20-F 1 cele-20221231.htm 20-F cele-20221231
false2022FY00018545870.9595P1YP3Y0.9595P20DP30DP5Y00018545872022-01-012022-12-310001854587dei:BusinessContactMember2022-01-012022-12-310001854587us-gaap:CommonStockMember2022-01-012022-12-310001854587us-gaap:WarrantMember2022-01-012022-12-3100018545872023-04-14xbrli:shares00018545872022-12-31iso4217:USD00018545872021-12-31iso4217:ILSxbrli:shares0001854587cele:SubscriptionServicesMember2022-01-012022-12-310001854587cele:SubscriptionServicesMember2021-01-012021-12-310001854587cele:SubscriptionServicesMember2020-01-012020-12-310001854587cele:TermLicensesMember2022-01-012022-12-310001854587cele:TermLicensesMember2021-01-012021-12-310001854587cele:TermLicensesMember2020-01-012020-12-310001854587cele:PerpetualLicensesAndOtherMember2022-01-012022-12-310001854587cele:PerpetualLicensesAndOtherMember2021-01-012021-12-310001854587cele:PerpetualLicensesAndOtherMember2020-01-012020-12-310001854587cele:ProfessionalServicesMember2022-01-012022-12-310001854587cele:ProfessionalServicesMember2021-01-012021-12-310001854587cele:ProfessionalServicesMember2020-01-012020-12-3100018545872021-01-012021-12-3100018545872020-01-012020-12-31iso4217:USDxbrli:shares0001854587us-gaap:PreferredStockMember2019-12-310001854587us-gaap:CommonStockMember2019-12-310001854587us-gaap:AdditionalPaidInCapitalMember2019-12-310001854587us-gaap:TreasuryStockCommonMember2019-12-310001854587us-gaap:AccumulatedOtherComprehensiveIncomeMember2019-12-310001854587us-gaap:RetainedEarningsMember2019-12-3100018545872019-12-310001854587us-gaap:RetainedEarningsMember2020-01-012020-12-310001854587us-gaap:AccumulatedOtherComprehensiveIncomeMember2020-01-012020-12-310001854587us-gaap:AdditionalPaidInCapitalMember2020-01-012020-12-310001854587us-gaap:CommonStockMember2020-01-012020-12-310001854587us-gaap:TreasuryStockCommonMember2020-01-012020-12-310001854587us-gaap:PreferredStockMember2020-12-310001854587us-gaap:CommonStockMember2020-12-310001854587us-gaap:AdditionalPaidInCapitalMember2020-12-310001854587us-gaap:TreasuryStockCommonMember2020-12-310001854587us-gaap:AccumulatedOtherComprehensiveIncomeMember2020-12-310001854587us-gaap:RetainedEarningsMember2020-12-3100018545872020-12-310001854587us-gaap:RetainedEarningsMember2021-01-012021-12-310001854587us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-01-012021-12-310001854587us-gaap:CommonStockMember2021-01-012021-12-310001854587us-gaap:AdditionalPaidInCapitalMember2021-01-012021-12-310001854587us-gaap:PreferredStockMember2021-01-012021-12-310001854587us-gaap:PreferredStockMember2021-12-310001854587us-gaap:CommonStockMember2021-12-310001854587us-gaap:AdditionalPaidInCapitalMember2021-12-310001854587us-gaap:TreasuryStockCommonMember2021-12-310001854587us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-12-310001854587us-gaap:RetainedEarningsMember2021-12-310001854587us-gaap:RetainedEarningsMember2022-01-012022-12-310001854587us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-01-012022-12-310001854587us-gaap:AdditionalPaidInCapitalMember2022-01-012022-12-310001854587us-gaap:CommonStockMember2022-01-012022-12-310001854587us-gaap:PreferredStockMember2022-12-310001854587us-gaap:CommonStockMember2022-12-310001854587us-gaap:AdditionalPaidInCapitalMember2022-12-310001854587us-gaap:TreasuryStockCommonMember2022-12-310001854587us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-12-310001854587us-gaap:RetainedEarningsMember2022-12-3100018545872021-08-302021-08-30xbrli:pure0001854587cele:BlackBagTechnologiesIncBlackBagMember2020-02-280001854587cele:BlackBagTechnologiesIncBlackBagMember2020-02-282020-02-280001854587cele:InitialDividendPaidMember2021-08-302021-08-300001854587cele:AdditionalDividendPaidMember2021-08-302021-08-3000018545872021-08-300001854587cele:TWCSecurityholdersMembercele:TWCTechHoldingsIICorpTWCMember2021-08-300001854587cele:PIPEInvestorSharePurchaseAgreementMember2021-08-300001854587cele:PIPEInvestorSharePurchaseAgreementMember2021-08-302021-08-300001854587cele:DigitalCluesDCMember2021-11-112021-11-110001854587us-gaap:ComputerEquipmentMembersrt:MinimumMember2022-01-012022-12-310001854587us-gaap:ComputerEquipmentMembersrt:MaximumMember2022-01-012022-12-310001854587us-gaap:OtherMachineryAndEquipmentMember2022-01-012022-12-310001854587us-gaap:OfficeEquipmentMembersrt:MinimumMember2022-01-012022-12-310001854587srt:MaximumMemberus-gaap:OfficeEquipmentMember2022-01-012022-12-310001854587srt:MinimumMember2022-01-012022-12-310001854587srt:MaximumMember2022-01-012022-12-310001854587us-gaap:EmployeeStockOptionMember2022-01-012022-12-310001854587us-gaap:EmployeeStockOptionMember2021-01-012021-12-310001854587us-gaap:EmployeeStockOptionMember2020-01-012020-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MinimumMember2022-01-012022-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MaximumMember2022-01-012022-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MinimumMember2021-01-012021-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MaximumMember2021-01-012021-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MinimumMember2020-01-012020-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MaximumMember2020-01-012020-12-310001854587srt:MinimumMember2021-01-012021-12-310001854587srt:MaximumMember2021-01-012021-12-310001854587srt:MinimumMember2020-01-012020-12-310001854587srt:MaximumMember2020-01-012020-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MinimumMember2022-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MaximumMember2022-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MinimumMember2021-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MaximumMember2021-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MinimumMember2020-12-310001854587us-gaap:EmployeeStockOptionMembersrt:MaximumMember2020-12-310001854587us-gaap:EmployeeStockMembersrt:MinimumMember2022-01-012022-12-310001854587us-gaap:EmployeeStockMembersrt:MaximumMember2022-01-012022-12-310001854587us-gaap:EmployeeStockMembersrt:MinimumMember2022-12-310001854587us-gaap:EmployeeStockMembersrt:MaximumMember2022-12-310001854587us-gaap:EmployeeStockMember2022-01-012022-12-310001854587us-gaap:ForeignExchangeForwardMember2022-01-012022-12-310001854587us-gaap:ForeignExchangeForwardMember2021-01-012021-12-31cele:segment0001854587us-gaap:TechnologyBasedIntangibleAssetsMembersrt:MinimumMember2022-01-012022-12-310001854587srt:MaximumMemberus-gaap:TechnologyBasedIntangibleAssetsMember2022-01-012022-12-310001854587us-gaap:TradeNamesMember2022-01-012022-12-310001854587us-gaap:CustomerRelationshipsMember2022-01-012022-12-310001854587us-gaap:EMEAMember2022-12-310001854587us-gaap:EMEAMember2021-12-310001854587srt:AmericasMember2022-12-310001854587srt:AmericasMember2021-12-310001854587srt:AsiaPacificMember2022-12-310001854587srt:AsiaPacificMember2021-12-310001854587us-gaap:EmployeeStockOptionMember2022-01-012022-12-310001854587us-gaap:EmployeeStockOptionMember2021-01-012021-12-310001854587us-gaap:EmployeeStockOptionMember2020-01-012020-12-310001854587us-gaap:RestrictedStockMember2022-01-012022-12-310001854587cele:OrdinarySharesAndVestedRestrictedStockUnitsMember2022-01-012022-12-310001854587us-gaap:WarrantMembercele:PublicWarrantLiabilityMember2022-01-012022-12-310001854587us-gaap:WarrantMembercele:PrivatePlacementWarrantLiabilityMember2022-01-012022-12-310001854587us-gaap:WarrantMembercele:PublicWarrantLiabilityMember2021-01-012021-12-310001854587us-gaap:WarrantMembercele:PrivatePlacementWarrantLiabilityMember2021-01-012021-12-3100018545872022-01-010001854587cele:BlackBagTechnologiesIncBlackBagMember2020-02-270001854587cele:BlackBagTechnologiesIncBlackBagMember2020-02-272020-02-2700018545872020-02-272020-02-27cele:installment0001854587cele:BlackBagTechnologiesIncBlackBagMember2020-01-012020-12-310001854587us-gaap:TradeNamesMembercele:BlackBagTechnologiesIncBlackBagMember2020-02-270001854587us-gaap:TechnologyBasedIntangibleAssetsMembercele:BlackBagTechnologiesIncBlackBagMember2020-02-270001854587us-gaap:TradeNamesMembercele:BlackBagTechnologiesIncBlackBagMember2020-02-272020-02-270001854587us-gaap:TechnologyBasedIntangibleAssetsMembercele:BlackBagTechnologiesIncBlackBagMember2020-02-272020-02-270001854587cele:BlackBagTechnologiesIncBlackBagMember2022-01-012022-12-310001854587cele:BlackBagTechnologiesIncBlackBagMember2021-01-012021-12-310001854587cele:DigitalCluesLTDMember2021-11-112021-11-110001854587cele:DigitalCluesLTDMember2021-11-110001854587cele:DigitalCluesLTDMemberus-gaap:TechnologyBasedIntangibleAssetsMember2021-11-110001854587cele:DigitalCluesLTDMemberus-gaap:CustomerRelationshipsMember2021-11-110001854587cele:DigitalCluesLTDMemberus-gaap:TechnologyBasedIntangibleAssetsMember2021-11-112021-11-110001854587cele:DigitalCluesLTDMemberus-gaap:CustomerRelationshipsMember2021-11-112021-11-110001854587cele:DigitalCluesLTDMember2022-01-012022-12-310001854587cele:DigitalCluesLTDMember2021-01-012021-12-310001854587us-gaap:TechnologyBasedIntangibleAssetsMember2022-12-310001854587us-gaap:TechnologyBasedIntangibleAssetsMember2021-12-310001854587us-gaap:TradeNamesMember2022-12-310001854587us-gaap:TradeNamesMember2021-12-310001854587us-gaap:CustomerRelationshipsMember2022-12-310001854587us-gaap:CustomerRelationshipsMember2021-12-310001854587us-gaap:CorporateBondSecuritiesMember2022-12-310001854587us-gaap:AgencySecuritiesMember2022-12-310001854587us-gaap:USTreasuryBillSecuritiesMember2022-12-310001854587us-gaap:USGovernmentDebtSecuritiesMember2022-12-310001854587us-gaap:MunicipalBondsMember2022-12-310001854587us-gaap:CommercialPaperMember2022-12-310001854587us-gaap:OtherMachineryAndEquipmentMember2022-12-310001854587us-gaap:OtherMachineryAndEquipmentMember2021-12-310001854587us-gaap:FurnitureAndFixturesMember2022-12-310001854587us-gaap:FurnitureAndFixturesMember2021-12-310001854587us-gaap:LeaseholdImprovementsMember2022-12-310001854587us-gaap:LeaseholdImprovementsMember2021-12-310001854587us-gaap:ComputerEquipmentMember2022-12-310001854587us-gaap:ComputerEquipmentMember2021-12-310001854587us-gaap:ForeignExchangeOptionMemberus-gaap:DesignatedAsHedgingInstrumentMember2022-12-310001854587us-gaap:ForeignExchangeOptionMemberus-gaap:DesignatedAsHedgingInstrumentMember2021-12-310001854587us-gaap:ForeignExchangeOptionMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueInputsLevel2Member2022-12-310001854587us-gaap:ForeignExchangeOptionMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueInputsLevel2Member2021-12-310001854587us-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:ForeignExchangeForwardMember2022-12-310001854587us-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:ForeignExchangeForwardMember2021-12-310001854587us-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:ForeignExchangeForwardMemberus-gaap:FairValueInputsLevel2Member2022-12-310001854587us-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:ForeignExchangeForwardMemberus-gaap:FairValueInputsLevel2Member2021-12-310001854587us-gaap:DesignatedAsHedgingInstrumentMember2022-12-310001854587us-gaap:DesignatedAsHedgingInstrumentMember2021-12-310001854587us-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueInputsLevel2Member2022-12-310001854587us-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueInputsLevel2Member2021-12-310001854587us-gaap:ForeignExchangeOptionMemberus-gaap:PrepaidExpensesAndOtherCurrentAssetsMember2022-12-310001854587us-gaap:ForeignExchangeOptionMemberus-gaap:PrepaidExpensesAndOtherCurrentAssetsMember2021-12-310001854587us-gaap:PrepaidExpensesAndOtherCurrentAssetsMemberus-gaap:ForeignExchangeForwardMember2022-12-310001854587us-gaap:PrepaidExpensesAndOtherCurrentAssetsMemberus-gaap:ForeignExchangeForwardMember2021-12-310001854587us-gaap:ForeignExchangeOptionMemberus-gaap:AccountsPayableMember2022-12-310001854587us-gaap:ForeignExchangeOptionMemberus-gaap:AccountsPayableMember2021-12-310001854587us-gaap:AccountsPayableMemberus-gaap:ForeignExchangeForwardMember2022-12-310001854587us-gaap:AccountsPayableMemberus-gaap:ForeignExchangeForwardMember2021-12-310001854587us-gaap:ForeignExchangeForwardMember2020-01-012020-12-310001854587us-gaap:ForeignExchangeOptionMember2022-01-012022-12-310001854587us-gaap:ForeignExchangeOptionMember2021-01-012021-12-310001854587us-gaap:ForeignExchangeOptionMember2020-01-012020-12-310001854587cele:CostOfRevenuesAndOperatingExpensesMemberus-gaap:ForeignExchangeOptionMember2022-01-012022-12-310001854587cele:CostOfRevenuesAndOperatingExpensesMemberus-gaap:ForeignExchangeOptionMember2021-01-012021-12-310001854587cele:CostOfRevenuesAndOperatingExpensesMemberus-gaap:ForeignExchangeOptionMember2020-01-012020-12-310001854587cele:CostOfRevenuesOperatingExpensesAndFinancialExpensesMemberus-gaap:ForeignExchangeForwardMember2022-01-012022-12-310001854587cele:CostOfRevenuesOperatingExpensesAndFinancialExpensesMemberus-gaap:ForeignExchangeForwardMember2021-01-012021-12-310001854587cele:CostOfRevenuesOperatingExpensesAndFinancialExpensesMemberus-gaap:ForeignExchangeForwardMember2020-01-012020-12-31cele:vote00018545872019-06-172019-06-1700018545872019-06-170001854587cele:IGPSaferworldLimitedPartnershipMembercele:CellebriteDILtdMember2019-06-1700018545872019-01-012019-12-31cele:shareholder0001854587cele:The2021PlanMember2021-08-050001854587cele:ShareBasedPaymentArrangementOptionsInTheMoneyMember2022-12-310001854587cele:ShareBasedPaymentArrangementOptionsInTheMoneyMember2021-12-310001854587cele:ShareBasedPaymentArrangementOptionsOutOfTheMoneyMember2022-12-310001854587cele:ShareBasedPaymentArrangementOptionsOutOfTheMoneyMember2021-12-310001854587us-gaap:RestrictedStockUnitsRSUMember2021-12-310001854587us-gaap:RestrictedStockUnitsRSUMember2022-01-012022-12-310001854587us-gaap:RestrictedStockUnitsRSUMember2022-12-310001854587us-gaap:RestrictedStockUnitsRSUMember2021-01-012021-12-310001854587us-gaap:EmployeeStockMember2021-08-052021-08-050001854587us-gaap:CostOfSalesMember2022-01-012022-12-310001854587us-gaap:CostOfSalesMember2021-01-012021-12-310001854587us-gaap:CostOfSalesMember2020-01-012020-12-310001854587us-gaap:ResearchAndDevelopmentExpenseMember2022-01-012022-12-310001854587us-gaap:ResearchAndDevelopmentExpenseMember2021-01-012021-12-310001854587us-gaap:ResearchAndDevelopmentExpenseMember2020-01-012020-12-310001854587us-gaap:SellingAndMarketingExpenseMember2022-01-012022-12-310001854587us-gaap:SellingAndMarketingExpenseMember2021-01-012021-12-310001854587us-gaap:SellingAndMarketingExpenseMember2020-01-012020-12-310001854587us-gaap:GeneralAndAdministrativeExpenseMember2022-01-012022-12-310001854587us-gaap:GeneralAndAdministrativeExpenseMember2021-01-012021-12-310001854587us-gaap:GeneralAndAdministrativeExpenseMember2020-01-012020-12-310001854587cele:PublicWarrantLiabilityMember2021-08-300001854587cele:PrivatePlacementWarrantLiabilityMember2021-08-300001854587cele:PublicWarrantLiabilityMember2022-01-012022-12-310001854587cele:WarrantLiabilitiesMemberus-gaap:FairValueInputsLevel1Membercele:PublicWarrantLiabilityMember2021-12-310001854587cele:WarrantLiabilitiesMembercele:PrivatePlacementWarrantLiabilityMemberus-gaap:FairValueInputsLevel3Member2021-12-310001854587cele:WarrantLiabilitiesMember2021-12-310001854587cele:WarrantLiabilitiesMemberus-gaap:FairValueInputsLevel1Membercele:PublicWarrantLiabilityMember2022-01-012022-12-310001854587cele:WarrantLiabilitiesMembercele:PrivatePlacementWarrantLiabilityMemberus-gaap:FairValueInputsLevel3Member2022-01-012022-12-310001854587cele:WarrantLiabilitiesMember2022-01-012022-12-310001854587cele:WarrantLiabilitiesMemberus-gaap:FairValueInputsLevel1Membercele:PublicWarrantLiabilityMember2022-12-310001854587cele:WarrantLiabilitiesMembercele:PrivatePlacementWarrantLiabilityMemberus-gaap:FairValueInputsLevel3Member2022-12-310001854587cele:WarrantLiabilitiesMember2022-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:FairValueInputsLevel3Member2022-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:FairValueInputsLevel3Member2021-12-310001854587us-gaap:MeasurementInputExercisePriceMembercele:PrivatePlacementWarrantLiabilityMemberus-gaap:FairValueInputsLevel3Member2022-12-310001854587us-gaap:MeasurementInputExercisePriceMembercele:PrivatePlacementWarrantLiabilityMemberus-gaap:FairValueInputsLevel3Member2021-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputSharePriceMemberus-gaap:FairValueInputsLevel3Member2022-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputSharePriceMemberus-gaap:FairValueInputsLevel3Member2021-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputExpectedTermMemberus-gaap:FairValueInputsLevel3Member2022-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputExpectedTermMemberus-gaap:FairValueInputsLevel3Member2021-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputPriceVolatilityMemberus-gaap:FairValueInputsLevel3Member2022-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputPriceVolatilityMemberus-gaap:FairValueInputsLevel3Member2021-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputRiskFreeInterestRateMemberus-gaap:FairValueInputsLevel3Member2022-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputRiskFreeInterestRateMemberus-gaap:FairValueInputsLevel3Member2021-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputExpectedDividendRateMemberus-gaap:FairValueInputsLevel3Member2022-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputExpectedDividendRateMemberus-gaap:FairValueInputsLevel3Membersrt:MinimumMember2022-12-310001854587cele:PrivatePlacementWarrantLiabilityMemberus-gaap:MeasurementInputExpectedDividendRateMembersrt:MaximumMemberus-gaap:FairValueInputsLevel3Member2022-12-310001854587cele:TWCTechHoldingsIICorpTWCMemberus-gaap:RestrictedStockMembercele:TheSponsorMember2022-01-012022-12-310001854587cele:TWCTechHoldingsIICorpTWCMembercele:TheSponsorMember2022-01-012022-12-310001854587cele:TWCTechHoldingsIICorpTWCMembercele:ReverseRecapitalizationAgreementTrancheOneMemberus-gaap:RestrictedStockMembercele:TheSponsorMember2022-01-012022-12-310001854587cele:ReverseRecapitalizationAgreementTrancheTwoMembercele:TWCTechHoldingsIICorpTWCMemberus-gaap:RestrictedStockMembercele:TheSponsorMember2022-01-012022-12-310001854587cele:ReverseRecapitalizationAgreementTrancheThreeMembercele:TWCTechHoldingsIICorpTWCMemberus-gaap:RestrictedStockMembercele:TheSponsorMember2022-01-012022-12-310001854587cele:HoldersOfCellebritesOrdinarySharesAndVestedRestrictedShareUnitsMembercele:TWCTechHoldingsIICorpTWCMembercele:OrdinarySharesAndVestedRestrictedStockUnitsMember2022-01-012022-12-310001854587cele:ReverseRecapitalizationAgreementTrancheThreeMembercele:HoldersOfCellebritesOrdinarySharesAndVestedRestrictedShareUnitsMembercele:TWCTechHoldingsIICorpTWCMembercele:OrdinarySharesAndVestedRestrictedStockUnitsMember2022-01-012022-12-310001854587cele:HoldersOfCellebritesOrdinarySharesAndVestedRestrictedShareUnitsMembercele:TWCTechHoldingsIICorpTWCMembercele:ReverseRecapitalizationAgreementTrancheOneMembercele:OrdinarySharesAndVestedRestrictedStockUnitsMember2022-01-012022-12-310001854587cele:ReverseRecapitalizationAgreementTrancheTwoMembercele:HoldersOfCellebritesOrdinarySharesAndVestedRestrictedShareUnitsMembercele:TWCTechHoldingsIICorpTWCMembercele:OrdinarySharesAndVestedRestrictedStockUnitsMember2022-01-012022-12-310001854587cele:RestrictedSponsorSharesMember2021-12-310001854587cele:PriceAdjustmentSharesMember2021-12-310001854587cele:RestrictedSponsorAndPriceAdjustmentSharesMember2021-12-310001854587cele:RestrictedSponsorSharesMember2022-01-012022-12-310001854587cele:PriceAdjustmentSharesMember2022-01-012022-12-310001854587cele:RestrictedSponsorAndPriceAdjustmentSharesMember2022-01-012022-12-310001854587cele:RestrictedSponsorSharesMember2022-12-310001854587cele:PriceAdjustmentSharesMember2022-12-310001854587cele:RestrictedSponsorAndPriceAdjustmentSharesMember2022-12-310001854587cele:RestrictedSponsorSharesMemberus-gaap:FairValueInputsLevel3Member2022-01-012022-12-310001854587cele:PriceAdjustmentSharesMemberus-gaap:FairValueInputsLevel3Member2022-01-012022-12-310001854587cele:RestrictedSponsorSharesMemberus-gaap:FairValueInputsLevel3Member2021-01-012021-12-310001854587cele:PriceAdjustmentSharesMemberus-gaap:FairValueInputsLevel3Member2021-01-012021-12-310001854587cele:RestrictedSponsorSharesMemberus-gaap:FairValueInputsLevel3Membersrt:MinimumMember2022-01-012022-12-310001854587cele:RestrictedSponsorSharesMembersrt:MaximumMemberus-gaap:FairValueInputsLevel3Member2022-01-012022-12-310001854587cele:PriceAdjustmentSharesMemberus-gaap:FairValueInputsLevel3Membersrt:MinimumMember2022-01-012022-12-310001854587cele:PriceAdjustmentSharesMembersrt:MaximumMemberus-gaap:FairValueInputsLevel3Member2022-01-012022-12-310001854587cele:RestrictedSponsorSharesMemberus-gaap:FairValueInputsLevel3Membersrt:MinimumMember2021-01-012021-12-310001854587cele:RestrictedSponsorSharesMembersrt:MaximumMemberus-gaap:FairValueInputsLevel3Member2021-01-012021-12-310001854587cele:PriceAdjustmentSharesMemberus-gaap:FairValueInputsLevel3Membersrt:MinimumMember2021-01-012021-12-310001854587cele:PriceAdjustmentSharesMembersrt:MaximumMemberus-gaap:FairValueInputsLevel3Member2021-01-012021-12-310001854587us-gaap:EMEAMember2022-01-012022-12-310001854587us-gaap:EMEAMember2021-01-012021-12-310001854587us-gaap:EMEAMember2020-01-012020-12-310001854587srt:AmericasMember2022-01-012022-12-310001854587srt:AmericasMember2021-01-012021-12-310001854587srt:AmericasMember2020-01-012020-12-310001854587srt:AsiaPacificMember2022-01-012022-12-310001854587srt:AsiaPacificMember2021-01-012021-12-310001854587srt:AsiaPacificMember2020-01-012020-12-310001854587cele:ApprovedEnterpriseAndBeneficiaryEnterpriseMembersrt:MinimumMember2022-01-012022-12-310001854587srt:MaximumMembercele:ApprovedEnterpriseAndBeneficiaryEnterpriseMember2022-01-012022-12-3100018545872022-10-012022-10-31
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549



FORM 20-F



(Mark One)
REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR 12(g) OF THE SECURITIES EXCHANGE ACT OF 1934

OR

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2022

OR

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934

OR

SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934


Commission File Number: 001-40772



Cellebrite DI Ltd.
1

(Exact name of Registrant as specified in its charter)


Not applicable
Israel
(Translation of Registrant’s name into English)
(Jurisdiction of incorporation or organization)

94 Shlomo Shmelzer Road Petah Tikva 4970602, Israel
(Address of principal executive offices)

Copy to:
Ayala Berler Shapira
94 Shlomo Shmelzer Road Petah Tikva 4970602, Israel
+972 (73) 394-8000
(Name, Telephone, Email and/or Facsimile number and Address of Company Contact Person)



Securities registered or to be registered pursuant to Section 12(b) of the Act:
Title of each class
Trading
Symbol(s)
Name of each exchange
on which registered
Ordinary shares, par value NIS 0.00001
CLBT
Nasdaq Global Market
Warrants to purchase ordinary shares
CLBTW
Nasdaq Global Market

Securities registered or to be registered pursuant to Section 12(g) of the Act: None

Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None

Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report:

On April 14, 2023, the issuer had 194,689,938 ordinary shares, par value NIS 0.00001, outstanding.

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No

2

If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934. Yes ☐ No

Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, or a non-accelerated filer, or an emerging growth company. See definition of “accelerated filer,” “large accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act. (Check one):
Large accelerated filer
Non-accelerated filer
Accelerated filer
Emerging growth company

If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards † provided pursuant to Section 13(a) of the Exchange Act.

† The term “new or revised financial accounting standard” refers to any update issued by the Financial Accounting Standards Board to its Accounting Standards Codification after April 5, 2012.

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.

Indicate by check mark which basis of accounting the registrant has used to prepare the financial statements included in this filing:
U.S. GAAP
International Financial Reporting Standards as issued by the International Accounting Standards Board
Other ☐

3

If “Other” has been checked in response to the previous question indicate by check mark which financial statement item the registrant has elected to follow. Item 17 ☐ Item 18 ☐

If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes No ☒

4

TABLE OF CONTENTS
5

Page
PART I
PART II
PART III
F-1
6


INTRODUCTORY NOTE
Unless otherwise stated or unless the context otherwise requires, the terms “Company,” “the registrant,” “our company,” “the company,” “we,” “us,” “our,” “ours,” and “Cellebrite” as used in this annual report on Form 20-F (this “Form 20-F” or “Annual Report”) refer to Cellebrite DI Ltd., a company organized under the laws of the State of Israel.
Cellebrite is a global leader providing Digital Intelligence (“DI”) suite of solutions, comprising of software and services, for legally sanctioned investigations. Cellebrite currently has two classes of securities listed on the Nasdaq Global Market (“Nasdaq”): our ordinary shares, NIS 0.00001 par value (“Ordinary Shares” or “ordinary shares”), and warrants to purchase Ordinary Shares (“Warrants”).
On April 8, 2021, Cellebrite entered into a Business Combination Agreement and Plan of Merger (the “Merger Agreement”) with TWC Tech Holdings II Corp. (“TWC”), which closed on August 30, 2021 (the ”Closing”), pursuant to which TWC became a wholly-owned subsidiary of Cellebrite (the “Merger”), the security holders of TWC became security holders of Cellebrite and Cellebrite became a publicly traded company with its securities listed on the Nasdaq.


PRESENTATION OF FINANCIAL AND OTHER INFORMATION
Our financial statements have been prepared in accordance with generally accepted accounting principles in the United States (“GAAP” or “U.S. GAAP”). We present our combined financial statements in U.S. dollars (“U.S. dollars” “USD,” “US$” or “$”). All references in this Annual Report to “Israeli currency” and “NIS” refer to New Israeli Shekels and the terms “€” or “euro” refer to the currency introduced at the start of the third stage of European economic and monetary union pursuant to the treaty establishing the European Community, as amended.
Our fiscal year ends on December 31 of each year. References to fiscal 2020 and 2020 are references to the fiscal year ended December 31, 2020, references to fiscal 2021 and 2021 are references to the fiscal year ended December 31, 2021, and references to fiscal 2022 and 2022 are references to the fiscal year ended December 31, 2022.

All percentages have been calculated using unrounded amounts.

TRADEMARKS
We have proprietary rights to trademarks used in this Annual Report that are important to our business, many of which are registered under applicable intellectual property laws. Solely for convenience, trademarks and trade names referred to in this Annual Report may appear without the “®” or “™” symbols, but such references are not intended to indicate, in any way, that we will not assert, to the fullest extent possible under applicable law, our rights or the rights of the applicable licensor to these trademarks and trade names. We do not intend our use or display of other companies’ trademarks, trade names or service marks to imply a relationship with, or endorsement or sponsorship of us by, any other companies. Each trademark, trade name or service mark of any other company appearing in this Annual Report is the property of its respective holder.

MARKET INFORMATION
This Annual Report contains industry and market data, including market sizing estimates, growth and other projections and information regarding our competitive position, prepared by our management
7

on the basis of industry sources and our management’s knowledge of and experience in the industry and markets in which we operate (including management’s estimates and assumptions relating to such industry and markets based on that knowledge). Our management has developed its knowledge of such industry and markets through its experience and participation in these markets.

SPECIAL NOTE ABOUT FORWARD-LOOKING STATEMENTS AND RISK FACTOR SUMMARY
Certain statements in this Annual Report may constitute “forward-looking statements” for purposes of the federal securities laws. Forward-looking statements include, but are not limited to, statements regarding Cellebrite, or its management team’s expectations, hopes, beliefs, intentions or strategies regarding the future. In addition, any statements that refer to projections, forecasts or other characterizations of future events or circumstances, including any underlying assumptions, are forward-looking statements. The words “anticipate,” “will,” “appear,” “approximate,” “believe,” “continue,” “could,” “estimate,” “expect,” “foresee,” “intends,” “may,” “might,” “plan,” “possible,” “potential,” “predict,” “project,” “seek,” “should,” “would” and similar expressions (or the negative version of such words or expressions) may identify forward-looking statements, but the absence of these words does not mean that a statement is not forward-looking. Forward-looking statements in this Annual Report may include, for example, statements about Cellebrite’s strategic and business plans, relationships or outlook, the impact of trends on and interest in its business, intellectual property or product, and its future results. The statements we make regarding the following matters are forward-looking by their nature.
The forward-looking statements are based on our beliefs, assumptions and expectations of future performance, taking into account the information currently available to us. These statements are only predictions based upon our current expectations and projections about future events. There are important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the results, performance or achievements expressed or implied by the forward-looking statements. These important factors include, among others, the items in the following list, which also summarizes some of our most principal risks:

risks associated with our ability to keep pace with technological advances and challenges and evolving industry standards, to adapt to changing market potential within our markets and to successfully launch new solutions and add-ons that meet or exceed customer needs;
risks associated with our material dependence on the acceptance of our solutions by domestic and international law enforcement and government agencies;
risks associated with real or perceived errors, failures, defects or bugs in our DI solutions;
risks associated with our failure to maintain the productivity of sales and marketing personnel, including relating to hiring, integrating and retaining personnel;
risks due to intense competition in all of our markets, including risks associated with pricing pressures from and loss of market share to competitors with greater resources than we have and increasing competition as a result of consolidation in the industry;
risks associated with the inadvertent or deliberate misuse of our solutions;
risks relating to our ability to properly manage our growth as a business, and execute new offerings, developments and strategic opportunities, including joint ventures, partnerships and acquisitions;
risks associated with the use of artificial intelligence in our solutions;
risks that financing sources may be unavailable to us on reasonable terms or at all;
risks associated with our reliance on third-party suppliers for certain components, products, or services, including risks related to the availability of raw materials or components;
8

challenges associated with large transactions, including with respect to longer sales cycles, as well as with developing, offering, implementing, and maintaining new solutions;
risks related to our dependence on our customers to renew their subscriptions and purchase additional subscriptions or services from us;
risks associated with our ability to retain, recruit, and train qualified personnel, particularly research and development and sales and marketing personnel in regions in which we operate, including in new markets and growth areas we may enter;
risks associated with political and reputational factors related to our business or operations, such as negative publicity, including with respect to the nature of our solutions;
risks that our customers may delay or terminate contracts, or are unable to honor contractual commitments or payment obligations due to liquidity issues or other challenges in their budgets and business;
risks related to the difficulty in discerning revenue declines from our operating results due to the way in which we recognize revenue;
risks associated with a significant amount of our business coming from government customers around the world and associated procurement processes, and potential audits, investigations, civil and criminal penalties and administrative sanctions;
risks associated with the weakening of general economic conditions, including on our private sector customers;
risks that our intellectual property rights may not be adequate to protect our business or assets or that others may make claims on our intellectual property, claim infringement on their intellectual property rights, or claim a violation of their license rights, including relative to free or open-source-software components we may use;
risk of security vulnerabilities or defects, including cyber-attacks, information technology system breaches, failures or disruptions;
risks associated with the mishandling or perceived mishandling of sensitive or confidential information, including personally identifiable information;
risks associated with complex and changing regulatory environments relating to our operations, the products and services we offer, and/or the use of our solutions by our customers, including with respect to applicable classification and confidentiality restrictions, and data privacy and protection;
risks relating to the regulatory constraints to which we are subject, including encryption laws, trade and export controls from the governments of Israel and other countries where we operate;
risks associated with different corporate governance requirements applicable to Israeli companies and risks associated with being a foreign private issuer and an emerging growth company;
risks associated with market volatility in the price of our shares based on our performance or factors and risks associated with general economic and market conditions;
risks associated with changing tax laws and regulations, tax rates, and the continuing availability of expected tax benefits in the countries in which we operate;
risks associated with potential joint ventures, partnerships and strategic initiatives, including the diversion of management’s attention as a result of such initiatives;
risks associated with our significant international operations, including due to our Israeli operations, fluctuations in foreign exchange rates, rising global inflation, and exposure to regions subject to political or economic instability, including the State of Israel;
uncertainties regarding the impact of changes in macroeconomic and/or global conditions, including as a result of slowdowns, recessions, economic instability, political unrest, or outbreaks
9

of disease, as well as the resulting impact on information technology spending and government budgets, on our business;
risks associated with recent turmoil in the banking industry;
risks associated with our failure to comply with anti-corruption, trade compliance, anti-money-laundering and economic sanctions laws and regulations; and
risks relating to the adequacy of our existing systems, processes, policies, procedures, internal controls, and personnel for our current and future operations and reporting needs.

Some of these factors are discussed in more detail in this Annual Report, including under “Part I, Item 3. Key Information—D. Risk Factors,” “Part I, Item 4. Information on the Company” and “Part I, Item 5. Operating and Financial Review and Prospects.”
You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that future results, levels of activity, performance and events and circumstances reflected in the forward-looking statements will be achieved or will occur. All forward-looking statements in this Annual Report speak as of the date of those statements. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason after the date of this Annual Report, to conform these statements to actual results or to changes in our expectations.

PART I
ITEM 1. IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS
A. Directors and Senior Management
Not applicable.

B. Advisers
Not applicable.

C. Auditors
Not applicable.

ITEM 2. OFFER STATISTICS AND EXPECTED TIMETABLE
Not applicable.

ITEM 3. KEY INFORMATION
A. [Reserved]

B. Capitalization and Indebtedness
Not applicable.
C. Reasons for the Offer and Use of Proceeds
10

Not applicable.
D. Risk Factors
An investment in our securities involves a high degree of risk. You should carefully consider the risks described below before making an investment decision. Our business, prospects, financial condition, or operating results could be harmed by any of these risks, as well as other risks not known to us or that we consider immaterial as of the date of this Annual Report. The trading price of our securities could decline due to any of these risks, and, as a result, you may lose all or part of your investment.

Risks Related to Cellebrite’s Business and Industry
If we do not continue to develop technologically advanced solutions, our future revenue, financial and operating results would be negatively affected.
Cellebrite offers a comprehensive digital intelligence, or DI suite of solutions that includes a variety of solutions designed to help our customers collect, review, analyze and manage investigative data with respect to legally sanctioned investigations. We specialize in the creation of software based solutions that enable collection, decoding, decryption, analysis, reporting and management of data derived from digital devices and sources manufactured or produced by a variety of original equipment manufacturers (“OEMs”) as well as the applications installed on such sources. Because OEMs and other software manufacturers are continuously changing their products, our success depends on our ability to design and develop new solutions and upgrades to our existing software solutions that keep up with these changes. However, there can be no assurance that we are able to design and develop adequate solutions and upgrades that will be compatible with products from OEMs and other software manufacturers. If we are unable to update our software to keep up with the evolving security and encryption strategies in the industry, the utilization of our solutions may decrease over time if it becomes unable to collect, decode or encrypt data from certain digital devices. Further, as a result, our software may be vulnerable to malicious attacks. As a result, our reputation might be harmed and our financial and operating results will be negatively affected. Further, if we are unable to successfully deliver access capabilities via our Collect & Review solutions, we may not be able to provide our customers with the ability to lawfully access certain investigative or forensic data and as such our customers’ ability to carry out their mission will degrade and this may harm their perception of the value of our solutions and negatively impact our reputation and financial and operational results.

Further, if we experience high turnover of our research and development personnel, a lack of managerial resources to guide our research and development, or a lack of other research and development resources, we may miss or fail to execute on new solutions development and strategic opportunities and consequently lose potential and actual market share. The success of our business is dependent on our product and research and development teams developing and executing on a roadmap that allows us to retain and increase the spending of our existing customers and attract new customers. Failure to continue offering the same caliber of solutions as we have been able to offer in the past will adversely affect our financial and operating results.

If law enforcement and other government agencies do not continue to purchase, accept and use our solutions, our revenue will be adversely affected.

Sales to law enforcement and government agencies accounted for approximately 90% of our revenue in 2020, 2021 and 2022. At any point, due to external factors and opinions, whether or not related to our products’ performance, law enforcement and governments agencies may elect to no longer
11

purchase our solutions. The key trends affecting the digital investigations and intelligence market include: among other things, the explosive growth in the volume of data production and availability, the growing frequency and risk of insider threats and employee misconduct in private enterprises, the increases in data complexity, sophistication and business impact of cybercrime in the private sector and the need for digital evidence management and analysis systems, a lack of sufficient digital forensic professionals and constraints in resources in the public sector, and the substantial volume of remote workforce. If we are unable to meet these evolving needs, law enforcement and other government agencies may not continue to purchase, accept and use our solutions, and our revenue and financial condition will be adversely affected.
Our revenue, financial and operating results may also be impacted by changes in organizational structure within the public sector leading to complex decision-making processes or by a slowdown in the pace of adoption of investigation and justice acceleration related technologies in the public sector.

Real or perceived errors, failures, defects or bugs in our DI solutions could adversely affect our results of operations, financial results, growth prospects and reputation.

Because we offer a complex DI suite of solutions, undetected errors, defects, failures or bugs may occur, especially when solutions or capabilities are first introduced or when new versions or other product or infrastructure updates are released. Despite frequent testing by us and regular software updates, errors, failures, or bugs may not be found in new software or releases until after they are implemented, and this could adversely affect our reputation and our customers’ willingness to buy solutions from us, and adversely affect market acceptance or perception of our solutions.
Many of our customers, especially those in law enforcement, use our solutions in applications that are of public interest or critical to their businesses or missions and may thus have a lower risk tolerance to defects in our solutions than to defects in other, less critical, software solutions. Errors or delays in releasing software updates or allegations of unsatisfactory performance or errors, defects or failures in released software could cause us, in the long run, to lose sales opportunities, increase our service costs, incur substantial software redesigning costs, lose customers or subject us to liability for damages and divert our resources from other tasks, any one of which could materially and adversely affect our business, results of operations and financial condition.
An error, failure or bug in any of our solutions used by our law enforcement customers could lead to interference with the administration of justice, for example by corrupting digital evidence rendering them inadmissible Real or perceived errors, failures, or bugs in our solutions, or dissatisfaction with our solutions and outcomes, could result in customer terminations or non-renewals. In such an event, we may be required, or we may choose, for customer relations or other reasons, to expend additional resources in order to help correct any such errors, failures, or bugs.

A failure to maintain sales and marketing personnel productivity or hire, integrate and retain additional sales and marketing personnel has in the past and could in the future adversely affect our results of operations and growth prospects.

Our business requires intensive sales and marketing activities on a constant basis. Part of our strategy is to attract a larger number of law enforcement customers to use more of our solutions. Our sales and marketing personnel are essential to this effort and to attracting new customers and for the renewal and expansion of sales to existing customers generally. We require personnel with expertise in government contracting at federal, state and local levels in a variety of countries, and expertise in the private market, and with sufficient technological literacy to discuss our solutions’ features. There is a limited number of individuals with this experience and competition for them is intense. Furthermore, once hired it takes at least three months before a new sales force member is fully trained and operating at
12

a level that meets our expectations, and training may take even longer when working remotely. While we invest significant time and resources in training new members of our sales force, we may not be able to achieve our target performance levels with new sales personnel, whether due to larger number of new hires, or lack of experience training sales personnel to operate in new jurisdictions or because of remote hiring and training process, among other reasons. Our failure to hire a sufficient number of qualified individuals, to successfully integrate new sales force members within the time periods we expect, and to contain sales force attrition rates may materially impact our financial and operational results as well as the growth of our business.

We face intense competition, including as a result of consolidation in our industry, which could increase the pricing pressure we face and cause us to lose market share, which would adversely affect our business, financial condition, and results of operations
The markets for our solutions are highly competitive and are subject to rapid technological change and other pressures created by changes in our industry. We face varying levels of competition across our solution offerings. For more information, see “Part I, Item 5. Operating and Financial Review and Prospects—A. Operating Results—Competition.”
Many of our current and potential competitors are larger and/or may have substantially greater resources than we have and expect to have in the future. They may also be able to devote greater resources to the development of their current and future technologies or the promotion of their offerings or offer lower prices. Our current and potential competitors may also establish cooperative or strategic relationships among themselves or with third parties that may further enhance their brand and reputation, resources and offerings. Recently, there has been consolidation within our industry, which may increase competition, lead to pricing pressures and loss of market share and result in competitors with greater resources than us and harm our competitive position. Further, it is possible that domestic or foreign companies or governments, some with substantial experience in the DI industry or greater financial resources than we possess, will seek to provide solutions that compete directly or indirectly with ours in the future. Any such foreign competitor, for example, could benefit from subsidies from, or other protective measures by, its home country.
Competition may increase and intensify in the future as the pace of technological change and adaptation quickens and as additional companies enter our markets, including those competitors who offer solutions similar to ours, but offer it through a different form of delivery. Numerous releases of competitive products have occurred in recent history and are expected to continue in the future. We may not be able to compete effectively with current competitors and potential entrants into our marketplace. We could lose market share if our current or prospective competitors: (i) develop technologies that are perceived to be substantially equivalent or superior to our technologies, (ii) introduce new competitive products or services, (iii) add new functionality to existing products and services, (iv) acquire competitive products and services, (v) reduce prices, or (vi) form strategic alliances or cooperative relationships with other companies. If other businesses were to engage in aggressive pricing policies with respect to competing products, as done in the past, or if the dynamics in our marketplace resulted in increasing bargaining power by the consumers of our solutions, we might need to lower the prices we charge for the solutions we offer, as we were forced in the past. This could result in lower revenue or reduced profit margins, either of which may materially adversely affect our business and operating results.
Finally, as we expand our offerings, we will face additional competition. For example, in the DI market, there are numerous brands and solutions that compete for sales, with competition based upon brand recognition and loyalty, product packaging, quality and innovation, licensing models, price and convenience. Hence, changes in our image, packaging and licensing models that may be done for marketing and branding purposes could have a negative impact on our customers’ preference for us, which could adversely affect our ability to attract or retain customers. Overall, we believe our ability to compete successfully in delivering DI at a competitive cost to customers does and will depend on a number of factors, which may change in the future due to increased competition, our ability to meet our
13

customers’ needs and the frequency and availability of our offerings. If we are unable to compete successfully, our business, financial condition and results of operations could be adversely affected.


If our solutions are inadvertently or deliberately misused by customers, such customers may achieve sub-optimal results, which could lead to the perception that our solutions are low-quality.

Once purchased, our solutions are used by our customers, and if our customers do not use the solutions correctly or as intended, inadequate performance or outcomes may result. Our solutions are sometimes used by customers with smaller or less sophisticated IT departments, and professional practitioners, potentially resulting in such suite of solutions performing at a lower level than anticipated by the customer. Our customers rely on our solutions to assist them address important goals and challenges, and so the incorrect or improper use or configuration of our solutions may result in customer dissatisfaction, contract terminations or non-renewals, reduced customer payments, negative publicity, or legal claims against us.
Furthermore, if customer personnel are not well trained in the use of our solutions, customers may open more support tickets, turn to our technical support more often, demand the attention of our customer satisfaction teams, or may defer the deployment of our solutions and solutions, may deploy them in a more limited manner than originally anticipated, or may not deploy them at all. If there is substantial turnover of customer personnel responsible for procurement and/or use of our solutions, our solutions may go unused or be adopted less broadly, and our ability to make additional sales may be substantially limited, which could negatively impact our business, results of operations, and growth prospects.

If we fail to manage future growth effectively, our business could be harmed.

For the last several years, we have experienced rapid growth. For example, our revenue has grown from $172 million in 2019 to $271 million in 2022, and our headcount has increased from 683 employees as of December 31, 2019 to 1,005 employees as of December 31, 2022. We operate in a growing market and have experienced, and may continue to experience, significant expansion of our operations. This growth has placed, and may continue to place, a strain on our employees, management systems, operational, financial, and other resources. As we have grown, we have increasingly managed larger and more complex deployments of our solutions with a broader base of government and private sector customers. As we continue to grow, we face challenges of integrating, developing, retaining, and motivating a rapidly growing employee base in various countries around the world. In the event of continued growth of our operations, our operational resources, including our information technology systems, our employee base, or our internal controls and procedures may not be adequate to support our operations. Managing our growth may require significant expenditures and allocation of valuable management resources, improving our operational, financial, and management processes and systems, and effectively expanding, training, and managing our employee base. If we fail to achieve the necessary level of efficiency in our organization as it grows, our business, financial condition, and results of operations would be harmed. As our organization continues to grow, we may find it increasingly difficult to maintain the benefits of our traditional company culture, including our ability to quickly respond to customers, and avoid a formal corporate structure. This could negatively affect our business performance or ability to hire or retain personnel in the near or long-term.
In addition, our rapid growth may make it difficult to evaluate our future prospects. Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to
14

effectively plan for and model future growth. We may encounter risks and uncertainties frequently experienced by growing companies with global operations in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth and plan for it, our business, financial condition, and results of operations would be harmed.
Our future growth depends in part on our ability to introduce new solutions and add-ons and our failure to do so may harm business and operating results.
To remain competitive, we must continue to develop new offerings, as well as features and enhancements to our existing solutions. Maintaining adequate research and development personnel and resources to meet the demands of the market is essential. If we experience high turnover of our product and development personnel, a lack of management ability to guide our research and development, or a lack of other research and development resources, we may miss or fail to execute on new offerings as well as existing solutions developments and strategic opportunities and consequently lose potential and actual market share. The success of our business is dependent on our product and development teams developing and executing on a roadmap that allows us to retain and increase our position in the market, the spending of our existing customers and attract new customers. Our failure to do so could materially adversely affect our business.

Our business depends on our customers renewing their subscriptions and purchasing additional subscriptions or services from us. Any material decline in our dollar-based net retention rate would harm our future results of operations.
To continue to grow our business, it is important that our customers renew their subscriptions when existing contract terms expire and that we expand our commercial relationships with our existing customers. We offer our software solutions primarily through annual and multi-year subscription agreements. In order for us to improve our operating results, it is important that our customers will renew their existing subscription agreements, as well as purchase additional software solutions from us. Our customers have no obligation to renew their subscriptions, and may decide not to renew their subscriptions with a similar contract period, at the same prices and terms or with the same or a greater number of users. We have experienced growth by selling additional solutions to our existing customer base, but there can be no assurances that we will achieve similar growth rates in the future. In the past, some of our customers have elected not to renew their agreements with us, and it is difficult to accurately predict long-term customer retention and expansion rates. Our customer retention and expansion may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our products, our product support, our prices and pricing plans, global economic conditions, the inflation and interest rate environment and increased costs, the prices of competing software products, reductions in our customers’ spending levels, user adoption of our solutions, utilization rates by our customers, new product releases and changes to the packaging of our product offerings. If our customers do not purchase additional subscriptions or renew their subscriptions, renew on less favorable terms or fail to add more users, our revenue may decline or grow less quickly than anticipated, which would harm our future results of operations. Furthermore, if our contractual subscription terms were to shorten, it could lead to increased volatility of, and diminished visibility into, future recurring revenue. If our sales of new or recurring subscriptions and software-related support service contracts decline from current levels, our revenue and revenue growth may decline, and our business will suffer.

We conduct a fairly low volume of our business via e-commerce, which may result in the purchase process being more difficult for customers compared to other businesses.
15


We do not sell our solutions to new customers using e-commerce methods. While customers can initiate contact with us using our website, the ultimate purchase in most cases is not made through our website and is made only after an interactive discussion with the customer. For example, our sales process may involve “know your customer” vetting and screening procedures which must take place prior to customer being approved. As a result, the purchase process can be lengthy compared to e-commerce transactions, and it is possible that the length of the process may discourage some customers from completing the transaction with us rather than a competitor which offers more seamless online sales.


Issues in the use of artificial intelligence (“AI”) (including machine learning) in our DI Suite of solutions may result in reputational harm, liability or impact our financial results.

AI is enabled by or integrated into our DI suite of solutions. For example, our Cellebrite Pathfinder solution, our principal investigative analytics tool, uses AI to allow customers to create unique search categories for reviewing text, video and image evidence. The evolution of AI, including the recent introduction of OpenAI and ChatGPT as well as competing AI engines, present opportunities for further efficiencies in DI. Failing to adopt such capabilities effectively with the DI suite of solutions may harm our ability to effectively compete in the market place. At the same time, as with many developing technologies, AI presents risks and challenges that could affect its further development, adoption, and use, and therefore our business. AI algorithms may be flawed and may present risks due to a lack of back-testing. Datasets in AI training, development, or operations may be insufficient, of poor quality, or reflect unwanted forms of bias. Inappropriate or controversial data practices by, or practices reflecting inherent biases of, data scientists, engineers, and end-users of our systems could impair the acceptance of AI solutions. If the recommendations, forecasts, or analyses that AI applications assist in producing are deficient or inaccurate, we could be subjected to competitive harm, potential legal liability, and brand or reputational harm. Some AI scenarios present ethical issues, for example, due to unintentional biases that may stem from the predictive nature of AI algorithms and we may enable or offer solutions that draw controversy due to their perceived or actual impact on society. Though our business practices are responsibly designed to meet our customers’ needs for products and services that use AI and to mitigate many of these risks, we could suffer reputational or competitive damage as a result of any inconsistencies in the application of the technology or ethical concerns both of which may generate negative publicity, as well as regulatory or legal scrutiny.
Existing or future legislation and regulations pertaining to AI, and AI-enabled products may apply to us or to our customers, and may make it more challenging, costly, or in some cases prohibitive for certain products or services to be offered or modified and subject us to regulatory and litigation risks and potential liabilities, which could adversely affect our business and results of operations.
We could also suffer reputational or competitive damage from negative publicity related to products and services that utilize AI or other regulated analytics, which could also adversely affect our business and results of operations.
Current or future privacy-related legislation and governmental regulations pertaining to AI, AI-enabled products and the use of video analytics may influence our current and prospective customers’ activities, as well as their expectations and needs in relation to our products and services and affect how our business is conducted or expose us to unfavorable developments resulting from changes in the regulatory landscape.
Compliance with these laws and regulations may be onerous and expensive, and may be inconsistent from jurisdiction to jurisdiction, further increasing the cost of compliance and the risk of
16

liability. Any such increase in costs or increased risk of liability as a result of changes in these laws and regulations or in their interpretation could individually or in the aggregate make our products and services that use AI technologies less attractive to our customers, cause us to change or limit our business practices or affect our financial condition and operating results.

We may require additional capital to support the growth of our business, and this capital might not be available on acceptable terms, if at all.
As of December 31, 2022, we had cash and cash equivalents of $87.6 million, short-term deposits of $51.3 million and short term and long term marketable securities of $67 million. We could receive approximately up to an aggregate of $341 million from the exercise of outstanding Warrants, assuming the exercise in full of all our outstanding Warrants for cash. However, there is no assurance that the holders of the Warrants will elect to exercise any or all of the Warrants. We expect to meet our ongoing liquidity needs for at least the current year. However, we might require substantial additional financing in order to execute our inorganic growth strategy. Such financing might not be available on commercially reasonable terms, if at all. In particular, our ability to obtain financing for growth may depend in part on our ability to first enter into customer agreements sufficient to demonstrate such growth. If we are unable to obtain such financing, or secure sufficient customer agreements, on commercially reasonable terms, or at all, we will not be able to execute our growth strategy.
To the extent that we raise additional capital through the sale of equity or convertible debt securities, the ownership interest of our current security holders will be diluted, and the terms of those securities may include liquidation or other preferences that adversely affect the rights of our current holders of Ordinary Shares or Warrants. Debt financing and preferred equity financing, if available, may involve agreements that include covenants limiting or restricting our ability to take specific actions, such as incurring additional debt, making acquisitions or capital expenditures or declaring dividends. Debt financing could also have significant negative consequences for our business, results of operations and financial condition, including, among others, increasing our vulnerability to adverse economic and industry conditions, limiting our ability to obtain additional financing, requiring the dedication of a substantial portion of our cash flow from operations to service our indebtedness, thereby reducing the amount of our cash flow available for other purposes, limiting our flexibility in planning for, or reacting to, changes in our business, and placing us at a possible competitive disadvantage compared to less leveraged competitors or competitors that may have better access to capital resources.
If we raise additional funds through collaborations, strategic alliances or marketing, distribution or licensing arrangements with third parties, we may have to relinquish valuable rights to our technologies, future revenue streams, research programs or solutions, or grant licenses on terms that may not be favorable to us. If we are unable to raise additional funds through equity or debt financings or other arrangements when needed, we may be required to delay, limit, reduce or terminate our commercialization, research and development efforts or grant rights to third parties to market and/or develop solutions that we would otherwise prefer to market and develop ourselves.

Higher costs or unavailability of materials used to create our hardware product components could adversely affect our financial results.

We depend on certain suppliers for the delivery of components used in the assembly of our hardware product components. In particular, we use specialized adapters which connect to phones and computers being examined. If we become unable to obtain any components necessary for our hardware products, we may struggle to fulfill contracts and acquire new customers. We generally keep up to eighteen months of inventory on hand for long lead-time components to mitigate this risk, which we believe would give us enough time to resolve shortage due to an issue with a particular supplier, but it might not be enough time
17

to resolve a shortage that stems from resource scarcity. Any interruption of supply for any material components of our products could significantly delay the shipment of our products and have a material adverse effect on our revenue, profitability and financial condition. International or domestic geopolitical or other events, including the imposition of new or increased tariffs and/or quotas by the U.S. federal government on any of these raw materials or components, could adversely impact the supply and cost of these raw materials or components, and could adversely impact the profitability of our operations. Additionally, if we experience an unpredicted increase in customer demand, we might not be able to acquire enough materials to meet that demand in a timely manner and/or incur higher costs than expected due to increased demand.

Fluctuations in foreign currency exchange rates could materially affect our financial results.

Our financial statements are presented in U.S. dollars. Because some of our revenue, operating expenses, assets and liabilities are denominated in foreign currencies, we are subject to foreign exchange risks that could adversely affect our operations and reported results. To the extent that we incur expenses in one currency but earn revenue in another, any change in the values of those foreign currencies relative to the USD could cause our profits to decrease or our products to be less competitive against those of our competitors. To the extent that our foreign currency holdings and other assets denominated in a foreign currency are greater or less than our liabilities denominated in a foreign currency, we have foreign exchange exposure. More specifically, for current and potential international customers whose contracts are denominated in U.S. dollars, the relative change in local currency values creates relative fluctuations in our product pricing. These changes in international end-user costs may result in lost orders and reduce the competitiveness of our solutions in certain foreign markets. Additionally, intercompany sales to our non-U.S. dollar functional currency international subsidiaries are transacted in U.S. dollars which could increase our foreign exchange rate risk caused by foreign currency transaction gains and losses.
For non-U.S. dollar denominated sales, weakening of foreign currencies relative to the U.S. dollar generally leads us to raise international pricing, potentially reducing demand for our solutions. Should we decide not to raise local prices to fully offset the U.S. dollar’s strengthening, the U.S. dollar value of our foreign currency denominated sales and earnings would be adversely affected. Fluctuations in foreign currency could result in a change in the U.S. dollar value of our foreign denominated assets and liabilities including accounts receivable. Therefore, the U.S. dollar equivalent collected on a given sale could be less than the amount invoiced causing the sale to be less profitable than contemplated.
We also import selected components which are used in the manufacturing of some of our hardware products. Although our purchase orders are generally in U.S. dollars, weakness in the U.S. dollar could lead to price increases for the components.
Approximately 40% of our expenses, primarily payroll and rent, are paid in Israeli new shekels (ILS). The U.S. dollar compared to the ILS experienced a lot of fluctuation over the last several years, which, if continues to present same behavior, could have an adverse impact on our expenses and profitability. Although we take steps to hedge our foreign currency exposures related to our ILS expenses, such measures may not adequately protect us from material adverse effects due to the impact of global inflation or from fluctuations in the relative values of the U.S. dollar and other foreign currencies in which we transact business, and may result in a financial loss.

The sales cycle for some of our solutions can be lengthy.

Most of our sales transactions involve a short sales cycle; however, larger transactions often involve a longer sales cycle and may require, for example, discussions about budget and which potential solution is most suitable to the customer. The larger the sale, the longer these consultations tend to last. If our sales efforts to a potential customer do not result in sufficient revenue to justify our time and investments, our business, financial condition and results of operations could be adversely affected. We
18

are currently expanding our sales of the DI suite of solutions to customers, and the impact of these longer sales cycles could become more significant over time. Because of the long approval process that typically accompanies strategic initiatives or capital expenditures by our customers, our sales process may be prolonged, revenues delayed, with little or no control over any delays encountered by us.

Because most of our revenue is derived from subscriptions, which is recognized over the life of the subscription, near term declines in new or renewed agreements may not be reflected immediately in our operating results and may be difficult to discern.
Most of our revenue in each quarter is derived from subscription agreements entered into with our customers during previous quarters. Consequently, a decline in new or renewed agreements in any one quarter may not be fully reflected in our revenue for that quarter. Such declines, however, would negatively affect our revenue in future periods and the effect of significant downturns in sales of and market demand for our offerings, and potential changes in our rate of renewals or renewal terms, may not be fully reflected in our results of operations until future periods. Annual Recurring Revenue, or ARR, is a key performance metric we use that is based on contractual terms in existence as of the end of a reporting period and is subject to change resulting from a number of factors including, but not limited to, addition of new customers, changes in user counts, terminations or non-renewals, renewal terms as well as upsells and cross-sells. For all of these reasons, the amount of subscription revenue we actually recognize may be different from ARR at the end of a period in which it was recorded. In addition, we may be unable to adjust our cost structure rapidly, or at all, to take account of reduced revenue. Our subscription model also makes it difficult for us to rapidly increase our total revenue through additional sales in any period, as revenue from new subscriptions, which has historically comprised the majority of our revenue, is recognized over the applicable term of the agreement.

If we are unable to retain qualified personnel and senior management, including Yossi Carmil, our Chief Executive Officer, and hire and retain additional qualified personnel, our business could suffer.
Our ability to compete in the highly competitive technology industry depends upon our ability to attract, motivate, and retain qualified personnel. We are highly dependent on the continued contributions and customer relationships of our management and particularly on the skills of Yossi Carmil, our Chief Executive Officer. Mr. Carmil has served as our Chief Executive Officer for eighteen years, and has been instrumental to our growth over this period. We believe that Mr. Carmil’s industry experience would be difficult to replace. All of our executive officers and key personnel are at-will employees and may terminate their employment relationship with us at any time. The loss of the services of our key personnel and any of our other executive officers, and our inability to find suitable replacements, could result in a decline in sales, delays in product research and development, and harm to our business and operations.
Our success also depends on our ability to effectively source and staff people with the right mix of skills and experience to perform services for our customers, including our ability to transition personnel to new assignments on a timely basis. If we are unable to effectively utilize our personnel on a timely basis to fulfill the needs of our customers, our business could suffer.
Despite current employment market trends, we continue to face intense competition for qualified personnel, specifically personnel in sales, research and development. Moreover, the COVID-19 pandemic caused a shift to virtual recruiting, which has increased the difficulty in timely attracting new employees, integrating and introducing them into our corporate culture and retaining them for the longer term. Larger companies with whom we compete will likely continue to invest more resources than we do on employee recruitment and are often able to offer more favorable compensation and incentive packages than we can. Further, many of the companies with which we compete for qualified personnel have greater resources than we have. We seek to retain and motivate existing personnel through our compensation practices,
19

company culture, and career development opportunities. If we fail to attract new personnel or to retain our current personnel, our business and operations could be harmed.
Furthermore, retention is an industry-wide issue given the competitive technology labor market and as the millennial workforce continues to value multiple company experience over long tenure. There is a limited pool of qualified personnel and at present, such personnel are in short supply. For example, over the last ten years we have experienced an increase in competition for recruiting qualified research and development teams and engineers in Israel where we have a substantial presence and need for skilled employees. Furthermore, if we experience high turnover of our research and development personnel, a lack of managerial resources to guide our research and development, or a lack of other research and development resources, we may miss or fail to execute on new product development and strategic opportunities and consequently lose potential and actual market share. The success of our business is dependent on our research and development teams developing and executing on a product roadmap that allows us to retain and increase the spending of our existing customers and attract new customers. A failure to continue offering the same caliber of solutions and to effectively meet our customers’ needs due to a loss of key personnel could therefore adversely affect our business and results of operations.
Certain of our key employees participate in a share option plan and receive options to purchase Ordinary Shares. Volatility in the trading price of Ordinary Shares may also affect our ability to attract and retain qualified personnel. Personnel may be more likely to leave us if the Ordinary Shares they own have significantly depreciated in value relative to the original purchase price of these shares or the exercise price of the options, or conversely, if the exercise price of the options that they hold are significantly above the trading price. In addition, some of our personnel may receive significant proceeds from sales of Ordinary Shares in the public markets, which may reduce their motivation to continue to work for us. Any of these factors could harm our business, financial condition, and results of operations.

The security of our operations and the integrity of our software solutions are critical to our operations and to maintaining the trust and confidence of our customers.

We have established practices and procedures intended to protect the security, integrity, availability and confidentiality of our systems and the integrity of our software solutions. However, there can be no assurance that such measures will prevent all malicious activities, including deliberate insertion of exploitative code, malware or cyberattacks, or inadvertent disclosures (including of personal data or confidential business information) or unauthorized access, from impacting our system and information. We monitor new technological developments and new threats, and consistently update our software as needed to enhance its security. We may experience breaches of our security due to human error, malfeasance, system errors or vulnerabilities, or other irregularities. As the techniques used to obtain unauthorized access change frequently, we may be unable to anticipate these techniques or to implement adequate preventative measures. Although to date, malicious activities directed at us have not had a material impact on our business nor, to our knowledge, have they impacted the integrity of the data that our solutions extract from devices, future malicious activities could compromise our solutions and cause us to incur liabilities that may have a material adverse impact on our reputation and business. While we maintain insurance coverage that we believe is adequate for our business, such coverage may not cover all potential costs and expenses associated with incidents that may occur in the future.

We may be materially adversely affected by negative publicity related to our business and use of our products.
Publicly available information regarding Cellebrite has historically been limited, in part due to the sensitivity of our work with customers or contractual requirements limiting or preventing public
20

disclosure of certain aspects of our work or relationships with certain customers. As our business has grown and as interest in Cellebrite and the technology industry overall has increased, we have attracted, and may continue to attract, significant attention from news and other outlets, which in turn can lead to negative political and public sentiment. For example, our main Investigation & Evidence Management solution, Guardian, which utilizes a Cloud/SaaS delivery model might face negative public or political sentiment because of perceived data security concerns. Moreover, adverse press coverage and other negative publicity, whether or not driven by political or public sentiment, may also result in investigations by regulators, legislators and law enforcement officials or ultimately in legal claims .Due to the sensitive nature of our work and our confidentiality obligations and despite our ongoing efforts to provide increased transparency, where possible, into our business, operations, and product capabilities, we may be unable to or limited in our ability to respond to such harmful coverage, which could have a negative impact on our business. Responding to such coverage, claims, investigations and lawsuits, regardless of the ultimate outcome of the proceeding, can divert the time and effort of senior management from the management of our businesses. Addressing any adverse publicity, governmental scrutiny or enforcement or other legal proceedings is time consuming and expensive and, regardless of the factual basis for the assertions being made, can have a negative impact on our reputation, the morale and performance of our employees and our relationships with regulators. It may also have an adverse impact on our ability to take timely advantage of various business and market opportunities.

Additionally, activist criticism of our relationships with customers could potentially engender dissatisfaction among potential and existing customers, investors, and employees with how we address political and social concerns in our business activities, such as ceasing to do business in certain jurisdictions. See “—Some of our solutions may be used by customers in a way that is, or that is perceived to be, incompatible with human rights. Any such perception could adversely affect our reputation, revenue and results of operations.”. Conversely, being perceived as yielding to activism targeted at certain customers could damage our relationships with other customers, including governments and government agencies with which we do business, whose views may or may not be aligned with those of political and social activists. Actions we take in response to the activities of our customers, up to and including terminating our contracts or refusing a particular product use case could harm our brand and reputation. In either case, the resulting harm to our reputation could:
cause certain customers to cease doing business with us;
impair our ability to attract new customers, or to expand our relationships with existing customers;
diminish our ability to recruit, hire, or retain employees;
undermine our standing in professional communities to which we contribute and from which we receive expert knowledge; or
prompt us to cease doing business with certain customers.
The direct and indirect effects of such factors, negative publicity, and the demands of responding to and addressing them, may have a material adverse effect on our businesses, financial condition and results of operations.

Risks Related to the Businesses of Cellebrite’s Customers

Our sales to government customers expose us to business volatility and risks, including government budgeting cycles and appropriations, early termination, audits, investigations, sanctions and penalties.
21

We generate revenue from contracts with federal, state, provincial and local governments of several countries, and these government customers may terminate most of these contracts at any time, without cause. There is pressure on some governments and their agencies, both domestically and internationally, to reduce spending. Further, U.S. federal government contracts are subject to the approval of appropriations made by the U.S. Congress to fund the expenditures under these contracts. In particular, budget uncertainty, the risk of future budget cuts, the potential for U.S. Government shutdowns, the use of continuing resolutions, and the federal debt ceiling can adversely affect our industry and the funding for our solutions. If appropriations were delayed or a government shutdown were to occur and were to continue for an extended period of time, we could be at risk of disruptions to our business.

Similarly, our contracts with U.S. state and local governments, Canadian federal, provincial and local governments and other foreign governments and their agencies are generally subject to government funding authorizations. Additionally, government contracts are generally subject to audits and investigations which could result in various civil and criminal penalties and administrative sanctions, including termination of contracts, refund of a portion of fees received, forfeiture of profits, suspension of payments, fines and suspensions or debarment from future government business.

A decline in government budgets, changes in spending or budgetary priorities, or delays in contract awards may significantly and adversely affect our future revenue and limit our growth prospects.

We generated approximately 90% of our revenue in 2020, 2021 and 2022 from contracts with governments and government agencies, and our results of operations could be adversely affected by government spending caps or changes in government budgetary priorities, as well as by delays in the government budget process, program starts, or the award of contracts or orders under existing contract vehicles. Further, these government clients may terminate most of these contracts at any time, without cause and face increased pressure to reduce spending, see “— Risks Related to Our Business and Industry —.” We are materially dependent on acceptance of our solutions by law enforcement markets and government agencies, both domestic and international. If law enforcement and other government agencies do not continue to purchase, accept and use our solutions, our revenue will be adversely affected. Future spending and program authorizations may not increase or may decrease or shift to programs in areas in which we do not provide services or are less likely to be awarded contracts. Budgetary constraints due to the efforts taken to combat COVID-19 pandemic or other public health outbreaks could also cause our governmental customers to divert budget and as a result forgo using our solutions. We face these risks in every country in which we operate.
Revenues from the U.S. federal government customers comprised of 21% of our total revenue in 2022. Those contracts are conditioned upon the continuing availability of U.S. Congressional appropriations. The U.S. Congress usually appropriates funds on a fiscal year (FY) basis even though contract performance may extend over many years. Consequently, contracts are often partially funded initially and additional funds are committed only as Congress makes further appropriations over time. If we incur costs in excess of funds obligated on a contract or in advance of a contract award, we may be at risk of not being reimbursed for those costs unless and until additional funds are obligated under the contract or the contract is awarded and funded. Additionally, when the U.S. Congress does not complete a budget before the end of the fiscal year, government operations typically are funded through one or more continuing resolutions that authorize agencies of the U.S. federal government to continue to operate consistent with funding levels from the prior year’s appropriated amounts, but do not authorize new spending initiatives. When the U.S. federal government operates under a continuing resolution, contract awards may be delayed, canceled, or funded at lower levels, which could adversely impact our business, financial condition, and results of operations. If appropriations or continuing resolutions for the U.S. federal government departments and agencies with which we work or have prospective business are not
22

made by September 30 (the last day of the federal fiscal year) of any given year, the lapse in appropriations may also have negative impacts on our ability to continue work and to recognize revenue from those customers, for so long as the lapse continues. In particular, when the U.S. Government operates under a continuing resolution, new contract and program starts are restricted and funding for our solutions may be unavailable, reduced or delayed. Shifting funding priorities or federal budget compromises, could also result in reductions in overall defense spending on an absolute or inflation-adjusted basis, which could adversely impact our business.

The U.S. federal government may also shift spending away from one or more of the federal agencies from which we derive much of our revenue, such as Immigration and Customs Enforcement, for budgetary or political reasons. A significant decline in overall U.S. federal government spending, a significant shift in spending priorities, the substantial reduction or elimination of particular law enforcement-related programs, or significant budget-related delays in contract or task order awards for large programs could adversely affect our future revenue and limit our growth prospects.

Evolving government procurement policies and increased emphasis on cost over performance could adversely affect our business.

A significant majority of our customers are in the public sector. The procurement process for government agencies can be more challenging than contracting in the private sector and can impose additional costs and complicate sales efforts. Further, changes in the political landscape or required procurement procedures that affect our target customers could be introduced prior to the completion of our sales cycle, making it more difficult or costly to finalize a contract with a new customer or expand or renew an existing customer relationship. For example, customers may require a competitive bidding process with extended response deadlines, review or appeal periods, or customer attention may be diverted to other government matters, postponing the consideration of the purchase of our solutions. Such delays could harm our ability to provide our solutions efficiently and to grow or maintain our customer base. In addition, the majority of our government contracts include the right for government agencies to delay, curtail, renegotiate or terminate contracts and subcontracts at their convenience any time prior to their completion. Any decision by a government customer to exercise any of these rights in our contracts may result in a decline in our profits and revenue.

Changes in civil forfeiture laws may affect our customers’ ability to purchase our solutions.

Many of our law enforcement customers in the United States use funds seized through civil forfeiture proceedings to fund the purchase of our solutions. State civil forfeiture statutes permit state governments to seize property with limited judicial oversight, often based on a preponderance of the evidence that the property was connected to criminal activity even if the owner of the property is not subject to criminal charges. A one-justice U.S. Supreme Court opinion in March 2017 sharply criticized civil forfeiture as possibly violating the due process clause of the U.S. Constitution, although the U.S. Supreme Court in that instance declined to hear the case on procedural grounds. An adverse U.S. Supreme Court decision or changes in state legislation could impact our customers’ ability to seize funds or use seized funds to fund purchases. Changes in civil forfeiture statutes or regulations are outside of our control and could limit the amount of funds available to our customers, which could adversely affect the sale of our solutions.

23

Our revenue from private sector customers, and our operations in general, could be adversely affected by any weakening of economic conditions.

Our private sector customers may be more susceptible to weakening economic conditions than our public sector customers. Certain economies have experienced periods of downturn as a result of a multitude of factors, including, but not limited to, turmoil in the credit and financial markets, concerns regarding the stability and viability of major financial institutions, declines in gross domestic product, increases in unemployment, volatility in commodity prices and worldwide stock markets, higher interest rates, potential governmental shutdowns, natural catastrophes, warfare, the geopolitical turmoil between Russia and Ukraine, inflation, excessive government debt and disruptions to global trade or tariffs. The severity and length of time that a downturn in economic and financial market conditions may persist, as well as the timing, strength and sustainability of any recovery, are unknown and are beyond our control.
Any instability in the global economy affects countries in different ways, at different times and with varying severity, which makes the impact to our business complex and unpredictable. During such downturns, many customers may delay or reduce technology purchases. Contract negotiations may become more protracted or conditions could result in reductions in the sales of our software, hardware and solutions, longer sales cycles, pressure on our margins, difficulties in collection of accounts receivable or delayed payments, increased default risks associated with our accounts receivables, slower adoption of new technologies and increased price competition. COVID-19 has raised additional concerns regarding economic uncertainties. The pandemic has resulted in, and may continue to or at a later time result in, a global slowdown of economic activity, including travel restrictions, prohibitions of non-essential activities in some cases, disruption and shutdown of businesses, a slowdown in our supply chains, including the hardware component, and greater uncertainty in global financial markets. While in 2022 the COVID-19 pandemic has not had noticeable impact on our contract renewal rate, subsequent outbreaks of COVID-19 or new variants thereof could do so in the future. The COVID-19 pandemic has caused and may continue to cause delays in onboarding new customers. While none of these delays has been significant, they may become significant in the future or transition from delays to outright cancellation. Additionally, a significant portion of our training activities are usually in person with on-premises training, and our on-the-ground on-premises deployment staff travel to our customers’ workplaces to demonstrate how to use our solutions. Due to travel restriction and personal distance requirements, we have offered our classes either in a remote format or on-premises and conducted training activities remotely. These remote offerings could lead to a decrease in efficacy or value, potentially making our solutions less appealing.
In addition, deterioration of the global credit markets could adversely impact our ability to complete licensing transactions and services transactions, including maintenance and support renewals. Any of these events, as well as a general weakening of, or declining corporate confidence in, the global economy, or a curtailment in corporate spending could delay or decrease our revenue and therefore have a material adverse effect on our business, operating results and financial condition.

Risks Related to Cellebrite’s Intellectual Property

Failure to adequately obtain, maintain, protect and enforce our intellectual property and other proprietary rights could adversely affect our business.

Our success and ability to compete depends in part on our ability to maintain, protect, enforce and defend our intellectual property and other proprietary rights. We rely upon a combination of copyright, trademark and trade secret laws, as well as certain contractual provisions, to establish, maintain, protect
24

and enforce our intellectual property and other proprietary rights. Despite our efforts, third parties may attempt to disclose, obtain, copy, or use our intellectual property or other proprietary information or technology without our authorization, and our efforts to protect our intellectual property and other proprietary rights may not prevent such unauthorized disclosure or use, misappropriation, infringement, reverse engineering or other violation of our intellectual property or other proprietary rights. Effective protection of our rights may not be available to us in every country in which our solutions are available. The laws of some countries may not be as protective of intellectual property and other proprietary rights as those in Israel or the United States, and mechanisms for enforcement of intellectual property and other proprietary rights may be inadequate. Also, our involvement in standard setting activity or the need to obtain licenses from others may require us to license our intellectual property. Accordingly, despite our efforts, we may be unable to prevent third parties from using our intellectual property or other proprietary information or technology. The violation of our licensing agreements by transferring or allowing the use of our intellectual property, proprietary information or technology without a license may pose additional risks.
In addition, we may be the subject of intellectual property infringement or misappropriation claims, which could be very time-consuming and expensive to settle or litigate and could divert our management’s attention and other resources. These claims could also subject us to significant liability for damages if we are found to have infringed patents, copyrights, trademarks, or other intellectual property rights, or breached trademark co-existence agreements or other intellectual property licenses and could require us to cease using or to rebrand all or portions of our solutions.
Any of our intellectual property rights may be challenged, narrowed, invalidated, held unenforceable, or circumvented in litigation or other proceedings, including, where applicable, opposition, re-examination, inter partes review, post-grant review, interference, nullification and derivation proceedings, and equivalent proceedings in foreign jurisdictions, and such intellectual property or other proprietary rights may be lost or no longer provide us meaningful competitive advantages. Such proceedings may result in substantial cost and require significant time from our management, even if the eventual outcome is favorable to us.
While we currently have no outstanding patents, we may in the future determine that we require patents in order to protect our software and processes, and we may be unable to obtain patent protection for the technology covered in our patent applications or such patent protection may not be obtained quickly enough to meet our business needs. Furthermore, the patent prosecution process is expensive, time-consuming, and complex, and we may not be able to prepare, file, prosecute, maintain, and enforce all necessary or desirable patent applications at a reasonable cost or in a timely manner. The scope of patent protection also can be reinterpreted after issuance and issued patents may be invalidated. Even if our patent applications do issue as patents, they may not issue in a form that is sufficiently broad to protect our technology, prevent competitors or other third parties from competing with us or otherwise provide us with any competitive advantage.
Third parties may legitimately and independently develop products, services, and technology similar to or duplicative of our products, services and technology. In addition to protection under intellectual property laws, we rely on confidentiality or license agreements that we generally enter into with our corporate partners, employees, consultants, advisors, vendors, and customers, and generally limit access to and distribution of our intellectual property and proprietary information. However, we cannot be certain that we have entered into such agreements with all parties who may have or have had access to our confidential information or that the agreements we have entered into will not be breached or challenged, or that such breaches will be detected. Furthermore, confidentiality and non-disclosure provisions can be difficult to enforce, and even if successfully enforced, may not be entirely effective. We cannot guarantee that any of the measures we have taken will prevent infringement, misappropriation, or other violation of our technology or other intellectual property or proprietary rights.
Moreover, we spend significant resources to monitor and protect our intellectual property and other proprietary rights from potential infringement, and in the future we may conclude that in at least
25

some instances the benefits of protecting our intellectual property or other proprietary rights may be outweighed by the expense or distraction to our management. We may initiate claims or litigation against third parties for infringement, misappropriation, or other violation of our intellectual property or other proprietary rights or to establish the validity of our intellectual property or other proprietary rights. Any such litigation, whether or not it is resolved in our favor, could be time-consuming, result in significant expense to us and divert the efforts of our technical and management personnel. Furthermore, attempts to enforce our intellectual property rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us, or result in a holding that invalidates or narrows the scope of our rights, in whole or in part.

We may be subject to information technology system breaches, failures, or disruptions that could harm our operations, financial condition or reputation.

In the current environment, there are numerous and evolving risks to cybersecurity and privacy, including criminal hackers, hacktivists, state-sponsored intrusions, industrial espionage, employee malfeasance and human or technological error. Our technology systems may be damaged, disrupted, or compromised by malicious events, such as cyberattacks (including computer viruses, ransomware, and other malicious and destructive code, phishing attacks, and denial of service attacks), physical or electronic security breaches, natural disasters, fire, power loss, telecommunications failures, personnel misconduct, and human error. Cybersecurity threats employ a wide variety of methods and techniques, which may include the use of social engineering techniques or supply-chain attacks, are constantly evolving, and have become increasingly complex and sophisticated; all of which increase the difficulty of detecting and successfully defending against them. Furthermore, because the techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until after they are launched against a target, we may be unable to anticipate these techniques or implement adequate preventative measures.
In particular, high-profile security breaches at other companies and in government agencies have increased in frequency and sophistication in recent years. Although we take steps designed to secure our IT infrastructure and sensitive data and enhance our business continuity and disaster recovery capabilities, we can provide no assurance that our current IT systems or any updates or upgrades thereto, the current or future IT systems of our distributors or re-sellers or the IT systems of online paying agents that we use or may use in the future, are fully protected against third-party intrusions, viruses, hacker attacks, information or data theft or other similar risks. We carry data protection liability insurance against cyber-attacks, with limits we deem adequate for the reimbursement for damage to our computers, equipment and networks and resulting disruption of our operations.
We have experienced and expect to continue to experience actual or attempted cyber-attacks of our information technology systems or networks. Although prior known cyberattacks directed at us have not had a material impact on our financial results, and we are continuing to bolster our threat detection and mitigation processes and procedures, we cannot guarantee that past, future, or ongoing cyberattacks or other security breaches or incidents against us, if successful, will not have a material impact on our business or financial results, whether directly or indirectly. Because we have historically been targeted by cyberattacks and may continue to be an attractive target for cyberattacks, we also may have a heightened risk of unauthorized access to, and misappropriation of, our proprietary and competitively sensitive information. For instance, the risk of cyber-attacks increased in connection with the military actions associated with Russia’s invasion of Ukraine and the resulting geopolitical conflict. In light of those and other geopolitical events, nation-state actors or their supporters may launch retaliatory cyber-attacks, or take other geopolitically motivated retaliatory actions that increase the likelihood of cyber-attacks and security breaches generally, which could disrupt our business operations, result in data compromise, or both. While we have security measures in place to protect our information and our
26

customers’ information and to prevent data loss and other security breaches and incidents, we have not always been able to do so, although none he currently had a material effect on our business, operations or reputation. There can be no assurance that in the future we will be able to anticipate or prevent security breaches or incidents, or unauthorized access of our information technology systems.
As a result of the COVID-19 pandemic, a greater number of our employees are working remotely and accessing our IT systems and networks remotely, which may further increase our vulnerability to cybercrimes and cyberattacks and increase the stress on our technology infrastructure and systems. Although we maintain data protection liability insurance (Media, Intellectual Property & Products Liability, Cyber Liability, Commercial General Liability and Non-Owned and Hired Auto Liability Insurance), this insurance may not be sufficient to cover all of our losses from any future breaches or failures of our IT systems, networks and services.
Any or all of these issues, or the perception that any of them have occurred, could negatively affect our ability to attract new customers, cause existing customers to terminate or not renew their agreements, hinder our ability to obtain and maintain required or desirable cybersecurity certifications, and result in reputational damage, any of which could materially adversely affect our results of operations, financial condition, and future prospects. Furthermore, there can be no assurance that any limitations of liability provisions in our license arrangements with customers or in our agreements with vendors, partners, or others would be enforceable, applicable, or adequate or would otherwise protect us from any such liabilities or damages with respect to any particular claim.

Some of our software and systems contain open source software, which may pose particular risks to our proprietary software and information technology systems.

We utilize open source software in the development and application of our software solutions, and we will use open source software in the future. Such open source software is generally licensed by its authors or other third parties under open source licenses and is typically freely accessible, usable, and modifiable. Pursuant to such open source licenses, we may be subject to certain conditions, including requirements that we offer our proprietary software that incorporates the open source software for no cost, that we make available source code for modifications or derivative works we create based upon, utilizing open source software, and that we license such modifications or derivative works under the terms of the particular open source license, or other license granting third-parties certain rights of further use. If we combine our proprietary software with open source software in a certain manner, we could, under certain provisions of the open source licenses, be required to release the source code of our proprietary software. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide updates, warranties, support, indemnities, assurances of title, or controls on origin of the software, and are provided on an “as-is” basis. Likewise, some open source projects have known security and other vulnerabilities and architectural instabilities, or are otherwise subject to security attacks due to their wide availability, and are provided on an “as-is” basis.

In addition, open source license terms may be ambiguous and many of the risks associated with usage of open source software cannot be eliminated, and could, if not properly addressed, negatively affect our business. If we were found to have inappropriately used open source software, we may be required to re-engineer our products, or to take other remedial action that may divert resources away from our development efforts, any of which could adversely affect our business, results of operations, financial condition, and growth prospects. We may face claims from third parties claiming ownership of, or demanding the release or license of, the open source software or derivative works that we developed from such software (which could include our proprietary source code), or otherwise seeking to enforce the terms of the applicable open source license. These claims could result in litigation and could require us to purchase a costly license, publicly release the affected portions of our source code, or cease offering the
27

implicated software unless and until we can re-engineer it to avoid infringement. In addition, if the open source software we use is no longer maintained by the relevant open source community, then it may be more difficult to make the necessary revisions to our software, including modifications to address security vulnerabilities, which could impact our ability to mitigate cybersecurity risks or fulfill our contractual obligations to our customers.

We also may be required to re-engineer solutions if the license terms for incorporated open source software change. The re-engineering process of some or all of our software could require significant additional research and development resources, and we may not be able to complete it successfully. Use of open source software may also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to determine how to breach our website and systems that rely on open source software. These risks could be difficult to eliminate or manage and, if not addressed, could adversely affect our business, results of operations, and financial conditions.

Other companies may claim that we infringe their intellectual property, which could materially increase costs and materially harm our ability to generate future revenue and profits.

Claims of infringement (including misappropriation and/or other intellectual property violation) are common in the software industry and increasing as related legal protections, including copyrights and patents, are applied to software solutions. Although most of our technology is proprietary in nature, we do include certain third party and open source software in our software solutions. In the case of third party software, we believe this software licensed from the entity holding the intellectual property rights. While we believe that we have secured proper licenses for all material third-party intellectual property that is integrated into our solutions in a manner that requires a license, third parties have and may continue to assert infringement claims against us in the future, including the sometimes aggressive and opportunistic actions of non-practicing entities whose business model is to obtain patent-licensing revenue from operating companies such as us. Any such assertion, regardless of merit, may result in litigation or may require us to obtain a license for the intellectual property rights of third parties. Such licenses may not be available, or they may not be available on commercially reasonable terms. In addition, as we continue to develop software solutions and expand our portfolio using new technology and innovation, our exposure to threats of infringement may increase. Any infringement claims and related litigation could be time-consuming, expensive to settle or litigate, disruptive to our ability to generate revenue or enter into new market opportunities, could divert our management’s attention and other resources, and may result in significant liability for damages if we are found to have infringed third party rights, and/or significantly increased costs as a result of our defense against those claims or our attempt to license the intellectual property rights or rework or rebrand our solutions to avoid infringement of third party rights. Typically, our agreements with our partners and customers contain provisions which require us to indemnify them for damages sustained by them as a result of any infringement claims involving our solutions. Any of the foregoing infringement claims and related litigation could have a significant adverse impact on our business and operating results as well as our ability to generate future revenue and profits.

