and the Company’s vulnerability disclosure program; and

•monitoring of cyber threat intelligence and evaluation and analysis of the potential impact of “zero day” vulnerabilities.

Our Board of Directors takes an active role in overseeing the management of cybersecurity risks to the Company. The information security team provides periodic reports to the Cybersecurity and Technology Committee of the Board, as well as to the full Board, the Company’s Chief Executive Officer and other members of senior management, as appropriate. These reports include updates on the Company’s cyber risks and threats, the status of projects to strengthen its information security systems, assessments of the cybersecurity program and the emerging threat landscape. The cybersecurity program is periodically evaluated by internal and external experts with the results of those reviews reported to senior management and the Board of Directors.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
HWBK	20 hours ago
TRSO	20 hours ago
SAIC	21 hours ago
BHRB	21 hours ago
NUVR	21 hours ago
TETEF	21 hours ago
NRC	22 hours ago
PACK	23 hours ago
CVGI	1 day ago
NEWT	1 day ago
PACB	1 day ago
CTGO	1 day ago
SNDA	1 day ago
CRVO	1 day ago
MBX	1 day, 1 hour ago
PLX	1 day, 1 hour ago
TSQ	1 day, 3 hours ago
FMCB	3 days, 13 hours ago
ANIK	3 days, 14 hours ago
ACR	3 days, 14 hours ago
BGSF	3 days, 15 hours ago
NXU	3 days, 15 hours ago
SSBK	3 days, 15 hours ago
BPRN	3 days, 15 hours ago
HNVR	3 days, 15 hours ago
MUX	3 days, 15 hours ago
HYAC	3 days, 16 hours ago
LPSN	3 days, 16 hours ago
NEN	3 days, 16 hours ago
HSON	3 days, 16 hours ago
BMRC	3 days, 16 hours ago
UHG	3 days, 16 hours ago
AMTX	3 days, 16 hours ago
GRI	3 days, 16 hours ago
GAN	3 days, 16 hours ago
USCB	3 days, 16 hours ago
LSBK	3 days, 16 hours ago
SKYT	3 days, 16 hours ago
XPOF	3 days, 16 hours ago
MYPS	3 days, 16 hours ago
FRAF	3 days, 16 hours ago
HBIA	3 days, 16 hours ago
AROW	3 days, 16 hours ago
WMT	3 days, 16 hours ago
MCHX	3 days, 16 hours ago
BZFD	3 days, 16 hours ago
MX	3 days, 16 hours ago
MNTK	3 days, 16 hours ago
KBSR	3 days, 16 hours ago
NRXP	3 days, 16 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - LPSN

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - LPSN

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing