10-K 1 fsly-20231231.htm 10-K fsly-20231231
00015174132023FYfalseP3YP1YP3Yoneone0.0097272P3YP3Y40713337700015174132023-01-012023-12-3100015174132023-06-30iso4217:USD00015174132024-02-16xbrli:shares00015174132023-12-3100015174132022-12-31iso4217:USDxbrli:shares00015174132022-01-012022-12-3100015174132021-01-012021-12-310001517413us-gaap:CommonStockMemberus-gaap:CommonClassAMember2020-12-310001517413us-gaap:CommonClassBMemberus-gaap:CommonStockMember2020-12-310001517413us-gaap:AdditionalPaidInCapitalMember2020-12-310001517413us-gaap:AccumulatedOtherComprehensiveIncomeMember2020-12-310001517413us-gaap:RetainedEarningsMember2020-12-3100015174132020-12-310001517413us-gaap:CommonStockMemberus-gaap:CommonClassAMember2021-01-012021-12-310001517413us-gaap:AdditionalPaidInCapitalMember2021-01-012021-12-310001517413us-gaap:CommonClassBMemberus-gaap:CommonStockMember2021-01-012021-12-310001517413us-gaap:RestrictedStockUnitsRSUMemberus-gaap:CommonStockMemberus-gaap:CommonClassAMember2021-01-012021-12-310001517413us-gaap:CommonStockMemberus-gaap:CommonClassAMemberus-gaap:RestrictedStockMember2021-01-012021-12-310001517413us-gaap:RetainedEarningsMember2021-01-012021-12-310001517413us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-01-012021-12-310001517413us-gaap:CommonStockMemberus-gaap:CommonClassAMember2021-12-310001517413us-gaap:CommonClassBMemberus-gaap:CommonStockMember2021-12-310001517413us-gaap:AdditionalPaidInCapitalMember2021-12-310001517413us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-12-310001517413us-gaap:RetainedEarningsMember2021-12-3100015174132021-12-310001517413us-gaap:CommonStockMemberus-gaap:CommonClassAMember2022-01-012022-12-310001517413us-gaap:AdditionalPaidInCapitalMember2022-01-012022-12-310001517413us-gaap:RestrictedStockUnitsRSUMemberus-gaap:CommonStockMemberus-gaap:CommonClassAMember2022-01-012022-12-310001517413us-gaap:CommonStockMemberus-gaap:CommonClassAMemberus-gaap:RestrictedStockMember2022-01-012022-12-310001517413us-gaap:RetainedEarningsMember2022-01-012022-12-310001517413us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-01-012022-12-310001517413us-gaap:CommonStockMemberus-gaap:CommonClassAMember2022-12-310001517413us-gaap:CommonClassBMemberus-gaap:CommonStockMember2022-12-310001517413us-gaap:AdditionalPaidInCapitalMember2022-12-310001517413us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-12-310001517413us-gaap:RetainedEarningsMember2022-12-310001517413us-gaap:CommonStockMemberus-gaap:CommonClassAMember2023-01-012023-12-310001517413us-gaap:AdditionalPaidInCapitalMember2023-01-012023-12-310001517413us-gaap:RestrictedStockUnitsRSUMemberus-gaap:CommonStockMemberus-gaap:CommonClassAMember2023-01-012023-12-310001517413us-gaap:RetainedEarningsMember2023-01-012023-12-310001517413us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-01-012023-12-310001517413us-gaap:CommonStockMemberus-gaap:CommonClassAMember2023-12-310001517413us-gaap:CommonClassBMemberus-gaap:CommonStockMember2023-12-310001517413us-gaap:AdditionalPaidInCapitalMember2023-12-310001517413us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-12-310001517413us-gaap:RetainedEarningsMember2023-12-31fsly:operating_market0001517413us-gaap:SalesRevenueNetMemberus-gaap:CustomerConcentrationRiskMemberfsly:CustomerOneMember2023-01-012023-12-31xbrli:pure0001517413us-gaap:SalesRevenueNetMemberus-gaap:CustomerConcentrationRiskMemberfsly:CustomerOneMember2022-01-012022-12-310001517413us-gaap:SalesRevenueNetMemberus-gaap:CustomerConcentrationRiskMemberfsly:CustomerOneMember2021-01-012021-12-310001517413us-gaap:CustomerConcentrationRiskMemberfsly:CustomerOneMemberus-gaap:AccountsReceivableMember2023-01-012023-12-310001517413us-gaap:CustomerConcentrationRiskMemberfsly:CustomerOneMemberus-gaap:AccountsReceivableMember2022-01-012022-12-310001517413fsly:CustomerArrangementMember2023-12-310001517413srt:MinimumMemberus-gaap:ComputerEquipmentMember2023-12-310001517413srt:MaximumMemberus-gaap:ComputerEquipmentMember2023-12-310001517413srt:MaximumMemberus-gaap:LeaseholdImprovementsMember2023-12-310001517413us-gaap:FurnitureAndFixturesMember2023-12-310001517413us-gaap:OfficeEquipmentMember2023-12-310001517413us-gaap:SoftwareDevelopmentMembersrt:MinimumMember2023-12-310001517413srt:MaximumMemberus-gaap:SoftwareDevelopmentMember2023-12-310001517413us-gaap:CustomerRelationshipsMembersrt:MinimumMember2023-12-310001517413srt:MaximumMemberus-gaap:CustomerRelationshipsMember2023-12-310001517413srt:MinimumMemberus-gaap:DevelopedTechnologyRightsMember2023-12-310001517413srt:MaximumMemberus-gaap:DevelopedTechnologyRightsMember2023-12-310001517413srt:MinimumMemberus-gaap:TradeNamesMember2023-12-310001517413srt:MaximumMemberus-gaap:TradeNamesMember2023-12-310001517413us-gaap:OrderOrProductionBacklogMember2023-12-310001517413fsly:InternetProtocolAddressesMember2023-12-310001517413fsly:BandwidthWithThirdPartyNetworkProvidersMember2023-01-012023-12-310001517413fsly:ColocationServicesMembersrt:MinimumMember2023-01-012023-12-310001517413fsly:ColocationServicesMembersrt:MaximumMember2023-01-012023-12-310001517413srt:MinimumMember2023-01-012023-12-310001517413srt:MaximumMember2023-01-012023-12-31fsly:segment0001517413country:US2023-01-012023-12-310001517413country:US2022-01-012022-12-310001517413country:US2021-01-012021-12-310001517413srt:AsiaPacificMember2023-01-012023-12-310001517413srt:AsiaPacificMember2022-01-012022-12-310001517413srt:AsiaPacificMember2021-01-012021-12-310001517413srt:EuropeMember2023-01-012023-12-310001517413srt:EuropeMember2022-01-012022-12-310001517413srt:EuropeMember2021-01-012021-12-310001517413fsly:CountriesNotSeparatelyRecognizedMember2023-01-012023-12-310001517413fsly:CountriesNotSeparatelyRecognizedMember2022-01-012022-12-310001517413fsly:CountriesNotSeparatelyRecognizedMember2021-01-012021-12-310001517413fsly:PriorRevenueMethodologyMemberfsly:EnterpriseCustomersMember2023-01-012023-12-310001517413fsly:PriorRevenueMethodologyMemberfsly:EnterpriseCustomersMember2022-01-012022-12-310001517413fsly:PriorRevenueMethodologyMemberfsly:EnterpriseCustomersMember2021-01-012021-12-310001517413fsly:NonenterpriseCustomersMemberfsly:PriorRevenueMethodologyMember2023-01-012023-12-310001517413fsly:NonenterpriseCustomersMemberfsly:PriorRevenueMethodologyMember2022-01-012022-12-310001517413fsly:NonenterpriseCustomersMemberfsly:PriorRevenueMethodologyMember2021-01-012021-12-310001517413fsly:PriorRevenueMethodologyMember2023-01-012023-12-310001517413fsly:PriorRevenueMethodologyMember2022-01-012022-12-310001517413fsly:PriorRevenueMethodologyMember2021-01-012021-12-310001517413fsly:NewRevenueMethodologyMemberfsly:EnterpriseCustomersMember2023-01-012023-12-310001517413fsly:NewRevenueMethodologyMemberfsly:EnterpriseCustomersMember2022-01-012022-12-310001517413fsly:NewRevenueMethodologyMemberfsly:EnterpriseCustomersMember2021-01-012021-12-310001517413fsly:NewRevenueMethodologyMemberfsly:NonenterpriseCustomersMember2023-01-012023-12-310001517413fsly:NewRevenueMethodologyMemberfsly:NonenterpriseCustomersMember2022-01-012022-12-310001517413fsly:NewRevenueMethodologyMemberfsly:NonenterpriseCustomersMember2021-01-012021-12-310001517413fsly:NewRevenueMethodologyMember2023-01-012023-12-310001517413fsly:NewRevenueMethodologyMember2022-01-012022-12-310001517413fsly:NewRevenueMethodologyMember2021-01-012021-12-3100015174132024-01-012023-12-310001517413us-gaap:CashMember2023-12-310001517413us-gaap:CashMember2022-12-310001517413us-gaap:USTreasurySecuritiesMember2023-12-310001517413us-gaap:USTreasurySecuritiesMember2022-12-310001517413us-gaap:MoneyMarketFundsMember2023-12-310001517413us-gaap:MoneyMarketFundsMember2022-12-310001517413us-gaap:CommercialPaperMember2023-12-310001517413us-gaap:CommercialPaperMember2022-12-310001517413us-gaap:USTreasurySecuritiesMember2023-12-310001517413us-gaap:USTreasurySecuritiesMember2022-12-310001517413us-gaap:CorporateDebtSecuritiesMember2023-12-310001517413us-gaap:CorporateDebtSecuritiesMember2022-12-310001517413us-gaap:CommercialPaperMember2023-12-310001517413us-gaap:CommercialPaperMember2022-12-310001517413fsly:AgencyBondsMember2023-12-310001517413fsly:AgencyBondsMember2022-12-310001517413us-gaap:AssetBackedSecuritiesMember2023-12-310001517413us-gaap:AssetBackedSecuritiesMember2022-12-310001517413us-gaap:MunicipalNotesMember2023-12-310001517413us-gaap:MunicipalNotesMember2022-12-310001517413fsly:ForeignGovernmentAndSupranationalSecuritiesMember2023-12-310001517413fsly:ForeignGovernmentAndSupranationalSecuritiesMember2022-12-31fsly:security0001517413us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMember2023-12-310001517413us-gaap:FairValueInputsLevel2Memberus-gaap:MoneyMarketFundsMember2023-12-310001517413us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel3Member2023-12-310001517413us-gaap:FairValueInputsLevel1Memberus-gaap:USTreasurySecuritiesMember2023-12-310001517413us-gaap:FairValueInputsLevel2Memberus-gaap:USTreasurySecuritiesMember2023-12-310001517413us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel3Member2023-12-310001517413us-gaap:CommercialPaperMemberus-gaap:FairValueInputsLevel1Member2023-12-310001517413us-gaap:CommercialPaperMemberus-gaap:FairValueInputsLevel2Member2023-12-310001517413us-gaap:CommercialPaperMemberus-gaap:FairValueInputsLevel3Member2023-12-310001517413us-gaap:FairValueInputsLevel1Member2023-12-310001517413us-gaap:FairValueInputsLevel2Member2023-12-310001517413us-gaap:FairValueInputsLevel3Member2023-12-310001517413us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel1Member2023-12-310001517413us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel2Member2023-12-310001517413us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel3Member2023-12-310001517413us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel1Member2023-12-310001517413us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Member2023-12-310001517413us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel3Member2023-12-310001517413us-gaap:CommercialPaperMemberus-gaap:FairValueInputsLevel1Member2023-12-310001517413us-gaap:CommercialPaperMemberus-gaap:FairValueInputsLevel2Member2023-12-310001517413us-gaap:CommercialPaperMemberus-gaap:FairValueInputsLevel3Member2023-12-310001517413us-gaap:AssetBackedSecuritiesMemberus-gaap:FairValueInputsLevel1Member2023-12-310001517413us-gaap:FairValueInputsLevel2Memberus-gaap:AssetBackedSecuritiesMember2023-12-310001517413us-gaap:AssetBackedSecuritiesMemberus-gaap:FairValueInputsLevel3Member2023-12-310001517413fsly:AgencyBondsMemberus-gaap:FairValueInputsLevel1Member2023-12-310001517413fsly:AgencyBondsMemberus-gaap:FairValueInputsLevel2Member2023-12-310001517413fsly:AgencyBondsMemberus-gaap:FairValueInputsLevel3Member2023-12-310001517413us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMember2022-12-310001517413us-gaap:FairValueInputsLevel2Memberus-gaap:MoneyMarketFundsMember2022-12-310001517413us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel3Member2022-12-310001517413us-gaap:FairValueInputsLevel1Member2022-12-310001517413us-gaap:FairValueInputsLevel2Member2022-12-310001517413us-gaap:FairValueInputsLevel3Member2022-12-310001517413us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel1Member2022-12-310001517413us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel2Member2022-12-310001517413us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel3Member2022-12-310001517413us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel1Member2022-12-310001517413us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Member2022-12-310001517413us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel3Member2022-12-310001517413us-gaap:AssetBackedSecuritiesMemberus-gaap:FairValueInputsLevel1Member2022-12-310001517413us-gaap:FairValueInputsLevel2Memberus-gaap:AssetBackedSecuritiesMember2022-12-310001517413us-gaap:AssetBackedSecuritiesMemberus-gaap:FairValueInputsLevel3Member2022-12-310001517413us-gaap:MunicipalNotesMemberus-gaap:FairValueInputsLevel1Member2022-12-310001517413us-gaap:MunicipalNotesMemberus-gaap:FairValueInputsLevel2Member2022-12-310001517413us-gaap:MunicipalNotesMemberus-gaap:FairValueInputsLevel3Member2022-12-310001517413fsly:ForeignGovernmentAndSupranationalSecuritiesMemberus-gaap:FairValueInputsLevel1Member2022-12-310001517413fsly:ForeignGovernmentAndSupranationalSecuritiesMemberus-gaap:FairValueInputsLevel2Member2022-12-310001517413fsly:ForeignGovernmentAndSupranationalSecuritiesMemberus-gaap:FairValueInputsLevel3Member2022-12-310001517413fsly:GlitchIncMember2022-05-180001517413fsly:GlitchIncMember2022-05-182022-05-180001517413fsly:GlitchIncMember2023-01-012023-12-310001517413us-gaap:DevelopedTechnologyRightsMemberfsly:GlitchIncMember2022-05-180001517413us-gaap:DevelopedTechnologyRightsMemberfsly:GlitchIncMember2022-05-182022-05-180001517413us-gaap:CustomerRelationshipsMemberfsly:GlitchIncMember2022-05-180001517413us-gaap:CustomerRelationshipsMemberfsly:GlitchIncMember2022-05-182022-05-180001517413us-gaap:TradeNamesMemberfsly:GlitchIncMember2022-05-180001517413us-gaap:TradeNamesMemberfsly:GlitchIncMember2022-05-182022-05-180001517413fsly:GlitchIncMember2022-01-012022-12-310001517413us-gaap:ComputerEquipmentMember2023-12-310001517413us-gaap:ComputerEquipmentMember2022-12-310001517413us-gaap:LeaseholdImprovementsMember2023-12-310001517413us-gaap:LeaseholdImprovementsMember2022-12-310001517413us-gaap:FurnitureAndFixturesMember2022-12-310001517413us-gaap:OfficeEquipmentMember2022-12-310001517413us-gaap:SoftwareDevelopmentMember2023-12-310001517413us-gaap:SoftwareDevelopmentMember2022-12-310001517413us-gaap:PropertyPlantAndEquipmentMember2023-01-012023-12-310001517413fsly:PropertyPlantAndEquipmentAdvancePaymentsMember2023-01-012023-12-310001517413us-gaap:SoftwareDevelopmentMember2023-01-012023-12-310001517413us-gaap:SoftwareDevelopmentMember2022-01-012022-12-310001517413us-gaap:SoftwareDevelopmentMember2021-01-012021-12-310001517413us-gaap:AccumulatedTranslationAdjustmentMember2020-12-310001517413us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2020-12-310001517413us-gaap:AccumulatedTranslationAdjustmentMember2021-01-012021-12-310001517413us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2021-01-012021-12-310001517413us-gaap:AccumulatedTranslationAdjustmentMember2021-12-310001517413us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2021-12-310001517413us-gaap:AccumulatedTranslationAdjustmentMember2022-01-012022-12-310001517413us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2022-01-012022-12-310001517413us-gaap:AccumulatedTranslationAdjustmentMember2022-12-310001517413us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2022-12-310001517413us-gaap:AccumulatedTranslationAdjustmentMember2023-01-012023-12-310001517413us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2023-01-012023-12-310001517413us-gaap:AccumulatedTranslationAdjustmentMember2023-12-310001517413us-gaap:AccumulatedNetUnrealizedInvestmentGainLossMember2023-12-310001517413srt:MinimumMember2023-12-310001517413srt:MaximumMember2023-12-310001517413us-gaap:CustomerRelationshipsMember2023-12-310001517413us-gaap:CustomerRelationshipsMember2022-12-310001517413us-gaap:DevelopedTechnologyRightsMember2023-12-310001517413us-gaap:DevelopedTechnologyRightsMember2022-12-310001517413us-gaap:TradeNamesMember2023-12-310001517413us-gaap:TradeNamesMember2022-12-310001517413fsly:InternetProtocolAddressesMember2022-12-310001517413us-gaap:OrderOrProductionBacklogMember2022-12-310001517413fsly:SVBRevolverMember2021-02-160001517413srt:MinimumMemberfsly:LondonInterbankOfferedRateMemberfsly:SVBRevolverMember2021-02-162021-02-160001517413srt:MaximumMemberfsly:LondonInterbankOfferedRateMemberfsly:SVBRevolverMember2021-02-162021-02-160001517413fsly:SVBRevolverMember2023-06-282023-06-280001517413fsly:SecuredOvernightFinanceRateMembersrt:MinimumMemberfsly:SVBRevolverMember2023-06-282023-06-280001517413srt:MaximumMemberfsly:SecuredOvernightFinanceRateMemberfsly:SVBRevolverMember2023-06-282023-06-280001517413us-gaap:BaseRateMembersrt:MinimumMemberfsly:SVBRevolverMember2023-06-282023-06-280001517413srt:MaximumMemberus-gaap:BaseRateMemberfsly:SVBRevolverMember2023-06-282023-06-280001517413srt:MinimumMemberfsly:SVBRevolverMember2021-02-162021-02-160001517413srt:MaximumMemberfsly:SVBRevolverMember2021-02-162021-02-160001517413fsly:SVBRevolverMember2022-01-012022-12-310001517413fsly:SVBRevolverMember2023-01-012023-12-310001517413fsly:SVBRevolverMember2023-12-310001517413fsly:SVBRevolverMember2022-12-310001517413us-gaap:ConvertibleDebtMemberfsly:A2026ConvertibleNotesMember2021-03-050001517413fsly:A2026ConvertibleNotesMember2021-03-052021-03-050001517413us-gaap:ConvertibleDebtMemberfsly:DebtConversionScenarioOneMemberfsly:A2026ConvertibleNotesMember2023-01-012023-12-310001517413fsly:DebtConversionScenarioOneMemberfsly:A2026ConvertibleNotesMember2023-01-012023-12-31fsly:day0001517413us-gaap:CommonClassAMemberfsly:DebtConversionScenarioTwoMemberfsly:A2026ConvertibleNotesMember2023-01-012023-12-310001517413fsly:DebtConversionScenarioThreeMemberus-gaap:CommonClassAMemberfsly:A2026ConvertibleNotesMember2023-01-012023-12-310001517413us-gaap:CommonClassAMemberfsly:A2026ConvertibleNotesMember2023-12-310001517413us-gaap:ConvertibleDebtMemberfsly:A2026ConvertibleNotesMemberfsly:DebtConversionScenarioFourMember2023-01-012023-12-310001517413us-gaap:ConvertibleDebtMemberfsly:A2026ConvertibleNotesMember2022-05-250001517413us-gaap:ConvertibleDebtMemberfsly:A2026ConvertibleNotesMember2022-01-012022-12-310001517413us-gaap:ConvertibleDebtMemberfsly:A2026ConvertibleNotesMember2023-12-310001517413us-gaap:ConvertibleDebtMemberfsly:A2026ConvertibleNotesMember2023-01-012023-12-310001517413us-gaap:ConvertibleDebtMemberfsly:A2026ConvertibleNotesMember2022-12-310001517413us-gaap:CommonClassAMemberfsly:A2026ConvertibleNotesMember2023-01-012023-12-310001517413fsly:CostOfRevenueCommitmentMember2023-12-310001517413fsly:OperatingExpenseCommitmentsMember2023-12-310001517413us-gaap:CommonClassAMember2019-05-310001517413us-gaap:CommonClassBMember2019-05-31fsly:vote0001517413us-gaap:CommonClassBMember2021-07-122021-07-12fsly:plan0001517413us-gaap:CommonClassAMemberfsly:SignalSciences2014EquityStockOptionsPlanMember2023-01-012023-12-310001517413fsly:A2019EquityIncentivePlanMemberus-gaap:CommonClassAMember2023-12-310001517413fsly:A2019EquityIncentivePlanMemberus-gaap:CommonClassAMember2022-12-310001517413us-gaap:CommonClassAMember2023-12-310001517413us-gaap:CommonClassAMember2022-12-310001517413us-gaap:CommonClassBMember2022-12-310001517413us-gaap:CommonClassBMember2023-12-310001517413fsly:A20112019EquityIncentivePlanMemberus-gaap:EmployeeStockOptionMember2023-01-012023-12-310001517413fsly:A20112019EquityIncentivePlanMemberus-gaap:ShareBasedCompensationAwardTrancheOneMemberus-gaap:EmployeeStockOptionMember2023-01-012023-12-310001517413us-gaap:ShareBasedCompensationAwardTrancheTwoMemberfsly:A20112019EquityIncentivePlanMemberus-gaap:EmployeeStockOptionMember2023-01-012023-12-310001517413us-gaap:EmployeeStockOptionMember2023-12-310001517413us-gaap:EmployeeStockOptionMember2023-01-012023-12-310001517413us-gaap:EmployeeStockOptionMember2022-01-012022-12-310001517413us-gaap:EmployeeStockOptionMember2021-01-012021-12-310001517413us-gaap:CommonClassBMember2021-12-310001517413us-gaap:EmployeeStockOptionMember2021-12-310001517413us-gaap:RestrictedStockUnitsRSUMemberus-gaap:ShareBasedCompensationAwardTrancheOneMembersrt:MinimumMember2023-01-012023-12-310001517413srt:MaximumMemberus-gaap:RestrictedStockUnitsRSUMemberus-gaap:ShareBasedCompensationAwardTrancheOneMember2023-01-012023-12-310001517413us-gaap:ShareBasedCompensationAwardTrancheTwoMemberus-gaap:RestrictedStockUnitsRSUMembersrt:MinimumMember2023-01-012023-12-310001517413us-gaap:ShareBasedCompensationAwardTrancheTwoMembersrt:MaximumMemberus-gaap:RestrictedStockUnitsRSUMember2023-01-012023-12-310001517413us-gaap:RestrictedStockUnitsRSUMembersrt:MinimumMember2023-01-012023-12-310001517413srt:MaximumMemberus-gaap:RestrictedStockUnitsRSUMember2023-01-012023-12-310001517413us-gaap:RestrictedStockUnitsRSUMember2022-12-310001517413us-gaap:RestrictedStockUnitsRSUMember2023-01-012023-12-310001517413us-gaap:RestrictedStockUnitsRSUMember2023-12-310001517413us-gaap:RestrictedStockUnitsRSUMember2022-01-012022-12-310001517413us-gaap:RestrictedStockUnitsRSUMember2021-01-012021-12-310001517413fsly:SignalSciencesCorpMember2020-01-012020-12-310001517413fsly:SignalSciencesCorpMember2020-12-31fsly:cofounder0001517413us-gaap:RestrictedStockMember2023-01-012023-12-310001517413us-gaap:RestrictedStockMember2022-01-012022-12-310001517413us-gaap:RestrictedStockMember2023-12-310001517413us-gaap:RestrictedStockMember2021-12-310001517413us-gaap:RestrictedStockMember2022-01-312022-01-310001517413us-gaap:PerformanceSharesMember2022-12-310001517413us-gaap:PerformanceSharesMember2023-01-012023-12-310001517413us-gaap:PerformanceSharesMember2023-12-310001517413us-gaap:PerformanceSharesMember2022-01-012022-12-310001517413us-gaap:PerformanceSharesMember2021-01-012021-12-310001517413fsly:A2023And2022BonusProgramMember2023-02-012023-02-280001517413fsly:PerformanceTargetPayoutLevelOneMember2023-03-290001517413fsly:PerformanceTargetPayoutLevelTwoMember2023-03-290001517413fsly:PerformanceTargetPayoutLevelThreeMember2023-03-290001517413fsly:A2022BonusProgramMemberus-gaap:PerformanceSharesMember2023-01-012023-12-310001517413fsly:A2022BonusProgramMemberus-gaap:PerformanceSharesMember2022-01-012022-12-310001517413fsly:A2022BonusProgramMemberus-gaap:PerformanceSharesMember2021-01-012021-12-310001517413fsly:MarketBasedPerformanceStockAwardsMember2023-01-012023-12-310001517413fsly:MarketBasedPerformanceStockAwardsMember2022-12-310001517413fsly:MarketBasedPerformanceStockAwardsMember2023-12-310001517413us-gaap:EmployeeStockMember2023-12-310001517413us-gaap:EmployeeStockMember2023-01-012023-12-310001517413us-gaap:EmployeeStockMembersrt:MinimumMember2023-12-310001517413srt:MaximumMemberus-gaap:EmployeeStockMember2023-12-310001517413us-gaap:EmployeeStockMembersrt:MinimumMember2022-12-310001517413srt:MaximumMemberus-gaap:EmployeeStockMember2022-12-310001517413us-gaap:EmployeeStockMembersrt:MinimumMember2021-12-310001517413srt:MaximumMemberus-gaap:EmployeeStockMember2021-12-310001517413us-gaap:EmployeeStockMembersrt:MinimumMember2023-01-012023-12-310001517413srt:MaximumMemberus-gaap:EmployeeStockMember2023-01-012023-12-310001517413us-gaap:EmployeeStockMember2022-01-012022-12-310001517413us-gaap:EmployeeStockMembersrt:MinimumMember2021-01-012021-12-310001517413srt:MaximumMemberus-gaap:EmployeeStockMember2021-01-012021-12-310001517413us-gaap:EmployeeStockMember2021-01-012021-12-310001517413us-gaap:StockCompensationPlanMember2023-01-012023-12-310001517413us-gaap:StockCompensationPlanMember2022-01-012022-12-310001517413us-gaap:CostOfSalesMember2023-01-012023-12-310001517413us-gaap:CostOfSalesMember2022-01-012022-12-310001517413us-gaap:CostOfSalesMember2021-01-012021-12-310001517413us-gaap:ResearchAndDevelopmentExpenseMember2023-01-012023-12-310001517413us-gaap:ResearchAndDevelopmentExpenseMember2022-01-012022-12-310001517413us-gaap:ResearchAndDevelopmentExpenseMember2021-01-012021-12-310001517413us-gaap:SellingAndMarketingExpenseMember2023-01-012023-12-310001517413us-gaap:SellingAndMarketingExpenseMember2022-01-012022-12-310001517413us-gaap:SellingAndMarketingExpenseMember2021-01-012021-12-310001517413us-gaap:GeneralAndAdministrativeExpenseMember2023-01-012023-12-310001517413us-gaap:GeneralAndAdministrativeExpenseMember2022-01-012022-12-310001517413us-gaap:GeneralAndAdministrativeExpenseMember2021-01-012021-12-310001517413fsly:LiabilityClassifiedAwardsMember2023-01-012023-12-310001517413fsly:LiabilityClassifiedAwardsMember2022-01-012022-12-310001517413fsly:LiabilityClassifiedAwardsMember2021-01-012021-12-310001517413us-gaap:CommonClassAMember2023-01-012023-12-310001517413us-gaap:CommonClassBMember2023-01-012023-12-310001517413us-gaap:CommonClassAMember2022-01-012022-12-310001517413us-gaap:CommonClassBMember2022-01-012022-12-310001517413us-gaap:CommonClassAMember2021-01-012021-12-310001517413us-gaap:CommonClassBMember2021-01-012021-12-310001517413us-gaap:CommonClassAMemberus-gaap:IPOMember2019-05-212019-05-210001517413us-gaap:CommonClassBMember2019-05-212019-05-210001517413us-gaap:EmployeeStockOptionMember2023-01-012023-12-310001517413us-gaap:EmployeeStockOptionMember2022-01-012022-12-310001517413us-gaap:EmployeeStockOptionMember2021-01-012021-12-310001517413us-gaap:RestrictedStockUnitsRSUMember2023-01-012023-12-310001517413us-gaap:RestrictedStockUnitsRSUMember2022-01-012022-12-310001517413us-gaap:RestrictedStockUnitsRSUMember2021-01-012021-12-310001517413fsly:RevestSharesMember2023-01-012023-12-310001517413fsly:RevestSharesMember2022-01-012022-12-310001517413fsly:RevestSharesMember2021-01-012021-12-310001517413us-gaap:PerformanceSharesMember2023-01-012023-12-310001517413us-gaap:PerformanceSharesMember2022-01-012022-12-310001517413us-gaap:PerformanceSharesMember2021-01-012021-12-310001517413fsly:MarketBasedPerformanceStockAwardsMember2023-01-012023-12-310001517413fsly:MarketBasedPerformanceStockAwardsMember2022-01-012022-12-310001517413fsly:MarketBasedPerformanceStockAwardsMember2021-01-012021-12-310001517413fsly:BonusPSUsMember2023-01-012023-12-310001517413fsly:BonusPSUsMember2022-01-012022-12-310001517413fsly:BonusPSUsMember2021-01-012021-12-310001517413us-gaap:EmployeeStockMember2023-01-012023-12-310001517413us-gaap:EmployeeStockMember2022-01-012022-12-310001517413us-gaap:EmployeeStockMember2021-01-012021-12-310001517413us-gaap:ConvertibleDebtSecuritiesMember2023-01-012023-12-310001517413us-gaap:ConvertibleDebtSecuritiesMember2022-01-012022-12-310001517413us-gaap:ConvertibleDebtSecuritiesMember2021-01-012021-12-310001517413us-gaap:DomesticCountryMember2023-12-310001517413us-gaap:DomesticCountryMember2022-12-310001517413us-gaap:StateAndLocalJurisdictionMember2023-12-310001517413us-gaap:StateAndLocalJurisdictionMember2022-12-310001517413us-gaap:DomesticCountryMemberus-gaap:ResearchMember2023-12-310001517413us-gaap:StateAndLocalJurisdictionMemberus-gaap:ResearchMember2023-12-310001517413country:GBus-gaap:ForeignCountryMember2023-12-310001517413country:US2023-12-310001517413country:US2022-12-310001517413us-gaap:NonUsMember2023-12-310001517413us-gaap:NonUsMember2022-12-3100015174132023-10-012023-12-310001517413fsly:RonaldKislingMember2023-10-012023-12-310001517413fsly:RonaldKislingMember2023-12-310001517413fsly:RichardDanielsMember2023-10-012023-12-310001517413fsly:RichardDanielsMember2023-12-310001517413fsly:BrettShirkMember2023-10-012023-12-310001517413fsly:BrettShirkMember2023-12-31


UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
____________________________
FORM 10-K
____________________________

    ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
 
For the fiscal year ended December 31, 2023

or
 
     TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
 

Commission File Number: 001-38897
____________________________
FASTLY, INC.
(Exact name of registrant as specified in its charter)
____________________________
Delaware27-5411834
(State or other jurisdiction of
incorporation or organization)
(I.R.S. Employer
Identification Number)
475 Brannan Street, Suite 300
San Francisco, CA 94107
(Address of principal executive offices) (Zip code)

(844) 432-7859
(Registrant's telephone number, including area code)

Not Applicable
(Former name, former address, or former fiscal year, if changed since last report)
____________________________
Securities registered pursuant to Section 12(b) of the Act:
Title of each classTrading Symbol(s)Name of each exchange on which registered
Class A Common Stock, $0.00002 par valueFSLYThe New York Stock Exchange

Securities registered pursuant to Section 12(g) of the Act: None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.    Yes ☒     No  ☐
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Act.    Yes  ☐    No  ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes   No 

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes   No 

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of "large accelerated filer," "accelerated filer," "smaller reporting company," and "emerging growth company" in Rule 12b-2 of the Exchange Act.
Large accelerated filerAccelerated filer
Non-accelerated filerSmaller reporting company
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.  

1



Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements.

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to § 240.10D-1(b).

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes   No 

The aggregate market value of the voting and non-voting common equity held by non-affiliates of the registrant, based on the closing price of $15.77 for a share of the Registrant’s Class A common stock on June 30, 2023 (the last business day of the registrant's most recently completed second quarter), as reported by the New York Stock Exchange on such date, was approximately $2.0 billion. 

As of February 16, 2024, 134.2 million shares of the registrants’ Class A common stock were outstanding.

Portions of the registrant’s Definitive Proxy Statement relating to the 2024 Annual Meeting of Stockholders are incorporated by reference into Part III of this Annual Report on Form 10-K where indicated. Such Definitive Proxy Statement will be filed with the Securities and Exchange Commission within 120 days after the end of the registrant’s fiscal year ended December 31, 2023.
2



TABLE OF CONTENTS
Page

3



SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended, (the “Exchange Act”), about us and our industry that involve substantial risks and uncertainties. All statements other than statements of historical facts contained in this Annual Report on Form 10-K, including statements regarding our future results of operations and financial condition, business strategy, and plans and objectives of management for future operations, are forward-looking statements. In some cases, forward-looking statements may be identified by words such as “anticipate,” “believe,” “continue,” “could,” "design,” “estimate,“ “expect,” "intend,” “may,” “plan,” “potentially,” “predict,” “project,” "should,” “will,” "would,” “target,“ or the negative of these terms or other similar expressions.
Forward-looking statements are based on our management’s beliefs and assumptions and on information currently available. These forward-looking statements are subject to a number of known and unknown risks, uncertainties and assumptions, including risks described in the section titled “Risk Factors” and elsewhere in this Annual Report on Form 10-K, regarding, amongst other things:
defects, interruptions, outages, delays in performance, or similar problems with our platform;
our ability to attract new enterprise customers and to have existing enterprise customers continue and increase their use of our platform;
the potential loss or significant reduction in usage by one or more of our major customers;
component delays, shortages, and price increases;
our limited operating history and history of operating losses;
the potential that security measures, or those of third parties upon which we rely, are compromised, or the security, confidentiality, integrity or availability of our information technology, software, services, networks, communications or data is compromised, limited or fails;
our ability to efficiently develop and sell new products and respond effectively to rapidly changing technology, evolving industry standards, changing regulations, and changing customer needs, requirements, or preferences;
our ability to forecast our revenue accurately and manage our expenditures;
our ability to effectively develop and expand our marketing and sales capabilities;
our ability to compete effectively with existing competitors and new market entrants;
our ability to maintain and enhance our brand;
our ability to identify and integrate acquisitions, strategic investments, partnerships, or alliances;
our ability to attract and retain qualified employees and key personnel;
our reliance on the performance of highly skilled personnel, including our senior management and other key employees, and the loss or transition of one or more of such personnel, or of a significant number of our team members;
our potential involvement in class-action lawsuits and other litigation matters; and
stock price volatility, and the potential decline in the value of our Class A common stock.
We caution you that the foregoing list may not contain all of the forward-looking statements made in this Annual Report on Form 10-K.
4



Other sections of this Annual Report on Form 10-K may include additional factors that could harm our business and financial performance. Moreover, we operate in a very competitive and rapidly changing environment. New risk factors emerge from time to time, and it is not possible for our management to predict all risk factors nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ from those contained in, or implied by, any forward-looking statements.
You should not rely upon forward-looking statements as predictions of future events. We cannot assure you that the events and circumstances reflected in the forward-looking statements will be achieved or occur. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results, levels of activity, performance or achievements. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason after the date of this Annual Report on Form 10-K or to conform these statements to actual results or to changes in our expectations. You should read this Annual Report on Form 10-K and the documents that we reference in this Annual Report on Form 10-K and have filed as exhibits to this Annual Report on Form 10-K with the understanding that our actual future results, levels of activity, performance, and achievements may be materially different from what we expect. We qualify all of our forward-looking statements by these cautionary statements.
In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based upon information available to us as of the filing date of this Annual Report on Form 10-K, and while we believe such information forms a reasonable basis for such statements, such information may be limited or incomplete, and our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all potentially available relevant information. These statements are inherently uncertain and investors are cautioned not to unduly rely upon these statements.
Investors and others should note that we may announce material business and financial information to our investors using our investor relations website (www.fastly.com/investors), our filings with the Securities and Exchange Commission, our corporate X account (@Fastly), our blog (www.fastly.com/blog), our corporate LinkedIn account (www.linkedin.com/company/fastly), webcasts, press releases, and conference calls. We use these mediums, including our website, to communicate with investors and the general public about us, our products, and other issues. It is possible that the information that we make available on these mediums may be deemed to be material information. We therefore encourage investors and others interested in us to review the information that we make available through these channels.


RISK FACTOR SUMMARY
Our business is subject to significant risks and uncertainties that make an investment in us speculative and risky. Below we summarize what we believe are the principal risk factors but these risks are not the only ones we face, and you should carefully review and consider the full discussion of our risk factors in the section titled “Risk Factors”, together with the other information in this Annual Report on Form 10-K. If any of the following risks actually occurs (or if any of those listed elsewhere in this Annual Report on Form 10-K occurs), our business, reputation, financial condition, results of operations, revenue, and future prospects could be seriously harmed. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that adversely affect our business.
If our platform fails to perform properly due to defects, interruptions, outages, delays in performance, or similar problems, and if we fail to develop enhancements to resolve any defect, interruption, delay, or other problems, we could lose customers, become subject to service performance or warranty claims or incur significant costs.
If we are unable to attract new customers, in particular, enterprise customers, and to have existing enterprise customers continue and increase their use of our platform, our business will likely be harmed.
We receive a substantial portion of our revenues from a limited number of customers from a limited number of industries, and the loss of, or a significant reduction in usage by, one or more of our major customers would result in lower revenues and could harm our business.
5



Component delays, shortages or price increases could interrupt our ability to complete the construction of our servers to meet the usage needs of our customers. Our operating results could be materially harmed if we are unable to adequately manage our server needs.
Our limited operating history and our history of operating losses makes it difficult to evaluate our current business and prospects and may increase the risks associated with your investment.
If our information technology systems or data, or those of third parties upon which we rely, are compromised now, or in the future, or the security, confidentiality, integrity or availability of our information technology, software, services, networks, communications or data is compromised, limited or fails, our business could experience materially adverse consequences, including but not limited to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, loss of revenue or profits, loss of customers or sales, reputational harm, and other adverse consequences.
If we fail to efficiently develop and sell new products and respond effectively to rapidly changing technology, evolving industry standards, changing regulations, and changing customer needs, requirements, or preferences, our products may become less competitive.
If we fail to forecast our revenue accurately, or if we fail to manage our expenditures, our operating results could be adversely affected.
Failure to effectively develop and expand our marketing and sales capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our platform.
The markets in which we participate are competitive, and if we do not compete effectively, our business will be harmed.
If we fail to maintain and enhance our brand, our ability to expand our customer base will be impaired and our business, results of operations and financial condition may suffer.
Acquisitions, strategic investments, partnerships, or alliances could be difficult to identify and integrate, divert the attention of management, disrupt our business, and dilute stockholder value.
The failure to attract and retain qualified personnel could prevent us from executing our business strategy.
We rely on the performance of highly skilled personnel, including our senior management and other key employees, and the loss or transition of one or more of such personnel, or of a significant number of our team members, could harm our business.
We have previously been and may in the future be involved in class-action lawsuits and other litigation matters that are expensive and time-consuming. If resolved adversely, lawsuits and other litigation matters could seriously harm our business.
Our stock price may be volatile, and the value of our Class A common stock may decline.


PART I
6



Item 1.         Business
Overview
Organizations around the world are more dependent on the quality of digital experiences they provide than ever before. At Fastly, we deliver an edge cloud platform capable of delivering fast, safe, and engaging digital experiences. By focusing holistically on the edge cloud from developer inspiration to end-user experience, we have the opportunity to differentiate with our global footprint, dynamic infrastructure, and security solution. Performance, security, and building the most engaging applications are paramount to driving mission success for Fastly’s customers.
The edge cloud is a category of Infrastructure as a Service (“IaaS”) that enables developers to build, secure, and deliver digital experiences, at the edge of the Internet. This service represents the convergence of the Content Delivery Network (“CDN”) with functionality that has been traditionally delivered by hardware-centric appliances such as Application Delivery Controllers (“ADC”), Web Application Firewalls (“WAF”), Bot Detection, Distributed Denial of Service (“DDoS”), and observability solutions. It also includes the emergence of a new, but growing, edge computing market which aims to move compute power and logic as close to the end user as possible. When milliseconds matter, processing at the edge is an ideal way to handle highly dynamic and time-sensitive data. This has led to its acceptance and adoption by organizations who monetize or grow their user base with every millisecond saved. Organizations that want to improve their user experience, whether it’s faster loading websites or reduced shopping cart abandonment, can benefit from processing at the edge. The edge cloud complements data center, central cloud, and hybrid solutions.
Organizations must keep up with complex and ever-evolving end-user requirements. We help them surpass their end users’ expectations by powering fast, safe, and engaging digital experiences. We built a powerful edge cloud platform, designed from the ground up to be programmable and support agile software development. We believe that our platform gives our customers a significant competitive advantage, whether they were born into the digital age or are just embarking on their digital transformation journey.
Developers on the Fastly platform have a high degree of flexibility with granular control and real-time visibility, where they can write and deploy code in a serverless environment and push application logic to the edge. Our infrastructure is built for the software-defined future. Our network is powerful, efficient, and flexible, designed to enable us to rapidly scale to meet the needs of the most demanding customers. Our approach to scalable, secure reliability integrates security into multiple layers of development: architecture, engineering, and operations. That's why we invest in building security into the fabric of our platform, alongside performance. We provide developers and security operations teams with a fast and safe environment to create, build, and run modern applications.
We serve established enterprises, mid-market companies, and technology-savvy organizations. Our customers represent a diverse set of organizations across many industries with one thing in common: they care about delivering best-in-class digital experiences. With our edge cloud platform, our customers are disrupting existing industries and creating new ones. For example, several of our customers have reinvented digital publishing by connecting readers through subscription models to indispensable content. Fastly’s ability to dynamically manage content in real time enables readers to have instant access to the most up to date information.
Our customers’ ecommerce solutions use Fastly's edge compute functionality to deliver very low-latency customer experiences, including providing better recommendations to their shoppers, converting more shopping carts into sales and executing fast and secure financial transactions. Content streaming organizations leverage Fastly's platform to deliver content to users around the world and those that livestream gain easy access to enormous edge compute resources for even greater reliability. The range of applications that developers build with our edge cloud platform continues to expand rapidly.
Our mission is to make the Internet a better place where all experiences are fast, safe, and engaging. We want all developers to have the ability to deliver the next transformative digital experience on a global scale. And because big ideas often start small, we love it when developers experiment and iterate on our platform, coming up with exciting new ways to solve today’s complex problems.
For the fiscal years ended December 31, 2023, 2022 and 2021, our revenue was $506.0 million, $432.7 million, and $354.3 million, respectively. We continue to invest in our business and had a net loss of $133.1 million, $190.8 million and $222.7 million for the fiscal years ended December 31, 2023, 2022 and 2021, respectively.
7



We measure the revenue growth from existing customers attributable to increased usage of our platform and features, and purchase of additional products and services with our Dollar-Based Net Expansion Rate ("DBNER"), Net Retention Rate ("NRR") and Last-Twelve Months Net Retention Rate ("LTM NRR") metrics. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics" for further discussion of DBNER, NRR and LTM NRR.
Products & Services
Programmable Edge Platform
Fastly’s programmable edge platform was built to support modern digital experiences. We sit between our customers’ end users and their origin–whether that’s in the cloud, on premise or a hybrid environment–and power online experiences that are fast, safe, and engaging.
Fastly was founded in an era where legacy CDNs were failing to keep up with the explosive growth of user-generated content and demands for faster, more personalized websites and apps. Legacy CDNs could not cache highly dynamic content at the edge–they had to continuously go back to origin to fetch this content, driving up egress costs. Deploying changes meant, at best, hours-long waits for configurations to propagate. At worst, it meant being forced to engage professional services at a cost of hundreds of dollars an hour. Legacy CDNs also failed to provide real-time visibility. Traffic logs were provided in batch format, meaning the data could be anywhere from 15 minutes to several hours old, making it impossible to monitor performance and get instant feedback.
With a view to addressing these challenges, we have taken a fundamentally different approach to architecting our platform.
Powerful POPs. We have architected our Points of Presence (“POPs”) using robust customized servers with incredible processing density. As a result, our POPs require minimal footprint and yield colocation cost savings compared to traditional POP architectures. We have located these POPs near major cloud providers and peered with Internet exchange points around the world, so that we can deliver content as close to end users as possible. Because our POPs are powerful and well-connected to the Internet, we are able to operate fewer of them and still achieve optimal performance relative to traditional POPs.
Software-defined network. We have built a smarter network using fast switches and routing intelligence at the server layer. This has allowed us to provide real-time responses by ensuring our customers’ traffic is routed in the most optimal manner on our network.
Network Resilience. Our network is built to withstand common performance degradation or connectivity issues with internet transit providers. With fast path failover we automatically detect and re-route underperforming edge connections at the transport layer. Precision Path detects underperforming origin connections and automatically reroutes the connection to the best alternative in real-time. AutoPilot is an automated egress traffic engineering solution which enables us to reliably deliver high traffic events without manual intervention.
Fully programmable. In keeping with our belief that companies should be able to control everything through software, we have built a fully programmable platform. Using Varnish Configuration Language (“VCL”) as a domain-specific language, and flexible application programming interfaces (“APIs”), we give customers comprehensive control over how their content is cached and how we respond to end user requests. Our customers are able to make their own configuration changes versus waiting on a professional services engagement. This translates into faster end-user experiences and cost savings.
DevOps-friendly. We have made it easy for our customers to integrate Fastly into their existing DevOps toolchains and workflows. We have enabled deep integration through rich APIs that let teams build with Terraform, or integrate with Amazon S3, Google Cloud Storage, Splunk, Drupal and many more popular platforms. Combined with our configurability and visibility, this empowered developers to make Fastly part of their continuous integration and continuous deployment (“CI/CD”) processes. As a result, our customers have been able to enhance end user experiences by speeding up software and feature releases, without their CDN getting in the way. For example, we have seen customers release new code to production multiple times a day instead of once a month.
8



All of our product lines have been built on top of this single, programmable platform, and therefore they all benefit from the same granular control, real-time visibility, and immediate scalability.
Screenshot 2024-02-20 at 7.07.33 PM.jpg
As developers gained awareness of the power of our programmable platform, they have tapped into it to build complex performance-based use cases on top of it, from paywall authentication at the edge to A/B testing and edge redirects. From this trend, we realized that there was a need for a more general compute environment versus one that was primarily designed for caching and content delivery.
To address this need, we built a powerful compute environment on top of our programmable platform. We give customers access to our serverless compute environment through our compute offering, Fastly Compute. App developers can use this offering to build high performance, personalized apps on our programmable edge without the complexity of managing the underlying infrastructure. We knew our customers would need this environment to be scalable, fast and secure so we chose its building blocks carefully:
WebAssembly (“WASM”). We chose WASM, an extremely powerful open source technology that allows developers to run complex code on our platform. Apps can be compiled to WASM (using native machine code for better performance) and replicated to all our edge POPs.
Isolation technology. With security top of mind, we created a unique isolation technology. This gives us the ability to create and destroy an isolated sandbox for each user request that comes through, enabling code to be run in a safe, fast execution environment at scale.
WASM compiler and runtime. To make this code run even faster, we built our own WASM compiler and runtime.
Through our observability offerings, we also provide real-time insights to inform continuous performance improvements and facilitate faster debugging during development. See Compute and Observability sections below for more details.
Network Services
Fastly is an extension of our customers’ infrastructure. Our Network Services are designed to speed up and optimize the delivery of web and application traffic while ensuring developers and engineers do not lose visibility or control. Whether customers are looking to deliver engaging web and streaming experiences to their users, move apps to the cloud or scale their DevOps practices, our Network Services provide the speed, security and flexibility needed.
9



Content Delivery Network
Dynamic Site Acceleration. Speeds up requests and responses between cache nodes in our POPs and customers’ origin servers to serve their dynamic web and mobile content faster.
Origin Shield. Allows us to designate a specific POP to serve as a shield for a customer’s origin servers. When web content is refreshed and multiple end users request the new content simultaneously, a deluge of requests can hit a customer’s origin server. This can result in poor web or application performance. With Origin Shield, we collapse all these content requests into a single request and hold it in queue at the Origin Shield POP. That allows us to retrieve the new content from the customer’s origin server only once, and then serve it to all end users who requested it. This approach reduces costs for our customers, while improving performance for their end users.
Instant Purge. Allows customers to clear the cached copy of their content globally in milliseconds, not seconds. We allow customers to send a command to our platform that invalidates an old version of their content throughout our global edge infrastructure. This causes a new version of content to be retrieved from the application server the next time it is requested. This feature enables our customers to serve highly dynamic content at the edge more quickly and allows for delightful application experiences. Rapidly changing content like shopping cart items, flight search results, sports scores, or current weather conditions in any given location can all be served faster from the network edge.
Surrogate Keys. Allows customers to fine-tune purging by tagging related objects across their site with a key name and description, then purging by that key. They can purge their entire site of a given object or set of objects at once, without impacting performance. For example, they could purge any images and content related to discontinued sale items, discounted products, or outdated news across their site all at once.
Programmatic Control. Provides direct programmatic control of edge delivery services to our customers via VCL, allowing them to precisely control what content is cached, for how long and when it should be refreshed. Combined with comprehensive APIs, VCL allows our customers to build, test and deploy custom logic, using their own development, test and deployment environment, for even the most complex digital experiences.
Content Compression. Compresses content with technologies like Gzip and Brotli, providing direct performance improvements and a more responsive web experience for end users.
Reliability Features. Support the availability of customer content with features including origin health checks, a ‘grace mode’ feature that will continue serving content even when customer origin(s) fail, Multipath TCP, and real time error dashboards and API feeds that are backed by a 100% uptime Service Level Agreement (SLA”).
Fanout. Enables customers to push data in real time to many users, such as synchronous communication of messages in a chatroom, server updates to IoT devices and other types of data between devices. Realtime messaging is used in a wide range of data streaming applications, including IoT, live commenting, end user notifications, chat and more.
Domainr. Provides customers with a real-time and programmatic means for checking domain availability. A programmatic solution for verifying trust for domains is especially useful for platform customers. Using Domainr's APIs, customers can embed these functions directly into their workflows.
Modern protocols and performance. Helps our customers, and the Internet in general, receive the best possible performance regardless of user device, connectivity or location though supporting the development of next generation web technologies and protocols such as HTTP/3, QUIC, client hints and HTTP prioritization.
10



Privacy. Fastly offers several privacy enablement capabilities. Our OHTTP Relay solution provides fast, reliable separation and isolation of end user data, while passing along non-identifying requests to the business server. Fastly’s OHTTP Relay is designed to enhance online privacy for users of several of the largest internet vendors. Fastly has worked with others to develop and standardize the technology behind Private Access Tokens. As an alternative to CAPTCHAs, Privacy Access Tokens provide better user privacy by helping ensure there is no leakage of non-essential data.
Video / Streaming
Live Streaming. Delivers millions of concurrent high-quality live streams. It can deliver online content using major HTTP streaming formats while providing real-time feedback to optimize viewer experiences. In addition, we partner with multiple video platform vendors to improve the flexibility and scale of live-streaming workflows and reduce the total cost of ownership.
Video on Demand. Reduces the load on origin servers and accelerates time-to-first-frame by caching and rapidly delivering Video on Demand content. Our on-the-fly-packaging feature optimizes streaming media on demand and facilitates immediate playback, thus enhancing viewer experiences across regions, devices, and platforms.
Media Shield. Large streaming customers typically use multiple CDNs for media delivery for redundancy and protection. Our Media Shield product supports these efforts and can reduce the total cost of ownership while also regaining lost visibility and improving performance. By collapsing multiple origin requests for identical content across several CDNs, content can be streamed faster, more efficiently, and with a significantly smaller infrastructure burden.
Load Balancing
Load Balancer. Manages HTTP/HTTPS requests to a customer’s origin using granular content-aware routing decisions. We allow customers to manage traffic across multiple IaaS providers, data centers, and hybrid clouds. We also provide improved performance and cost savings over ADCs, especially during a spike or surge in traffic.
Image Optimization
Image Optimizer. We offer a real-time image manipulation and delivery service and store transformations at the edge. When an image is requested, we resize it, adjust quality, crop/trim, change orientations, convert formats, and more, all on demand. Transforming images at the edge eliminates latency and reduces traffic to a customer’s origin servers, allowing them to save on infrastructure and egress costs.
TLS Encryption
Transport Layer Security (“TLS”). As part of our standard product, our platform terminates HTTPS connections at our network edge, offloading encrypted traffic from our customers’ web servers for better performance. We provide a number of different certificate procurement and hosting options.
Platform TLS. Our Platform TLS offering is designed to allow customers with multiple web properties to manage TLS certificates at scale, while enabling a fast, secure experience for their end-users. It supports delivery and management of hundreds of thousands of certificates, supported by our worldwide TLS termination and acceleration solution.
Certainly: In August 2023, we launched Certainly, our own publicly-trusted TLS Certification Authority (“CA”). Fastly customers can use a certificate issued by Certainly to secure any website or API endpoint served by our CDN.

11



Origin Connect
Origin Connect. Ideal for companies moving more than one gigabyte of data per second, such as media, video, and streaming companies, Origin Connect provides a direct private network connection between an organization’s origin server and an Origin Shield POP. It is an effective way to lower transit costs, reduce engineering complexity, and improve reliability for high-volume streaming content.
Security
Security is an essential part of every online business, and customers rely on Fastly to help rapidly secure their business-critical websites, apps, and APIs. Our modern approach to application security provides the accuracy, flexibility, and ease-of-use that our customers have come to know and expect. Fastly provides a range of security solutions for businesses that focus on protecting websites, apps, and APIs from various threats, including DDoS attacks, application layer attacks and abusive behavior from automated software. These solutions are designed to be real-time, scalable, and customizable, offering businesses the ability to tailor their security to their specific needs. With a focus on performance and flexibility, Fastly enables businesses to safeguard their digital experiences.
Next-Gen WAF. Our next-generation Web Application Firewall (“WAF”) protects applications from malicious attacks that seek to compromise apps and APIs. Our solution requires no tuning, and is more accurate than the traditional rule or signature-based approaches. Our WAF can be installed in any infrastructure: cloud, container, on-premise data center or hybrid environments or at the edge. Key features include:
Bot Management. Bad bots can perform content scraping, tie up system resources, perform account brute forcing and other harmful actions. Our solution monitors web application and API traffic for automated bot activity, allowing customers to automatically block malicious bot-generated web requests, while providing access for wanted or verified bots.
API Protection. Attackers often target sensitive APIs, attempting to validate stolen credit cards, perform ecommerce gift card fraud or obtain patient healthcare records. We help customers stop API abuse by enabling them to monitor for unexpected values and parameters submitted to API endpoints, and block unauthorized requests.
ATO Protection. Account takeover (“ATO”) occurs when attackers use authentication credentials to take over legitimate user accounts. Attackers test stolen credentials in an automated manner called “credential stuffing.” Our Account Takeover Protection empowers customers to automatically block and alert on credential stuffing attacks.
Advanced Rate Limiting. Advanced Rate Limiting enables customers to stop malicious and anomalous high volume web requests and reduce resource consumption while allowing legitimate traffic through to application and API endpoints—doing so means companies can provide a superior customer experience that scales to meet increasing demand.
DDoS. Our DDoS protection is an always-on service that provides immediate protection from network and application layer attacks, so web apps and APIs are always available and performant. Our high-bandwidth, globally distributed network is built to absorb DDoS attacks without impacting performance. Customers can respond to attacks in real time, filtering and rate limiting malicious requests at the network edge, before they reach the customers' origin.
Compliance. We speed up the caching and delivery of sensitive content at the edge, helping customers meet data compliance and privacy regulations such as the Health Insurance Portability and Accountability Act (“HIPAA”), the European Union's General Data Protection Regulation (“EU GDPR”) and the United Kingdom’s GDPR (“U.K. GDPR”), in addition to industry standards such as PCI Data Security Standard and SOC. Fastly is also certified to the ISO/IEC 27001:2013 standard for its Information Security Management System. Our Assurance Services offering includes support for additional documentation and audit procedures for customers with these needs.
12



Compute
Fastly Compute allows app developers to build high performance, personalized apps on Fastly's programmable edge without the cost and complexity of managing the underlying infrastructure. Like all our offerings, Compute is built to be secure, performant and scalable.
Compute supports a multitude of use cases, including:
Enhancing Search Engine Optimization ranking by managing redirects at the edge to improve site performance and gain real-time visibility;
Lowering infrastructure costs and offering faster personalized experiences by generating unique user tokens for authentication; and
Enabling low latency ad personalization by allowing our customers to serve ads quickly from the edge based on user data.
Key features of Compute include:
Serverless execution environment: Compute offers a fast, secure serverless code execution engine. It allows customers to deploy code across Fastly’s global edge cloud infrastructure, and execute the code close to the user for low latency. Compute also exposes the power of Fastly’s global infrastructure via a set of powerful developer API’s for fine grained programmatic control (e.g. Cache API’s).
Language support. Compute works with any WASM-supported languages, including JavaScript, Rust, Go, Ruby and more. Customers also have the ability to create their own language Software Development Kits. Support for languages that developers already know and want to code in is key for adoption and we will continue to add more over time.
Data. Compute has a number of features that makes it easier and faster to access data at the edge instead of having to go back to the central cloud. This helps developers innovate faster and unlocks more latency-sensitive use cases at the edge.
KV Store. KV Store offers global, durable storage for compute functions at the edge. With fast reads and writes from both the edge or via API, customers can store, control, or cache their data to reduce origin dependency and unlock new use cases.
Config Store. Developers want to iterate fast when developing applications. Config Store supports this by allowing them to store multiple common code configurations at the edge, which they can then deploy instantly, instead of having to push new code for every single configuration change.
Secret Store: Secret Store is a secure and performant storage system for Compute customers' most sensitive data like API keys, passwords, certificates, and other credentials. It leverages the Hashicorp vault to centrally store, access, and manage secrets across Fastly's cloud infrastructure.

Visibility. In addition to real-time logs and metrics, which all our products benefit from, Compute also features log tailing and tracing to improve developer visibility.
Log Tailing. We give customers visibility into log messages from their applications so they can quickly identify bugs all within their terminal of choice with Fastly Command Line Interface. This helps avoid difficult third party log management and debugging challenges.
Tracing. For customers building apps with Compute, we tag individual end-user requests with unique identifiers and maintain request tracing parameters by tracking when users enter and exit our serverless platform. This feature allows developers to more easily track the performance of application functions post-deployment.
13



Developer Experience. Our award-winning Developer Experience team and products exist to bring success to all developers from their first interaction with Fastly to serving billions of requests per second. The team works cross functionally to advocate for developers across Fastly’s product line, defining and teaching best practices that foster developer success.
Developer Relations. The Developer Relations team guides developers through training materials, events, and tooling aimed at building a deep understanding of our products. By maintaining code samples published to Fastly Developer Hub and building testing tools like Fastly Fiddle, we engage developers with our products, such as Compute, that integrate directly into DevOps tools and internal developer platforms. We also facilitate testing on our platform with rapid global deploy times and live logs, in addition to debugging.
Glitch. In order to expand our product offerings to more developers, we acquired Glitch, Inc. (“Glitch”) in May of 2022. Glitch is a popular tool for web-based development with a total lifetime user count of over 2.6M registered developers as of December, 2023. We are now working on integrating Compute with Glitch’s easy-to-use interface, so Glitch’s community of developers can seamlessly deploy code to Fastly’s serverless compute environment.
Open Source Support. Our Fast Forward program is designed to empower and support developers, open source projects, and nonprofits that share our vision of an internet that is free, open, and safe for all. Any eligible open source project can apply to receive free Fastly products.
Observability
For customers, the ability to continuously monitor the status of their website, product, or service is essential. Across all our Network Services, Compute and Security product lines, we provide customers with real-time insights for better decision making. DevOps and engineers can quickly identify potential issues, investigate anomalies, improve performance, and uptime and iterate faster on new releases.
Real-time Logging. To help tune the performance of Fastly services, we support real-time log streaming of customer data that passes through Fastly. We support a number of protocols that allow our customers to stream logs to a variety of locations, including third-party services, for storage and analysis.
Live Event Monitoring. With real-time monitoring, streaming delivery, request collapsing, capacity planning, and flexible deployment, Fastly Live Event Monitoring gives customers insights into their live streaming performance and the ability to troubleshoot immediately–all while reducing costs.
Logging Insights. Logging Insights provides actionable intelligence that can be used to diagnose and troubleshoot issues for optimal performance and user experience. Our expert consultants implement a guided customization of preconfigured dashboards tailored to a customer’s specific goals.
Metrics. We offer customers a variety of ways to report on the performance and activity of their services. Our metrics, APIs and dashboards provide real-time, per-second visibility and historical reporting.
Origin Inspector. Customers can simplify their data pipeline and easily monitor every origin response, byte, status code, and more without needing a third party data collector. They can report on egress data within the Fastly web interface with interactive dashboards. Customers can also verify the success of their Fastly services, especially with shielding or multi-CDN environments.
Domain Inspector. Customers can easily monitor traffic for a single fully qualified domain name or multiple domains within a Fastly service. They can account for every domain request, byte, and status code or quickly determine edge or origin issues with our combined edge and aggregated origin metrics, all without needing to send log data to a third-party data collector.
Edge Observer: Provides per-second visibility and historical reporting on the performance and activity of multiple Fastly services in a single pane of glass. Metrics and logs along with every part of the request path are available for consumption in real-time without adding latency.
14



Services
Professional Services. Fastly offers the following professional services:
Network Services. Distributed systems can be complex, but regardless of a customer’s skill level, Fastly technical experts are available to guide and optimize the customer's cloud strategy. We offer various levels of engagements, from a light helping hand, to acting as an extension of developer teams, with global support and flexible professional services hours.
Managed Security Service. The Fastly Managed Security Service is a full-service offering for our Next-Gen WAF, DDoS and Edge Rate Limiting customers who require comprehensive monitoring over their environments.
Response Security Service. Fastly’s Response Security Service provides Next-Gen WAF customers with priority, direct access to Fastly’s Customer Security Operations Center 24/7/365 along with regular configuration maintenance and an industry-leading response SLA.
Managed CDN. Fastly’s Managed CDN provides maximum control and flexibility. We deploy our edge cloud network on dedicated POPs within a customer’s private network at locations of their choosing. Our service can be used exclusively, or as part of a hybrid, multi-CDN strategy.
Support Plans. Fastly offers three levels of support plans and available technical support add-ons with dedicated technical specialists and account managers that provide extended security expertise.
Standard. The Standard support plan gives every Fastly customer immediate access to our Community Forum and extensive documentation. Customer support is available via email during business hours.
Gold. The Gold support plan offers enhanced product support, priority routing for support cases, and expedited 24/7 incident response times.
Enterprise. Enterprise level support equips customers with 24/7 online support for incidents and general inquiries, 15-minute escalation response times, phone support, access to a private Slack channel, and a team of technical experts to help optimize a customer’s Fastly service, including compliance support.
Our Growth Strategy
Our growth strategy focuses on making our edge cloud platform accessible to a broader base of customers through enhancing our product experience, investments in technology, and vertical expansion. Key elements of our growth strategy include the following:
Product strategy. Built upon a strategy of durable innovation, our programmable edge cloud platform creates a consistent and predictable pipeline of innovation. We plan to expand existing product lines like Network Services and Security, and expect to further incubate newer product lines like Compute and Observability for future growth.
With the goal of making it easier for customers to do business with us, we will continue to build out a single, unified platform where they can access and manage all their Fastly services in one place. We will simplify customer onboarding and service usage, through easy access to self-training information from within the Fastly app, and more code samples and support. In 2023, we simplified our pricing and packaging in order to make it easier for customers to buy and renew our services.
We launched our Next-Gen WAF in Q1 of 2022. This enables us to protect customers’ applications and APIs on premise, in the cloud and on the edge. We plan to continue to invest in application security with the goal of making it easier for developers to seamlessly protect their apps and APIs wherever they are without impacting performance.
15



Expansion into additional vertical markets. Our platform offers a broad range of capabilities. Our differentiated high performance and low-latency delivery network and edge compute platform, as well as enhanced security capabilities, allows us to serve the needs of our existing customers and continue to add customers from a diverse set of industries.
Expand existing customer relationships. Over time, our customers have expanded their use of our platform. In more technically savvy organizations, developers have championed our solution, paving the way for us to engage with business decision makers. For more traditional organizations, we are often brought in to initially help facilitate a move to the cloud and from there we extend our product to support many other use cases. We plan to continually increase wallet-share over time for existing customers as we build out new products and features, and as customers continue to fully recognize the value of our platform.
Grow our technology partner ecosystem. We operate between and complement the “big 3” origin cloud platforms, Amazon Web Services (“AWS”), Microsoft (Azure), and Google Cloud Platform, and a growing community of companies that provide big data, machine learning, and security solutions. In this sense, we act as the unifying layer for a growing number of cloud services. As customers consume more cloud and software as a service (“SaaS”) offerings, we can create additional value and grow with these partners.
International expansion. As our customer base grows, we plan to scale our network to bring edge computing closer to where our customers are. We believe significant opportunities exist for international growth.
Partner Ecosystem
We partner with a number of global channel partners who offer our performant and secure solutions on top of their own value-added services. We work with top cloud service providers to combine our complementary products and services to deliver even more value for our joint end users. We also partner with a number of third-party technologies to extend our capabilities across new markets and use-cases. Ultimately, partners help our customers by:
Providing a complete suite of value-added services and solutions
Offering flexible and efficient engagement models
Acting as a single point of contact; and
Extending geographic coverage and support
Channel Partners. Our channel program provides partners with the flexibility to accommodate different go-to-market models and allows each partner to customize their offerings to provide their own differentiated value. The two primary channel partner types we work with are:
Referral partners: Recommend Fastly products to their customers for a commission and include partners like agencies and consultants; and
Reseller partners: Act as a reseller to offer additional value on top of Fastly’s products and services and include partners like value-added resellers, managed service providers, managed security service providers, system integrators, and more.
Resellers work with Fastly’s sales and presales teams to scale sales cycle support. This helps expand our worldwide network of partners dedicated to protecting and delivering customers’ content. We have expanded the reach and breadth of these partners to include cross-selling delivery and security products. We have made significant investments in this area by adding additional channel sales and marketing resources, technical training and enablement, a new partner portal, enhanced pricing and packaging offerings, and an elevated partner program to offer partners even more benefits.
Cloud Partners. We integrate with major cloud providers to enhance their services and create solutions that are powerful, scalable, and secure. We have exclusive Private Network Interconnects (PNIs) and peering arrangements with key cloud providers such as Google Cloud Platform, AWS, and others to eliminate or minimize egress fees,
16



enhance security, and improve overall performance. We are also available for purchase on the Google Cloud Marketplace and AWS Marketplace which can help eliminate the need for customers to have separate billing arrangements and makes Fastly services eligible for Google Cloud and AWS committed spends. We have strong go-to-market relationships with our cloud partners which allow us to access the benefits of their partner programs like joint business planning, co-selling, account support, added marketing funding, and more.
Integration Partners. We integrate with a number of third party partners who offer complementary technology across a number of strategic use-cases and industries. These partners help expand our reach into new markets by offering customers a solution that seamlessly integrates with their existing technology stack making our technology even stickier. Here are some examples:
Security: Our Next-Gen WAF seamlessly integrates with third-party tools to help customers enhance their workflows, empower DevOps processes, increase their security visibility, and drive operational efficiencies. Examples include: VMware (Tanzu), Palo Alto Networks, Cisco, Datadog, Citrix, PagerDuty and more.
In May 2023, we announced a partnership with A10. The Fastly Next-Gen WAF was integrated into the A10 ADC appliances and offered as an optional Application Security control for their customers. The A10-Fastly partnership gives us access to new customers, many of whom use their own data centers, have less of a public cloud footprint, and are located in different geographic areas than Fastly's traditional customer base.
Logging & Analytics: Our real-time logging feature integrates with more than 20 logging endpoint partners to allow customers to customize and visualize their edge data for better monitoring of performance and security anomalies. Examples include: DataDog, Looker (Google Cloud), SumoLogic, Logentries, Google Cloud Platform, Microsoft (Azure Blob Storage), and more.
Compute: We work with a growing ecosystem of partners who are tapping into our powerful Compute serverless technology to extend their solutions across a variety of different use-cases.
Media & Entertainment: We have partnerships across a number of technology providers in the media & entertainment industry to enhance our edge platform’s performance features, modern security offerings, and real-time metrics.
Competition
Our platform spans several markets from cloud computing and cloud security to CDNs. We segment the competitive landscape into six key categories:
Legacy CDNs like Akamai and Edgio;
Application and API security vendors like Akamai, AWS, Cloudflare, F5, and Thales (Imperva);
Point CDN players like Bunny CDN, CDNetworks, and CDN77;
CDN providers, which now offer serverless edge compute functionality like Akamai (Linode), and Cloudflare;
Cloud hosting providers (or public cloud providers) that have added CDN & WAF capabilities like AWS, Google Cloud Platform, and Microsoft (Azure); and
Traditional on-premise, data center appliance vendors for load balancing, WAF, and DDoS like F5, Thales (Imperva), NetScaler, and Radware.
The principle competitive factors in our market include:
platform functionality, scalability, performance, ease of use, ease of integration and programmability, reliability, security availability, and cost effectiveness;
17



global network coverage and availability;
ability to support modern application development processes and utilize new and proprietary technologies to offer services and features previously not available in the marketplace;
ability to identify new markets, applications, and technologies;
ability to attract and retain customers;
brand, reputation, and trustworthiness;
credibility with developers;
quality of customer support;
ability to recruit software engineers and sales and marketing personnel;
ability to protect intellectual property; and
ability to identify opportunities for acquisitions and strategic relationships and successfully execute on them.
We believe we generally compete favorably with our competitors on the basis of these factors. Our edge cloud platform integrates many of the point products offered by our competitors which is a key differentiator. However, many of our competitors have substantially greater financial and technical resources in addition to larger sales and marketing budgets, broader market distribution, and more mature intellectual property portfolios.
18



Our Culture and Human Capital Resources
Our Values
Technology has the potential to make a radically positive impact on the world, and we aspire to improve human lives through our work. We were founded on strong ethical principles, and have intentionally grown values-first, scaling our workforce, services, customer portfolio, and investment partners purposefully. We are only as good as the company we keep, and this guides our hiring practices as well as the ethics we are committed to upholding as we scale. We believe that as a result of our values, we have been able to identify, attract, engage and retain great people. We want to serve the very best of the Internet. We choose to work with customers that we believe have integrity, are trustworthy, and do not promote violence or hate. Our eight core values define who we are and how we choose to grow, hire, train, work, communicate, make decisions, support each other, and serve our customers.
Fastly_Values_2024 (2).jpg
Our Hiring Strategy
We are dedicated to building a diverse workforce and leadership team that reflects our values and the unique needs of our global customer base. We strive to be a company full of talented, highly effective, kind, honest, passionate, and high-integrity people. We are dependent on our highly qualified employees and executives, and it is crucial that we continue to attract, engage and retain valuable employees. We believe in investing in our people and motivating talented individuals with a strong career path and competitive compensation program. Our U.S. support engineers are often hired from code schools, and many code school graduates transition from support into other organizations within the company, championing the customer voice and infusing our teams with a strong, service-focused mindset. Our engineering staff recruits world-class experts in every part of the technology stack that makes up the Internet, which inspires great developers to join us. Our compensation program is designed to attract, retain, and motivate highly qualified employees and executives. We use a mix of competitive base salary, equity compensation awards, and other employee benefits.
We are building a global, healthy, safe, and diverse workforce and an inclusive culture that empowers and supports our employees and customers. We onboard all new employees with training programs on our values, certain aspects of our business, and important policies, including our Safe, Welcoming, and Productive Work Environment Policy. Annually thereafter we provide employees with code of conduct and security awareness training, a learning reimbursement program and performance evaluations. Our employee engagement efforts currently include company-wide newsletters and all-hands meetings, through which we aim to keep our employees well-informed and increase transparency. We also use employee engagement surveys to collect employee feedback and assess the effectiveness of our culture, our strategy, and various health and well-being programs.
19



Employees
As of December 31, 2023, we had a total of 1,207 employees worldwide and 250 employees located outside of the United States; 46% of our employees resided within 50 miles of a Fastly office and 54% of our employees worldwide were considered remote, which means they resided more than 50 miles from a Fastly office or in locations where we do not have a Fastly office presence. We will continue to search for the best possible talent for every role and cultivate best-in-class in-office and remote employee experiences.
Our Organization
Sales & Marketing
By focusing our resources, expertise and talent we have the opportunity to drive growth for Fastly, gain market share in our total addressable market and become a place where team members can develop their skills and grow their careers.
We are building a go-to-market engine that scales, becomes increasingly more efficient, and is nimble enough to continue to grow our business in four dimensions:
Customer logo acquisition
Expansion into additional vertical markets and within existing customers
Partner ecosystem leverage
International expansion
Fastly’s marketing efforts have a significant impact on new logo acquisition and demand generation. We are focused on optimizing the return on our marketing investment to drive demand across our portfolio and regions.
Our sales and marketing organizations work together closely to cultivate customer relationships with developers and business leaders at enterprises and technology-savvy organizations to drive revenue growth. We have geographically-based sales teams that continue to enhance our value-based selling methodology. Our land and expand sales strategy for enterprise customers has successfully demonstrated our platform’s capabilities, and our customer support enables broad adoption of our technology within an organization.
Customer Support
We have designed our products and platform to be self-service and require minimal customer support. Customers are automatically covered by our standard support plan as soon as they sign up with us. They can file a ticket with the support team, access documentation including online FAQs, API references, and configuration guidelines. Our support approach is unique as we have built it with developers in mind. Our first-line support employee typically has an engineering background and is highly technical.
We also provide several options for premier, hands-on support from a team of highly-technical senior support engineers and technical account managers. They act as a single point of contact for our support, product, and engineering teams. Our support model is global, with 24/7 coverage and support offices located in North America, EMEA, and APAC.
Research & Development
Our research and development team members are responsible for the design, development, and reliability of all aspects of our edge cloud platform. Continuous improvement and innovation are core to our DNA, and these efforts are baked directly into our service life cycle. Scale, performance, security, and reliability are core functional requirements of everything we build into our platform to serve our customers.
Our philosophy of customer empowerment guides our research processes. Our product managers regularly engage with customers and developers, DevOps and site reliability engineering communities, as well as our internal stakeholders and subject
20



matter experts, in order to understand customer needs. Our engineering team includes experts with deep experience who intimately understand customers’ technical challenges and build solutions accordingly.
Throughout the strategic design and build phases of our product life cycle, our development organization works closely with our product, infrastructure, operations, and compliance teams to design, develop, test, and launch any given solution. We strive for a balance of rapid iteration without compromise on the core functional requirements that our customers expect: scale, performance, security, and reliability.
As of December 31, 2023, we had 422 employees in our research and development group. Our research and development expenses were $152.2 million for the year ended December 31, 2023.
Infrastructure
Our infrastructure team is responsible for the design, deployment, and maintenance of the servers and network hardware that form the foundation of our mission critical edge cloud environment in 79 markets as of December 31, 2023. We invest in research into global Internet geography to identify optimal colocation site selection, network partner identification, and network-to-network interconnection opportunities. These activities allow us to connect in close proximity to core Internet backbones and Internet service providers, thereby enhancing network performance. We carefully evaluate and test hardware from leading server, network, and component manufacturers to assess their compliance with our workload performance, system efficiency, and mean time-to-repair standards. In our process, we evaluate commodity server and network platforms to avoid vendor lock-in, while optimizing the mix of components in an effort to improve efficiency and optimize our capital expenditures. We intend to grow the number of data center colocation sites as traffic on our network grows and as demands for new markets justify investment.
Trust
Our security, compliance and data governance teams, as well as other departments across the company, continually iterate on our trust programs to better meet growing customer needs, updated regulatory requirements, and the evolving security threat landscape. To help validate the controls that safeguard our platform and the data moving through it, we have expanded our portfolio of security and compliance-related assessments and certifications over time.
Intellectual Property
We rely on a combination of patent, copyright, trademark, and trade secret laws in the United States and other jurisdictions, as well as license agreements and other contractual protections, to protect our proprietary technology. We also rely on a number of registered and unregistered trademarks to protect our brand.
As of December 31, 2023, in the United States, we had 103 issued or allowed patents, which expire between August 2033 and February 2042, and 19 patent applications pending for examination. As of such date, we also had 24 issued patents and 10 patent applications pending for examination in foreign jurisdictions and one Patent Cooperation Treaty patent application pending for examination, all of which are related to U.S. patents and patent applications. In addition, as of December 31, 2023, we had 19 registered trademarks and one pending trademark in the United States.
In addition, we seek to protect our intellectual property rights by requiring our employees and independent contractors involved in development of intellectual property on our behalf to enter into agreements acknowledging that all works or other intellectual property generated or conceived by them on our behalf are our property, and assigning to us any rights, including intellectual property rights, that they may claim or otherwise have in those works or property, to the extent allowable under applicable law.
Despite our efforts to protect our technology and proprietary rights through intellectual property rights, licenses, and other contractual protections, unauthorized parties may still copy or otherwise obtain and use our software and other technology. In addition, we intend to continue to expand our international operations, and effective intellectual property, copyright, trademark, and trade secret protection may be unavailable or limited in foreign countries. Any significant impairment of our intellectual property rights could harm our business or our ability to compete. Further, companies in the communications and technology industries own large numbers of patents, copyrights, and trademarks and frequently threaten litigation, or file suit based on allegations of infringement or other violations of intellectual property rights. We are currently subject to, and
21



expect to face in the future, allegations that we have infringed the intellectual property rights of third parties. From time to time, we also receive demands for indemnification from our customers under the terms of our contracts with them for infringement of a third-party’s intellectual property rights.
Legal Proceedings
From time to time, we have been and will continue to be subject to legal proceedings and claims, including proceedings and claims relating to employment, intellectual property, and commercial disputes. We are not presently a party to any legal proceedings that, if determined adversely to us, would individually or taken together have a material effect on our business, results of operations, financial condition, or cash flows. We have received, and may in the future continue to receive, claims from third parties asserting, among other things, infringement of their intellectual property rights. Future litigation may be necessary to defend ourselves, our partners, and our customers by determining the scope, enforceability, and validity of third-party proprietary rights, or to establish our proprietary rights. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources, and other factors.
Please refer to Note 10—Commitments and Contingencies for discussion around our legal proceedings.
Regulatory
We are subject to a number of U.S. federal and state and foreign laws and regulations that involve matters central to our business. These laws and regulations may involve privacy and data security, intellectual property, competition, consumer protection, critical infrastructure or other subjects. Many of the laws and regulations to which we are subject are still evolving and being tested in courts and could be interpreted in ways that could harm our business. In addition, the application and interpretation of these laws and regulations often are uncertain, particularly in the new and rapidly evolving industry in which we operate. Because global laws and regulations have continued to develop and evolve rapidly, it is possible that we may not be, or may not have been, compliant with each such applicable law or regulation. For a description of the risks we face related to regulatory matters, refer to “Item 1A.—Risk Factors” in this Annual Report on Form 10-K.
Corporate Information
We were initially incorporated under the laws of the State of Delaware in March 2011 under the name SkyCache, Inc. We changed our name to Fastly, Inc. in May 2012. Our principal executive offices are located at 475 Brannan Street, Suite 300, San Francisco, California 94107. Our telephone number is 1-844-432-7859. Our website address is www.fastly.com. The information contained on, or that can be accessed through, our website does not constitute part of this Annual Report on Form 10-K.
We file annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to reports filed or furnished pursuant to Sections 13(a), 14 and 15(d) of the Exchange Act. The SEC maintains a website at https://www.sec.gov that contains reports, and other information regarding us and other companies that file materials with the SEC electronically. Copies of our reports on Forms 10-K, Forms 10-Q, and Forms 8-K, may be obtained, free of charge, electronically through our investor relations website at www.fastly.com/investors as soon as reasonably practicable after we file such material with, or furnish such material to, the SEC.

22



Item 1A.     Risk Factors
Investing in our Class A common stock involves a high degree of risk. Investors should carefully consider the risks and uncertainties described below, together with all of the other information contained in this Annual Report on Form 10-K, including the section titled Management's Discussion and Analysis of Financial Condition and Results of Operations and our consolidated financial statements and related notes, before deciding to invest in our Class A common stock. Unless otherwise indicated, references to our business being harmed in these risk factors will include harm to our business, reputation, customer growth, results of operations, financial condition, or prospects. Any of these events could cause the trading price of our Class A common stock to decline, which would cause our stockholders to lose all or part of their investment. Our business, results of operations, financial condition, or prospects could also be harmed by risks and uncertainties not currently known to us or that we currently do not believe are material.

Risks Related to Our Business, Industry and Technology
If our platform fails to perform properly due to defects, interruptions, outages, delays in performance, or similar problems, and if we fail to develop enhancements to resolve any defect, interruption, delay, or other problems, we could lose customers, become subject to service performance or warranty claims, or incur significant costs.
Our operations are dependent upon our ability to prevent system interruption. The applications underlying our edge cloud computing platform are inherently complex and may contain material defects or errors, which may cause disruptions in availability or other performance problems. We have from time to time found defects and errors in our platform and may discover additional defects or errors in the future that could result in data unavailability, unauthorized access to, loss, corruption, or other harm to our customers’ data. These defects or errors could also be found in third-party applications or open source software on which we rely. We may not be able to detect and correct defects or errors before implementing our products. Consequently, we or our customers may discover defects or errors after our products have been deployed.
We currently serve our customers from our POPs located around the world. Our customers need to be able to access our platform at any time, without interruption or degradation of performance. However, we have not developed redundancies for all aspects of our platform. We depend, in part, on our third-party facility providers’ ability to protect these facilities against damage or interruption from natural disasters, power or telecommunications failures, criminal acts, armed conflict, public health issues, such as a pandemic or epidemic, and similar events. In some cases, third-party cloud providers run their own platforms that we access, and are, therefore, vulnerable to their service interruptions. In the event that there are any defects or errors in software, failures of hardware, damages to a facility, or misconfigurations of any of our services, we may have to divert resources away from other planned work, could experience lengthy interruptions in our platform, and also incur delays and additional expenses in arranging new facilities and services. Our customers may choose to divert their traffic away from our platform as a result of interruptions or delays. Disaster recovery arrangements, including the existence of redundant data centers that are designed to become active during certain lapses of service, may not function as intended, and any disruptions to our service could harm our business.
We design our system infrastructure and procure and own or lease the computer hardware used for our platform. Design and mechanical errors, spikes in usage volume, and failure to follow system protocols and procedures could cause our systems to fail, resulting in interruptions on our platform. Moreover, we have experienced and may in the future experience system failures or interruptions in our platform as a result of human error. These outages have resulted and may in the future result in service level agreement claims. Any interruptions or delays in our platform, whether caused by our products or our data centers, third-party error, our own error, natural disasters, the effects of climate change (such as drought, flooding, wildfires, increased storm severity, and sea level rise), security breaches, or whether accidental or willful, could harm our relationships with customers, reduce customers’ usage of our platform, cause our revenue to decrease and our expenses to increase, and divert resources away from product development. Also, in the event of damage or interruption, our insurance policies may not adequately compensate us for any losses that we may incur. These factors in turn could further reduce our revenue, subject us to liability and cause us to issue service credits or cause customers to fail to renew their customer contracts, any of which could harm our business.
The occurrence of any defects, errors, disruptions in service, failures involving redundant data centers, or other performance problems, interruptions, or delays with our platform, whether in connection with the day-to-day operations or otherwise, could result in:
23



loss of customers;
reduced customer usage of our platforms;
lost or delayed market acceptance and sales of our products, or the failure to launch products or features on anticipated timelines;
delays in payment to us by our customers;
injury to our reputation and brand;
governmental inquiry or oversight;
legal claims, including warranty and service level agreement claims, against us; or
diversion of our resources, including through increased service and warranty expenses or financial concessions, and increased insurance costs.
The costs incurred in correcting any material defects, errors, or other performance problems in our platform may be substantial and could harm our business.
If we are unable to attract new customers, in particular, enterprise customers, and to have existing enterprise customers continue and increase their use of our platform, our business will likely be harmed.
To grow our business, we must continue to attract new customers, in particular, enterprise customers, and generate revenue from those new customers. To do so, we must successfully convince potential customers of the benefits and the value of our platform. This may require significant and costly sales efforts that are targeted at larger enterprises and senior management of these potential customers. Sales to enterprise customers may involve longer sales cycles as a result of customers requiring considerable time to evaluate our platform, requiring participation in a competitive purchasing process, having more formal processes for approval of purchases, and more complex requirements. These factors significantly impact our ability to add new customers and increase the time, resources, and sophistication required to do so. In addition, numerous other factors, some of which are out of our control, may now or in the future impact our ability to acquire new customers, including potential customers’ commitments to other providers, real or perceived costs of switching to our platform, our failure to expand, retain, and motivate our sales and marketing personnel, our failure to develop or expand relationships with potential customers and channel partners, failure by us to help our customers to successfully deploy our platform, negative media or industry or financial analyst commentary regarding us or our solutions, litigation, and deteriorating general economic conditions. If we fail to attract new customers, particularly enterprise customers, as a result of these and other factors our business will likely be harmed.
In addition, our ability to grow and generate incremental revenue depends on our ability to maintain and grow our relationships with our existing enterprise customers so that they continue and increase their usage of our platform. If these customers do not maintain and increase their usage of our platform, our revenue may decline and our results of operations will likely be harmed.
For some of our products, we charge our customers based on the usage of our platform. Most of our customers, including some of our largest enterprise customers, do not have long-term contractual financial commitments to us. In addition, most of our current customer contracts are only one year in duration and these customers may not use our platform in a subsequent year. In order for us to maintain or improve our results of operations, it is important that our customers, in particular, our enterprise customers, use our platform in excess of their commitment levels, if any, and continue to use our platform on the same or more favorable terms. Our ability to retain our largest customers and expand their usage could be impaired for a variety of reasons, including customer budget constraints, customer satisfaction, changes in our customers’ underlying businesses, changes in the type and size of our customers, pricing changes, competitive conditions (including customers building their own CDNs), the acquisition of our customers by other companies, governmental actions, or the possibility thereof, and general economic conditions. Because many of our largest customers’ minimum usage commitments for our platform are relatively low compared to their expected usage, it can be easy for certain customers to quickly reallocate usage or switch from our platform to an
24



alternative platform altogether. In addition, they may reduce or cease their use of our products at any time without penalty or termination charges, even after they have expanded usage in prior periods.

We base our decisions about expense levels and investments on estimates of our future revenue and anticipated rate of growth. Many of our expenses are fixed cost in nature for some minimum amount of time, such as colocation and bandwidth, so if we do experience slower usage growth on our platform it may not be possible to reduce costs in a timely manner or without the payment of fees to exit certain obligations early. If any of these events were to occur, our business may be harmed.
In addition, many of our customers have negotiated and may continue to negotiate lower rates in exchange for an agreement to renew, expand their usage in the future, or adopt new products. As a result, in certain cases, even though customers have not reduced their usage of our platform, the revenue we derive from that usage has decreased. If our platform usage or revenue fall significantly below the expectations of the public market, securities analysts, or investors, our business would be harmed, which could cause our stock price to decline.
Our future success also depends in part on our ability to expand our existing customer relationships, in particular, with enterprise customers, by increasing their usage of our platform, selling them additional products and upgrading their existing products. The rate at which our customers increase their usage of our platform and purchase products from us depends on a number of factors, including our ability to grow our platform and maintain the security and availability of it, develop and deliver new features and products, maintain customer satisfaction, general economic conditions and pricing and services offered by our competitors. If our efforts to increase usage of our platform by, or sell new and additional products to, our enterprise customers are not successful, our business would be harmed. In addition, even if our largest customers increase their usage of our platform, we cannot guarantee that they will maintain those usage levels for any meaningful period of time. In addition, because many of our products endeavor to deliver increased efficiency and functionality, the successful sale of a new or additional product to an existing customer could result in a reduction of the customer’s overall usage of our platform.
We receive a substantial portion of our revenues from a limited number of customers from a limited number of industries, and the loss of, or a significant reduction in usage by, one or more of our major customers would result in lower revenues and could harm our business.
Our future success is dependent on establishing and maintaining successful relationships with a diverse set of customers. We currently receive a substantial portion of our revenues from a limited number of customers and from a limited number of industries, such as media and entertainment. Our 10 largest customers generated an aggregate of 37% and 35% of our revenue in the trailing 12 months ended December 31, 2023 and 2022, respectively. Affiliated customers that are business units of a single company in the streaming entertainment space generated an aggregate of 12% and 11% of our revenue in the trailing 12 months ended December 31, 2023 and 2022, respectively. It is likely that we will continue to be dependent upon a limited number of customers for a significant portion of our revenues for the foreseeable future and, in some cases, the portion of our revenues attributable to individual customers may increase in the future. In addition, changes to our customers’ business may contribute to further customer concentration, including any impact from acquisition activities, internal business reorganizations leading to operational and decision making changes, and corporate structure changes such as subsidiary consolidation and reorganization that may arise in the future. The loss of one or more key customers or a reduction in usage by any major customers would reduce our revenues. If we fail to maintain existing customers or develop relationships with new customers and across different industries, our business would be harmed.
Component delays, shortages or price increases could interrupt our ability to complete the construction of our servers to meet the usage needs of our customers. Our operating results could be materially harmed if we are unable to adequately manage our server needs.
Our business depends on the timely supply of certain parts and components to construct our servers. We rely on a limited number of suppliers for several components of the equipment we use to operate our network and provide products to our customers. Our reliance on these suppliers exposes us to risks including reduced control over production costs and constraints based on the then current availability, terms, and pricing of these components, including pricing changes as a result of inflationary pressures. The COVID-19 pandemic caused disruptions and delays for these components and the delivery and installation of such components at our colocation facilities, in addition to pricing increases. If our supply of certain components is further disrupted or delayed, there can be no assurance that we will be able to obtain adequate replacements for the existing components or that supplies will be available on terms and prices that are favorable to us, if at all. Any disruption or delay in the supply of our hardware components has in the past and may in the future limit capacity expansion or replacement of
25



defective or obsolete equipment, or cause other constraints on our operations that could damage our customer relationships and harm our business.
To ensure adequate supply of parts and components, we must forecast server needs and expenses and place orders sufficiently in advance with our suppliers based on estimates of future demand for network capacity. As we continue to experience growth, we may face challenges managing adequate server capacity due to potential component delays, shortages, price increases, hardware efficiencies gained through internal development, or any potential changes in server architecture including due to technological advances or obsolescence. We may incur charges in future periods related to server management or incorrectly forecast our network capacity needs in future periods. If we have excess server capacity, we have in the past and may need to continue to write-down or write-off server assets, which may materially harm our operating results. For example, in the year ended December 31, 2023, we recognized computer and networking equipment related write-off charges of $4.3 million. Conversely, if we underestimate network capacity needs, we may in future periods be unable to meet demand and be required to incur higher costs to secure necessary parts and components of our servers, which could adversely affect our customer relationships and harm our business.
Our limited operating history and our history of operating losses makes it difficult to evaluate our current business and prospects and may increase the risks associated with your investment.
We were founded in 2011 and have experienced net losses and negative cash flows from operations since inception. Our limited operating history makes it difficult to evaluate our current business and our future prospects, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and difficulties frequently experienced by growth companies in constantly evolving industries, including companies in the technology sector, including the risks described in this report. If we do not address these risks successfully, our business may be harmed.
We generated a net loss of $133.1 million for the year ended December 31, 2023 and, we had an accumulated deficit of $834.8 million. We will need to generate and sustain increased revenue levels and manage costs in future periods in order to become profitable; even if we achieve profitability, we may not be able to maintain or increase our level of profitability. We intend to continue to expend significant funds to support further growth and further develop our platform, including expanding the functionality of our platform, expanding our technology infrastructure and business systems to meet the needs of our customers, expanding our direct sales force and partner ecosystem, increasing our marketing activities, and growing our international operations. We have in the past and will continue to face increased compliance costs associated with growth, expansion of our customer base, and the costs of being a public company. Our efforts to grow our business may be costlier than we expect, and we may not be able to increase our revenue enough to offset our increased operating expenses. We may incur significant losses in the future for a number of reasons, including the other risks described herein, and unforeseen expenses, difficulties, complications and delays, and other unknown events. If we are unable to achieve and sustain profitability, our business may be harmed.
Further, we have limited historical financial data and operate in a rapidly evolving market. As such, any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history or operated in a more predictable market.
If our information technology systems or data, or those of third parties upon which we rely, are compromised now, or in the future, or the security, confidentiality, integrity or availability of our information technology, software, services, networks, communications or data is compromised, limited or fails, our business could experience materially adverse consequences, including but not limited to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, loss of revenue or profits, loss of customers or sales, reputational harm, and other adverse consequences.
Our business is dependent on providing our customers with fast, efficient, and reliable distribution of applications and content over the Internet. In the ordinary course of our business, we and the third parties upon which we rely, collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, and share, proprietary, confidential, and sensitive data, including personal information, intellectual property, trade secrets, and encryption keys, including our data and data of our customers, including their end-users (collectively, sensitive information). Maintaining the security and availability of our platform, network, and internal IT systems and the security of information we hold on behalf of our customers is a critical issue for us and our customers, and we expend significant resources, and may need to fundamentally change our business activities and continue to modify our practices and operations, in an effort to protect against security incidents and to mitigate, detect, and remediate actual and potential vulnerabilities.
26



Cyber-attacks, malicious Internet-based activity, online and offline fraud, and other similar activities threaten the confidentiality, integrity, and availability of our sensitive information and information technology systems, and those of the third parties upon which we rely. Such threats are prevalent and continue to rise, are difficult to detect, and come from a variety of sources, including threat actors, “hacktivists,” personnel (such as through theft or misuse), sophisticated nation states, and nation-state-supported actors.
Some actors now engage and are expected to continue to engage in cyber-attacks, including without limitation nation-state actors for geopolitical reasons and in conjunction with military conflicts and defense activities. We have in the past been subject to cyber-attacks from third parties, including parties who we believe are sponsored by government actors. Since our customers share our multi-tenant architecture, cyber-attacks on any one of our customers could have a negative effect on other customers. These attacks have in the past significantly increased the bandwidth used on our platform and have strained our network. During times of war and other major conflicts, we, the third parties upon which we rely, and our customers may be vulnerable to a heightened risk of these attacks, including retaliatory cyber-attacks, that could materially disrupt our systems and operations, supply chain, and ability to produce, sell, and distribute our services.

We and the third parties upon which we rely are subject to a variety of evolving threats, including but not limited to social-engineering attacks (including through deep fakes, which may be increasingly more difficult to identify as fake, and phishing attacks), malicious code , malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks, account takeover attacks, credential harvesting, personnel misconduct or error, ransomware attacks, supply-chain attacks, software bugs, server malfunctions, software or hardware failures, attacks facilitated or enhanced by artificial intelligence (“AI”), loss of data or other information technology assets, adware, telecommunications failures, natural disasters, and other similar threats. For example, we have experienced DDoS attacks of significant size and severity that caused us to invest resources into improving our systems, and we expect to continue to be subject to DDoS and other forms of attacks in the future, particularly as they have become more prevalent in our industry. Similarly, we have been the target of phishing and social engineering schemes that may be designed to, among other things, improperly gain access to our confidential information or fraudulently obtain payments or funds from us. Further, we are not immune from the possibility of a malicious insider compromising our information systems and infrastructure or misappropriating our confidential information.
In particular, severe ransomware attacks are becoming increasingly prevalent, and can lead to significant interruptions in our operations, loss of sensitive data and income, reputational harm, and diversion of funds. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments.
We are incorporated into the supply chain of a number of companies worldwide and, as a result, if our services are compromised, a significant number or, in some instances, all of our customers and their data could be simultaneously affected. The potential liability and associated consequences we could suffer as a result of such a large-scale event could be catastrophic and result in irreparable harm.
Future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be difficult to integrate companies into our information technology environment and security program.
We rely on third-party service providers and technologies to operate critical business systems to process sensitive information in a variety of contexts, including, without limitation, cloud-based infrastructure, data center facilities, encryption and authentication technology, content delivery to customers, and other functions. Like many other companies, our ability to monitor third parties’ information security practices is limited, and these third parties may not have adequate information security measures in place. If our third-party service providers experience a security incident or other interruption, we could experience adverse consequences. While we may be entitled to damages if our third-party service providers fail to satisfy their privacy and data security-related obligations to us, any award may be insufficient to cover our damages, or we may be unable to recover such award.
In addition, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties’ infrastructure in our supply chain or our third-party partners’ supply chains have not been compromised.
Any of the previously identified or similar threats could cause a security incident or other interruption that could result in unauthorized , unlawful, or accidental acquisition, modification, destruction, loss, alteration, encryption, disclosure of, or access
27



to our sensitive information or our information technology systems, or those of the third parties upon whom we rely. A security incident or other interruption could disrupt our ability (and that of third parties upon whom we rely) to provide our platform, products and services.
In addition, as we expand our emphasis on selling security-related products, we may become a more attractive target for attacks on our infrastructure intended to destabilize, overwhelm, or shut down our platform. For example, we have had security incidents in the past that have tested the limits of our infrastructure and impacted the performance of our platform.

In addition to experiencing a security incident, third parties may gather, collect, or infer sensitive information about us from public sources, data brokers, or other means that reveals competitively sensitive details about our organization and could be used to undermine our competitive advantage or market position. Further, sensitive information of the Company or our customers could be leaked, disclosed, or revealed as a result of or in connection with our employees’, personnel’s, or vendors’ use of generative AI technologies.

Certain privacy and data security obligations may require us to implement and maintain specific security measures or industry-standard or reasonable security measures to protect our information technology systems and sensitive information.

While we have implemented security measures designed to protect against security incidents, there can be no assurance that these measures will be effective. We take steps to detect and remediate vulnerabilities, but we may not be able to detect and remediate all vulnerabilities because the threats and techniques used to exploit the vulnerability change frequently and are often sophisticated in nature. Therefore, such vulnerabilities could be exploited but may not be detected until after a security incident has occurred. These vulnerabilities pose material risks to our business. Further, we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities.

Applicable privacy and data security obligations may require us to notify relevant stakeholders, including affected individuals, customers, regulators, and investors of security incidents. For example, SEC rules require disclosure on Form 8-K of the nature, scope and timing of any material cybersecurity incident and the reasonably likely impact of such incident. Compliance with such disclosure efforts is costly, and the disclosure or the failure to comply with such requirements could lead to adverse consequences. If we (or a third party upon whom we rely) experience a security incident or are perceived to have experienced a security incident, we may experience adverse consequences, such as government enforcement actions (for example, investigations, fines penalties, audits, and inspections); additional reporting requirements and/or oversight, restrictions on processing sensitive information (including personal data); litigation (including class action claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; diversion of management attention; interruptions or degradation of performance in our services (including availability of data); financial loss; and other similar harms. Security incidents and attendant consequences may cause customers to stop using our platform, products, and services, cause us to offer pricing and other concessions, deter new customers from using our platform, products, and services, and negatively impact our ability to grow and operate our business.
Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our privacy and data security obligations. We cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or to mitigate liabilities arising out of our privacy and data security practices, that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims.
If we fail to efficiently develop and sell new products and respond effectively to rapidly changing technology, evolving industry standards, changing regulations, and changing customer needs, requirements, or preferences, our products may become less competitive.
The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards and regulatory changes, as well as changing customer needs, requirements, and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis. If we are unable to develop and sell new products that satisfy and are adopted by our customers and provide enhancements, new features, and capabilities to our platform that keep pace with rapid technological and industry change, our revenue and operating results could be adversely affected. Further, some of our prospective customers may require custom development of features as part of their purchase decision, or our existing customers may require us to develop custom features. If we are unable to meet their requirements, they may look to our competitors or internal solutions that eliminate reliance on third-party providers, and our revenue and operating results could be adversely affected. Further, prioritizing such custom features can be difficult to adapt to other customers and may require significant engineering resources. If new technologies emerge that enable large Internet platform
28



companies to utilize their own data centers and implement delivery approaches that limit or eliminate reliance on third-party providers like us, or that enable our competitors to deliver competitive products and applications at lower prices, more efficiently, more conveniently, or more securely, such technologies could adversely impact our ability to compete. If our platform does not allow us or our customers to comply with the latest regulatory requirements, our existing customers may decrease their usage on our platform and new customers will be less likely to adopt our platform.
Our platform must also integrate with a variety of network, hardware, mobile, and software platforms and technologies, and we need to continuously modify and enhance our products and platform capabilities to adapt to changes and innovation in these technologies. If developers widely adopt new software platforms, we would have to attempt to develop new versions of our products and enhance our platform’s capabilities to work with those new platforms. These development efforts may require significant engineering, marketing, and sales resources, all of which would affect our business and operating results. Any failure of our platform’s capabilities to operate effectively with future infrastructure platforms, technologies, and software platforms could reduce the demand for our platform. If we are unable to respond to these changes in a cost-effective manner, our products may become less marketable and less competitive or obsolete, and our business may be harmed.
Moreover, our platform is highly technical and complex. For example, our delivery products rely on knowledge of the VCL to utilize many features of this platform. Potential developers may be unfamiliar or opposed to working with VCL and therefore decide to not adopt our platform, which may harm our business.
If we fail to forecast our revenue accurately, or if we fail to manage our expenditures, our operating results could be adversely affected.
We cannot accurately predict customers’ usage or renewal rates given the diversity of our customer base across industries, geographies and size, and ability of customers to allocate usage, among other factors. Accordingly, we may be unable to accurately forecast our revenues. Notwithstanding our substantial investments in sales and marketing, infrastructure, and research and development in anticipation of growth in our business, if we do not realize returns on these investments in our growth, our results of operations could differ materially from our forecasts, which would adversely affect our results of operations and could disappoint analysts and investors, causing our stock price to decline.
Failure to effectively develop and expand our marketing and sales capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our platform.
We have historically benefited from word-of-mouth and other organic marketing to attract new customers. Through this word-of-mouth marketing, we have been able to build our brand with relatively low marketing and sales costs. This strategy has allowed us to build a substantial customer base and community of users who use our products and act as advocates for our brand and our platform, often within their own corporate organizations. However, our ability to further increase our customer base and achieve broader market acceptance of our products will significantly depend on our ability to expand our marketing and sales operations. We plan to continue expanding our sales force and strategic partners, both domestically and internationally. We also plan to continue to dedicate significant resources to sales, marketing, and demand-generation programs, including various online marketing activities as well as targeted account-based advertising. The effectiveness of our targeted account-based advertising has varied over time and may vary in the future. All of these efforts will require us to invest significant financial and other resources and if they fail to attract additional customers, our business will be harmed. We have also used a strategy of offering free trial versions of our platform in order to strengthen our relationship and reputation within the developer community by providing these developers with the ability to familiarize themselves with our platform without first becoming a paying customer. However, these developers may not perceive value in the additional benefits and services we offer beyond the free trial versions of our platform and may choose not to pay for those additional benefits. Moreover, some existing paying customers may choose not to renew their commitment with us in favor of relying on the free version of our platform. Most trial accounts do not convert to paid versions of our platform, and to date, only a few users who have converted to paying customers have gone on to generate meaningful revenue. If our other lead generation methods do not result in broader market acceptance of our platform and the users of trial versions of our platform do not become, or are unable to convince their organizations to become, paying customers, or if paying customers choose to convert to the free versions of our platform, we will not realize the intended benefits of this strategy, and our business will be harmed.
We believe that there is significant competition for sales personnel, including sales representatives, sales managers, and sales engineers, with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training, incentivizing, and retaining sufficient numbers of sales personnel to
29



support our growth. New hires require significant training and may take significant time before they achieve full productivity. Our recent hires may not become productive as quickly as we expect, if at all, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, particularly if we continue to grow rapidly, new members of our sales force will have relatively little experience working with us, our platform, and our business model. If we are unable to hire and train sufficient numbers of effective sales personnel, our sales personnel do not reach significant levels of productivity in a timely manner, our sales personnel are not effectively incentivized, or our sales personnel are not successful in acquiring new customers or expanding usage by existing customers, our business will be harmed.
The markets in which we participate are competitive, and if we do not compete effectively, our business will be harmed.
The market for cloud computing platforms, particularly enterprise grade products, is highly fragmented, competitive, and constantly evolving. With the introduction of new technologies and market entrants, we expect that the competitive environment in which we compete will remain intense going forward. Application and API security vendors like Akamai, Amazon Web Services (“AWS”), Cloudflare, F5, and Thales (Imperva) offer products that compete with ours. We also compete with CDN providers, which now offer serverless edge compute functionality like Akamai (Linode), and Cloudflare, cloud hosting providers (or public cloud providers) that have added CDN and WAF capabilities like Alphabet (Google Cloud Platform), AWS, and Microsoft (Azure), legacy CDNs, such as Akamai and Edgio, point CDN players like Bunny CDN, CDNetworks, and CDN77, and traditional on-premise data center appliance vendors for load balancing, WAF, and DDoS like F5, Thales (Imperva), NetScaler and Radware. Some of our competitors have made or may make acquisitions or may enter into partnerships or other strategic relationships that may provide more comprehensive offerings than they individually had offered. Such acquisitions or partnerships may help competitors achieve greater economies of scale than us. In addition, new entrants not currently considered to be competitors may enter the market through acquisitions, partnerships, or strategic relationships. We compete on the basis of a number of factors, including:
our platform’s functionality, scalability, performance, ease of use, ease of integration and programmability, reliability, security availability, and cost effectiveness relative to that of our competitors’ products and services;
our global network coverage and availability;
our ability to support modern application development processes and utilize new and proprietary technologies to offer services and features previously not available in the marketplace;
our ability to identify new markets, applications, and technologies;
our ability to attract and retain customers;
our brand, reputation, and trustworthiness;
our credibility with developers;
the quality of our customer support;
our ability to recruit software engineers and sales and marketing personnel;
our ability to protect our intellectual property; and
our ability to identify opportunities for acquisitions and strategic relationships and successfully execute on them.
We face substantial competition from legacy CDNs, small business-focused CDNs, cloud providers, traditional data center, and appliance vendors. In addition, existing customers have transitioned or notified us of their intent to transition, and existing and potential customers may in the future transition, off of our platform, or may limit their use, because they pursue a “do-it-yourself” approach to develop their own CDN by putting in place equipment, software, and other technology products
30



for content and application delivery within their internal systems; enter into relationships directly with network providers instead of relying on an overlay network like ours; or implement multi-vendor policies to reduce reliance on external providers like us.
Our competitors vary in size and in the breadth and scope of the products and services offered. Many of our competitors and potential competitors have greater name recognition, longer operating histories, more established customer relationships and installed customer bases, larger marketing budgets, and greater resources than we do. While some of our competitors provide a platform with applications to support one or more use cases, many others provide point-solutions that address a single use case. Other potential competitors not currently offering competitive applications may expand their product offerings, and our current customers may develop their own products or features, to compete with our offerings. Our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, and customer requirements. An existing competitor or new entrant could introduce new technology that reduces demand for our platform. In addition to application and technology competition, we face pricing competition. Some of our competitors offer their applications or services at a lower price, which has resulted in pricing pressures. Some of our larger competitors have the operating flexibility to bundle competing applications and services with other offerings, including offering them at a lower price or for no additional cost to customers as part of a larger sale of other products. For all of these reasons, we may not be able to compete successfully and competition could result in the failure of our platform to achieve or maintain market acceptance, the market for our edge cloud platform may grow more slowly than we anticipate, any of which could harm our business.
If we fail to maintain and enhance our brand, our ability to expand our customer base will be impaired and our business, results of operations and financial condition may suffer.
We believe that maintaining and enhancing our brand is important to continued market acceptance of our existing and future products, attracting new customers, and retaining existing customers. We also believe that the importance of brand recognition will increase as competition in our market increases. Successfully maintaining and enhancing our brand will depend largely on the effectiveness of our marketing efforts, our ability to provide reliable products that continue to meet the needs of our customers at competitive prices, our ability to maintain our customers’ trust, our ability to continue to develop new functionality and products, and our ability to successfully differentiate our platform from competitive products and services. Additionally, our brand and reputation may be affected if customers do not have a positive experience with our partners’ services. Our brand promotion activities may not generate customer awareness or yield increased revenue, and even if they do, any increased revenue may not offset the expenses we incurred in building our brand. If we fail to successfully promote and maintain our brand, our business may be harmed.
Acquisitions, strategic investments, partnerships, or alliances could be difficult to identify and integrate, divert the attention of management, disrupt our business, and dilute stockholder value.
We have in the past acquired, and we may in the future seek to acquire or invest in, businesses, products, or technologies that we believe could complement or expand our platform, enhance our technical capabilities, or otherwise offer growth opportunities. Our acquisitions of Glitch and Signal Sciences reflect this strategy. The pursuit of potential acquisitions may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing acquisitions, whether or not such acquisitions are completed. In addition, we have limited experience in acquiring other businesses and we may not successfully identify desirable acquisition targets or, when we acquire additional businesses, we may not be able to integrate them effectively following the acquisition. Acquisitions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our operating results, may cause unfavorable accounting treatment, may expose us to claims and disputes by third parties, including intellectual property claims, and may not generate sufficient financial returns to offset additional costs and expenses related to the acquisitions. We may also incur significant, and sometimes unanticipated costs in connection with these acquisitions or in integration with our business. In addition, if an acquired business fails to meet our expectations or we do not realize sufficient value, our business may be harmed.
Further, it is possible that there could be a loss of our existing or any acquired company’s key employees and customers, disruption of either company’s or both companies’ ongoing businesses or unexpected issues, higher than expected costs and an overall post-completion process that takes longer than originally anticipated. Specifically, the following issues, among others, must be addressed in combining any company’s operations with ours in order to realize the anticipated benefits of the acquisition so the combined company performs as the parties hope:
31



combining the companies’ corporate functions;
combining their business with our business in a manner that permits us to achieve the synergies anticipated to result from the acquisition, the failure of which would result in the anticipated benefits of the acquisition not being realized in the time frame currently anticipated or at all;
maintaining existing and new agreements with customers, service providers, and vendors;
determining whether and how to address possible differences in corporate cultures, management philosophies and strategies relating to channels, resellers, and partners;
integrating the companies’ administrative and information technology infrastructure;
developing products and technology that allow value to be unlocked in the future; and
evaluating and forecasting the financial impact of the acquisition transaction, including accounting impacts.
Failure to address any of the above listed issues could have a material adverse effect on our business, results of operations and financial position. In addition, at times the attention of certain members of our management and resources may be focused on completion of the acquisition and integration planning of the businesses of the two companies and diverted from day-to-day business operations, which may disrupt our ongoing business and the business of the combined company. For example, certain members of our management team and other personnel spent significant time on the acquisition and integration of Signal Sciences.
We have previously been and may in the future be involved in class-action lawsuits and other litigation matters that are expensive and time-consuming. If resolved adversely, lawsuits and other litigation matters could seriously harm our business.
We have previously been and may in the future be subject to litigation such as putative class action and shareholder derivative lawsuits brought by stockholders. We anticipate that we will be a target for lawsuits in the future, as we have been in the past. Any litigation to which we are a party may result in an onerous or unfavorable judgment that may not be reversed on appeal, or we may decide to settle lawsuits on similarly unfavorable terms. Any such negative outcome could result in payments of substantial monetary damages and accordingly our business could be seriously harmed. The results of lawsuits and claims cannot be predicted with certainty. Regardless of the final outcome, defending these claims, and associated indemnification obligations, are costly and can impose a significant burden on management and employees, and we may receive unfavorable preliminary, interim, or final rulings in the course of litigation, which could seriously harm our business.
We may not be able to scale our business quickly enough to meet our customers’ growing needs. If we are not able to grow efficiently, our business could be harmed.
As usage of our edge cloud computing platform grows and as the breadth of use cases for our platform expands, we will need to devote additional resources to improving our platform architecture, integrating with third-party applications and maintaining infrastructure performance. In addition, we will need to appropriately scale our processes and procedures that support our growing customer base, including increasing our number of POPs around the world and investments in systems, training, and customer support.
Any failure of or delay in these efforts could cause impaired system performance and reduced customer satisfaction. These issues could reduce the attractiveness of our platform to customers, resulting in decreased sales to new customers, lower renewal rates by existing customers, the issuance of service credits, or requested refunds, which would hurt our revenue growth and our reputation. Even if we are able to upgrade our systems and expand our staff, any such expansion will be expensive and complex, and require the dedication of significant management time and attention. We could also face inefficiencies or operational failures as a result of our efforts to scale our cloud infrastructure, such as by over investing in systems and equipment to support anticipated growth in our platform. We cannot be sure that the expansion and improvements to our cloud infrastructure will be effectively implemented on a timely basis, if at all, and such failures would harm our business.
32



We may have insufficient transmission bandwidth and colocation space, which could result in disruptions to our platform and loss of revenue.
Our operations are dependent in part upon transmission bandwidth provided by third-party telecommunications network providers and access to colocation facilities to house our servers. There can be no assurance that we are adequately prepared for unexpected increases in bandwidth demands by our customers, particularly when customers experience cyber-attacks. The bandwidth we have contracted to purchase may become unavailable for a variety of reasons, including service outages, payment disputes, network providers going out of business, natural disasters, networks imposing traffic limits, or governments adopting regulations that impact network operations. In some regions, bandwidth providers have their own services that compete with us, or they may choose to develop their own services that will compete with us. These bandwidth providers may become unwilling to sell us adequate transmission bandwidth at fair market prices, if at all. This risk is heightened where market power is concentrated with one or a few major networks. We also may be unable to move quickly enough to augment capacity to reflect growing traffic or security demands. Failure to put in place the capacity we require could result in a reduction in, or disruption of, service to our customers and ultimately a loss of those customers. Such a failure could result in our inability to acquire new customers demanding capacity not available on our platform.
The nature of our business exposes us to inherent liability risks.
Our platform and related applications, including our security solutions, are designed to provide rapid protection against web application vulnerabilities and cyber-attacks. However, no security product can provide absolute protection against all vulnerabilities and cyber-attacks. Our platform is subject to cyber-attacks, and the failure of our platform and related applications to adequately protect against these cyber-attacks may allow our customers to be attacked. Any adverse consequences of these attacks, and our failure to meet our customers’ expectations as they relate to such attacks, could harm our business.
Due to the nature of our applications, we are potentially exposed to greater risks of liability for product or system failures than may be inherent in other businesses. Although substantially all of our customer agreements contain provisions that limit our liability to our customers, these limitations may not be sufficient, and we cannot assure you that these limitations will be enforced or the costs of any litigation related to actual or alleged omissions or failures would not have a material adverse effect on us even if we prevail.
Our dedication to our values may negatively influence our financial results.
We have taken, and may continue to take, actions that we believe are in the best interests of our customers, our employees, and our business, even if those actions do not maximize financial results in the short term. For instance, we do not knowingly allow our platform to be used to deliver content from groups that promote violence or hate, and that conflict with our values like strong ethical principles of integrity and trustworthiness, among others. In the past, we have removed customers from our platform who we believed took positions conflicting with these values, and we may continue to do so in the future. However, this approach may not result in the benefits that we expect, and our employees or third parties may disagree with our interpretation of our values, or take issue with how we execute on our values, which may result in us becoming a target for negative publicity, increased scrutiny, lawsuits, or network attacks, in which case our business could be harmed.
Our growth depends in large part on the success of our partner relationships.
We maintain a partner ecosystem of companies who build edge applications to integrate with our platform. We are dependent on these partner relationships to amplify our reach and provide our customers with enhanced value from our platform. Our future growth will be increasingly dependent on the success of our partner relationships, including their development of useful applications for our platform. If those partnerships do not provide these benefits or if our partners are unable to serve our customers effectively, we may need to allocate resources internally to provide these services or our customers may not realize the full value of our platform, which could harm our business.
Moreover, our partners’ business partners may not completely align with our core values and therefore may do business with companies that we otherwise would not do business with. Our association with these companies could damage our brand and reputation and potentially harm our business.
33



We operate in an emerging and evolving market, which may develop more slowly or differently than we expect. If our market does not grow as we expect, or if we cannot expand our services to meet the demands of this market, our revenue may decline, or fail to grow, and we may incur operating losses.
The market for edge computing is still developing. There is considerable uncertainty over the size and rate at which this market will grow, as well as whether our platform will be widely adopted. Our success will depend, to a substantial extent, on the widespread adoption of our platform as an alternative to other solutions, such as legacy CDNs, and CDNs focused on enterprise data centers, central cloud, and small businesses. Some organizations may be reluctant or unwilling to use our platform for a number of reasons, including concerns about additional costs, uncertainty regarding the reliability, and security of cloud-based offerings or lack of awareness of the benefits of our platform. Moreover, many organizations have invested substantial personnel and financial resources to integrate traditional on-premise services into their businesses, and therefore may be reluctant or unwilling to migrate to cloud-based services. Our ability to expand sales of our product into new and existing markets depends on several factors, including potential customer awareness of our platform; the timely completion of data centers in those markets; introduction and market acceptance of enhancements to our platform or new applications that we may introduce; our ability to attract, retain and effectively train sales and marketing personnel; our ability to develop relationships with partners; the effectiveness of our marketing programs; the pricing of our services; and the success of our competitors. If we are unsuccessful in developing and marketing our product into new and existing markets, or if organizations do not perceive or value the benefits of our platform, the market for our product might not continue to develop or might develop more slowly than we expect, either of which may harm our business.
The estimates of market opportunity and forecasts of market growth may prove to be inaccurate, and any real or perceived inaccuracies may harm our reputation and negatively affect our business. Even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.
Third-party market opportunity estimates and our growth forecasts are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate. The variables that go into the calculation of our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of addressable companies or end-users covered by our market opportunity estimates will purchase our products at all or generate any particular level of revenues for us. Even if the market in which we compete meets the size estimates and growth forecasted, our business could fail to grow for a variety of reasons, including reasons outside of our control, such as competition in our industry.
Usage of our platform accounts for substantially all of our revenue, and as a result, our operating results could suffer from a reduction in usage.
We expect that we will be substantially dependent on our edge cloud platform to generate revenue for the foreseeable future. As a result, our operating results could suffer due to:
any decline in demand for our edge cloud platform;
the failure of our edge cloud platform to achieve continued market acceptance;
the market for edge cloud computing services not continuing to grow, or growing more slowly than we expect;
the introduction of products and technologies that serve as a replacement or substitute for, or represent an improvement over, our edge cloud platform;
technological innovations or new standards that our edge cloud platform does not address;
sensitivity to current or future prices offered by us or our competitors;
our customers’ development of their own edge cloud platform; and
our inability to release enhanced versions of our edge cloud platform on a timely basis.
34



In addition, because substantially all of our revenue from usage is recognized during the term of the relevant contract upon usage, downturns or upturns in sales contracts are not immediately reflected in full in our operating results.
If the market for our edge cloud platform grows more slowly than anticipated or if demand for our edge cloud platform does not grow as quickly as anticipated, whether as a result of competition, pricing sensitivities, product obsolescence, technological change, unfavorable economic conditions, uncertain geopolitical environment, budgetary constraints of our customers, or other factors, our business would be harmed.
We expect fluctuations in our financial results and key metrics, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors, our stock price and the value of your investment could decline significantly.
Our operating results, including revenue, gross margin and net income, as well as our key metrics, including our DBNER, NRR and LTM NRR, have fluctuated in the past and are expected to fluctuate in the future due to a variety of factors, many of which are outside of our control. As a result, our past results may not be indicative of our future performance and period-to-period comparisons of our operating results and key metrics may not be meaningful or accurately measure our business. In addition to the other risks described herein, factors that may affect our operating results include the following:
fluctuations in demand for or pricing of our platform;
our ability to attract new customers;
our ability to retain our existing customers;
fluctuations in the usage of our platform by our customers, which is directly related to the amount of revenue that we recognize from our customers;
fluctuations in customer delays in purchasing decisions in anticipation of new products or product enhancements by us or our competitors;
changes in customers’ budgets and in the timing of their budget cycles and purchasing decisions;
the timing of customer payments and any difficulty in collecting accounts receivable from customers;
timing of new functionality of our existing platform;
our ability to control costs, including our operating expenses and transmission bandwidth pricing;
the amount and timing of payment for operating expenses, particularly research and development and sales and marketing expenses, including commissions;
the amount and timing of costs associated with recruiting, training, and integrating new employees;
the effects of acquisitions or other strategic transactions;
expenses in connection with acquisitions or other strategic transactions;
our ability to successfully deploy POPs in new regions;
general economic conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers participate;
35



the ability to maintain our partnerships;
the impact of new accounting pronouncements;
changes in the competitive dynamics of our market, including consolidation among competitors or customers;
significant security breaches of, technical difficulties with, or interruptions to, the delivery and use of our platform; and
awareness of our brand and our reputation in our target markets.
Additionally, certain large scale events, such as major elections and sporting events, can significantly impact usage of our platform, which could cause fluctuations in our results of operations. While increased usage of our platform during these events could result in increased revenue, these seasonal and one-time events could also impact the performance of our platform during those events and lead to a sub-optimal experience for some customers. Such annual and one-time events may cause fluctuations in our results of operations as they would impact both our revenue and our operating expenses.
Any of the foregoing and other factors may cause our results of operations to vary significantly. Furthermore, if our quarterly results of operations or our guidance fall below the expectations of investors and securities analysts who follow our stock, the price of our Class A common stock could decline substantially, and our business could be harmed. We cannot assure you that our operating results or projected operating results will meet the expectations of market analysts or our investors.
Our pricing models subject us to various challenges that could make it difficult for us to derive sufficient value from our customers, and we do not have sufficient history with our pricing models to accurately predict the optimal pricing necessary to attract new customers and retain existing customers.
We generally charge our customers for their usage of our platform based on the combined total usage, as well as the features and functionality enabled. Additionally, once our product is purchased, customers can also buy a combination of our add-on products. We do not know whether our current or potential customers or the market in general will continue to accept this pricing model going forward and, if it fails to gain acceptance, our business could be harmed. We also generally purchase bandwidth from Internet service providers and server colocation space from third parties based on expected usage from our customers. Moreover, if our customers use our platform in a manner that is inconsistent with how we have purchased bandwidth, servers, and colocation space, our business could be harmed.
We have limited experience with respect to determining the optimal prices for our products and, as a result, we have in the past changed our pricing model and expect that we may need to do so in the future, including as a result of inflationary pressures. In addition, during 2023 we introduced the option for customers to purchase product packages with single price points and set limits on usage. We do not charge for overages on these single price point product packages. We do not know whether our current or potential customers will accept these packages or the impact these packages will have on our existing usage-based pricing model. As the market for our products matures, or as new competitors introduce new products or services that compete with ours, we may be unable to attract new customers at the same price or based on the same pricing models as we have used historically. Pricing decisions may also impact the mix of adoption among our customers and negatively impact our overall revenue. Moreover, larger organizations may demand substantial price concessions. As a result, in the future we may be required to reduce our prices or develop new pricing models, which could adversely affect our revenue, gross margin, profitability, financial position, and cash flow.
Our sales and onboarding cycles with customers can be long and unpredictable, and our sales and onboarding efforts require considerable time and expense.
The timing of our sales with our enterprise customers and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for these customers. In addition, for our enterprise customers, the lengthy sales cycle for the evaluation and implementation of our products may also cause us to experience a delay between expenses for such sales efforts and the generation of corresponding revenue. The length of our sales cycle for these customers, from initial evaluation to payment, can range from several months to well over a year and can vary substantially from customer to customer. Similarly, the onboarding and ramping process with new enterprise customers, or with existing customers that are
36



moving additional traffic onto our platform, can take several months. As the purchase of our products can be dependent upon customer initiatives, our sales cycle can extend to even longer periods of time. Customers often view a switch to our platform as a strategic decision requiring significant investment and, as a result, frequently require considerable time to evaluate, test, and qualify our product offering prior to entering into or expanding a contract commitment. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which may not result in a completed sale. Additional factors that may influence the length and variability of our sales cycle include:
the effectiveness of our sales force, particularly new salespeople and sales leadership, as we increase the size of our sales force and train our new salespeople to sell to enterprise customers;
the discretionary nature of customers’ purchasing decisions and budget cycles;
customers’ procurement processes, including their evaluation of competing products;
economic conditions and other factors affecting customer budgets;
the regulatory environment in which our customers operate;
integration complexity for a customer deployment;
the customer’s familiarity with edge cloud computing platforms;
evolving customer demands;
selling new products to enterprise customers; and
competitive conditions.
Given these factors, it is difficult to predict whether and when a customer will switch to our platform.
Given that it can take several months for our customers to ramp up their usage of our platform, during that time, we may not be able to generate enough revenue from a particular customer or that customer may not increase their usage in a meaningful way. Moreover, because the switching costs are fairly low, our customers are able to switch from our platform to alternative services relatively easily. As a result, actual usage could be materially below our forecasts, which could adversely affect our results of operations, disappoint analysts and investors, or cause our stock price to decline.
If our platform does not achieve sufficient market acceptance, our financial results and competitive position will suffer.
To meet our customers’ rapidly evolving demands, we invest substantial resources in research and development of enhanced products to incorporate additional functionality or expand the use cases that our platform addresses. Maintaining adequate research and development resources, such as the appropriate personnel and development technology, to meet the demands of the market is essential. If we are unable to develop products internally due to inadequate or ineffective research and development resources, we may not be able to address our customers’ needs on a timely basis or at all. In addition, if we seek to supplement our research and development capabilities or the breadth of our products through acquisitions, such acquisitions could be expensive and we may not successfully integrate acquired technologies or businesses into our business. When we develop or acquire new or enhanced products, we typically incur expenses and expend resources upfront to develop, market, promote, and sell the new offering. Therefore, when we develop or acquire and introduce new or enhanced products, they must achieve high levels of market acceptance in order to justify the amount of our investment in developing or acquiring and bringing them to market. Our new products or enhancements and changes to our existing products could fail to attain sufficient market acceptance for many reasons, including:
failure to predict market demand accurately in terms of functionality and a failure to supply products that meet this demand in a timely fashion;
37



defects, errors, or failures;
negative publicity about our platform’s performance or effectiveness;
changes in the legal or regulatory requirements, or increased legal or regulatory scrutiny, adversely affecting our platform;
emergence of a competitor that achieves market acceptance before we do;
delays in releasing enhancements to our platform to the market; and
introduction or anticipated introduction of competing products by our competitors.
If our platform and any future enhancements do not achieve adequate acceptance in the market, or if products and technologies developed by others achieve greater acceptance in the market, our business could be harmed.
Beyond overall acceptance of our platform by our customers, it is important that we maintain and grow acceptance of our platform among the developers that work for our customers. We rely on developers to choose our platform over other options they may have, and to continue to use and promote our platform as they move between companies. These developers often make design decisions and influence the product and vendor processes within our customers. If we fail to gain or maintain their acceptance of our platform, our business would be harmed.
We rely on third-party hosting providers that may be difficult to replace.
We rely on third-party hosting services such as AWS, Google Cloud Platform, Microsoft (Azure), and other cloud providers that facilitate the offering of our platform. Some of these third-party hosting services offer competing products to ours and therefore may not continue to be available on commercially reasonable terms, or at all. These providers may be unwilling to do business with us if they view our platform as a threat. Any loss of the right to use any of the hosting providers could impair our ability to offer our platform and harm our business until we are able to obtain alternative hosting providers.
If we do not or cannot maintain the compatibility of our platform with third-party applications that our customers use in their businesses, our business will be harmed.
Because our customers choose to integrate our products with certain capabilities provided by third-party providers, the functionality and popularity of our platform depends, in part, on our ability to integrate our platform and applications with third-party applications. These third parties may change the features of their technologies, restrict our access to their applications, or alter the terms governing use of their applications in a manner that is adverse to our business. Such changes could functionally limit or prevent our ability to use these third-party technologies in conjunction with our platform, which would negatively affect adoption of our platform and harm our business. If we fail to integrate our platform with new third-party applications that our customers use, we may not be able to offer the functionality that our customers need, which would harm our business.
We provide service level commitments under our customer agreements. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service, or face contract termination with refunds of prepaid amounts, which could harm our business.
Most of our customer agreements contain service level commitments. If we are unable to meet the stated service level commitments, including failure to meet the uptime and delivery requirements under our customer agreements, we may be contractually obligated to provide the affected customers with service credits which could significantly affect our revenues in the periods in which the uptime and delivery failure occurs and the credits are applied. In the past, as a result of degradation of service and interruptions to our platform, we have provided service credits to certain of our affected customers with whom we had service level commitments. We could also face customer terminations with refunds of prepaid amounts, which could significantly affect both our current and future revenues. Any service level failures could harm our business.
38



If we fail to offer high quality support, our business may be harmed.
Our customers rely on our support team to assist them in deploying our products effectively and resolve technical and operational issues. High-quality support is important for the renewal and expansion of our agreements with existing customers. The importance of maintaining high quality support will increase as we expand our business and pursue new customers. If we do not help our customers quickly resolve issues and provide effective ongoing support, our ability to maintain and expand our relationships with existing and new customers could suffer and our business could be harmed. Further, increased demand for customer support, without corresponding revenue, could increase costs and adversely affect our business. In addition, as we continue to grow our operations and expand internationally, we will need to be able to provide efficient customer support that meets our customers’ needs globally at scale and our customer support team will face additional challenges, including those associated with delivering support and documentation in multiple languages. Our failure to do so could harm our business.
Investors’ expectations of our performance relating to environmental, social and governance factors may impose additional costs and expose us to new risks.
There is an increasing focus from certain investors, employees, and other stakeholders concerning corporate responsibility, specifically related to environmental, social, and governance matters (“ESG”). Some investors may use these non-financial performance factors to guide their investment strategies and, in some cases, may choose not to invest in us if they believe our ongoing policies and actions relating to corporate responsibility are inadequate. We may face reputational damage in the event that we do not meet the ESG standards set by various constituencies. Furthermore, if our competitors’ corporate social responsibility performance is perceived to be better than ours, potential or current investors may elect to invest with our competitors instead. In addition, in the event that we communicate certain initiatives and goals regarding environmental, social, and governance matters, we could fail, or be perceived to fail, in our achievement of such initiatives or goals, or we could be criticized for the scope of such initiatives or goals. If we fail to satisfy the expectations of investors, employees and other stakeholders or our initiatives are not executed as planned, our business may be harmed.
Risks Related to Employees and Managing Our Growth
The failure to attract and retain qualified personnel could prevent us from executing our business strategy.
To execute our business strategy, we must attract and retain highly qualified personnel. Competition for executive officers, software developers, sales personnel, product managers, and other key employees in our industry is intense. In particular, we compete with many other companies for software developers with high levels of experience in designing, developing, and managing cloud-based software, as well as for skilled sales, operations, and security professionals. In addition, we believe that the success of our business and corporate culture depends on employing people with a variety of backgrounds and experiences, and the competition for such diverse personnel is significant. The market for such talented personnel is competitive. Many of the companies with which we compete for experienced personnel have greater resources than we do and can frequently offer such personnel substantially greater compensation than we can offer, including, in some cases, large equity packages and cash incentive bonuses. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity awards declines, experiences significant volatility, or increases such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to recruit and retain key employees. In order to manage attrition, including as a result of recent stock price decreases and market volatility on the perceived value of our equity awards, we have issued, and may continue to issue, additional equity awards and increased cash compensation to attract and retain employees, which may impact our results of operations or be dilutive to stockholders. Moreover, the increase in the number of equity awards has reduced the number of shares available for us to grant under our equity incentive plan. We also face significant competition in hiring and attracting qualified employees in all aspects of our business, and the move by companies to offer a remote or hybrid work environment has increased the competition for such employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our ability to maintain and enhance our platform, develop and deliver new products, fix bugs, support our existing customers, attract new customers, respond to competitive pressures, and otherwise execute our business plan would be harmed.
39



We rely on the performance of highly skilled personnel, including our senior management and other key employees, and the loss or transition of one or more of such personnel, or of a significant number of our team members, could harm our business.
We believe that our success has depended, and continues to depend, on the efforts and talents of senior management and key employees, including Artur Bergman, our Chief Architect and Todd Nightingale, our Chief Executive Officer. There have been, and from time to time, there may continue to be, changes in our management team resulting from the hiring or departure of executives and key employees, or the transition of executives within our business, which could disrupt our business. For example, Todd Nightingale began serving as our new Chief Executive Officer, effective September 1, 2022. Such changes in our executive management team may be disruptive to our business. Some of our executive officers and members of our management team have been with us for a short period of time and we continue to develop key functions within various aspects of our business. We are also dependent on the continued service of our existing software engineers because of the complexity of our platform. Our senior management, including Mr. Nightingale and Mr. Bergman, and key employees are employed on an at-will basis. We cannot ensure that we will be able to retain the services of any member of our senior management or other key employees or that we would be able to timely replace members of our senior management or other key employees should any of them depart. The loss of one or more of our senior management or other key employees could harm our business.