Risks Related to Data Privacy and Human Rights
The use of certain of our solutions may be perceived as, or determined by the courts to be, in violation of privacy rights and related laws. Any such perception or determination could adversely affect our financial results and results of operations.
28

Because of the nature of certain of our DI solutions, including those used for digital investigations, the general public could perceive that the use of our solutions may result in violations of individual privacy rights. In addition, certain courts or regulatory authorities could determine that the use of our software solutions is done in violation of privacy laws. Any such determination or perception by potential customers, the general public, government entities or the judicial system could harm our reputation, may result in reduced usage or adoption rates of our DI solutions by our customers and adversely affect our reputation, revenue, financial condition and results of operations. We have dedicated substantial resources to mitigate these risks by complying with applicable laws and requiring all licensees to comply with applicable laws including privacy laws, but we have been advised that even if we have no access to the data stored on or extracted from devices, we may still be held responsible and even liable for the manner in which our customer uses such data, including if the customer uses the data in a way that is a violation of privacy related laws or our license agreement.

Some of our solutions may be used by customers in a way that is, or that is perceived to be, incompatible with human rights. Any such perception could adversely affect our reputation, revenue and results of operations.

We strive to sell our solutions to customers who will use them in a lawful and ethical manner. See “— We may not enter into relationships with potential customers if we consider their activities to be inconsistent with our organizational mission or values.” For example, all users are required to confirm, before activation, that they will only use the system for lawful uses, but Cellebrite cannot verify that this undertaking is accurate. Further, some of our government customers may use our solutions in a manner that is incompatible with, or perceived to be incompatible with, generally acceptable human rights standards, without our knowledge or permission. For example, in August 2020, a group of 61 petitioners, including a number of human rights activists, filed a petition before the District Court in Tel Aviv against various Israeli government entities and Cellebrite. The petition asked the District Court to exercise its power under the Defense Export Control Law to stop the exportation of our UFED solution to police forces in Hong Kong. Activists alleged that UFED was being used against pro-democracy protestors in Hong Kong and that this was resulting in human rights abuses. We have since adopted policies and procedures intended to prevent sales to customers in China and Hong Kong and have proactively stopped selling to Russia, Belarus and several other countries, but this petition as well as adverse media coverage and petitions relating to Russia, Bangladesh and Uganda may have negatively impacted our reputation. Our license agreements prohibit customers from using our solutions in a manner that violates applicable laws (including laws with respect to human rights and the rights of individuals) or in support of any illegal activity or to violate the rights of any third party, and generally require our customers to indemnify us for losses that we suffer due to their actions; however, we cannot provide any assurance that customers or others will not manage to circumvent our restrictions or that we will not be subject to claims from third parties alleging that their rights were violated as a result of our customers’ use of our products. In the future, other allegations of misuse by our customers may damage our reputation, even if we took no part in the misuse or take immediate action to sever ties with such customers.

We may not enter into relationships with potential customers if we consider their activities to be inconsistent with our organizational mission or values.

We generally do not knowingly enter into business with customers whose positions or actions we consider inconsistent with our mission to support law enforcement acting in a legal manner. We developed and continue to evolve an ethical risk management framework, intended to assist us in managing the risk of human rights abuses by our customers. We use the ethical framework to determine
29

in which countries we will pursue new business by applying a set of standards and indicators, including regulatory restrictions such as sanctions and export controls and a number of widely acceptable human rights related indexes such as the Corruption Perception Index, Democracy Index and Freedom House Index. The ethical framework will continue and evolve over time and applies quantitative as well as qualitative measures to aid in our decision making. Based on this ethical framework, we may decide not to engage with new customers or extend or renew licenses and services to existing customers operating in those countries that we do not consider to meet our ethical standards and corporate values. For example, we have adopted policies and procedures intended to prevent sales to customers in Bangladesh, Belarus, China, Hong Kong, Macau, Russia, Venezuela, Oman, Uganda and several other countries, partially due to concerns regarding human rights abuses, data privacy and security, partially due to regulatory requirements, and partially due to other business considerations, and we may in the future decide not to do business in other countries or with other potential customers for similar reasons.
Most of our customers require the hosting of their proprietary data within their own organization, and therefore most of our products, whether deployed on-premise or otherwise, are operated by our customers without our involvement other than with respect to troubleshooting and support from time to time. As a result, we rely on a range of information sources, and largely depend on media and other reports, to learn if there is a claim made that our products are being used inconsistent with our organizational mission and values. Third party reports may be incomplete, unreliable or unavailable. In addition, a determination as to whether our products are being misused may involve subjective determinations or be the subject of differing opinions. We have in place certain safeguards that are intended to identify or prevent misuse of our products. For example, the Company has an Ethics and Integrity Committee, which serves as an advisory body to the board. The committee is comprised of approximately eight industry experts, which include ethics experts, legal experts, former members of the police force, former members of ministries of defense, technology experts, academic experts and community leaders. The role of the Ethics and Integrity Committee is to advise the board on matters pertaining to evolving international law, ethical considerations related to responsible business practices and requirements under law and regulations applied to the sale and use of our technologies.
Additionally, the license to use our products prohibits customers from using our solutions in violation of applicable laws (including laws with respect to human rights and the rights of individuals) or in support of any illegal activity or to violate the rights of any third party. We may terminate any license, among other things, in the event of a material breach that is not cured after 30 days’ notice. In addition, we may disable the use of the software, among other things, if it is used in violation of the license. A determination regarding whether a breach of our license will result in termination or other corrective action involves judgment and depends on the facts and circumstances of each case.
We cannot be sure that the foregoing safeguards will be sufficient to prevent circumvention of our restrictions or to identify misuse of our products or prevent any such misuse. Our decisions not to do business with these countries may alter our expectations surrounding our long-term financial benefits and results, which may harm our growth prospects, business, and results of operations. Although we endeavor to do business with customers and governments that are aligned with our mission and values, we cannot predict how the activities and values of our government and private sector customers will evolve over time, and they may evolve in a manner inconsistent with our mission.

We occasionally have limited access to third party data, and if our security measures are breached and unauthorized access to this data is obtained, our systems, data centers and our solutions may be perceived as not being secure, customers may curtail or stop using our solutions or service and we may incur significant legal and financial exposure and liabilities.

We do not generally have access to or store customer data nor have access to the data processed by customers using our solutions. Nevertheless, our personnel occasionally have brief and limited access
30

to data, including personally identifiable information (“PII”), when they receive calls for technical support or when they maintain or operate the relevant solution. One instance where we may have brief access to data is when a customer calls for technical support, they sometimes grant our service operators remote access to their device, which may result in the brief sharing of data with the service operator. In rare cases the customer may share the data with the technical support for further bug fixing research and analysis. We have internal processes for deleting such data shortly after the completion of the customer support and ensuring bug fix is sustainable and consistent, but the data is still shared for these limited periods and could potentially be, or be perceived as, more vulnerable as a result. In addition, customers may use our investigative management solution to store, share and review sensitive data, including PII, when they decide to store such data in our investigative management SaaS solution. In addition, we may have access to customer data, including PII, in connection with the provision of our Advanced Services in which we serve as an outsourced lab for the extraction of data from devices that are sent to us by our customers. The Company has implemented a number of internal processes and measures for deleting data shortly after completion of related services (in the case of Advanced Services), and that are designed to ensure managed, limited, brief and secure access to customers data, done strictly on a need-to-service basis. The Company uses internationally recognized information security measures and complies with industry standards. Our Advanced Services are provided from a strictly dedicated platform that combines authentication, authorization, networking, and observability into a single point, as well as internal processes intended to control access, usage, storage and retention of data. However, any actual or perceived unauthorized access, use, disclosure or modification to this data, could result in our solutions and services being viewed as less secure, which could lead to liability and a significant adverse effect on our reputation and financial and operating results.

Risks Related to Legal Compliance and Regulatory Matters
Our business is subject to complex and evolving U.S. and non-U.S. laws and regulations regarding privacy, data protection and security, technology protection, and other matters. Many of these laws and regulations are subject to change and uncertain interpretation, and could result in claims, changes to our business practices, monetary penalties, increased cost of operations, or otherwise harm our business.

Our products are mostly used as an on-premise solution and are generally operated by our customers without our involvement. Nevertheless, our service operators occasionally have brief and limited access to customer data, including PII, when they receive calls for technical support, or in operating the Guardian solution. In addition, we may extract files containing customer data, including PII, in connection with the provision of our Advanced Services in which we serve as an outsourced lab for the extraction of data from devices that are sent to us by our customers. In all of those situations, we do not access or view customer data, maintain such data securely with limited access, and delete all such data following the confirmation that the data has been received by the customer (with the exception of Guardian where data is stored or removed by the customers in their sole discretion). As a result, for the purposes of the European General Data Protection Regulation (“GDPR”) and the UK equivalent legislation, we believe that we are not considered to be a controller and serve as a processor in a number of circumstances, within the meaning of those terms.
Given the global nature of our operations, we are subject to a variety of local, state, national, and international laws and directives and regulations in the United States and abroad related to privacy and data protection, data security, data storage, retention, transfer and deletion, technology protection, and personal information. International data protection, data security, privacy, and other laws and regulations can impose different obligations or be more restrictive than those in the United States. These U.S. federal and state and foreign laws and regulations, which, depending on the regime, may be enforced by private
31

parties or government entities, are constantly evolving and can be subject to significant change, and they are likely to continue to develop and evolve for the foreseeable future. In addition, the application, interpretation, and enforcement of these laws and regulations are often uncertain, particularly in the new and rapidly evolving software and technology industry in which we operate, and may be interpreted and applied inconsistently from country to country and inconsistently with our current policies and practices.
A number of proposals are pending before U.S. federal, state, and foreign legislative and regulatory bodies that could significantly affect our business. For example, despite recent developments including an in-principle agreement between the United States and European Commission and a subsequent Executive Order directing the steps that the United States will take to implement the U.S. commitments under the new European Union - U.S. Data Privacy Framework, new legal challenges to the mechanisms allowing companies to transfer personal data from the European Economic Area to certain other jurisdictions, including the United States, could emerge resulting in further limitations on the ability to transfer data across borders. Moreover, the following laws and regulations have taken, or will take, effect, creating further interpretive uncertainties for Cellebrite:

GDPR took effect in May 2018 and applies to many of our products and services that provide service in Europe. The GDPR includes operational requirements for companies that receive or process personal data of residents of the EU. We are required to comply with the GDPR and, following the exit of the United Kingdom (“UK”) from the European Union (“EU”), the UK equivalent, the implementation of which exposes us to two parallel data protection regimes in Europe, each of which impose several stringent requirements for controllers and processors of personal data and could make it more difficult to and/or more costly for us to collect, store, use, transmit and process personal and sensitive data. In 2016, the EU and the U.S. agreed to an alternative transfer framework for data transferred from the EU to the United States called the Privacy Shield Framework. However, in 2020, the EU’s Court of Justice invalidated the use of this framework moving forward. The court ruled that the framework did not ensure an adequate level of protection for data transferred from the EU to the United States. Notably, there are alternative legal mechanisms available that allow the compliant transfer of data from the EU to the United States, however, they may also be challenged by national regulators or private parties. Non-compliance with the GDPR and the UK legislation equivalent may result in administrative fines or monetary penalties of up to 4% of worldwide annual revenue in the preceding financial year or €20 million (whichever is higher) for the most serious infringements, and could result in proceedings against us by governmental entities or other related parties and may otherwise adversely impact our business, financial condition, and results of operations.
The California Consumer Privacy Act, or the CCPA, went into effect on January 1, 2020 and became enforceable by the California Attorney General on July 1, 2020, along with related regulations that came into force on August 14, 2020. The CCPA gives California residents new rights to access and require deletion of their personal information, opt out of the sale of personal information, and receive detailed information about how their personal information is collected, used, and shared. The CCPA provides for civil penalties for violations, as well as a private right of action for security breaches that may increase security breach litigation. The effects of the CCPA potentially are significant and may require us to modify our data collection or processing practices and policies and to incur substantial costs and expenses in an effort to comply. Additionally, in November 2020, California voters passed the California Privacy Rights and Enforcement Act of 2020, or the CPRA. The CPRA will impose additional data protection obligations on companies doing business in California, including additional consumer rights processes and opt outs for certain uses of sensitive data and establishes a regulatory agency dedicated to enforcing those requirements. The majority of the provisions will go into effect on January 1, 2023, and additional compliance investment and potential business process changes may be required.
32

Certain other state laws in the United States impose similar privacy obligations and all 50 states have laws including obligations to provide notification of certain security breaches to affected individuals, state officials and others. For example, on March 2, 2021, Virginia enacted the Virginia Consumer Data Protection Act (“VCDPA”), creating the second truly comprehensive U.S. state privacy law, which will take effect on January 1, 2023 (the same day as CPRA takes effect). Further, there currently are also a number of proposals related to data privacy or security pending before federal, state, and foreign legislative and regulatory bodies, including in a number of states considering consumer protection laws similar to the CCPA and VCDPA. For example, Colorado adopted the Colorado Privacy Act (“CPA”) in June 2021 and it will become effective on July 1, 2023. Utah adopted the Utah Consumer Privacy Act (“UCPA”) in March 2022 and that will become effective December 31, 2023. Additionally, Connecticut enacted the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”) in May 2022 and most of which will become effective July 1, 2023.
Each of these legislative actions may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment in resources to compliance programs, and could impact strategies and availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. These developments may require us to review and amend the legal mechanisms by which we make and, or, receive personal data transfers from other countries to Israel. As data protection regulators issue further guidance on personal data export mechanisms, including circumstances where the standard contractual clauses cannot be used, and/or start taking enforcement action, we could suffer additional costs, complaints and/or regulatory investigations or fines, and/or if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services, the geographical location or segregation of our relevant systems and operations, and could adversely affect our financial results.
These existing and proposed laws and regulations can be costly to comply with and can make our DI suite of solutions less effective or valuable, delay or impede the development of new solutions, result in negative publicity, increase our operating costs, require us to modify our data handling practices, limit our operations, impose substantial fines and penalties, require significant management time and attention, or put our data or technology at risk. Any failure or perceived failure by us or our suite of solutions to comply with U.S., EU, UK or other foreign laws, regulations, directives, policies, industry standards, or legal obligations relating to privacy, data protection, or information security, or any security incident that results in loss of or the unauthorized access to, or acquisition, use, release, or transfer of, personal information, personal data, or other customer or sensitive data or information may result in governmental investigations, inquiries, enforcement actions and prosecutions, private claims and litigation, indemnification or other contractual obligations, other remedies, including fines or demands that we modify or cease existing business practices, or adverse publicity, and related costs and liabilities, which could significantly and adversely affect our business, reputation and results of operations.

We may in the future become involved in legal, regulatory, or administrative inquiries and proceedings, and unfavorable outcomes in litigation or other of these matters could negatively impact our business, financial conditions, and results of operations.

From time to time, we receive formal and informal inquiries from governmental agencies and regulators regarding our compliance with laws and regulations or otherwise relating to our business or transactions. We may also become subject to claims, lawsuits, proceedings and inquiries which could involve labor and employment disputes, discrimination and harassment allegations, commercial disputes, intellectual property rights (including patent, trademark, copyright, trade secret, and other proprietary rights), class actions, general contract, tort, or defamation, data privacy rights, antitrust concerns, common law fraud, government regulation, compliance, alleged federal and state securities and “blue sky” law
33

violations or other investor related questions. Derivative claims, lawsuits, and proceedings, which may, from time to time, be asserted against our directors by our shareholders, could involve breach of fiduciary duty, breach of duty of loyalty, failure of oversight, corporate waste claims, and other matters. For example, a former consultant has brought a number of claims against the Company and a number of our directors and officers; while we do not believe that such claims have merit or are likely to have any material impact on our results of operations, or material dilution of our shareholders holdings they can lead to reputational harm and diversion of resources and management’s attention from our primary business operations. In addition, our business and results may be adversely affected by the outcome of currently pending and any future legal, regulatory, and/or administrative claims or proceedings, including through monetary damages or injunctive relief. In addition, over the last several years, lawsuits have been filed against cyber-related companies by large multinationals that claim that their terms of use have been violated and breached by the activities of the cyber companies. While we are not a cyber company, such a risk could potentially also apply to us and our solutions.
The number and significance of our legal disputes and inquiries may increase as we continue to grow larger, as our business has expanded in customer count and geographic reach, and as our DI suite of solutions become more complex. Additionally, if customers fail to pay us under the terms of our agreements, we may be adversely affected due to the cost of enforcing the terms of our contracts through litigation. Litigation or other proceedings can be expensive and time consuming and can divert our resources and management’s attention from our primary business operations. The results of our litigation also cannot be predicted with certainty. If we are unable to prevail in litigation, we could incur payments of substantial monetary damages or fines, or undesirable changes to our DI suite of solutions or business practices, and accordingly, our business, financial condition, or results of operations could be materially and adversely affected. Furthermore, if we accrue a loss contingency for pending litigation and determine that it is probable, any disclosures, estimates, and reserves we reflect in our financial statements with regard to these matters may not reflect the ultimate disposition or financial impact of litigation or other such matters. These proceedings could also result in negative publicity, which could harm customer and public perception of our business, regardless of whether the allegations are valid or whether we are ultimately found liable.
Although we have limitation of liability provisions in our standard software licensing and service agreement terms and conditions, these provisions may not be enforceable in some circumstances, may vary in levels of protection across our agreements, or may not fully or effectively protect us from such claims and related liabilities and costs. We generally provide a warranty for our software and hardware solutions in our agreements. In the event that there is a failure of warranties in such agreements, we are generally obligated to correct the product to conform to the warranty provision as set forth in the applicable agreement, or, if we are unable to do so, the customer is entitled to seek a refund of the purchase price of the product and service. The sale and support of our solutions also entail the risk of product liability claims. We maintain errors and omissions insurance to protect against certain claims associated with the use of our solutions, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and divert management’s time and other resources.

We are subject to Israeli encryption laws and governmental trade controls, including export laws and regulations, and any noncompliance with these laws could negatively impact our operating results.

The export of our solutions is subject to Israeli encryption control laws. Our export license under the Israeli encryption control regime prohibits us from exporting some of our products to customers in certain countries and require us to obtain the consent of the Ministry of Defense to export to customers in certain other countries. Our failure to comply with these requirements could subject us to financial and
34

other penalties, which could materially adversely impact our revenue and profits, and harm our reputation.
Although Israel is not a party to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (the “Wassenaar Arrangement”), it has adopted the Wassenaar Arrangement List of Dual Use Goods and Technologies, and the goods and technologies listed therein are subject to Israeli export control laws and regulations. However, cryptography that is subject to Israeli encryption laws is not regulated under the Israeli export control regime, even if such cryptography capabilities would otherwise be placed within Part 2 of Chapter 5 of the Wassenaar Arrangement Dual Use List which relates to Information Security. In 2016, the Israeli Ministry of Defense published draft regulations proposing to cancel the existing encryption control regime and to bring Part 2 of Chapter 5 of the Wassenaar Arrangement into full force and effect in its place. Over the last several months the Israeli Ministry of Defense has renewed this effort and has stated publicly its intention to push this reform forward imminently. If our solutions do become subject to the Wassenaar Arrangement dual use list as adopted by Israel, then they likely will be controlled under either the Israeli Defense Export Control Law, 5767-2007 or the Import and Export Order (Export Control over Dual Use Goods, Services and Technology), 5766-2006, depending on the nature of the customer. The application of these laws’ requirements to us and to our products could subject us to different licensing requirements and may require us to adapt our marketing, sales and export practices to accommodate these changed requirements. This reform could adversely impact our ability to quickly, efficiently and cost effectively market and sell our products, and could materially adversely impact our revenue and profit.
In addition, various other countries regulate the export and import of certain encryption solutions and technology, including import permits and licensing requirements, and have enacted laws that could limit our ability to distribute our solutions or could limit our customers’ ability to implement our solutions in those countries. Any new export restrictions, new import restrictions, new legislation, changes in economic sanctions, or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons, or technologies targeted by such regulations, could result in decreased use of our products by existing customers with non-U.S. operations, declining adoption of our products by new customers with non-U.S. operations, limitation of our expansion into new markets, and decreased revenue and potential revenue growth.
Our activities or products could be subject to certain economic sanctions laws including the laws of the Israel and the United States. We have adopted policies and procedures to restrict sales to countries subject to comprehensive U.S. and Israeli sanctions and to designated entities and individuals. Our solutions and technologies could be exported to, or eventually be used by, these sanctioned targets due to circumvention of restrictions by customers , resellers or others, despite the contractual undertakings they are bound by that prohibit them from exporting or reselling to any unauthorized customer, and any such export, or use, could have negative consequences, including government investigations, penalties and reputational harm. Any change in export regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our solutions by, or in our decreased ability to export or sell our solutions to, existing or potential customers with international operations. Any decreased use of our solutions or limitation on our ability to export or sell our solutions would likely adversely affect our business, financial condition and results of operations.
Differing regulatory and legal requirements and the possible enactment of additional regulations or restrictions on the use, import, export or re-export of our solutions or the provision of services, could delay, restrict, or prevent the sale or use of our solutions in some jurisdictions. If we or our business partners or counterparties, including licensors and licensees, prime contractors, subcontractors, sublicensors, vendors, customers, shipping partners, or contractors, fail to obtain appropriate import, export, or re-export licenses or permits, notwithstanding regulatory requirements or contractual commitments to do so, or if we fail to secure such contractual commitments where necessary, we may
35

also be adversely affected, through reputational harm as well as other negative consequences, including government investigations and penalties.
These laws and regulations are subject to change over time and thus we must continue to monitor and dedicate resources to ensure continued compliance. Although we take precautions to prevent our software from being provided in violation of such laws, the software could be provided inadvertently in violation of such laws, despite the precautions we take. Non-compliance with applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, or injunctions. If any of the foregoing actions are imposed on us, or if we do not prevail in any possible civil or criminal litigation, our business, operating results, and financial condition could be materially adversely affected. We may also be adversely affected through penalties, reputational harm, loss of access to certain markets, or otherwise. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and penalties could harm our business, operating results and financial condition.

Our largest shareholder, SUNCORPORATION, is a Japanese public company and currently a holder of 49.53% of Cellebrite’s outstanding shares.

As of December 31, 2022, SUNCORPORATION (TSE JASDAQ: 6736), a Japanese public company, beneficially owns 49.53% of our Ordinary Shares. Therefore, SUNCORPORATION has significant influence on the outcome of all decisions at our shareholders’ meetings including:
the election of our board of directors;
amendments to our articles of association; and
our ability to enter into a change of control transaction.

SUNCORPORATION’s decisions as to how it votes its Ordinary Shares may be contrary to the expectations or preferences of our other shareholders. The influence exerted by SUNCORPORATION may limit the ability of our shareholders to influence corporate matters and could also discourage other companies from pursuing any potential merger, takeover, or other change of control transactions with us. Further, SUNCORPORATION is a controlling shareholder and may in the future control elections to our board of directors and, therefore may have significant influence over our business and policies.

Failure to comply with laws, regulations, or contractual provisions applicable to our business could cause us to lose government customers or our ability to contract with the U.S. and other governments.

Our customers include government agencies, each with their own specific guidelines and compliance requirements for their government contracts. For example, our U.S. government business is subject to specific procurement regulations with numerous compliance requirements. In particular, we must comply with laws, regulations, and contractual provisions relating to the formation, administration, and performance of government contracts and inclusion on government contract vehicles, which affect how we and our partners do business with government agencies. These requirements, although customary in government contracting in the U.S., increase our performance and compliance costs. These costs may increase in the future, thereby reducing our margins, which could have an adverse effect on our financial condition.

36

Moreover, in the U.S., government contracts are subject to oversight audits by government representatives. Such audits could result in adjustments to our contracts. As an example, for contracts covered by the Cost Accounting Standards, any costs found to be improperly allocated to a specific contract may not be allowed, and such costs already reimbursed may have to be refunded. In addition, as a result of actual or perceived non-compliance with government contracting laws, regulations, or contractual provisions, we may be subject to other audits and internal investigations which may prove costly to our business financially and divert management’s attention and time. Among the causes for debarment are violations of various laws or policies, including those related to procurement integrity, export control, U.S. government security regulations, employment practices, protection of criminal justice data, protection of the environment, accuracy of records, proper recording of costs, foreign corruption, Trade Agreements Act, Buy America Act, and the False Claims Act. Contracts with the federal U.S. government may be terminated for convenience by the government at any time. Furthermore, regulatory requirements imposed by governments other than the United States may be more stringent and non-compliance may subject us as well as to investigations, proceedings, sanctions, or other consequences from those governments, as well as, in some cases, allow such governments to terminate contracts for convenience at any time. These consequences remain uncertain because of the dynamic nature of governmental action and responses.

The laws and regulations applicable to each of our contracts may impose other added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, and termination of contracts and suspension or debarment from government contracting for a period of time with government agencies. Any such damages, penalties, disruption, or limitation in our ability to do business with a government could adversely impact, and could have a material adverse effect on, our business, results of operations, financial condition, public perception, and growth prospects.

New laws and/or law interpretations, as well as changing regulations, create the risk that we may not comply with those laws and regulations and the costs to comply could materially adversely affect our business.
We are subject to a variety of laws and regulations in Israel and abroad that involve matters central to our business, including privacy, data protection and personal information, rights of publicity, content, intellectual property, advertising, marketing, distribution, data security, data retention and deletion, electronic contracts and other communications, competition, consumer protection, telecommunications, product liability, taxation, labor and employment, economic or other trade prohibitions or sanctions, securities law compliance, and online payment services. The introduction of new solutions, expansion of our business to certain jurisdictions, or other actions that we may take may subject us to additional laws, regulations, or other government scrutiny. In addition, foreign data protection, privacy, content, competition, and other laws and regulations can impose different obligations or be more restrictive than those in Israel or the United States. These laws and regulations, which in some cases can be enforced by private parties in addition to government entities, are constantly evolving and can be subject to significant change. As a result, the application, interpretation, and enforcement of these laws and regulations are often uncertain and may be interpreted and applied inconsistently from country to country and inconsistently with our current policies and practices. New laws and regulations (or new interpretations of existing laws and regulations) may require us to incur substantial costs, expose us to unanticipated civil or criminal liability, or cause us to change our business practices. The costs of compliance with these laws and regulation are high and are likely to increase in the future. Additionally, these laws and regulations, or any associated inquiries or investigations or other government actions, may delay or impede the development of new solutions, result in negative publicity, require significant management time and attention, and subject us to remedies that may harm our business, including fines or demands or orders that we modify or cease existing business practices.

37

Risks Relating to Cellebrite’s Incorporation and Location in Israel
Our main offices and operations are located in Israel and, therefore, our results may be adversely affected by political, economic and military instability in Israel or external responses to such instability.

Our main offices, and many of our employees, including most of our management members, operate from our offices that are located in Israel. In addition, many of our employees, officers and directors are residents of Israel and we have a small assembly facility in Israel. Accordingly, political, economic, and military conditions in Israel and the surrounding region may directly affect our business and operations, as discussed below.
In recent years, Israel has been engaged in sporadic armed conflicts with terrorist and military groups. In recent years, some of these hostilities were accompanied by missiles being fired from the Gaza Strip against civilian targets in various parts of Israel, including areas in which our assembly facility, some of our employees and some of our consultants are located. Certain countries have also threatened Israel and may be developing nuclear weapons, including Iran. Any hostilities involving Israel or the interruption or curtailment of trade between Israel and its trading partners could adversely affect our financial condition and results of operations.
Our commercial insurance does not cover losses that may occur as a result of events associated with war and terrorism. Although the Israeli government currently covers the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, there are no assurances that this government coverage will be maintained or that it will sufficiently cover our potential damages. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflicts or political instability in the region would likely negatively affect business conditions and could harm our results of operations.
Political conditions within Israel or relationships between Israel and its allies are also likely to impact our operations. Certain factions within the Israeli government are currently pursuing extensive changes to Israel’s judicial system. This has sparked extensive debate, with many individuals, organizations and institutions, both within and outside of Israel, voicing concerns that the proposed changes could affect the quality of Israel’s democracy and negatively impact the business environment in Israel (including increased currency fluctuations, downgrades in credit rating and increased interest rates). There also has been more friction between the U.S. presidential administration and the Israeli government, particularly with the recent change in that government. Actual or perceived political instability in Israel or any negative changes in its political environment may lead our customers, many of whom are governmental actors, to determine not to do business with us as an Israeli company, encourage the relocation of talent from Israel or otherwise harm macroeconomic conditions in Israel, thus adversely affecting our business, financial condition, results of operations and prospects.
In the past, the State of Israel and Israeli companies have been subjected to economic boycotts by specific countries and/or organizations. While some of these are eliminating these constraints, others may impose restrictions on doing business with Israel and Israeli companies if hostilities in Israel or political instability continues or increases. In addition, there have been increased efforts by activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Such actions, particularly if they become more widespread, may adversely impact our ability to sell our solutions and therefore may have an adverse impact on our operating results, financial condition or the expansion of our business.
Lastly, many Israeli citizens are obligated to perform several days, and in some cases more, of annual military reserve duty each year until they reach the age of 40 (or older, for reservists who are military officers or who have certain occupations) and, in the event of a military conflict and/or national civil emergencies, may be called to active duty. In response to increases in terrorist activity, there have
38

been periods of significant call-ups of military reservists. It is possible that there will be military reserve duty call-ups in the future. Our operations could be disrupted by such call-ups, which may include the call-up of members of our management. Such disruption could materially adversely affect our business, prospects, financial condition and results of operations.

It may be difficult to enforce a U.S. judgment against us, our officers and directors or the experts named in this Annual Report in Israel or the United States, or to assert U.S. securities laws claims in Israel or serve process on our officers and directors or experts.
Most of our directors or officers are not residents of the United States and most of their and our assets are located outside the United States. Most of the experts named in this Annual Report are also not residents of the United States. Service of process upon us or our non-U.S. resident directors and officers, and the experts named in this Annual Report, and enforcement of judgments obtained in the United States against us or our non-U.S. our directors and executive officers or such experts may be difficult to obtain within the United States. We have been informed by our legal counsel in Israel that it may be difficult to assert claims under U.S. securities laws in original actions instituted in Israel or obtain a judgment based on the civil liability provisions of U.S. federal securities laws. Israeli courts may refuse to hear a claim based on a violation of U.S. securities laws against us or our non-U.S. officers and directors because Israel may not be the most appropriate forum to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proved as a fact, typically through an expert witness, which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law. There is little binding case law in Israel addressing the matters described above. Israeli courts might not enforce judgments rendered outside of Israel, which may make it difficult to collect on judgments rendered outside of Israel against us or our non-U.S. officers and directors.
Moreover, an Israeli court will not enforce a non-Israeli judgment if it was given in a state whose laws do not provide for the enforcement of judgments of Israeli courts (subject to exceptional cases), if its enforcement is likely to prejudice the sovereignty or security of the State of Israel, if it was obtained by fraud or in the absence of due process, if it is at variance with another valid judgment that was given in the same matter between the same parties, or if a suit in the same matter between the same parties was pending before a court or tribunal in Israel at the time the foreign action was brought.

The rights and responsibilities of our shareholders are governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. corporations.

We are incorporated under Israeli law. The rights and responsibilities of holders of Ordinary Shares are governed by our amended and restated articles of association (the “Amended Articles”) and the Israeli Companies Law (the “Companies Law”). These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S. corporations. In particular, pursuant to the Companies Law, each shareholder of an Israeli company has to act in good faith and in a customary manner in exercising his, her or its rights and fulfilling his, her or its obligations toward the Company and other shareholders and to refrain from abusing his, her or its power in the Company, including, among other things, in voting at the general meeting of shareholders, on one of the following: (i) amendments to a company’s articles of association, (ii) increases in a company’s authorized share capital, (iii) mergers and (iv) certain transactions requiring shareholders’ approval under the Companies Law. In addition, a controlling shareholder of an Israeli company or a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or who has the power according to the Amended Articles to appoint or prevent the appointment of a director or officer in the Company, or has other powers toward
39

the Company according to the Amended Articles, has a duty of fairness toward the Company. However, Israeli law does not define the substance of this duty of fairness. There is little case law available to assist in understanding the implications of these provisions that govern shareholder behavior.

Provisions in the Amended Articles may have the effect of discouraging lawsuits against us and our directors and officers.
Under the Amended Articles, the competent courts of Tel Aviv, Israel are the exclusive forum for (i) any derivative action or proceeding brought on behalf of Cellebrite, (ii) any action asserting a claim of breach of fiduciary duty or a claim of breach of the duty of loyalty owed by any of Cellebrite’s directors, officers or other employees or our shareholders, or (iii) any action asserting a claim arising pursuant to any provision of the Companies Law or the Israeli Securities Law.
Additionally, unless Cellebrite consents in writing to the selection of an alternative forum, the U.S. federal courts shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act of 1933, as amended (the “Securities Act”) against us or any of our directors, officers, other employees or agents. Section 22 of the Securities Act, however, creates concurrent jurisdiction for U.S. federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder. Accordingly, there is uncertainty as to whether a court would enforce such provisions, and the enforceability of similar choice of forum provisions in other companies’ charter documents has been challenged in legal proceedings. While Delaware and certain U.S. courts have determined that such exclusive forum provisions are facially valid, a shareholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions, and there can be no assurance that such provisions will be enforced by a court in those other jurisdictions. Any person or entity purchasing or otherwise acquiring any interest in our securities shall be deemed to have notice of and consented to these provisions; however, we note that investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder.
Section 27 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), creates exclusive federal jurisdiction over all suits brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder. Accordingly, notwithstanding the foregoing, the Amended Articles provide that the exclusive forum provision will not apply to suits brought to enforce a duty or liability created by the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction.
These exclusive forum provisions may limit a shareholders ability to bring a claim in a judicial forum of its choosing for disputes with us or our directors or other employees which may discourage lawsuits against us, our directors, officers and employees.
Risks Relating to an Investment in our Securities
Future issuances of Ordinary Shares by us or resales of our Ordinary Shares may cause the market price of the Ordinary Shares to drop significantly, even if Cellebrite’s business is doing well.

Concurrently with the Closing of the Merger, the Sponsor entered into the Investor Rights Agreement, which provided the Sponsor and the other parties thereto with customary demand registration rights and piggy-back registration rights with respect to registration statements filed by Cellebrite. See the section of this Annual Report titled “Part I, Item 7. Major Shareholders and Related Party Transactions — Related Party Transactions.” In accordance with this and certain obligations relating to the PIPE Investment, we filed a registration statement for the resale of 171,729,210 Ordinary Shares, 9,666,667 Warrants and 29,666,667 Ordinary Shares underlying Warrants, which went effective on October 6, 2021.
We have also historically used, and continue to use, our Ordinary Shares as a means of both rewarding our employees, non-employee directors, and consultants and aligning their interests with those
40

of our shareholders. As of December 31, 2022, 26,849,012 Ordinary Shares were subject to outstanding awards (consisting of outstanding options to purchase 20,457,660 Ordinary Shares and 6,391,352 Ordinary Shares underlying unvested restricted share units (“RSUs”)) granted to our affiliates’ respective employees, non-employee directors, consultants and former employees under our equity incentive plans. additionally, 22,789,113 Ordinary Shares were available for future grant under the 2021 Plan and 1,581,634 Ordinary Shares were available for grant under our equity incentive plans or for future purchase under our 2021 Employee Share Purchase Plan (“ESPP”), subject to increase under the evergreens terms of certain of those plans. All of the underlying Ordinary Shares are registered on Form S-8 for immediate sale or resale. Thus, Ordinary Shares granted or issued under our equity incentive plans will, subject to vesting provisions, lock-up restrictions, and applicable Rule 144 volume limitations, be available for sale in the open market immediately upon registration.
In a registered offering of securities pursuant to the Securities Act (including via the registration statement on Form S-8) or otherwise in accordance with Rule 144 under the Securities Act, the Cellebrite employees and other shareholders may sell large amounts of Ordinary Shares in the open market or in privately negotiated transactions, which could have the effect of increasing the volatility in the trading price of the Ordinary Shares or putting significant downward pressure on the price of the Ordinary Shares. Further, sales of Ordinary Shares upon expiration of the applicable lockup period could encourage short sales by market participants. Generally, short selling means selling a security, contract or commodity not owned by the seller. The seller is committed to eventually purchase the financial instrument previously sold. Short sales are used to capitalize on an expected decline in the security’s price. As such, short sales of Ordinary Shares could have a tendency to depress the price of the Ordinary Shares, which could increase the potential for short sales.
We cannot predict the size of future issuances by us or resales by others of Ordinary Shares or the effect, if any, that such future issuances and sales of Ordinary Shares will have on the market price of the Ordinary Shares. Sales of substantial amounts of Ordinary Shares (including those shares issued in connection with the Merger), or the perception that such sales could occur, may materially and adversely affect prevailing market prices of Ordinary Shares.

As a “foreign private issuer” under applicable securities laws and regulations, Cellebrite is permitted to, and may, file less or different information with the U.S. Securities and Exchange Commission (the “SEC”) than a company incorporated in the United States, and will follow certain home country governance practices in lieu of certain Nasdaq requirements applicable to U.S. issuers.

Cellebrite is considered a “foreign private issuer” under the Exchange Act and is therefore exempt from certain rules under the Exchange Act. Moreover, Cellebrite is not required to file periodic reports and financial statements with the SEC as frequently or within the same time frames as U.S. issuers with securities registered under the Exchange Act, and is not subject to the rules prescribing the furnishing and content of proxy statements (including the requirement applicable to emerging growth companies to disclose the compensation of its Chief Executive Officer and the other two most highly compensated executive officers on an individual, rather than an aggregate, basis). Cellebrite is not required to comply with Regulation FD, which imposes restrictions on the selective disclosure of material information to shareholders. In addition, Cellebrite’s officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions of Section 16 of the Exchange Act and the related rules under the Exchange Act with respect to their purchases and sales of Cellebrite’s equity securities. Accordingly, if you own Cellebrite’s securities, you may receive less or different information about Cellebrite than that you would receive about a U.S. issuer.
In addition, as a “foreign private issuer” whose securities are listed on Nasdaq, Cellebrite is permitted to follow certain home country corporate governance practices in lieu of certain Nasdaq requirements. A “foreign private issuer” must disclose in its annual reports filed with the SEC each
41

Nasdaq requirement with which it does not comply, followed by a description of its applicable home country practice. Cellebrite currently intends to follow the corporate governance requirements of Nasdaq. However, Cellebrite cannot make any assurances that it will continue to follow such corporate governance requirements in the future, and may therefore in the future, rely on available Nasdaq exemptions that would allow Cellebrite to follow its home country practice. Unlike the requirements of Nasdaq, there are currently no mandatory corporate governance requirements in Israel that would require Cellebrite to (i) have a majority of its board of directors be independent, (ii) establish a nominating/governance committee, or (iii) hold regular executive sessions where only independent directors may be present. Such Israeli home country practices may afford less protection to holders of Cellebrite securities.
Cellebrite currently relies on this “foreign private issuer exemption” only with respect to the quorum requirement for shareholder meetings and the requirement regarding distribution of annual and interim reports. For more information, see “Part II, Item 16G. Corporate Governance.” Cellebrite otherwise complies with and intends to continue to comply with the rules generally applicable to U.S. domestic companies listed on Nasdaq. In addition, with respect to SEC rules, Cellebrite expects to issue interim quarterly financial information publicly and to furnish them to the SEC under cover of Form 6-K. Cellebrite may, however, in the future decide to rely upon the “foreign private issuer exemption” for purposes of opting out of some or all of the other Nasdaq corporate governance rules.
Cellebrite could lose its status as a “foreign private issuer” under applicable securities laws and regulations if more than 50% of Cellebrite’s outstanding voting securities become directly or indirectly held of record by U.S. holders and any one of the following is true: (i) the majority of Cellebrite’s directors or executive officers are U.S. citizens or residents; (ii) more than 50% of Cellebrite’s assets are located in the United States; or (iii) Cellebrite’s business is administered principally in the United States. If Cellebrite loses its status as a “foreign private issuer” in the future, it will no longer be exempt from the rules described above and, among other things, will be required to file periodic reports and annual and quarterly financial statements as if it were a company incorporated in the United States. If this were to happen, Cellebrite would likely incur substantial costs in fulfilling these additional regulatory requirements and members of Cellebrite’s management would likely have to divert time and resources from other responsibilities to ensuring these additional regulatory requirements are fulfilled.

Cellebrite is an “emerging growth company” and as a result of the reduced disclosure and governance requirements applicable to emerging growth companies, our securities may be less attractive to investors.
Cellebrite is an “emerging growth company,” as defined in the JOBS Act, and it intends to take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not emerging growth companies including, but not limited to, not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act. Cellebrite cannot predict if investors will find its securities less attractive because it will rely on these exemptions, including delaying adoption of new or revised accounting standards until such time as those standards apply to private companies and, to the extent that Cellebrite ceases to be a foreign private issuer, reduced disclosure obligations regarding executive compensation. If some investors find Ordinary Shares or Warrants less attractive as a result, there may be a less active trading market and the trading prices of such securities may be more volatile. Cellebrite may take advantage of these reporting exemptions until it is no longer an “emerging growth company.” Cellebrite will remain an “emerging growth company” until the earlier of (1) the last day of the fiscal year (a) following the fifth anniversary of the completion of the IPO, (b) in which it has total annual gross revenue of at least $1.07 billion, or (c) in which it is deemed to be a large accelerated filer, which means the market value of Ordinary Shares that is held by non-affiliates exceeds $700 million as of the last day of the second fiscal quarter of such fiscal year, and (2) the date on which it has issued more than $1.0 billion in non-convertible debt during the prior three-year period.

42

Risks Related to Ownership of the Ordinary Shares

Our share price has been and will likely continue to be volatile, and shareholders may lose all or part of their investment.

Cellebrite shareholders have sold and may continue to sell their shares in the public market. The sales of significant amounts of our shares, or the perception in the market that this will occur, may decrease the market price of our shares. For more information, see “Risks Relating to an Investment in our Securities— Future resales of the Ordinary Shares issued in connection with the Business Combination may cause the market price of the Ordinary Shares to drop significantly, even if Cellebrite’s business is doing well.”

Our share price may also be volatile for other reasons, including:

announcements by us or our competitors regarding, among other things, strategic changes, new products, product enhancements or technological advances, acquisitions, major transactions, significant litigation or regulatory matters, stock repurchases, or management changes;

press or analyst publications, including with respect to changes in recommendations or earnings estimates or growth rates by financial analysts, changes in investors’ or analysts’ valuation measures for our securities, our credit ratings, our security solutions and customers, speculation regarding strategy or mergers and acquisitions (“M&A”), or market trends unrelated to our performance;

stock sales by us or our directors, officers, or other significant holders, or stock repurchases by us; and

hedging or arbitrage trading activity by third parties.

actual or anticipated fluctuations in our results of operations;

market conditions in our industry and changes in the estimation of the future growth and size of our markets;

real or perceived future dilution risk;

the trading volume of our ordinary shares; and

general economic, regulatory, political and market conditions.

In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been instituted against that company. Such lawsuits
43

could result in substantial costs and divert management’s attention and resources, which could adversely affect our business.

The U.S. Internal Revenue Service (“IRS”) may not agree that Cellebrite should be treated as a non-U.S. corporation for U.S. federal income tax purposes.

Although Cellebrite is incorporated and tax resident in Israel, the IRS may assert that it should be treated as a U.S. corporation (and therefore a U.S. tax resident) for U.S. federal income tax purposes pursuant to Section 7874 (“Section 7874”) of the Internal Revenue Code of 1986, as amended (the “Code”). For U.S. federal income tax purposes, a corporation is generally considered a U.S. ”domestic” corporation (or U.S. tax resident) if it is organized in the United States, and a corporation is generally considered a “foreign” corporation (or non-U.S. tax resident) if it is not a U.S. corporation. Because Cellebrite is an entity incorporated and tax resident in Israel, it would generally be classified as a foreign corporation (or non-U.S. tax resident) under these rules. Section 7874 provides an exception under which a foreign incorporated and foreign tax resident entity may, in certain circumstances, be treated as a U.S. corporation for U.S. federal income tax purposes.
As more fully described in the section titled “Material U.S. Federal Income Tax Considerations — U.S. Federal Income Tax Treatment of Cellebrite — Tax Residence of Cellebrite for U.S. Federal Income Tax Purposes”, based on the terms of the Merger and the rules for determining share ownership under Section 7874 and the Section 7874 Regulations, Cellebrite is not intended to be treated as a U.S. corporation for U.S. federal income tax purposes under Section 7874 after the Merger. However, the application of Section 7874 is complex, is subject to detailed regulations (the application of which is uncertain in various respects, could be impacted by changes in such U.S. Treasury regulations with possible retroactive effect), and is subject to certain factual uncertainties. Accordingly, potential application of Section 7874 is inherently uncertain and there can be no assurance that the IRS will not challenge the status of Cellebrite as a foreign corporation under Section 7874 or that such challenge would not be sustained by a court.
If the IRS were to successfully challenge Cellebrite’s status as a foreign corporation for U.S. federal income tax purposes under Section 7874, Cellebrite and certain Cellebrite shareholders would be subject to significant adverse tax consequences, including a higher effective corporate income tax rate on Cellebrite and future withholding taxes on certain Cellebrite shareholders, depending on the application of any income tax treaty that might apply to reduce such withholding taxes. In particular, holders of Ordinary Shares and Warrants would be treated as holders of stock and warrants of a U.S. corporation.
See “Part I, Item 10. Additional Information—E. Material Taxation— Material U.S. Federal Income Tax Considerations—U.S. Federal Income Tax Treatment of Cellebrite—Tax Residence of Cellebrite for U.S. Federal Income Tax Purposes” for a more detailed discussion of the application of Section 7874 to the Merger. Investors in Cellebrite should consult their own advisors regarding the application of Section 7874 to the Merger.

Section 7874 may limit the ability of TWC to use certain tax attributes, increase Cellebrite’s U.S. affiliates’ U.S. taxable income or have other adverse consequences to Cellebrite and Cellebrite’s shareholders.
Following the acquisition of a U.S. corporation by a foreign corporation, Section 7874 can limit the ability of the acquired U.S. corporation and its U.S. affiliates to use U.S. tax attributes (including net operating losses and certain tax credits) to offset U.S. taxable income resulting from certain transactions, as well as result in certain other adverse tax consequences, even if the acquiring foreign corporation is respected as a foreign corporation for purposes of Section 7874. In general, if a foreign corporation acquires, directly or indirectly, substantially all of the properties held directly or indirectly by a U.S.
44

corporation and after the acquisition, the former shareholders of the acquired U.S. corporation hold at least 60% (by either vote or value) but less than 60% (by vote and value) of the shares of the foreign acquiring corporation by reason of holding shares in the acquired U.S. corporation, subject to other requirements, certain adverse tax consequences under Section 7874 may apply.
If these rules apply to the Merger, Cellebrite and certain of Cellebrite’s shareholders may be subject to adverse tax consequences including, but not limited to, restrictions on the use of tax attributes with respect to “inversion gain” recognized over a 10-year period following the transaction, disqualification of dividends paid from preferential “qualified dividend income” rates and the requirement that any U.S. corporation owned by Cellebrite include as “base erosion payments” that may be subject to a minimum U.S. federal income tax any amounts treated as reductions in gross income paid to certain related foreign persons. Furthermore, certain “disqualified individuals” (including officers and directors of a U.S. corporation) may be subject to an excise tax on certain stock-based compensation held thereby at a rate of 20%.
As more fully described in the section titled “Material U.S. Federal Income Tax Considerations — U.S. Federal Income Tax Treatment of Cellebrite — Utilization of TWC’s Tax Attributes and Certain Other Adverse Tax Consequences to Cellebrite and Cellebrite’s Shareholders,” based on the terms of the Merger and the rules for determining share ownership under Section 7874 and the Section 7874 Regulations, Cellebrite is not intended to be subject to these rules under Section 7874 after the Merger. The above determination, however, is subject to detailed regulations (the application of which is uncertain in various respects and could be impacted by future changes in such U.S. Treasury regulations, with possible retroactive effect) and is subject to certain factual uncertainties. Accordingly, there can be no assurance that the IRS will not challenge whether Cellebrite is subject to the above rules or that such a challenge would not be sustained by a court.
However, even if Cellebrite is not subject to the above adverse consequences under Section 7874, Cellebrite may be limited in using its equity to engage in future acquisitions of U.S. corporations over a 36-month period following the Merger. If Cellebrite were to be treated as acquiring substantially all of the assets of a U.S. corporation within a 36-month period after the Merger, the Section 7874 Regulations (as defined in “Material U.S. Federal Income Tax Considerations — U.S. Federal Income Tax Treatment of Cellebrite — Tax Residence of Cellebrite for U.S. Federal Income Tax Purposes”) would exclude certain shares of Cellebrite attributable to the Merger for purposes of determining the Section 7874 Percentage of that subsequent acquisition, making it more likely that Section 7874 will apply to such subsequent acquisition.
See “Part I, Item 10. Additional Information—E. Material Taxation — Material U.S. Federal Income Tax Considerations — Material U.S. Federal Income Tax Treatment of Cellebrite —Utilization of TWC’s Tax Attributes and Certain Other Adverse Tax Consequences to Cellebrite and Cellebrite’s Shareholders” for a more detailed discussion of the application of Section 7874 to the Merger. Investors in Cellebrite should consult their own advisors regarding the application of Section 7874 to the Merger.

Risks Related to the Israeli Tax Treatment of Cellebrite and the Merger

If we do not qualify for Israeli tax benefits, our effective tax rate on our business income and the Israeli withholding tax on distributions of dividends by us to our shareholders may be higher than expected.

Cellebrite believes that it is currently entitled to claim certain tax benefits in Israel, including reduced corporate tax rates, reduced withholding tax rates with respect to dividend distributions and higher depreciation rates. These tax benefits require us to satisfy each tax year certain conditions that included in the provisions of Israeli tax laws. There can be no assurances that we will qualify for such tax
45

benefits in any given year. If we do not qualify for such tax benefits, the effective Israeli tax rate on our business income and the withholding tax rate with respect to dividend that we will distribute to our shareholders may be higher than we expect.



We may be required to pay Israeli taxes, including by way of withholding from our shareholders, as a result of the transactions contemplated by the Merger Agreement, and if we do not receive the Transaction Tax Ruling exempting the Indemnified TWC Parties from certain taxes we may be required to indemnify the Indemnified TWC Parties for such Israeli withholding tax liability.

Pursuant to the Merger Agreement we have filed an application to receive the Transaction Tax Ruling (which was bifurcated to three separate applications) from the Israel Tax Authority, which seeks to determine (i) that none of the Indemnified TWC Parties (as defined in the Merger Agreement) are subject to Israeli tax with respect to receipt of Ordinary Shares and/or Warrants, (ii) the tax treatment of the issuance of the Price Adjustment Shares and the Additional Dividend (as defined in the Merger Agreement) for Israeli Tax purposes and (iii) that the Capital Restructuring (as defined in the Merger Agreement) is not subject to Israeli withholding Tax. We received a signed ruling regarding the Capital Restructuring and the distribution of funds from the trust account to the Company, as well as a signed ruling regarding the Additional Dividend. We withdrew the ruling applications with regards to the tax treatment of the issuance of the Price Adjustment Shares and the exemption of the Indemnified TWC Parties from Israeli tax with respect to receipt of Ordinary Shares and/or Warrants.

We made an irrevocable written undertaking to fully indemnify and hold harmless (on a grossed up basis, to account for their related tax liability and for their Cellebrite holdings) the Indemnified TWC Parties from any Israeli tax actually incurred by such Indemnified TWC Parties which should have been exempted by the Transaction Tax Ruling (including from all costs and expenses, including reasonable attorney costs, associated with such tax, including in defending such matters). If an indemnification event will occur, our business results may be adversely affected.

General Risk Factors

Joint ventures, partnerships, and strategic alliances may have a material adverse effect on our business, results of operations and prospects.

We intend to continue to enter into joint ventures, partnerships, and strategic alliances as part of our long-term business strategy. Joint ventures, partnerships, strategic alliances, and other similar arrangements involve significant investments of both time and resources, and there can be no assurances that they will be successful. They may present significant challenges and risks, including that they may not advance our business strategy, we may get an unsatisfactory return on our investment or lose some or all of our investment, they may distract management and divert resources from our core business, they may expose us to unexpected liabilities, or we may choose a partner that does not cooperate as we expect them to and that fails to meet its obligations or that has economic, business, or legal interests or goals that are inconsistent with ours. For example, we partner with various resellers who coordinate the provision
46

of our solutions to the end customers. Also, for example, there is risk for termination of strategic or technology partnerships that complement or compose part of our DI offering; such terminations may impact our ability to successfully compete in the market. We believe these arrangements can offer strategic advantages, but they increase our dependence on third parties to achieve our objectives.
Entry into certain joint ventures, partnerships, or strategic alliances now or in the future may be subject to government regulation, including review by U.S. or foreign government entities related to foreign direct investment. If a joint venture or similar arrangement were subject to regulatory review, such regulatory review might limit our ability to enter into the desired strategic alliance and thus our ability to carry out our long-term business strategy.
As our joint ventures, partnerships, and strategic alliances come to an end or terminate, we have been, in some cases, unable to renew or replace them on comparable terms, or at all. Each of our agreements with resellers have terms of just one year, and so these agreements are frequently up for renewal or termination. When we enter into joint ventures, partnerships, and strategic alliances, our partners may be required to undertake some portion of sales, marketing, implementation solutions, engineering solutions, or software configuration that we would otherwise provide. In such cases, our partner may be less successful than we would have otherwise been absent the arrangement. In the event we enter into an arrangement with a particular partner, we may be less likely (or unable) to work with one or more direct competitors of our partner with which we would have worked absent the arrangement. We may have interests that are different from our joint venture partners and/or which may affect our ability to successfully collaborate with a given partner. Similarly, one or more of our partners in a joint venture, platform partnership, or strategic alliance may independently suffer a bankruptcy or other economic hardship that negatively affects its ability to continue as a going concern or successfully perform on its obligation under the arrangement. In addition, customer satisfaction with our solutions provided in connection with these arrangements may be less favorable than anticipated, negatively impacting anticipated revenue growth and results of operations of arrangements in question. Further, some of our strategic partners offer competing solutions or work with our competitors and some strategic partners have in the past and others may in the future be acquired by our competitors, resulting in the termination of the partnership. As a result of these and other factors, many of the companies with which we have joint ventures, partnerships, or strategic alliances may choose to pursue alternative technologies and develop alternative solutions in addition to or in lieu of our solutions, either on their own or in collaboration with others, including our competitors. If we are unsuccessful in establishing or maintaining our relationships with these partners, our ability to compete in a given marketplace or to grow our revenue would be impaired, and our results of operations may suffer. Even if we are successful in establishing and maintaining these relationships with our partners, we cannot assure you that these relationships will result in increased customer usage of our DI suite of solutions or increased revenue.
Further, winding down joint ventures, partnerships, or other strategic alliances can result in additional costs, litigation, and negative publicity. Any of these events could adversely affect our business, financial condition, results of operations, and growth prospects.

We may acquire or invest in companies and technologies, which may divert our management’s attention, and result in additional dilution to our shareholders. We may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions or investments.

As part of our business strategy, we have engaged in strategic transactions in the past and expect to evaluate and consider potential strategic transactions, including acquisitions of, or investments in, businesses, technologies, products, services and other assets in the future. While acquisitions made by us to date have thus far gone smoothly, these acquisitions or any future acquisition, investment or business
47

relationship may result in unforeseen risks, operating difficulties and expenditures, including but not limited to the following:
An acquisition may negatively affect our financial results because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to the acquisition;
Potential goodwill impairment charges related to acquisitions;
Costs and potential difficulties associated with the requirement to test and assimilate the internal control processes of the acquired business;
We may encounter difficulties or unforeseen expenditures assimilating or integrating the businesses, technologies, infrastructure, solutions, personnel, or operations of the acquired companies, particularly if the key personnel of the acquired company choose not to work for us or if we are unable to retain key personnel, if their technology is not easily adapted to work with ours, or if we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise;
We may not realize the expected benefits of the acquisition;
An acquisition may disrupt our ongoing business, divert resources, increase our expenses, and distract our management;
An acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company;
The potential impact on relationships with existing customers, vendors, and distributors as business partners as a result of acquiring another company or business that competes with or otherwise is incompatible with those existing relationships;
The potential that our due diligence of the acquired company or business does not identify significant problems or liabilities, or that we underestimate the costs and effects of identified liabilities;
Exposure to litigation or other claims in connection with, or inheritance of claims or litigation risk as a result of, an acquisition, including but not limited to claims from former employees, customers, or other third parties, which may differ from or be more significant than the risks our business faces;
We may encounter difficulties in, or may be unable to, successfully sell any acquired solutions;
An acquisition may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions;
An acquisition may require us to comply with additional laws and regulations, or to engage in substantial remediation efforts to cause the acquired company to comply with applicable laws or regulations, or result in liabilities resulting from the acquired company’s failure to comply with applicable laws or regulations;
Our use of cash to pay for an acquisition would limit other potential uses for our cash;
If we incur debt to fund such acquisition, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants; and
To the extent that we issue a significant amount of equity securities in connection with future acquisitions, existing shareholders may be diluted and earnings per share may decrease.
48

The occurrence of any of these risks could have a material adverse effect on our business, results of operations, and financial condition. Moreover, we cannot assure you that we would not be exposed to unknown liabilities.

Our international operations expose us to business, political and economic risks that could cause our operating results to suffer.

We intend to continue to make efforts to increase our international operations and anticipate that international sales will continue to account for a significant portion of our revenue. These international operations are subject to certain risks and costs, including the difficulty and expense of administering business and compliance abroad, differences in business practices, compliance with domestic and foreign laws (including without limitation domestic and international import and export laws and regulations and the U.S. Foreign Corrupt Practices Act (“FCPA”), including potential violations by acts of agents or other intermediaries), costs related to localizing solutions for foreign markets, costs related to translating and distributing software solutions in a timely manner, costs related to increased financial accounting and reporting burdens and complexities, longer sales and collection cycles for accounts receivables, failure of laws or courts to protect our intellectual property rights adequately, local competition, and economic or political instability and uncertainties, including inflation, recession, interest rate fluctuations and actual or anticipated military or geopolitical conflicts. In addition, regulatory limitations regarding the repatriation of earnings may adversely affect the transfer of cash earned from foreign operations.
Significant international sales may also expose us to greater risk from political and economic instability, unexpected changes in Israeli, U.S. or other governmental policies concerning import and export of goods and technology, regulatory requirements, tariffs and other trade barriers. Economic downturns and geopolitical challenges in the Americas, EMEA or certain other parts of the world critical to our operations could cause our customers in those locations to reevaluate decisions to purchase our solutions or to delay or reduce their technology purchasing decisions, which could adversely impact our results of operations. For instance, Russia’s invasion of Ukraine, and measures taken in response thereto have created global security concerns that could have a lasting adverse impact on regional and global economies, and in turn, on our customers’ decision to purchase our products. Further, due to geopolitical reasons and regulatory regimes, we stopped selling into Russia and Belarus in 2021, before the Ukraine invasion.
Additionally, international earnings may be subject to taxation by more than one jurisdiction, which may materially adversely affect our effective tax rate. Finally, international expansion may be difficult, time consuming, and costly. These risks and their potential impacts may be exacerbated by to prolonged economic uncertainties of downturns. As a result, if revenue from international operations do not offset the expenses of establishing and maintaining foreign operations, our business, operating results and financial condition will suffer.

Recent turmoil in the banking industry may negatively impact our business, results of operations and financial condition.
Actual events involving limited liquidity, defaults, non-performance or other adverse developments that affect financial institutions, other companies in the financial services industry or the financial services industry generally, or concerns or rumors about any events of these kinds or other similar risks, have in the past and may in the future lead to market-wide liquidity problems. For example, the March 2023 failures of Silicon Valley Bank (“SBV”) and Signature Bank (“SNY”), liquidity issues at Credit Suisse, government responses and resulting investor concerns regarding the U.S. or international financial systems could result in less favorable commercial financing terms, including higher interest rates or costs and tighter financial and operating covenants, or systemic limitations on access to credit and
49

liquidity sources, making it more difficult for us to acquire financing on acceptable terms or at all. Although Cellebrite did not have deposits at risk at any of the failed institutions, any material decline in available funding or our ability to access our cash and cash equivalents could adversely impact our ability to meet our operating expenses, have a material adverse effect on our financial condition, as well as our ability to continue to grow our operations.

If our goodwill or intangible assets become impaired, we may be required to record a significant charge to earnings.

We have acquired and may acquire other companies and intangible assets, and we may not realize all the economic benefit from those acquisitions, which could cause an impairment of goodwill or intangibles. We review our amortizable intangible assets for impairment when events or changes in circumstances indicate the carrying value may not be recoverable. We test goodwill for impairment at least annually. If such goodwill is deemed to be impaired, an impairment loss equal to the amount by which the carrying amount exceeds the fair value of the assets would be recognized. Events which might indicate impairment include, but are not limited to, declines in stock price market capitalization or cash flows, adverse cost factors, deteriorating financial performance, strategic decisions made in response to economic, market and competitive conditions, the impact of the economic environment on us and our customer base, and/or relevant events such as changes in management, key personnel, litigation or customers.
We may be required to record a significant charge in our financial statements during the period in which any impairment of our goodwill or intangible assets is determined, which would negatively affect our results of operations.

Our provision for income taxes and effective income tax rate may vary significantly and may adversely affect our results of operations and cash resources.

Significant judgment is required in determining our provision for income taxes. Various internal and external factors may have favorable or unfavorable effects on our future provision for income taxes, income taxes receivable, and our effective income tax rate. These factors include, but are not limited to, changes in tax laws, regulations and/or rates, results of audits by tax authorities, changing interpretations of existing tax laws or regulations, changes in estimates of prior years’ items, the impact of transactions we complete, future levels of research and development spending, changes in the valuation of our deferred tax assets and liabilities, transfer pricing adjustments, changes in the overall mix of income among the different jurisdictions in which we operate, and changes in overall levels of income before taxes. Furthermore, new accounting pronouncements or new interpretations of existing accounting pronouncements, and/or any internal restructuring initiatives we may implement from time to time to streamline our operations, can have a material impact on our effective income tax rate.
Tax examinations are often complex as tax authorities may disagree with the treatment of items reported by us and our transfer pricing methodology based upon our limited risk distributor model, the result of which could have a material adverse effect on our financial condition and results of operations. Although we believe our estimates are reasonable, the ultimate outcome with respect to the taxes we owe may differ from the amounts recorded in our financial statements, and this difference may materially affect our financial position and financial results in the period or periods for which such determination is made.

50

We are subject to anti-corruption, anti-bribery, and similar laws, and non-compliance with such laws can subject us to criminal penalties or significant fines, harm our reputation, and significantly adversely affect our business, financial condition, results of operations, and growth prospects.

We are or will be subject to anti-corruption, anti-bribery, anti-money laundering and financial and economic sanctions laws and regulations in various jurisdictions in which we conduct or in the future may conduct activities, including the FCPA, the U.K. Bribery Act 2010, and other domestic or foreign anti-corruption laws and regulations. The FCPA and the U.K. Bribery Act 2010 prohibit us and our officers, directors, employees and business partners acting on our behalf, including agents and intermediaries, from corruptly offering, promising, authorizing or providing anything of value to a “foreign official” for the purposes of influencing official decisions or obtaining or retaining business or otherwise obtaining favorable treatment. The FCPA also requires companies to make and keep books, records and accounts that accurately reflect transactions and dispositions of assets and to maintain a system of adequate internal accounting controls. The U.K. Bribery Act also prohibits non-governmental “commercial” bribery and soliciting or accepting bribes. A violation of these laws or regulations could materially adversely affect our business, results of operations, financial condition and reputation.
Non-compliance with anti-corruption, anti-bribery, anti-money laundering or financial and economic sanctions laws could subject us to whistleblower complaints, adverse media coverage, investigations, and severe administrative, civil and criminal penalties, collateral consequences, remedial measures and legal expenses, all of which could materially and adversely affect our business, results of operations, financial condition and reputation. In addition, changes in economic sanctions laws in the future could adversely impact our business and an investment in our securities.


Our pricing structures for our solutions may change from time to time.

In some cases we offer our solutions at a higher price point than many of our competitors, and this may change in the future. We expect that we may change our pricing model from time to time, including as a result of competition, global economic conditions, general reductions in our customers’ spending levels, pricing studies, or changes in how our solutions are broadly consumed. Similarly, as we introduce new solutions, or as a result of the evolution of our existing solutions, we may have difficulty determining the appropriate price structure for our solutions. In addition, as new and existing competitors introduce new solutions that compete with ours, or revise their pricing structures, we may be unable to attract new customers at the same price or based on the same pricing model as we have used historically. Moreover, as we continue to target selling our solutions to larger organizations, these larger organizations may demand substantial price concessions. In addition, we may need to change pricing policies to accommodate government pricing guidelines for our contracts with federal, state, local, and foreign governments and government agencies. If we are unable to modify or develop pricing models and strategies that are attractive to existing and prospective customers, while enabling us to significantly grow our sales and revenue relative to our associated costs and expenses in a reasonable period of time, our business, financial condition, and results of operations may be adversely impacted.

If we fail to maintain an effective system of internal controls, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
51


As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the listing standards of Nasdaq. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. We may also need to improve our internal control over financial reporting. Some members of our management team have limited or no experience managing a publicly traded company, interacting with public company investors, and complying with the increasingly complex laws pertaining to public companies, and we have limited accounting and financial reporting personnel and other resources with which to address our internal controls and related procedures, including complying with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act that we will eventually be required to include in our annual reports filed with the SEC. We may need to hire and successfully integrate additional accounting and financial staff with appropriate company experience and technical accounting knowledge. In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight.
Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, we may identify in the future deficiencies in our controls. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which could have a negative effect on the trading price of our securities. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on The Nasdaq Stock Market LLC.
Our independent registered public accounting firm is not required to attest to the effectiveness of our internal control over financial reporting until after we are no longer an “emerging growth company” as defined in the JOBS Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed, or operating. Any failure to maintain effective disclosure controls and internal control over financial reporting could have a material and adverse effect on our business and results of operations and could cause a decline in the price of our securities.

If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes appearing elsewhere in this Annual Report. We base our estimates on historical
52

experience and on various other assumptions that we believe to be reasonable under the circumstances, as discussed in “Part II, Item 5. Operating and Financial Review and Prospects—E. Critical Accounting Estimates.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses. Significant estimates and judgments involve: revenue recognition; contract acquisition costs; valuation of our ordinary shares, Price Adjustment Shares and share-based compensation; fair values of assets acquired and liabilities assumed in connection with the Merger; and income taxes. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the market price of our securities.

ITEM 4. INFORMATION ON THE COMPANY

A. HISTORY AND DEVELOPMENT OF THE COMPANY
We were incorporated on April 13, 1999 as a private limited liability company under the laws of the State of Israel. We are registered under the Israeli Companies Law as Cellebrite DI Ltd., and our registration number with the Israeli Registrar of Companies is 51-276657-7.
We are domiciled in Israel and our registered office is currently located at 94 Shlomo Shmelzer Road, Petah Tikva 4970602, Israel, which also currently serves as our principal executive offices, and our telephone number is +972-(73) 394-8000.
On April 8, 2021, we entered into the Merger with TWC, a publicly listed special purpose acquisition company and Merger Sub in the USA. On August 30, 2021, the Merger was consummated and Merger Sub merged with and into TWC, the separate corporate existence of Merger Sub ceased and TWC became the surviving corporation and a wholly-owned subsidiary of Cellebrite. The security holders of TWC became security holders of Cellebrite (the transactions consummated are referred to herein as the “Merger”).
Our capital expenditures amounted to $6.9 million, $5.1 million and $6.2 million during the fiscal years ended December 31, 2022, 2021 and 2020, respectively, primarily consisting of expenditures related to property and equipment. For information on the Company’s current capital expenditures, see “Part I, Item 5. Operating and Financial Review and Prospects—B. Liquidity and Capital Resources.

We are subject to certain of the informational filing requirements of the Exchange Act. Our SEC filings are available to you on the SEC’s website at www.sec.gov, which contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC (including, in our case, our annual reports on Form 20-F, our reports of foreign private issuer on Form 6-K, any amendments to these reports, as well as certain other SEC filings). We also make available on our website, free of charge, all such SEC filings as soon as reasonably practicable after they are electronically filed with or furnished to the SEC. Our website address is https://www.cellebrite.com. The references to the SEC’s and our website are inactive textual references only, and information contained therein or connected thereto is not incorporated into this Annual Report. Since we are a “foreign private issuer,” we and our officers, directors and principal shareholders are exempt from certain rules and regulations under the Exchange Act. For more information, see “Part I, Item 10. Additional Information—H. Documents on Display.”
B. BUSINESS OVERVIEW

Our Mission
53


Our mission is to support our customers in their efforts to protect and save lives, accelerate justice and preserve privacy in global communities.
Overview

Cellebrite is a leading provider of DI suite of solutions, comprising of software and services that we deliver to our customers for use in legally sanctioned investigations. Our approximately 7,000 customers are federal, state and local agencies as well as enterprise companies and service providers.
Our DI suite of solutions allows our customers to collect, review, analyze, and manage digital data across the investigative lifecycle. Our DI suite of solutions extracts digital data, delivers the data as digital evidence, and makes the evidence actionable. Our solutions are utilized in millions of investigations globally. Our solutions are used in a variety of cases including child exploitation, homicide, anti-terror, border control, sexual crimes, human trafficking, corporate security, intellectual property theft, and civil litigation. The cornerstones of our DI suite of solutions span across the entire investigation lifecycle. Our Collect & Review solutions enable first responders, examiners and investigators to accelerate the time required to develop actionable evidence by capturing and processing data from most types of digital sources with respect to legally sanctioned investigations. Our investigative analytics solutions help investigative teams obtain AI-based insights on fused data, delivered in a digestible manner. Our Investigation & Evidence Management solutions provide a centralized suite of solutions to manage the investigation workflow and data across investigative functions more efficiently, breaking down silos and enabling effective collaboration.
We modernize the entire investigation lifecycle for police departments, public defenders, armed services, legal and corporate security which leads to accelerated investigation speeds and increased crime clearance rates, which helps earn higher community confidence, and enables preservation of data privacy and protection of intellectual property and corporate assets. We offer customers tools that are designed to support efforts to comply with applicable data privacy rules, including limiting data extraction to the time of an investigation and enabling them to implement access management protocols so that data is only visible to users authorized by our customers. Because so much evidence originates from digital sources, digital evidence can be extremely important in bringing justice. For example, in a case investigated in late 2022, 50 Gigabytes of Child Sexual Abuse Material (CSAM) stored on Cloud Storage was obtained (backed by an appropriate search warrant) and reviewed by a customer through the use of Cellebrite solutions. The use of Cellebrite technology assisted the customer, a police department, in making an arrest. In another case, a violent felon was sentenced to a U.S federal prison for drug trafficking and gun crimes through the assistance of data retrieved by the government agency customer using the Cellebrite Collect & Review solutions. Searching for this digital evidence manually would have been much more time consuming and difficult in terms of locating the appropriate information. Without the digital intelligence tools of our solution suite, evidence of this criminal activity may never have been identified.
Digital data has changed the way cases are managed and prosecuted. Investigations may be slower and may not identify relevant materials without the right tools to collect, review, analyze and manage digital data sources. Without the right tools, collection and review of digital evidence is manual and lacks scalability. Investigative analytics of disparate data without use of artificial intelligence (“AI”) to fuse, enrich and classify evidence are unable to generate insights. This lack of insights results in investigation teams wasting time trying to dissect tangible insights from deep pools of data. Investigative management is restricted by compliance, governance, and regulation which force investigators into one-on-one communications and printing of files or utilization of thumb drives that are physically delivered by police. The resulting investigation process is ineffective and may introduce data privacy, security and
54

other risks. Due to these inefficiencies, the average investigation backlog is three months and crime clearance rates remain low1, resulting in significant amounts of criminals remaining on the streets.
We deliver a world class leading DI suite of software solutions to manage DI in legally sanctioned investigations. Our technology enables faster data collection, review, fusion and enrichment for smarter analysis. It provides the ability to manage and collaborate efficiently across different investigative functions.
Our Suite Of Solutions:
Collect & Review. Our Collect & Review solutions enable full or selective extraction of data from major types of digital sources, preservation, analysis and reporting of evidence which include but are not limited to smartphones, feature phones, tablets, computers, the cloud, open source information, GPS devices, memory sticks, drones, and call detail records (“CDRs”) as well as from other sources like the web, deep web and dark web with respect to legally sanctioned investigations. We decode and normalize the data enabling relevant stakeholders to review and validate relevant findings.
Investigative Analytics. Our Cellebrite Pathfinder enables intelligent analysis of data, supporting different crime types, different use cases and different personas, which helps lab practitioners, analysts, investigators, prosecutors and agency management gain insights in a digestible manner and solve the respective case. We fuse and enrich data from disparate sources related to a crime or incident and connect multiple types of evidence from multiple sources that cover the major dimensions of crime. For example, for a crime committed on a city street, our Pathfinder allows the relevant agency to bring together smartphone data, vehicle infotainment data, GPS devices data, license plate data from license plate recognition systems, CDRs from the cellular network and closed-circuit television footage from a nearby building, to provide more comprehensive investigation data on a “single pane of glass.”
Investigative Management Solutions. Our Cellebrite Guardian SaaS solution is a centralized management tool that allows our customers to store data securely in the cloud, optimize communications across teams, enable collaboration and save valuable time and resources. Our technology digitizes and optimizes the investigation process for investigative teams globally.
Our approximately 7,000 customers include approximately 5,300 federal, state and local agencies as well as approximately 1,700 corporations and service providers. Our go-to-market strategy is targeted and customized to fit each of our addressable markets, using a mix of direct sales force and resellers. We are focused on new customer acquisition as well as on expanding relationships with our existing customers, by focusing on introducing our full suite of solutions, expanding sales volumes, and cultivating new buying centers. We further seek to acquire new buying centers within our public sector accounts by targeting investigation departments’ decision makers who are accountable for more strategic, transformational implementations of modernized investigative workflows.

Industry Background

Public sector investigations substantially rely on traditional, manual processes and workflows, which are slow and typically conducted in silos. Law enforcement agencies often are challenged with the amount of cases involving digital evidence, the variety of digital sources as well as data types resulting with backlogs and low crime clearance rates.
The main challenges that public sector investigations and law enforcement agencies often face are further described below.

1 According to Statista’s database (https://www.statista.com/statistics/194200/crime-clearance-rate-in-cities-in-the-us/).
55

Evidence collection is inefficient. Collection of evidence is conducted at the individual level and lacks uniformity; it relies on independent and unaudited solutions which often times requires the printing of thousands of pages of hard copy documents and interacting with disparate, disjointed systems.

Data analysis is ineffective. Data and physical evidence are processed and analyzed by investigative teams through the physical review of printed and digital evidence, and managed on standard, unspecialized productivity tools that lack investigation mission-specific features. Data is stored on local hard drives, which have limited useful life and are complex to search. This results in slow and cumbersome first responses and a process which tends to be manual as well as error-prone and lacks integration.
No consistent solution for investigative management. Limited technology and resources contribute to frequent disconnection between teams and departments. The overload of information and lack of collaboration makes it difficult to bring effective justice to communities. Further, the lack of permissions and access control mean that the wrong team members may have access to private data.
Based on our 2022 Global Industry Trends Survey results, we believe that in the past decade, digital data has become an important source of evidence used to solve crimes. Cellebrite’s 2022 Global Industry Trends survey found that 63% of criminal cases include digital evidence as part of the investigation and that 66% of respondents agree that digital evidence has overtaken physical evidence in its significance to solving cases. Additionally, our customers responded that 81% of agency managers believe the likelihood of case closure grows when digital evidence is available. We also found that 74% of agency managers agree or strongly agree that prosecutors feel more confident when digital evidence is available. Of the investigators surveyed, 95% of them agree or strongly agree that digital evidence significantly increases case solvability. Our survey data consisted of results from approximately 2,000 respondents from 119 countries with respondents accessed via customer emails, online promotions and social media. Survey data included information from investigators, forensic examiners, prosecutors and agency management. Smartphones contain emails, communications, apps, and geographic data, as well as pictures and video content. Laptops and desktops contain files, emails and web browsing history. GPS devices, drones, and secure digital (“SD”) cards capture unique, actionable data. Vehicle infotainment systems contain driving routes, location and communication data. Social media, web storage and web mail contain media, files, and communication data.

Cellebrite believes that these investigation problems are also prevalent in the private sector. Based on our experience, pain points exist across many use cases including eDiscovery and internal investigations in enterprise corporations, and service providers that provide critical solutions for litigation support, corporate investigations, security, and compliance. Intellectual property protection remains a concern for companies of all sizes. Moreover, eDiscovery plays an important role in litigation. Separately, behavior of employees on corporate networks and digital devices remains a top focus for enterprise security and compliance teams. Cellebrite’s 2023 Global Enterprise Solutions Industry Trends survey found 70% of eDiscovery professionals say accessing data from offsite mobile devices is a major endpoint collection problem, 63% of eDiscovery professional say accessing data from WhatsApp, WeChat and Telegram is a major endpoint collection problem and 56% of eDiscovery professionals say collecting data from employees working remotely is a major endpoint collection problem The data was gathered from 550 eDiscovery professionals and corporate investigators in 45 countries,

Over time, we have observed the following three trends in private sector DI:

Remote collection. Remote collection is a growing customer pain point, mainly for mid-to-large size enterprises. Due to COVID-19, beginning in March 2020, enterprises experienced a massive shift of people towards working from home. Historically, collections were carried out on site and involved travel of expert teams. COVID-19 safety and health measures changed this reality and created a need for remote collection capabilities.
56

Advanced processing and analytics. Traditional digital data review is labor intensive and expensive for investigative units. It is being replaced by advanced processing and investigative analytics. In addition, judges want to get the relevant data quicker. Early case assessment has become more necessary to provide more focused, relevant and narrow results in the review phase.
In-house investigations. Large corporations are more likely to handle investigations in house rather than hiring third party investigators and need to be equipped with tools to collect, review, analyze and manage data with respect to legally sanctioned investigations.
The Cellebrite DI Suite of Solutions

Our solutions help organizations collect, review, analyze, and manage digital data and processes across the entire investigation lifecycle with an end-to-end DI suite of solutions transforming investigative workflows and helps our customers create a safer world with respect to legally sanctioned investigations.

Collect & Review

Digital evidence can be the most important source of information in modern investigations. However, access to data is a significant barrier. Cellebrite’s Universal Forensic Extraction Device (“UFED”) has become a market leader in investigations based on its level of customer penetration. Cellebrite UFED is used by approximately 5,300 public sector and 1,700 private sector customers representing the largest installed base of Collect & Review tools in the DI space. UFED enables collecting, decoding and preserving data with respect to legally sanctioned investigations from over 31,000 different digital device profiles. UFED addresses problems in accessing digital information including complicated device locks, encryption barriers, deleted and unknown content and other obstacles that can prevent critical evidence from coming to light. It is the tool of choice for approximately 40,000 individuals. Key features of UFED include:
Unlocking devices with pattern, password or PIN locks and overcoming encryption challenges quickly on Android and iOS devices.
Providing access to data by performing logical, file system and physical extractions.
Unsurpassed recovery methods through exclusive bootloaders, automatic EDL (Emergency Download) capabilities, smart ADB (Android Debugging Bridge) and more.
Supports the broadest range of devices including mobile phones, tablets, drones, SIM cards, SD cards, GPS devices and others.
Our Collect & Review includes a multitude of solutions, other than the UFED, such as:
Premium is an industry leading advanced access solution, providing unlock and extract capabilities for most iOS and the leading Android devices. Premium has become a prominent solution among public safety customers, providing lawful access to locked and encrypted devices. The solution provides deep access to devices and data that are not available in alternative solutions.
Premium Enterprise is our Premium product tailored for extended use by multiple teams and individuals in large and geographically distributed public safety customers, by enabling end units to consume advanced access capabilities remotely.
Physical Analyzer helps decrypt, decode, review, analyze and validate digital data quickly from mobile devices, computers, GPS devices and more. It also generates court-ready reports.
57

Inspector provides comprehensive analysis of Windows and Mac devices, including decoding of computer volumes, advanced search, filtering and reporting.
Endpoint Inspector is a cloud first remote collection solution for computer and mobile devices, enabling corporations to securely access, review and analyze remote computers whether the employees are on or off the corporate network.
UFED Cloud extracts, preserves and analyzes cloud-based content from the public and private-domain, such as social media data, instant messaging, file storage, web mail, and web pages.
Frontliner is a mobile application that empowers field officers to selectively collect digital evidence at the scene, helping solve cases faster by capturing incident written details as well as photos, video and audio.
Responder is a simplified software solution that provides real time data extraction for investigative field teams on a wide range of digital devices.
Seeker creates seamless workflow for managing video evidence including extracting various formats and providing visual analysis tools to process and review long recordings.
Digital Collector is a forensic imaging solution that performs triage, live data acquisition, targeted data collection for Windows and Mac computers.
Reader is an intuitive DI report viewer targeting investigators and prosecutors as they review and prepare material for court. It allows customization and generation of multiple report formats.
Investigative Analytics

With a growing variety of digital devices and cloud sources producing volumes of highly valuable data, investigative teams need intuitive tools to leverage critical sources of information when resources and time are limited.
The Cellebrite Pathfinder helps investigators reach conclusions faster through automated data ingestion, normalization, consolidation, and visualization of a suspects’ journey across their complete digital signature. Pathfinder eliminates time-consuming and manual review of digital data. It is a force multiplier that uses AI and machine learning (“ML”) algorithms to automatically surface formative leads and actionable insights from every bit and byte of digital data during the early hours of an investigation.
A variety of personnel work together on resolving cases, from the examiner in the lab to the analyst and investigator which can result in faster investigative conclusions. The Cellebrite Pathfinder can be used by individuals, teams and the entire investigations organization.
Cellebrite also offers CryptoCurrency Investigative Solutions which analyze blockchain transactions together with related data from an extensive list of sources to identify and categorize wallets and transactions.
Additionally, Cellebrite offers the OSINT Investigate solution, used to search, resolve and enrich identifiers in open sources.

Investigative Management
58


Agencies are expanding extraction capabilities in the lab and in the field in response to the growing volumes, complexity and importance of digital evidence. This requires better ways to oversee how DI solutions are deployed and utilized.
The Cellebrite Guardian is a cloud-based digital investigative data and evidence management SaaS solution that allows users to manage, store, share and review investigative data and evidence from intake to creation of a final report. The Cellebrite Guardian key features include:
Secure management of all types of evidence - no matter the source - in one comprehensive system.
Advanced report generation.
Instant, auditable evidence & report sharing with user and permission control.
Customizable cloud-based system.

The Commander enables collaboration across investigation functions to reduce manual processes. It centrally manages deployed licenses, permissions and access control. Key features are as follows:
Enables software version control across users.
Provides dashboards and end-to-end visibility for investigation stakeholders.
Provides standard operating procedure (“SOP”) enforcement.

Services

Cellebrite Services helps organizations adopt and utilize DI technologies to evolve investigative workflow processes and connects between solution acquisition, deployment and a successful operation.
Our team of experts supports organizations to enable success at every stage of adopting new digital intelligence technology - from integration through implementation and ongoing optimization.
Our main Services Offering:
Training Academy – Backed with years of hands-on experience, the Cellebrite team of trainers delivers training and certification programs to investigation practitioners, setting the industry standard for ongoing development and education.
Advanced Services – Cellebrite’s expert team serves as an extension to customer digital forensics lab teams, providing advanced services in Cellebrite’s Global Lab facilities, as well as outsourcing capabilities to help organizations deal with technological and operational workload.

Private Sector

In the private sector, our solutions are available to corporations, service providers and law firms with respect to legally sanctioned investigations. Our solutions help identify, process and protect data and information for purposes of litigation support, internal investigations, compliance and corporate security in cases like eDiscovery collection, Corporate Investigation and Incident Response.

Our combined mobile, computer and cloud expertise serves as a force multiplier to expand our market presence and acquire new customers in the enterprise environment. Since March 2020, COVID-19 protocols have forced many employees to work remotely, but the need to access data held on employee
59

devices has not changed. As many customers and potential customers did not fully return to office work, we have seen an increase in use cases for remote collection needs, as customers cope with fully or partially remote workforce.

Competitive Strengths

Entrenched install base
As of December 31, 2022, we had approximately 7,000 customers in total and according to our estimates, approximately 54% share of the Mobile Forensics Collect & Review public market today, which allows us an opportunity to introduce new solutions, such as our investigative analytics and management software solutions into our solid install base of Collect & Review customers.
The value of the install base is supported by the near zero percent gross churn among strategic accounts and our 130% recurring revenue dollar-based net retention rate among our install base, as of December 31, 2022.
Our tools have become core to agency workflows, as a result, we have many long term customers who recommend our solutions to other agencies as well as examiners, investigators and analysts who bring our solutions to new agencies when transferring employment.
Deep vertical expertise
We have over 10 years of experience developing and refining our DI suite of solutions.
Our employees’ expertise builds upon their years of experience in working for government agencies. More specifically, approximately 9% of our employees have previously worked for police, military or intelligence agencies.
Our extensive industry knowledge and expertise enables us to understand our customers’ requirements to solve their most painful challenges. The solutions we provide enable our customers to quickly access and analyze digital data then package and share the data in a manner that can be used effectively as digital evidence in legally sanctioned investigations.
Strength of DI Suite of Solutions
We have a combination of technology and suite of solutions that allow customers to successfully manage the investigative workflow in a digital era. Globally, agencies have adopted our DI suite of solutions to strengthen their investigative approach and promote digital transformation within their teams.
We provide an end-to-end DI suite of solutions, purpose-built for the entire digital investigation lifecycle. Our proprietary world-class technology overcomes encryption and bypasses locked devices for digital evidence collection with respect to legally sanctioned investigations. Our AI-based investigative analytics solution fuses, categorizes and enriches data to streamline the investigation and help investigators solve crime faster than when using traditional means. Our centralized investigative management tool - the Guardian - enables effective collaboration across investigation teams.
We have broad support for over 31,000 physical and virtual device profiles across mobile, laptop, computers, memory containers, applications, CDRs, etc. Today, the velocity of software updates creates a significant barrier for new entrants to the market. Our best-in-class research and development team runs a disciplined software update
60

protocol which delivers updated Cellebrite software within sometimes as little as days of major operating system update releases.
Global investigation standard
Our collect, review, analyze, and manage solutions produce high quality, digestible reports that have become a standard in digital forensic investigations and legal processes with respect to legally sanctioned investigations.
Our reports are accepted in court systems globally, as evidenced by their use across hundreds of thousands of trials. By the end of 2022, approximately 52,800 certifications were earned through our training department.
Given these competitive strengths, we believe we are well positioned to provide the end-to-end investigative suite of solutions to public sector agencies.


Expansion within the existing customer base in the public sector

Through our go-to-market, we land customer relationships with Collect & Review solutions like UFED. We have a proven track record of cross-selling additional solutions into our customer base. This is evidenced by our 130% recurring revenue dollar-based net retention rate as of December 31, 2022, in addition to the increase in the proportion of our largest customers using four or more solutions. We believe this reflects the substantial potential for growth within our existing customer base.

Innovative new solutions

We plan to develop future solutions to capture additional revenue opportunities within our customer base and with new customers. With over a decade of investigative analytics experience, we are building a broader family of investigative analytics solutions that apply to new use cases and accelerate the investigation process. In development are the next stages of management solutions built to optimize workflows in investigations.

Subscription and Cloud/SaaS

Subscription licenses comprised 80% and 74% of our revenue for the year ended December 31, 2022 and December 31, 2021, respectively and we plan to continuously increase our subscription business year over year. We see gradually increasing demand from the market for SaaS and in the next five years we anticipate extending our DI suite of solutions with new SaaS offerings, some of which may include AI/ML technology.
Private sector growth and transition of enterprise solutions

We are investing in introducing new enterprise customers, expanding within existing enterprise customers, and growing annual revenue per customer (“ARPC”) among our private sector customers. Historically, the private sector has utilized our solutions for eDiscovery through our Collect & Review solutions like UFED and Inspector. Our research shows there is a need beyond Collect & Review for processing and early case assessment. We will continue to address customer pain points and promote new use cases, which include:
61

The growing need for remote collection of Electronically Stored Information (ESI) introducing the first combined remote mobile and computer collection solution.
Investigation of the possible infringement of patents at large pharmaceutical companies.
Resolution of corporate security incidents in large corporations.
Investigation of possible IP theft within retail and manufacturing industries.

Selective strategic acquisitions

We maintain a disciplined approach to strategic tuck-in and bolt-on acquisitions that complement our technology and accelerate time to market. We utilize strategic acquisitions to expand our addressable market, accelerate revenue growth, broaden customer base and deepen existing customer relationships, and allow accelerated growth of our subscription and SaaS business.


Customers
We primarily sell to global government agencies, many of which help protect and save lives, accelerate justice and preserve privacy in global communities. We also sell to corporations in the private sector. Our customers often start with one of our solutions, for example UFED, and increase their expenditures on additional solutions over time as value is realized, which we believe demonstrates customers’ loyalty.
Our customers fall into one of three categories: strategic public, prime public and private sector.
Strategic public accounts are government agencies with capacity for larger annual contract values and represent approximately 250 to 300 customers today. These are large federal agencies and large state and city agencies that have the potential to generate over $1,000,000 in revenue over a three-year period.
Prime public accounts are typically small to mid-size agencies such as state or local agencies. Mid-sized prime public accounts have the potential to become strategic public accounts.
Private accounts are typically large corporations, service providers, academic organizations and law firms.
As of December 31, 2022, our total customers were approximately 7,000. No organization accounted for more than 5% of 2022 revenue. Our top 25 customers accounted for 24% of total 2022 revenue.

Go-to-market

We target government agencies, including, in the U.S., federal, state and local agencies as well as enterprise companies and service providers. Over time, we see more public agency budgets being diverted to DI to make digital investigations more effective and efficient, in support of public safety efforts.
We utilize a combination of direct sales force and resellers to reach customers. Strategic account executives and prime account representatives manage materially all of the customer relationships directly. We often sell to decision makers in public safety, which often include the chief of investigations or the head of investigations and intelligence or the head of the lab. In smaller prime accounts we sell to digital forensics labs, experts as well as police chiefs. In the private sector, we mainly sell to internal security or investigation groups or eDiscovery groups within enterprises and to service providers. For our reseller
62

operations, we often utilize resellers for government agency procurement where direct sales opportunities do not exist or where the government requires local vendors due to local restrictions. We calibrate our sales and marketing activities based upon the size of the customer and whether the opportunity is to engage an existing customer or a new customer. Our top strategic accounts have dedicated Cellebrite account executives, while other, prime accounts are managed by a sales manager or inside sales representative. Account executives are focused on expanding relationships with our top customers, and on customers’ new buying centers. Sales managers and inside sales representatives are focused on expanding the sales volume with public sector prime accounts while our account representatives in the private sector are focused on new customer acquisition and expanding sales volume within existing accounts.
For existing customers, we highlight the value we bring to them currently while introducing the value and advantages they can derive from using additional or new solutions in our portfolio. We provide educational and awareness vehicles that drive greater understanding of how to maximize existing Cellebrite tools and solutions utilizing relevant channels such as our online customer community and vehicles like our in-person and virtual workshops, our ‘Capture the Flag’ contests, our ‘I Beg to DFIR’ webinars and our “Ask the Expert” video and webinar series. We continue to engage our customers in a shared vision of achieving their desired outcomes through our technology and services while introducing ancillary solutions that enhance and expand their current capabilities with our technology utilizing self-selection and assessment tools such as the DI Readiness Navigator and interactive case studies delivered virtually or in-person through our Cellebrite Envisioning Centers. We continue to provide relevant thought leadership content that highlights feedback and input from experts and their peers around “what’s now and what’s next” in digital transformation that could be used to improve and accelerate their investigative workflow.
For new customers, Cellebrite leverages channel and content mixes to target specific needs and interests through focused methodologies and tactics. Typically, we utilize a layered approach with each channel and the corresponding messaging that build on and complement one another, resulting in a demand offer that is meant to be compelling and relevant to their needs. We also measure the impact and performance of these efforts and make adjustments accordingly, including whether to channel, content, message and/or offer.
Cellebrite conducts a fairly low volume of its business via e-commerce, and our e-commerce system is available only to customers who have a valid license to use Cellebrite’s solutions. For more information regarding our e-commerce system, see – “Part I, Item 3. Key Information —D. Risk Factors Risks Related to Cellebrite’s Business and Industry We conduct a fairly low volume of our business via e-commerce, which may result in the purchase process being more difficult for customers compared to other businesses

For a breakdown of our revenues by geography, see Note 16 to our consolidated financial statements in “Part III, Item 18. Financial Information.
Competition
We primarily compete with point solutions across functions and markets. Some competitors have a specialty in investigations, while others are primarily analytics tools; however, consolidation in the industry has led to competitors providing a broader range of solutions.
In public safety, we compete with government independent software providers such as: Exterro, Harris (i2), GrayShift, Magnet Forensics, Motorola, MSAB, NICE, Nuix, and OpenText. In the public sector, decision making is a result of a discovered need, the relationship, brand equity, the quality of the solution provided and the perceived level of service. Digital transformation processes are typically driven by senior leaders of an agency and require broader alignment and longer cycles for budget allocation.
63

Demand for extension of existing solutions may either come from operational level or from agency leaders and is typically a shorter cycle.
In the private sector, we compete with vertical software providers such as: Exterro, Magnet Forensics, Nuix, and OpenText. Private sector service providers are typically return-on-investment driven and will decide to acquire our solutions when there is a financial justification for the investment. The drivers for enterprise customers are: operational readiness, compliance, prevention and mitigation of incidents and improving existing operation by introducing effective solutions.
Our competitors offer products similar to our Collect & Review solutions generally with diversified capabilities and different price points. Some customers have decided to purchase both our solutions and a competitor’s products for verification purposes. However, these customers may later decide to terminate their use of a second product, potentially ours, depending on how they perceive our product, its pricing and capabilities, compared to that of our competitors’. Our Investigative Analytics solutions, such as Cellebrite Pathfinder, currently face relatively limited competition, although we believe this could change in the future as the increase in data volumes attract analytics-driven competitors. Our main Investigation & Evidence Management solution, Guardian, addresses a growing trend to manage digital evidence in a SaaS delivery model. Our OSINT Investigate solution is introduced to a business segment with a low barrier of entry and several existing competitors, while each provide some specific expertise. OSINT Investigate’s market is shared with several different companies, with no significant company dominating the market.

License Terms

The license to use our products is granted to customers on a non-transferable, subscription basis usually for an authorized number of users. The license contains customary undertakings from customers and additionally requires them not to use the software in violation of applicable laws (including laws with respect to privacy and other human rights and the rights of individuals), any human rights standards and best practices including internationally recognized human rights instruments, such as the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and the International Labor Organization Declaration on Fundamental Principles and Rights at work, or in support of any illegal activity or to violate the rights of any third party. We may terminate any license, among other things, in the event of a material breach that is not cured after 30 days’ notice. In addition, we may disable the use of our software, among other things, if it is determined that our products were used in violation of the license or applicable laws.
Regulations
We are subject to, and are required to comply with applicable laws and regulations on import and export controls, sanctions, privacy, data protection and employment, among others, in territories the company operates and sells its solutions.

Sanctions and Export Controls

We are subject to Israeli regulations controlling the export of encryption technology. The Wassenaar Arrangement is a multilateral export control regime with 42 participating states. Although Israel is not a party to the Wassenaar Arrangement, it has adopted the Wassenaar Arrangement List of Dual Use Goods and Technologies and the goods and technologies listed therein are subject to Israeli export control laws and regulations. However, cryptography that is subject to Israeli encryption control laws is not regulated under the Israeli export control regime, even where its capabilities would otherwise
64

place such cryptography within Part 2 of Chapter 5 of the Wassenaar Arrangement Dual Use List which relates to Information Security. Israeli law instead subjects such cryptography goods and technologies to its own encryption control regime, which includes export restrictions. Certain of our products are therefore currently subject to the Israeli encryption control regime and not to the Israeli export control laws vis-à-vis the Wassenaar Arrangement. Our export license under the Israeli encryption control regime prohibit us from exporting our controlled products to customers in certain countries and require us to obtain the consent of the Ministry of Defense to export controlled products to customers in certain other countries. We understand that these restrictions are based, among other things, on both considerations of national security and the Israeli government’s assessment of the human rights record of the country in question.
In 2016, the Israeli Ministry of Defense published draft regulations proposing to cancel the existing encryption control regime and to bring Part 2 of Chapter 5 of the Wassenaar Arrangement into full force and effect in its place. In recent months, this effort was renewed and the regulator stated publicly its intention to advance this reform imminently. Section 5A(4)(b) of Part 2 of Chapter 5 of the Wassenaar Arrangement Dual Use List includes a new provision which (while not specifically stating) appears to apply to digital forensic technologies. If the reform will take place and the revised laws and regulations will come into effect, our solutions will become subject to the Wassenaar Arrangement dual use list as adopted by the State of Israel, and will likely be controlled under the Israeli Defense Export Control Law, 5767-2007 or the Import and Export Order (Export Control over Dual Use Goods, Services and Technology), 5766-2006, depending on the nature of the customer. For example, under the Defense Export Control Law, an Israeli company may not conduct “defense marketing activity” without a defense marketing license from the Israeli Ministry of Defense and, subject to certain marketing license exceptions, is subject to a licensing requirement from the Israeli Ministry of Defense for any export of controlled defense goods, services and/or know-how. The definition of defense marketing activity is broad and includes any marketing of “defense equipment, services and/or know-how” outside of Israel or to a non-Israeli (including within Israel) regarding controlled dual-use equipment, services and/or know-how. If this occurs and if we determine that this provision applies to some or all of our products, we may need to adapt our licensing, marketing and export practices to accommodate this regulatory change.
Various other countries in which we operate also regulate the import of certain encryption solutions and technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our solutions or could limit our customers’ ability to implement our solutions in those countries.
Currently, some of our solutions are not subject to any export control laws. However, many countries where we operate update their export control laws and lists on a regular basis and, therefore, it is possible that some of these non-controlled solutions will become controlled. Such change in controls could limit our or our resellers’ ability to distribute these solutions or limit our customers’ ability to use these solutions.
Our activities may be subject to certain economic sanctions laws including the laws of the State of Israel and the United States, and we have adopted policies to ensure we remain compliant with such applicable regimes, laws and regulations. In addition, we have adopted policies and procedures to restrict sales in certain additional countries and to designated entities and individuals.
Even if we operate in full compliance with Israeli, US and other applicable laws, unlawful uses of our products by our clients, despite the risk mitigation mechanisms we have put in place to prevent this, may nevertheless occur and result in the designation of our company under sanctions lists.

Data Privacy
65


Our products are mostly used as an on-premise solution and are generally operated by our customers without our involvement. Nevertheless, our service operators occasionally have brief and limited access to customer data, including PII, when they receive calls for technical support. In addition, we may extract files containing customer data, including PII, in connection with the provision of our Advanced Services in which we serve as an outsourced lab for the extraction of data from devices that are sent to us by our customers. In both of those situations, we do not access or view customer data, maintain such data securely with limited access, and delete all such data following confirmation that the data has been received by the customer. As a result, for the purposes of the GDPR and the UK equivalent legislation, we are not considered to be a controller and serve as a processor in a number of circumstances, within the meaning of those terms under applicable data privacy laws.
Given the global nature of our operations, we are subject to a variety of local, state, national, and international laws and directives and regulations in the United States and abroad related to privacy and data protection, data security, data storage, retention, transfer and deletion, technology protection, and personal information.
The United States subjects companies to Federal and state laws and regulations regarding privacy and information security. California also recently enacted legislation, the CCPA, and follow-on legislation in the CPRA, which provides for civil penalties for violations, as well as a private right of action for data breaches that may increase data breach litigation Additionally, Colorado adopted the Colorado Privacy Act (“CPA”) in June 2021 and it will become effective on July 1, 2023. Utah also adopted the Utah Consumer Privacy Act (“UCPA”) in March 2022 and that will become effective December 31, 2023. Likewise, Connecticut enacted the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”) in May 2022 and most of which will become effective July 1, 2023. We expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection and information security in the United States and other jurisdictions.
Outside of the United States, virtually every jurisdiction in which we operate has established its own legal framework relating to privacy, data protection, and information security matters with which we and/or our customers must comply. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, retention, disclosure, security, transfer, and other processing of data that identifies or may be used to identify or locate an individual. Some countries and regions have passed legislation that imposes significant obligations in connection with privacy, data protection, and information security, including the GDPR which became effective on May 25, 2018. We are required to comply with the GDPR and, following the exit of the UK from the EU, the UK equivalent, the implementation of which exposes us to two parallel data protection regimes in Europe, each of which impose several stringent requirements for controllers and processors of personal data and could make it more difficult to and/or more costly for us to collect, store, use, transmit and process personal and sensitive data. Non-compliance with the GDPR and the UK equivalent legislation may result in administrative fines or monetary penalties of up to 4% of worldwide annual revenue in the preceding financial year or €20 million (whichever is higher) for the most serious infringements, and could result in proceedings against us by governmental entities or other related parties and may otherwise adversely impact our business, financial condition, and results of operations.
Our operations also are subject to various laws and regulations governing the occupational health and safety of our employees and wage regulations, in each of the respective jurisdictions that we operate.
Intellectual Property

Our DI suite of solutions is based on proprietary software and related intellectual property rights. We rely on a combination of copyright, trademark and trade secret laws, as well as certain contractual provisions to establish, maintain, protect and enforce our intellectual property and other proprietary rights,
66

including those relating to our technology and solutions. In addition, we license technology from third parties that is integrated into some of our solutions.
We own a number of registered trademarks, including “Cellebrite,” “UFED” and other pending applications. Cellebrite also owns a number of domain names, including http://www.cellebrite.com.
Recent Acquisitions
Not applicable.
Legal Proceedings

C. ORGANIZATIONAL STRUCTURE

The Company was incorporated on April 13, 1999 under Israeli Law and has subsidiaries in the United States, Germany, Singapore, Australia, Brazil, United Kingdom, France, Canada, Japan and India, which are listed below:

SUBSIDIARIES OF CELLEBRITE DI LTD.
Name of SubsidiaryJurisdiction of Organization
Cellebrite Inc.U.S. (Delaware)
Cellebrite GmbHGermany
Cellebrite Asia Pacific Pte Ltd.Singapore
Cellebrite Soluções de Inteligência Digital LtdaBrazil
Cellebrite Digital Intelligence Solutions Private LimitedIndia
Cellebrite UK LimitedUnited Kingdom
Cellebrite Canada Mobile Data Solutions Ltd.Canada
Cellebrite France SASFrance
Cellebrite Japan K.K.Japan
Cellebrite Australia PTY LimitedAustralia
BlackBag Technologies, Inc.U.S. (Delaware)
Cellebrite digital Intelligence LP
U.S. (Delaware)
Cellebrite Saferworld, Inc.
U.S. (Delaware)

All subsidiaries are 100% owned by Cellebrite DI Ltd., except: Cellebrite Canada Mobile Data Solutions Ltd., which is 100% owned by Cellebrite UK Limited, BlackBag Technologies. Inc. which is 100% owned by Cellebrite Inc. and Cellebrite Digital Intelligence LP which is 99% owned by Cellebrite DI Ltd., and 1% owned by Cellebrite Inc.

D. PROPERTY, PLANTS AND EQUIPMENT
67

Our main offices are currently located in a 6,386 square meter facility that we lease in Petah-Tikva, Israel, where the premises are used for all aspects of our operations (except for our factory). Our lease for this facility initially expired on December 11, 2007 and was extended until May 15, 2026. We also lease a 1,445 square meters office space in Kiryat Malachi, Israel where the premises are used for our hardware factory. Our lease for this facility initially expired in June 7, 2018 and was extended until February 28, 2031.

In addition, we have offices in the following locations: Vienna, Virginia; Parsippany, New Jersey; Ottawa, Canada; Singapore; India; Canberra, Australia; Tokyo, Japan; Sao Paulo, Brazil; London, UK; Munich, Germany and Tel Aviv, Israel. Our offices support functions across sales and marketing, services, research and development, and operations and administration.

ITEM 4A. UNRESOLVED STAFF COMMENTS
Not applicable.

ITEM 5. OPERATING AND FINANCIAL REVIEW AND PROSPECTS

A.    OPERATING RESULTS

This operating and financial review should be read together with the section captioned “Selected Financial Data,” “Part I, Item 4, Information on the Company—B. Business Overview” and our consolidated financial statements and the related notes to those statements prepared in accordance with U.S. GAAP and included elsewhere in this Annual Report. Among other things, those financial statements include more detailed information regarding the basis of preparation for the following information. This discussion contains forward-looking statements that involve risks and uncertainties. As a result of many factors, such as those set forth under “Part I, Item 3.D. Risk Factors” and elsewhere in this Annual Report, our actual results may differ materially from those anticipated in these forward-looking statements. Please see “Special Note About Forward-Looking Statements and Risk Factor Summary” in this Annual Report.

Overview
Cellebrite is a leading provider of DI solutions, delivering a suite of software and services for legally sanctioned investigations. Our mission is to support our customers in their efforts to protect and save lives, accelerate justice and preserve privacy in global communities. Our DI suite of solutions allows our customers to collect, review, analyze, and manage digital data across the investigative lifecycle. Our DI suite of solutions extracts digital data, delivers the data as digital evidence, and makes the evidence actionable. As of the date of this Annual Report, our solutions were utilized in millions of investigations globally. Our solutions are used in a variety of cases including child exploitation, homicide, anti-terror, border control, sexual crimes, human trafficking, corporate security, and civil litigation. For more information, see “Part I, Item 4. Information on the Company — B. Business Overview.”

Our revenue was $270.7 million and $246.2 million for the years ended December 31, 2022 and 2021, respectively, representing a year-over-year increase of 10%. The increase in revenue period over
68

period was driven by the following: (i) continued sales to existing customer base; and (ii) continuous adoption of our entire portfolio of offering.
Net income of $120.8 million and $71.4 million was incurred for the years ended December 31, 2022 and 2021, respectively, representing a period-over-period increase of $49.4 million. This growth primarily reflects the impact of the financial income from presenting the Company’s Warrants, Restricted Sponsor shares liability and Price adjustment shares liability at their fair value. Our Adjusted EBITDA for the years ended December 31, 2022 and 2021 was $25.9 million and $47.9 million, respectively and reflects the company’s investments in its Research and Development and Go To Market activities.

Acquisitions

Investments

On June 17, 2019, IGP Saferworld Limited Partnership (“IGP”), an investment vehicle of IGP Capital, a venture capital firm based in Israel, invested $110 million in exchange for Cellebrite Preferred Shares, representing 24.4% of Cellebrite’s outstanding ordinary and Preferred Shares at the time of the investment. Following the transaction, IGP appointed two directors to our board of directors. The investment agreement also defines certain exit events that IGP can enforce on the shareholders. At the closing of the Merger Agreement in August 2021 as described below, IGP’s Cellebrite Preferred Shares were converted into Ordinary Shares. At the closing, IGP also waived its right to receive payment of the accrued preferred dividend and the right to appoint a total of two directors to our board of directors. Following the closing, IGP appointed one director to our board of directors.

Merger

On April 8, 2021, TWC, Cellebrite and Merger Sub entered into the Merger Agreement providing for, upon the terms and subject to the conditions thereof, the Merger between TWC and Cellebrite pursuant to which, among other things, Merger Sub merged with and into TWC at the Effective Time (as defined in the Business Combination Agreement), with TWC continuing as the surviving entity and as a wholly-owned subsidiary of Cellebrite. The Merger closed on August 30, 2021. The Merger was accounted for as a recapitalization, with no goodwill or other intangible assets recorded, in accordance with U.S. GAAP. Under this method of accounting, Cellebrite has been determined to be the accounting acquirer. The combined entity is the successor SEC registrant, meaning that Cellebrite’s financial statements for previous periods will be disclosed in the registrant’s future periodic reports filed with the SEC.
As a consequence of the Merger, the Ordinary Shares are registered under the Exchange Act and listed on Nasdaq, and we were required to hire additional personnel and implement procedures and processes to address public company regulatory requirements and customary practices. We have incurred, and expect to incur, additional annual expenses as a public company for, among other things, directors’ and officers’ liability and board of directors related expenses.

Coronavirus (COVID-19) Impact
In mid-March 2020, as a result of the COVID-19 pandemic, we moved our operations from our offices to a remote model, allowing employees to work from their homes. We were well prepared to implement a remote working schedule and our logistics continued operating with no substantial impact on
69

deliveries to customers. Due to COVID-19, most of the communication with customers has been done remotely since 2020 and most of 2021. Yet, by leveraging our global presence, we have continued our sales activities in our main markets with the local sales teams, subject only to the local restrictions and not to global travel limitations. During that period, marketing activities were shifted from on-site events to virtual activities. The only offering which was substantially negatively impacted was the instructor-led training classes, as customers were slow to adopt to the remote learning offering.
As of May 2021 we saw a gradual return to in-person activities. In 2022 we returned to work from most of our offices in a hybrid model, and our customers returned to work from their offices, either entirely in-person or in a hybrid model. In 2022 our customer facing teams returned to conduct face to face meetings with customers, in-person marketing and sales activities, and other activities such as instructor-led training classes. For more information, see “Part I, Item 3. Key Information — D. Risk Factors.”

Key Factors Affecting Our Performance
Our historical financial performance has been, and we expect our financial performance in the future to be, mainly driven by our ability to:
Increase penetration within existing customers. We plan to continue to increase penetration within our existing customers with our DI suite of solutions and by expanding the breadth of our suite of solutions capabilities to provide for continued up-sell and cross-selling opportunities across the DI suite of solutions and to new buying centers. We have seen increase in Annual Recurring Revenue (“ARR”) and dollar-based net retention due to the broad use cases of our DI suite of solutions.
Extend our technology and market leadership position. We intend to strengthen our position as a market-leading DI suite of solutions through investment in research and development and continued innovation. We expect to focus on expanding the functionality of our DI suite of solutions and investing in capabilities that cater customer needs and mode of operation. Also, we are increasing our investment in SaaS and Cloud to address growing demand to consume DI solutions via these vehicles. Additionally, we plan to promote our offerings to address more private sector use cases. We believe this strategy expands our addressable market, enables new growth opportunities and allows us to continue to deliver differentiated high-value outcomes to our customers.
Grow our customer base. We intend to drive new customer growth in both the public sector, mainly with smaller accounts, as well as in the private sector by focusing on enterprise accounts and introducing offerings to address customers’ needs (for example, our additional remote collection offering).

Key Metrics

In addition to our U.S. GAAP financial information, we monitor the following key metrics and non-GAAP financial measure in order to help us measure and evaluate the effectiveness of our operations:
70


Year Ended
December 31,

20222021

Annual recurring revenue (ARR)
$249 $187 
YoY ARR Growth
33 %36%
Recurring revenue dollar-based net retention rate130 %137 %
Adjusted EBITDA
$25.9 $47.9 
Annual recurring revenue: ARR is defined as the annualized value of active term-based subscription license contracts and maintenance contracts related to perpetual licenses in effect at the end of that period. Subscription license contracts and maintenance contracts for perpetual licenses are annualized by multiplying the revenue of the last month of the period by 12.
Recurring revenue dollar-based net retention rate: Dollar-based net retention rate is calculated by dividing customer recurring revenue by base revenue. We define base revenue as recurring revenue we recognized from all customers with a valid license at the end of the equivalent quarter of the previous year. We define our customer revenue as the recurring revenue we recognized on the date of measurement from the same customer base included in our measure of base revenue, including recurring revenue resulting from additional sales to those customers.
Operating Income: Operating Income is calculated as Revenue less cost of revenue expenses and operating expenses.

non-GAAP Operating Income:    Non-GAAP Operating Income is calculate as Operating Income plus issuance expenses, dividend participation compensation, share-based compensation expenses, amortization of intangible assets, and acquisition related costs.

The following table provides a reconciliation of our operating income to Non-GAAP operating income:


Year Ended
December 31,

20222021

($ in thousands)
Operating income$1,044$13,822
 Issuance expenses11,835
 Dividend participation compensation966
 Share-based compensation expense13,7086,480
Amortization of intangible assets2,8261,971
Acquisition related costs1,9607,795
Non-GAAP operating income$19,538$42,869

Adjusted EBITDA: Adjusted EBITDA is calculated as net income plus financial income, tax (income) expense,depreciation expenses, amortization of intangible assets, issuance expenses, dividend participation compensation, share-based compensation expense, acquisition related costs.
The following table provides a reconciliation of our net income to Adjusted EBITDA:
71


Year Ended
December 31,

20222021

($ in thousands)
Net income
$120,805$71,396
Financial income
(119,716)(68,483)
Tax (income) expense
(45)10,909
Depreciation expenses
6,3685,036
Amortization of intangible assets2,8261,971
Issuance expenses11,835
Dividend participation compensation966
 Share-based compensation expense
13,7086,480
Acquisition related costs
1,9607,795
Adjusted EBITDA
25,90647,905
Adjusted EBITDA margin
10 %20 %
We believe that the use of non-GAAP operating income and Adjusted EBITDA is helpful to investors. These measures, which the Company refers to as our non-GAAP financial measures, are not prepared in accordance with GAAP.
The Company believes that the non-GAAP financial measures provide a more meaningful comparison of its operational performance from period to period and offers investors and management greater visibility to the underlying performance of its business. Mainly:

Share-based compensation expenses utilize varying available valuation methodologies, subjective assumptions and a variety of equity instruments that can impact a company’s non-cash expenses;

Acquired intangible assets are valued at the time of acquisition and are amortized over an estimated useful life after the acquisition, and acquisition-related expenses are unrelated to current operations and neither are comparable to the prior period nor predictive of future results;

To the extent that the above adjustments have an effect on tax (income) expense, such an effect is excluded in the non-GAAP adjustment to net income;

Tax expense, depreciation and amortization expense vary for many reasons that are often unrelated to our underlying performance and make period-to-period comparisons more challenging; and

Financial instruments are remeasured according to GAAP and vary for many reasons that are often unrelated to the Company’s current operations and affect financial income.
Key Components of Results of Operations

Revenue
Revenue consists of subscription, perpetual license and other, and professional services.
Subscription. Subscription revenue is comprised of subscription services and term-license revenue. The subscription services revenue is the revenue that is recognized over the life of the subscription and the term-license revenue is what is immediately recognized upon the sale of an on-premise license. In connection with our term-based license and perpetual license arrangements, we generate revenue through maintenance and support
72

under renewable subscription, fee-based contracts that include unspecified software updates and upgrades released when and if available as well as software patches and support. Customers with active subscriptions are also entitled to our technical customers’ support.
Perpetual License and Other. Perpetual license revenue reflects the revenue recognized from sales of perpetual licenses related to products. Perpetual license fees are recognized upfront assuming all revenue recognition criteria are satisfied. The license is installed on premise, mostly on customers’ computers. Other revenue consists of revenue from usage-based fees and sale of hardware related to our offering.
Professional Services. Professional Services consists of revenue related to: (i) certified training classes by Cellebrite Academy; (ii) our advanced services; (iii) implementation of our products in connection with our software licenses and (iv) on premise contracted customer success and technical support. The revenue of professional services is recognized upon the delivery of our services.
Cost of Revenue

Cost of revenue consists of cost of subscription, cost of perpetual license and other, and cost of professional services.
Cost of Subscription. Cost of subscription revenue includes all direct cost to deliver and support subscription services, including salaries and related employees’ expenses, allocated overhead such as facilities expenses, third party license fees, fees paid to OEMs, hosting, and IT related expenses . We recognize these costs and expenses upon occurrence.
Cost of Perpetual License and Other. Cost of perpetual license and other revenue includes all direct costs to deliver perpetual license and other products, including HW costs, fees paid for third party products, materials, salaries and related employees’ expenses, allocated overhead such as depreciation of equipment and IT related expenses, warehouse, manufacturing and supply chain costs. We recognize these costs and expenses upon occurrence.
Cost of Professional Service. Cost of professional service revenue includes salaries and related employees’ expenses, subcontractors and all direct costs related to services such as services materials, allocated overhead for depreciation of equipment, facilities and IT related costs. We recognize these costs and expenses upon occurrence.
Gross Profit and Gross Margin

Gross profit is revenue less cost of revenue, and gross margin is gross profit as a percentage of revenue. Gross profit has been and will continue to be affected by various factors, including our revenue mix, the selling price to our customers, the cost of our manufacturing facility, supply chain, hosting, salaries, other related costs to our employees and subcontractors and overhead. We expect that our gross margin will fluctuate from period to period depending on the interplay of these various factors.

Operating Expenses

Operating expenses consists of research and development, sales and marketing and general and administrative. The most significant components of our operating expenses are personnel costs, which is
73

included in each component of operating expenses and consists of salaries, benefits, bonuses, stock-based compensation and, with regards to sales and marketing expenses, sales commissions.
Research and development. Research and development expenses primarily consist of the cost of salaries and related costs for employees, subcontractors cost and depreciation of equipment. Our costs of research and development also include facility-related expenses, recruitment and training, information system licenses, hosting, support and others that contribute to the research and development operations. We focus our research and development efforts on developing new solutions, core technologies and to further enhance the functionality, reliability, performance and flexibility of existing solutions. We believe that our software development teams and our core technologies represent a significant competitive advantage for us and we expect that our research and development expenses will continue to increase, as we invest in research and development headcount to further strengthen and enhance our solutions
Sales and marketing. Sales and marketing expenses primarily consist of personnel, marketing, sales and business development personnel, travel expenses, and commissions earned by our sales personnel. Our costs of sales and marketing also include facility-related expenses, recruitment and training, information system licenses, hosting, support and others that contribute to the sales and marketing operations. We expect that sales and marketing expenses will continue to increase as we continue to invest in our Go-to-Market activities.
General and administrative. General and administrative expenses primarily consist of personnel, insurance, consultants and facility-related costs for our executive, finance, legal, IT, human resources, administrative personnel, and other corporate expenses, including those associated with the Merger. We anticipate moderate growth in our expenses due to growing our operations. All of the departments are allocated with general and administrative expenses such as rent and related expenses, recruitment and training, information systems licenses, hosting, support and others.


Quarterly Trends in Operating Expenses

Operating expenses have generally increased sequentially as a result of our growth and are primarily related to increases in personnel-related costs, including share-based compensation, to support the expanded operations, continued investment in research and development, and expansion of commercial and marketing investments.

Financial Income, Net

Financial income, net consists primarily of revaluation of derivative warrant liability, restricted sponsor shares and price adjustment shares, interest income on our short-term deposits, fees to banks and foreign currency realized and unrealized income and loss related to the impact of transactions denominated in a foreign currency and financial investment activities.

Tax Expense (Income)

Tax expense (income) (as well as deferred tax assets and liabilities, and liabilities for unrecognized tax benefits) reflect management’s best assessment of estimated current and future taxes to
74

be paid. We are subject to income taxes in Israel, the United States, and numerous other foreign jurisdictions.
Significant judgments and estimates are required in determining the consolidated income tax expense (income).
Our income tax rate varies from Israel’s statutory income tax rates, mainly due to differing tax rates and regulations in foreign jurisdictions and other differences between expenses and expenses recognized by other tax authorities in relevant jurisdictions. We expect this fluctuation in income tax rates, as well as its potential impact on our results of operations, to continue.

Results of Operations
The following tables and narrative set forth our results of operations for the periods presented. For a comparison of our results of operations for the years ended December 31, 2021 and 2020, see “Part I, Item 5. Operating and Financial Review Prospects—A. Operating Results” in our Annual Report on Form 20-F for the fiscal year ended December 31, 2021, filed with the SEC on March 29, 2022, as amended on April 18, 2022, which comparative information is herein incorporated by reference.

75


Year ended December 31,

20222021

($ in thousands)
Revenue:
Subscription services
$153,470 $120,889 
Term-license
62,487 62,428 
Total subscription215,957 183,317 
Perpetual license and other
21,373 34,169 
Professional services
33,321 28,760 
Total Revenue
270,651 246,246 
Cost of revenue:
Cost of subscription services
16,875 9,369 
Cost of term license
425 2,299 
Total subscription17,300 11,668 
Cost of perpetual license and other
12,987 9,817 
Cost of professional services
20,459 21,072 
Total cost of revenue
50,746 42,557 
Gross profit
$219,905 $203,689 
Operating expenses:
Research and development
80,620 65,541 
Sales and marketing
97,387 76,389 
General and administrative
40,854 47,937 
Total operating expenses
218,861 189,867 
Operating income
1,044 13,822 
Financial income, net
119,716 68,483 
Income before income tax expense
120,760 82,305 
Tax (income) expense
(45)10,909 
Net income
$120,805 $71,396 
Other comprehensive income
Unrealized loss on hedging transactions, net of tax
(953)(944)
Unrealize loss on marketable securities(502)— 
Foreign currency translation adjustments
414 995 
Total other comprehensive (loss) income, net of tax
(1,041)51 
Total comprehensive income
$119,764 $71,447 









76

Results of operations includes share-based compensation expenses:

Year ended December 31,

20222021

($ in thousands)
Cost of revenue
$1,283 $290 
Research and development
2,974 1,076 
Sales and marketing
5,041 2,332 
General and administrative
4,410 2,782 
Total share-based compensation
$13,708 $6,480 


The following table summarizes revenue for the year ended December 31

Revenue


Year Ended
December 31,
Change

20222021AmountPercent

($ in thousands)
Subscription services
$153,470 $120,889 $32,581 27%
Term-license
62,487 62,428 59 0%
Total subscription
215,957 183,317 32,640 18%
Perpetual license and other
21,373 34,169 (12,796)(37%)
Professional services
33,321 28,760 4,561 16%
Total Revenue
$270,651 $246,246 $24,405 10%
____________


Subscription

Subscription revenue is comprised of subscription services and term-license revenue. The subscription services revenue is the revenue that is recognized over the life of the subscription and the term-license revenue is what is immediately recognized upon the sale of an on-premise license. Subscription revenue increased by $32.6 million, or 18% for the year ended December 31, 2022, as compared to the year ended December 31, 2021, primarily due to an increase of $19.6 million related to the adoption of our leading Collect & Review offering in a term-based license model instead of a perpetual license model with usage-based fees.


Perpetual License and Other

Perpetual license and other revenue decreased by $12.8 million, or 37% for the year ended December 31, 2022, as compared to the year ended December 31, 2021, primarily due to the adoption of our leading Collect & Review offering in a term-based license model instead of a perpetual license model with usage-based fees.
77



Professional Services
Professional services revenue increased by $4.6 million, or 16% for the year ended December 31, 2022, as compared to the year ended December 31, 2021, primarily due to increase in instructor-led training classes as a result of relief in COVID-19 (related social distancing and travel limitation) and increase of Advanced Services.



Cost of Revenue

Year Ended
December 31,
Change

20222021AmountPercent

($ in thousands)
Cost of subscription services
$16,875 $9,369 $7,506 80 %
Cost of term license
425 2,299 (1,874)(82 %)
Total subscription
17,300 11,668 5,632 48 %
Cost of perpetual and other
12,987 9,817 3,170 32 %
Cost of professional services
20,459 21,072 (613)(3 %)
Cost of Revenue
$50,746 $42,557 $8,189 19 %

Cost of Subscription

Cost of subscription services increased by $5.6 million, or 48% for the year ended December 31, 2022, as compared to the year ended December 31, 2021. This increase is primarily due to hosting expenses, customer success and customer support expenses.


Cost of Perpetual License and Other

Cost of perpetual license and other revenue marginally increased by $3.2 million, or 32% for the year ended December 31, 2022, as compared to the year ended December 31, 2021. This increase is primarily due to an increase in shipping costs and cost for upgrading existing hardware.

Cost of Professional Services

Cost of professional services revenue decreased by $0.6 million, or 3% for the year ended December 31, 2022, as compared to the year ended December 31, 2021. This decrease is primarily due to operational efficiency.


78

Gross Profit and Gross Profit Margin

Year Ended
December 31,
Change

20222021AmountPercent

($ in thousands)
Gross Profit:
Subscription services
$136,595$111,520$25,075 22 %
Term-license
62,06260,1291,933 %
Total subscription
198,657171,64927,008 16 %
Perpetual license and other
8,38624,352(15,966)(66 %)
Professional services
12,8627,6885,174 67 %
Total gross profit
$219,905$203,689$16,216 8 %

Gross Profit Margins:
Subscription services
89 %92 %
Term-license
99 %96 %
Total subscription
92 %94 %
Perpetual license and other
39 %71 %
Professional services
39 %27 %
Total gross margin
81 %83 %

Subscription

Subscription gross profit increased by $27 million, or 16%, during the year ended December 31, 2022, as compared to the year ended December 31, 2021. Subscription gross profit margin marginally decreased from 94% to 92%, during the year ended December 31, 2022, as compared to the year ended December 31, 2021, mainly due to the increase in hosting expenses.

Perpetual license and other

Perpetual license and other gross profit decreased by $16 million, or 66%, during the year ended December 31, 2022, as compared to the year ended December 31, 2021. Perpetual license and other gross profit margin decreased from 71% to 39%, during the year ended December 31, 2022, as compared to the year ended December 31, 2021, mainly as a result of lower perpetual revenue and higher hardware revenue mix in 2022.

Professional Services

Professional services gross profit increased by $5.2 million, or 67% during the year ended December 31, 2022, as compared to the year ended December 31, 2021. Services gross profit margin increased from 27% to 39%, during the year ended December 31, 2022, as compared to the year ended December 31, 2021, mainly as a result of increased training revenue and operational leverage.


79

Operating Expenses

Year Ended
December 31
Change

20222021AmountPercent
($ in thousands)
Operating expenses
Research and development, net80,620 65,541 15,079 23 %
Sales and marketing
97,387 76,389 20,998 27 %
General and administrative
40,854 47,937 (7,083)(15 %)
Total operating expenses
$218,861 $189,867 $28,994 15 %

Research and development

Research and development expenses increased by $15.1 million, or 23%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021. This increase is mainly attributable to an increase in salaries and related costs for employees and subcontractors of $9 million.

Sales and marketing

Sales and marketing expenses increased by $21 million, or 27%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021. The increase primarily relates to higher salaries and related costs for employees and commissions earned by our sales personnel of $13 million and an increase of $2.8 million in travel expenses.

General and administrative
General and administrative expenses decreased by $7.1 million, or 15%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021. The decrease primarily relates to issuance costs of $11.8 million in 2021 offset by an increase of $2.6 million relating to D&O insurance.

Finance Income, net

Finance income, net increased by $51.2 million, or 75%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, mainly due to remeasurement to fair value of Restricted Sponsor Shares, Price Adjustment Shares and Derivative warrant liability.

Taxes on Income

Taxes on income decreased by $11 million, or 100%, for the year ended December 31, 2022, as compared to the year ended December 31, 2021, mainly as a result of loss position in the Parent Company and due to tax expenses related to dividend distribution paid out of an income derived by its Beneficiary Enterprise. For additional information regarding additional Israeli corporate tax upon dividend distribution, see - “Part I, Item 10. Additional Information E. Material U.S Federal Income Tax Considerations Non-U.S Holders - Tax Benefits Subsequent to the 2005 Amendment.”



80

B. Liquidity and Capital Resources
The following tables and narrative set forth our results of operations for the periods presented. For a discussion of our cash flows for the year ended December 31, 2020, see“Part I, Item 5. Operating and Financial Review Prospects—B. Liquidity and Capital Resources” in our Annual Report on Form 20-F for the fiscal year ended December 31, 2021, filed with the SEC on March 29, 2022, as amended on April 18, 2022, which comparative information is herein incorporated by reference.
Our cash, cash equivalents, short-term deposits and marketable securities were $206 million and $182 million as of December 31, 2022 and December 31, 2022, respectively.
We derive our cash primarily from our business operations. During 2021 we received net proceeds of $17 million from the Merger, all of which remained as of December 31, 2021. Additionally in 2021 we invested in the acquisition of Digital Clues for $20 million and in acquiring technological assets for $3 million. Currently, our primary liquidity needs are employee salaries and benefits, product development, and other operating activities to support our organic growth, and our operating cash requirements may increase in the future as we continue to invest in the growth of our company. During the fiscal years ended December 31, 2022 and 2021, our capital expenditures amounted to $6.9 million and $5.1 million, respectively, primarily consisting of expenditures related to property and equipment and software, and we expect that our capital expenditures for the next 12 months will relate to the same needs. We may also enter into future arrangements to acquire or invest in businesses, products, services, strategic partnerships, and technologies.
We believe that our existing cash and cash equivalents, short-term investments and cash flows from operations will be sufficient to fund our operations and capital expenditures for at least the next 12 months. Our future capital requirements will depend on many factors, including our rate of revenue growth, timing of renewals and subscription renewal rates, the expansion of our sales and marketing activities, the timing and extent of spending to support product development efforts and expansion into new geographic locations, the timing of introductions of new software products and enhancements to existing software products, the continuing market acceptance of our software offerings and our use of cash to pay for acquisitions, if any. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If additional funds are not available to us on acceptable terms, or at all, our business, financial condition, and results of operations could be adversely affected.
Credit Facilities
We do not have any credit facilities.
Cash Flows
Year Ended December 31,
20222021
($ in thousands)
Net cash provided by operating activities$20,577 $36,052 
Net cash (used in) provided by investing activities$(91,231)$45,226 
Net cash used in (provided by) financing activities$13,970 $(68,397)
Operating Activities

For the year ended December 31, 2022, cash provided by operating activities was $20.6 million, mainly as a result of the following: increase in Deferred Revenue, as a result of increased sales to customers, off-set by increase in inventories, prepaid expenses and other current assets, decrease in trade payables and other accounts payables and accrued expenses.
81


For the year ended December 31, 2021, cash provided by operating activities was $36.1 million, mainly as a result of the following: increase in share based compensation and RSU’s expenses of $6.5 million, increase in deferred revenue of $21.8 million as a result of increase of business with customers, increase in trade payables of $4.2 million and depreciation and amortization of $7 million.


Investing Activities

Cash used in investing activities in the year ended December 31, 2022 was $(91.2) million, primarily as a result of purchase of property and equipment in the amount of $6.9 million, investment and maturities in marketable securities, net of $67.1 million and investment and maturities in short term deposits, net of $15.1 million.

Cash provided by investing activities in the year ended December 31, 2021 was $45.2 million, primarily as a result of cash paid in relation to business combination in the amount of $20 million, purchase of intangible assets of $3 million and purchase of property and equipment in the amount of $5.1 million, which was partially offset by $73.3 million net cash from short term deposits, net.

Financing Activities

Cash provided by financing activities in the year ended December 31, 2022 was $14 million, mainly as a result of proceeds from exercise of stock options to shares of $12.6 million and proceeds from Employee Share Purchase Plan, net of $1.3 million.

Cash used in financing activities in the year ended December 31, 2021 was $68.4 million, mainly as a result of a dividend payment in the amount of $100 million, which was partially offset by proceeds from recapitalization transaction in the amount of $29.3 million and proceeds from share issuance of $2.3 million.



Contractual Obligations and Commitments

As of December 31, 2022, we had commitments of $20.9 million related to office and car leases arrangements, that we cannot cancel or where we would be required to pay a termination fee in the event of cancellation. Payments under these commitments are estimated to be made as follows:

(In millions of U.S. dollars)Payments (1)
Less than 1 year$5,445 
1-3 years9,124 
3-5 years3,037 
More than 5 years3,264 
Total$20,870 
(1) Am
82

ounts do not include recourse that we may have to recover termination fees or penalties from clients.

Off-Balance Sheet Arrangements

We have instituted a foreign currency cash flow hedging program using foreign currency forward contracts and cylinder option strategy (“Derivative Instruments”) in order to hedge the exposure to variability in expected future cash flows resulting from changes in related foreign currency exchange rates. These transactions are designated as cash flow hedges, as defined under ASC topic 815, “Derivatives and Hedging.”
Quantitative and Qualitative Disclosures About Market Risk

We are exposed to market risk in the ordinary course of our business. Market risk represents the risk of loss that may impact our financial position due to adverse changes in financial market prices and rates. Our market risk exposure is primarily a result of fluctuations in foreign currency exchange rates and interest rates and inflation.
Foreign Currency Exchange Risk

Our revenue and expenses are primarily denominated in U.S. dollars and ILS and to a lesser extent, other currencies in our relevant subsidiaries. As some of our sales are denominated in non-U.S. dollars currencies, our revenue is subject to foreign currency risk. In addition, a significant portion of our operating costs in Israel, consisting mainly of salaries and related personnel expenses are denominated in ILS. This foreign currency exposure gives rise to market risk associated with exchange rate movements of the U.S. dollar against the ILS. Furthermore, we anticipate that a material portion of our expenses will continue to be denominated in ILS.
To reduce the impact of foreign exchange risks associated with forecasted future cash flows and the volatility in our consolidated statements of operations, we have established a hedging program. Our foreign currency contracts are generally short-term in duration. We do not enter into Derivative Instruments for trading or speculative purposes. We account for our Derivative Instruments as either assets or liabilities and carry them at fair value in the consolidated balance sheets. The accounting for changes in the fair value of the derivative depends on the intended use of the derivative and the resulting designation. Our hedging program reduces but does not eliminate the impact of currency exchange rate movements. The effect of a hypothetical 10% change in foreign currency exchange rates applicable to our business, after considering cash flow hedges, would have had an impact on our results of operations of $0.3 million and $0.1 million, for the years ended December 31, 2022 and 2021, respectively.
Our derivatives expose us to credit risk to the extent that the counterparties may be unable to meet the terms of the agreement. We seek to mitigate such risk by limiting our counterparties to major financial institutions and by spreading the risk between two major financial institutions. However, failure of one or more of these financial institutions is possible and could result in incurred losses.
As of December 31, 2022, our cash, cash equivalents and short-term investments were primarily denominated in U.S. dollars. A 10% increase or decrease in current exchange rates would affect our cash, cash equivalents, restricted cash, and short-term investment balances in amount of $3.6 million and $3.2 million as of December 31, 2022 and 2021, respectively.

83

Interest Rate Risk

As of December 31, 2022, we had cash and cash equivalents of $87.6 million and short-term deposits of $51.3 million. Cash and cash equivalents consist of cash in banks, bank deposits, and money market funds. Short-term investments generally consist of bank deposits. Our cash, cash equivalents, and short-term investments are held for working capital purposes. Such interest-earning instruments carry a degree of interest rate risk. The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs and the fiduciary control of cash. We do not enter into investments for trading or speculative purposes. Due to the short-term nature of these instruments, a hypothetical 10% change in interest rates during any of the periods presented would impact our financial income by $0.4 million for the year ended December 31, 2022.
Inflation Risk

Inflationary factors, such as increases in our cost of goods sold, may adversely affect our operating results. Although, recent elevated levels of inflation in the global and U.S. economies have not had a significant impact on our results of business, financial condition, or operations, a high rate of inflation in the future may have an adverse effect on our ability to maintain and increase our gross profit if the selling prices of our products do not increase as much or more than these increased costs. If elevated levels of inflation persist or increase, our business, financial condition, or operations could be adversely affected, particularly in certain global markets. Additionally, most of our sales are denominated in U.S. dollars, EUR or GBP, which have not been subject to material currency inflation, and our operating expenses are denominated in ILS and U.S. dollar and have not been subject to material currency inflation.


C.    RESEARCH AND DEVELOPMENT, PATENTS AND LICENSES, ETC.

Our research and development spending totaled $80.6 million, $65.5 million and $54.4 million for the years ended December 31, 2022, 2021 and 2020 respectively. As described in “Part I, Item 3. Key Information—3.D. Risk Factors” and elsewhere in this Annual Report, government regulations and policies can make developing or marketing new technologies expensive or uncertain due to various restrictions on trade and technology transfers. See “Part I, Item 3. Key Information—D. Risk Factors” and “Part I, Item 4. Information on the Company—B. Business Overview—Regulations.” For further information on our research and development policies and additional product information, see “ Part I, Item 4. Information on the Company— B. Business Overview.

D.    TREND INFORMATION

E.    CRITICAL ACCOUNTING ESTIMATES
The preparation of consolidated financial statements in conformity with U.S. generally accepted accounting principles requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the consolidated financial statements and the reported amounts of revenue and expenses during the reporting period. Actual results could differ from those estimates.
84

Please see Notes to Consolidated Financial Statements included in Item 18 of this Annual Report on Form 20-F for a summary of significant accounting policies and the effect on our financial statements.

Revenue Recognition
The Company sells its products to its customers either directly or indirectly through distribution channels all of whom are considered end users.
For contracts that contain multiple performance obligations, the Company allocates the transaction price to each performance obligation based on the relative standalone selling price (“SSP”) for each performance obligation. The Company uses judgment in determining the SSP for its products and services. The Company typically assesses the SSP for its products and services on a periodic basis or when facts and circumstances change. To determine SSP, the Company maximizes the use of observable standalone sales and observable data, where available. In instances where performance obligations do not have observable standalone sales, the Company utilizes available information that may include the entity specific factors such as assessment of historical data of bundled sales of software licenses with other promised goods and services, and pricing strategies to estimate the price the Company would charge if the products and services were sold separately.
The Company satisfies performance obligations either over a time period or at a point in time depending on the nature of the underlying promise. Revenue is recognized at the time the related performance obligation is satisfied by transferring a promised good or service to a customer. Revenue related to the license for proprietary software is recognized when the control over the license is provided to the customer and the license term begins. Revenue related to software update and upgrades are recognized ratably over the service period. Revenue related to other professional services is generally recognized over time and in certain cases at a point in time upon satisfaction of the performance obligation. Service revenue is included in the Company’s consolidated statements of income as service revenue.
Share-based Compensation

We accounts for share-based compensation to employees and non-employees in accordance with ASC 718, “Compensation — Stock Compensation” (“ASC 718”), which requires companies to estimate the fair value of equity-based payment awards on the date of grant based on the fair value of the awards granted. We grants awards that vest upon the satisfaction of service conditions and in certain grant market conditions. For awards with graded vesting schedules subject to service condition, the Company recognize compensation costs based on the straight line attribution method over the requisite service period of the awards.The Company estimates the fair value of share options granted using the Black-Scholes-Merton option-pricing model.
The assumptions and estimates were determined as follows:
Fair value of Ordinary Shares — The Company’s Ordinary Shares have a limited history of being publicly traded. Prior to the consummation of the merger, the fair value was determined by management, with input from valuation reports prepared by third-party valuation specialists. In determining the fair value of ordinary shares subsequent to the consummation of the Merger Agreement, the board of directors considered the grant date fair value for share-based awards as of the closing price of our ordinary shares on NASDAQ on the date of grant.
Risk-free interest rate — The Company determined the risk-free interest rate by using a weighted-average equivalent to the expected term based on the U.S. Treasury yield curve in effect as of the date of grant.
85

Expected term — The expected term of options granted is based on historical experience and represents the period of time that options granted are expected to be outstanding. Since the Company does not have sufficient historical share exercise data to calculate the expected term of the share options. The Company determines the expected term using the simplified method. The simplified method deems the term to be the average of the time-to-vesting and the contractual life of the options.
Expected volatility Options and RSUs — Since the Company has a limited trading history of its Ordinary Shares, there is not sufficient historical volatility for the expected term of the share options. The expected volatility is derived from: (i) historical volatility of comparable companies, in accordance with the expected remaining lives of the option or RSU (ii) historical volatility of the Company’s publicly traded shares, commencing August 30, 2021 and (iii) implied volatility of the Company’s publicly traded Warrants.
Expected Volatility ESPP — Was based on Cellebrite s historical share price volatility, on a daily basis, for 6 months.
Expected dividend yield— The Company does not anticipate paying any dividends in the foreseeable future. Thus, the Company used 0% as its expected dividend yield



Business combination

The Company applies the provisions of ASC 805, “Business Combination” and allocates the fair value of purchase consideration to the tangible assets acquired, liabilities assumed, and intangible assets acquired based on their estimated fair values. The excess of the fair value of purchase consideration over the fair values of these identifiable assets and liabilities is recorded as goodwill. When determining the fair values of assets acquired and liabilities assumed, the Company estimated the future expected cash flows from acquired core technology and acquired trade name from a market participant perspective, useful lives and discount rates. In addition, management makes significant estimates and assumptions, which are uncertain, but believed to be reasonable.
Significant estimates in valuing certain intangible assets include, but are not limited to future expected cash flows from acquired technology and acquired trademarks from a market participant perspective, useful lives and discount rates. Management’s estimates of fair value are based upon assumptions believed to be reasonable, but which are inherently uncertain and unpredictable and, as a result, actual results may differ from estimates.
Acquisition-related costs are recognized separately from the acquisition and are expensed as incurred.

Income Taxes

The Company accounts for income taxes in accordance with ASC 740, “Income Taxes”. ASC 740 prescribes the use of the liability method whereby deferred tax assets and liabilities are recognized for the future tax consequences attributable to differences between the financial statement carrying amounts of existing assets and liabilities and their respective tax bases and for operating loss and tax credit carryforwards. Deferred tax assets and liabilities are measured using enacted tax rates expected to apply to taxable income in the years in which those temporary
86

differences are expected to be recovered or settled. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in the period of enactment. A valuation allowance is provided, if necessary, to reduce deferred tax assets to the amount that is more likely than not to be realized. Deferred tax assets and deferred tax liabilities are presented under long-term assets.
The Company implements a two-step approach to recognize and measure uncertainty in income taxes. The first step is to evaluate the tax position taken or expected to be taken in a tax return by determining if the weight of available evidence indicates that it is more likely than not that, on an evaluation of the technical merits, the tax position will be sustained on audit, including resolution of any related appeals or litigation processes. The second step is to measure the tax benefit as the largest amount that is greater than 50 percent (cumulative basis) likely to be realized upon settlement. Changes in recognition or measurement are reflected in the period in which the change in judgment occurs. The Company classifies interest and penalties related to unrecognized tax benefits as part of income taxes.

Marketable securities

The Company accounts for investments in marketable securities in accordance with ASC No. 320, “Investments—Debt Securities”. Management determines the appropriate classification of its investments in the debt securities at the time of purchase and re-evaluates such determination at each balance sheet date.
As of December 31, 2022, all of the Company's marketable securities investments were classified as "available-for-sale" ("AFS") and are carried at fair value. Unrealized gains and losses are reported in a separate component of shareholders' equity (deficiency) in accumulated other comprehensive income, net of taxes. Gains and losses are recognized when realized, on a specific identification basis, in the Company’s consolidated statements of income.
The Company’s securities are reviewed for impairment in accordance with ASC 320-10-35. If such assets are considered to be impaired, the impairment charge is recognized in earnings when a decline in the fair value of its investments below the cost basis is judged to be other-than-temporary. Factors considered in making such a determination include the duration and severity of the impairment, the reason for the decline in value, the potential recovery period and the Company’s intent to sell, including whether it is more likely than not that the Company will be required to sell the investment before recovery of cost basis. For securities with an unrealized loss that the Company intends to sell, or it is more likely than not that the Company will be required to sell before recovery of their amortized cost basis, the entire difference between amortized cost and fair value is recognized in earnings. For securities that do not meet these criteria, the amount of impairment recognized in earnings is limited to the amount related to credit losses, while declines in fair value related to other factors are recognized in accumulated other comprehensive income (loss).

Warrant liability

The Company has classified the warrants assumed during the Merger (both public and private) as a liability pursuant to ASC 815-40 since the warrants do not meet the equity classification conditions. Accordingly, the Company measured the warrants at their fair value. The warrants liability is subject to re-measurement at each balance sheet date until exercised, and any change in fair value is recognized in our statement of comprehensive loss.
87

The estimated fair value of the private placement warrant liabilities is determined using Level 3 inputs. Inherent in a Black-Scholes valuation model are assumptions related to expected share-price volatility, expiration, risk-free interest rate and dividend yield. The Company estimates the volatility of its common share based on historical volatility of select peer companies that matches the expected remaining life of the warrants. The risk-free interest rate is based on the U.S. Treasury zero-coupon yield curve on the grant date for a maturity similar to the expiration of the warrants. The dividend yield is based on the historical rate, which the Company anticipates will remain at 0%.

Restricted sponsor shares liability and Price adjustment shares liability

The restricted Sponsor shares liability and Price adjustment shares are measured at fair value using Level 3 inputs.
The Company has determined that the price adjustment shares, and the restricted sponsor shares are freestanding financing instruments since those rights are legally detachable and separately exercisable. The Company has determined that the price adjustment rights, and the restricted sponsor shares are not indexed to Company’s stock since if a change of control occurs, all the shares underlying the price adjustment shares and the restricted sponsor shares will be issued regardless of the company’s stock price. Therefore, the Company accounted for the price adjustment shares and for the restricted sponsor shares as a liability measured at fair value through earnings.
Recent Accounting Pronouncements

See the Summary of Significant Accounting Policies, included in our audited consolidated statements included in this Annual Report for a description of recently issued accounting pronouncements.

ITEM 6. DIRECTORS, SENIOR MANAGEMENT AND EMPLOYEES

A.    DIRECTORS AND SENIOR MANAGEMENT

The following persons who serve as Cellebrite’s executive officers and directors, including their ages as of April 27, 2023. Biographies of the executive officers and directors are also included below.
88

NameAgePosition
Executive Officers
Yossi Carmil
56
Chief Executive Officer, Director
Dana Gerner
55
Chief Financial Officer
Ronnen Armon
59
Chief Products & Technologies Officer
Leeor Ben-Peretz
47
Chief Strategy Officer
Marque Teegardin
57
President, Cellebrite Americas (Sales Management)
Arthur Veinstein
50
President, Cellebrite International (Sales Management)
Lisa Cole
49
Chief Marketing Officer
Directors
Haim Shani
65
Chairman of the Board
Ryusuke Utsumi57Director
Yonatan Domnitz
42
Director
Elly Keinan58Director
Adam H. Clammer
52
Dire