Our past growth may not be indicative of our future growth and we may not be able to manage our growth effectively.
We have experienced growth in various aspects of our business in prior periods. For example, for the years ended December 31, 2023, 2022, and 2021, our revenue was $506.0 million, $432.7 million and $354.3 million, respectively. In addition, we are expanding, and expect to continue to expand in the future, our international operations. We have also experienced growth in the number of customers, usage, and amount of data delivered across our platform. This growth has placed, and may continue to place, significant demands on our corporate culture, operational infrastructure, and management. Although our business has experienced growth in the past, we cannot provide any assurance that our business will continue to grow at the same rate, or at all. Overall growth of our business depends on a number of factors, including our ability to:
address new and developing markets, such as large enterprise customers outside the United States;
recruit, hire, train, and manage additional qualified engineers and product managers;
recruit, hire, train, and manage additional sales and marketing personnel;
maintain and enhance our corporate culture;
expand our international operations;
establish more mature organizational designs and structures, with more skill, technical and leadership depth with experience scaling and expanding global businesses;
implement and improve our administrative, financial and operational systems, procedures, and controls;
attract new customers and increase our existing customers’ usage on our platform;
expand the functionality and use cases for the products we offer on our platform;
provide our customers with customer support that meets their needs;
successfully identify and acquire or invest in businesses, products, or technologies that we believe could complement or expand our products; and
recruit experienced leaders and strategists to facilitate successful acquisitions and integrations.
We may not successfully accomplish any of the above objectives. We expect to continue to expend substantial financial and other resources on:
40



sales and marketing, including a significant expansion of our sales organization;
our infrastructure, including POP deployments, systems architecture, management tools, scalability, availability, performance, and security, as well as disaster recovery measures;
product development, including investments in our product development team and the development of new products and new functionality for our existing products;
acquisitions or strategic investments;
international expansion; and
general administration, including legal and accounting expenses associated with being a public company.
These activities will require significant investments and allocation of valuable management and employee resources, and our growth will continue to place significant demands on our management and our operational and financial infrastructure. There are no guarantees we will be able to grow our business in an efficient or timely manner, or at all. If we fail to manage the growth of our business and operations effectively, the quality of our services and the efficiency of our operations could suffer, which could adversely affect our business, financial condition, and results of operations. If we are unable to return to our prior level of growth, our business will be harmed.
In addition, our past rapid growth may make it difficult to evaluate our future performance. Our ability to forecast our future results of operations is subject to a number of uncertainties. If we fail to achieve the necessary level of efficiency in our company as it grows, or if we are not able to accurately forecast future growth, our business would be negatively impacted.
If we cannot maintain our company culture as we grow, our success and our business may be harmed.
We believe our culture has been a key contributor to our success to date and that the critical nature of the products that we provide promotes a sense of greater purpose and fulfillment in our employees. Any failure to preserve our culture could negatively affect our ability to recruit and retain personnel and to effectively focus on and pursue our corporate objectives. As we grow and develop the systems and processes associated with being a public company, we may find it difficult to maintain these important aspects of our culture. In addition, while we have historically benefited from having a dispersed workforce, as we have grown and our resources have become more globally dispersed and our organizational management structures have become more complex, we have found it increasingly difficult to maintain these beneficial aspects of our corporate culture. In addition, we may seek to acquire or invest in businesses, products or technologies with differing corporate cultures that could be difficult to integrate. If we fail to maintain our company culture, our business may be harmed.
Risks Related to Our Financial Position and Need for Additional Capital
Our ability to timely raise capital in the future may be limited, or may be unavailable on acceptable terms, if at all, and debt or equity issued to raise additional capital may reduce the value of our Class A common stock.
We have funded our operations since inception primarily through payments received from our customers, sales of equity and debt securities, and borrowings under our credit facilities. We cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business, or our debt obligations. We also intend to continue to make investments to support our business and may require additional funds to do so. Our future capital requirements may vary materially from those currently planned and will depend on many factors, including our growth rate, our operating cash flow, market acceptance of our platform, the expansion of sales and marketing activities, strategic transactions, as well as overall economic conditions.
We may need to engage in equity or debt financings to secure additional funds, in particular if we are required to repay our outstanding convertible notes in cash. Additional financing may not be available on favorable terms, if at all, and any additional financing will need to be in compliance with the terms of our Credit Agreement with the lenders from time to time party thereto and First-Citizens Bank & Trust Company (successor by purchase to the Federal Deposit Insurance Corporation as
41



Receiver for Silicon Valley Bridge Bank, N.A. (as successor to Silicon Valley Bank) (as amended, restated, amended and restated, supplemented, restructured, or otherwise modified from time to time, the “Credit Agreement”).

We originally entered into our Credit Agreement with Silicon Valley Bank in 2021. On March 10, 2023, Silicon Valley Bank was announced as closed by the California Department of Financial Protection and Innovation, and the Federal Deposit Insurance Corporation (the “FDIC”) was appointed as a receiver. On March 26, 2023, it was announced that First-Citizens Bank & Trust Company would assume all of Silicon Valley Bank’s deposits and loans as of March 27, 2023. Following that transaction, the credit facility remains available subject to the same terms and conditions as before. However, there can be no assurances that the closure of Silicon Valley Bank or any related impacts across the financial services industry will not adversely affect our ability to access the funds available under the Credit Agreement.

If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, operating results, and financial condition. Furthermore, if we issue additional equity securities, stockholders will experience dilution, and the new equity securities could have rights senior to those of our Class A common stock. Any debt financing we secure may have higher interest rates and could involve additional restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. If we were to violate such restrictive covenants, we could incur penalties, increased expenses and an acceleration of the payment terms of our outstanding debt, which could in turn harm our business. Because our decision to issue securities in future offerings will depend on numerous considerations, including factors beyond our control, we cannot predict or estimate the amount, timing, or nature of any future issuances of debt or equity securities. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our Class A common stock and diluting their interests.

Seasonality may cause fluctuations in our sales and operating results.
We have experienced, and expect to continue to experience in the future, seasonality in our business, and our operating results and financial condition may be affected by such trends in the future. We generally experience seasonal fluctuations in demand for our platform. For example, we have some customers who increase their usage and requests when they need more capacity during busy periods, especially in the fourth quarter of the year, and then subsequently scale back. Our customers host certain large-scale events, such as sporting events or coverage of major elections, increasing their usage on a seasonal or one-time basis which can cause revenue to fluctuate between the periods in which these events occur and subsequent periods. Since we have built our network to handle seasonal capacity fluctuations, we may not be able to reduce our capacity in a timely manner, and as such sustain more costs. We believe that the seasonal trends that we have experienced in the past may continue for the foreseeable future, particularly as we expand our sales to larger enterprises. To the extent we experience this seasonality, it may cause fluctuations in our operating results and financial metrics, and make forecasting our future operating results and financial metrics difficult. Additionally, we do not have sufficient experience in selling certain of our products to determine if demand for these products is, or will be, subject to material seasonality.
Our current operations are international in scope and we plan on further geographic expansion, creating a variety of operational challenges.
A component of our growth strategy involves the further expansion of our operations and customer base internationally. For the year ended December 31, 2023, the percentage of revenue generated from customers outside the United States was 27% of our total revenue. As of December 31, 2023, our edge network spans across 58 markets and 34 countries that are outside of the United States. Additionally, we have employees located throughout the world. We continue to adapt to and develop strategies to address international markets but there is no guarantee that such efforts will have the desired effect. As of December 31, 2023, approximately 21% of our full-time employees were located outside of the United States. We expect that our international activities will grow over the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant management attention and financial resources. In connection with such expansion, we may face difficulties including costs associated with varying seasonality patterns, potential adverse movement of currency exchange rates, longer payment cycles, difficulties in collecting accounts receivable in some countries, tariffs and trade barriers, a variety of regulatory or contractual limitations on our ability to operate, adverse tax events, reduced protection of intellectual property rights in some countries, and a geographically and culturally diverse workforce and customer base. Failure to overcome any of these difficulties could harm our business. Our current and future international business and operations involve a variety of risks, including:
changes in a specific country’s or region’s political or economic conditions;
42



longer payment cycles;
greater difficulty collecting accounts receivable;
potential or unexpected changes in trade relations, regulations, or laws;
increased regulatory inquiry or oversight;
more stringent regulations relating to privacy and data security and the unauthorized use of, or access to, commercial and personal information, particularly in Europe;
differing labor regulations, especially in Europe and Japan, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations, and where potential labor organizing and works council negotiations in certain of those countries could contribute to increased operational costs or otherwise disrupt our business;
challenges inherent in efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs;
challenges to our corporate culture resulting from a dispersed workforce;
difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems;
increased travel, real estate, infrastructure, and legal compliance costs associated with international operations;
currency exchange rate fluctuations and the resulting effect on our revenue and expenses, and the cost and risk of entering into hedging transactions if we choose to do so in the future;
challenges related to providing support and developing products in foreign languages;
limitations on our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries;
laws and business practices favoring local competitors or general market preferences for local vendors;
potential tariffs and trade barriers;
limited or insufficient intellectual property protection or difficulties enforcing our intellectual property rights;
political instability, economic sanctions, terrorist activities, or international conflicts, including ongoing conflicts between Russia and Ukraine and Hamas and Israel, which may impact the operations of our business or the businesses of our customers;
inflationary pressures, such as those the global market is currently experiencing, labor shortages and supply chain disruptions, which may increase costs for certain services;
exposure to liabilities under anti-corruption and anti-money laundering laws, and similar laws and regulations in other jurisdictions; and
43



adverse tax burdens and foreign exchange controls that could make it difficult to repatriate earnings and cash.
If any of the above risks materialize, it could harm our business and prospects. In addition, our limited experience in operating our business internationally increases the risk that any potential future expansion efforts that we may undertake will not be successful. If we invest substantial time and resources to further expand our international operations and are unable to do so successfully and in a timely manner, our business may be harmed.
If our estimates or judgments relating to our critical accounting estimates prove to be incorrect, our results of operations could be adversely affected.
The preparation of financial statements in conformity with generally accepted accounting principles in the United States (“U.S. GAAP”) requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Critical Accounting Estimates.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include, but are not limited to, those related to revenue, accounts receivable and related reserves, fair value of assets acquired and liabilities assumed for business combinations, useful lives and realizability of long-lived assets including our goodwill and intangible assets, income tax reserves, and accounting for stock-based compensation. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our Class A common stock.

Current and future indebtedness could restrict our operations, particularly our ability to respond to changes in our business or to take specified actions.
Our Credit Agreement contains, and any future indebtedness would likely contain, a number of restrictive covenants that impose significant operating and financial restrictions on us, including restrictions on our ability to incur additional indebtedness, grant liens, pay dividends and make distributions, transfer property, make investments, and take other actions that may otherwise be in our best interests. In addition, our Credit Agreement contains a financial covenant that requires us to maintain a consolidated adjusted quick ratio of at least 1:25 to 1:00 tested on a quarterly basis as well as a springing revenue growth covenant for certain periods if our consolidated adjusted quick ratio falls below 1:75 to 1:00 on the last day of any fiscal quarter. Our ability to meet these financial covenants can be affected by events beyond our control, and we may not be able to continue to meet those covenants. In addition, a breach of a covenant under our Credit Agreement or any other current or future credit facility of ours may result in a cross-default under any such separate credit facility. If we seek to enter into one or more additional credit facilities in the future, we may not be able to obtain debt financing on terms that are favorable to us, if at all. Holders of our existing debt have, and holders of any future debt we may incur would have, rights senior to holders of common stock to make claims on our assets. In addition, the terms of our existing debt do, and the terms of any future debt could, restrict our operations, including our ability to pay dividends on our Class A common stock. If we are unable to obtain adequate financing or financing on terms that are satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be harmed.
If we are unable to maintain effective internal control over financial reporting in the future, investors may lose confidence in the accuracy and completeness of our financial reports, and the market price of our Class A common stock may be seriously harmed.
As a public company, we are required to maintain internal control over financial reporting and to report any material weaknesses in those internal controls. For example, we are required to perform system and process evaluation and testing of our internal control over financial reporting to allow management to report on the effectiveness of our internal control over financial reporting, as required by Section 404 of the Sarbanes-Oxley Act 9 (“Section 404”). Our independent registered public accounting firm also needs to attest to the effectiveness of our internal control over financial reporting. We designed, implemented, and tested internal control over financial reporting required to comply with this obligation. That process is time-consuming, costly, and complicated.
We previously reported and have subsequently remediated material weaknesses in our internal control over financial reporting. We continue to evaluate and take actions to improve our internal control over financial reporting. However, we
44



cannot assure you that the measures we have taken to date will be sufficient to avoid the identification of material weaknesses in the future.
If we fail to identify future material weaknesses in our internal control over financial reporting, if we are unable to comply with the requirements of Section 404 or assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an unqualified opinion or expresses a qualified or adverse opinion about the effectiveness of our internal control over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports and the market price of our Class A common stock could be negatively affected. Moreover, any failure to identify new material weaknesses in our internal control over financial reporting, could result in material misstatements in our financial statements that may continue undetected and cause us to fail to meet our reporting and financial obligations or incur significant additional costs to remediate new material weaknesses, each of which could harm our ability to raise capital on favorable terms in the future or otherwise have a negative impact on our financial condition. In addition, we could become subject to investigations by the New York Stock Exchange (the “NYSE”), the SEC, and other regulatory authorities, which could require additional financial and management resources.
We may not be able to successfully manage the growth of our business if we are unable to improve our internal systems, processes and controls.
We need to continue to improve our internal systems, processes, and controls to effectively manage our operations and growth. We may not be able to successfully implement and scale improvements to our systems and processes in a timely or efficient manner or in a manner that does not negatively affect our operating results. For example, we may not be able to effectively monitor certain extraordinary contract requirements or provisions that are individually negotiated by our sales force as the number of transactions continues to grow. Moreover, as we continue to improve our pricing structure, we will need to implement corresponding improvements to our systems around payment of sales commissions. In addition, our systems and processes may not prevent or detect all errors, omissions, or fraud. We may experience difficulties in managing improvements to our systems, processes, and controls or in connection with third-party software, which could impair our ability to manage our business, pay sales commissions, or offer our platform to our customers in a timely manner, causing us to lose customers or employees, limit our growth, limit us to smaller deployments of our products, or increase our technical support costs.
Our financial results may be adversely affected by changes in accounting principles applicable to us.
GAAP are subject to interpretation by the Financial Accounting Standards Board, the SEC and other various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or interpretations could have a significant effect on our reported financial results for periods prior to and subsequent to such change, and could affect the reporting of transactions completed before the announcement of a change.
Market practices with respect to these new disclosures are continuously evolving, and securities analysts and investors may not fully understand the implications of our disclosures or how or why they may differ from similar disclosures by other companies. Any additional new accounting standards could have a significant effect on our reported results. If our reported results fall below analyst or investor expectations, our stock price could decline.
Risks Related to Laws, Regulations, and the Global Economy
Failure to comply with United States and foreign governmental laws and regulations could harm our business.
Our business is subject to regulation by various federal, state, local, and foreign governments. If we do not comply with these laws or regulations or if we become liable under these laws or regulations due to the failure of our customers to comply with these laws, we could face direct liability or delivery of content by our platform may be blocked by certain governments. In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. For example, in June 2020, China passed a national security law for Hong Kong that imposes criminal liability for the violation of content regulations, it is currently not clear how broadly such legislation will be interpreted or applied in relation to our customers or our business, and additional developments in our understanding of the application of this law could cause us to remove our POP from Hong Kong. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, injunctions, or other collateral consequences. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business could be harmed. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business.
45



If the United States government prohibits our current or potential customers from doing business with us, whether through policy, regulations or laws, we could face direct liability or our delivery of content by our platform may be blocked. For example, in the current environment of economic trade negotiations and tensions between the Chinese and the United States governments, the United States government has expressed concerns about the ability of companies operating in China to do business in the United States or with United States companies. As a result, we could lose the ability to contract with current or potential customers and usage of our platform may decrease by affected customers, which could harm our business and reputation. Even in the absence of new restrictions or trade actions imposed by the United States or other governments, our customers that operate in China, target China as a market, or that have strong business ties to China, may take actions to reduce dependence on our platform, which could harm our business.
We are subject, or may become subject, to stringent and evolving U.S. and foreign laws, governmental regulations and rules, and contractual obligations, industry standards, policies and other obligations related to privacy, infrastructure, and data security. Our actual or perceived failure to comply with such obligations could harm our business, by resulting in regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, adverse publicity and reputational damage, loss of revenue or profits, loss of customers or sales and other adverse consequences that may negatively affect the value of our business and decrease the price of our Class A common stock. Compliance with such obligations could also result in costs and liabilities to us or inhibit sales of our products.
We receive, store, process, collect, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, and share personal information and other proprietary, confidential, and sensitive data, including intellectual property, trade secrets, encryption keys, and including our data and data of our customers (including their end-users). Our handling of data is subject to a variety of obligations related to privacy and data security, contractual obligations, internal and external privacy policies, guidance, industry standards, and other obligations that govern the processing of personal information. Additionally, we are or may become subject to other laws and regulations around the world with respect to the Internet related to, among other things, content liability, security requirements, critical infrastructure designations, Internet resiliency, law enforcement access to information, net neutrality, data localization requirements, and restrictions on social media or other content.
In the United States, federal, state, and local governments have enacted numerous privacy and data security laws, including data breach notification laws, personal data privacy laws, consumer protection laws (e.g., Section 5 of the FTC Act), and other similar laws (e.g., wiretapping laws). Domestically, states have also begun to introduce more comprehensive privacy and data security legislation, including data breach notification laws, personal information privacy laws, and consumer protection laws.
In the past few years, numerous U.S. states—including California, Virginia, Colorado, Connecticut, and Utah—have enacted comprehensive privacy and data security laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal information. As applicable, such rights may include the right to access, correct, or delete certain personal information, and to opt-out of certain data processing activities, such as targeted advertising, profiling, and automated decision-making. The exercise of these rights may impact our business and ability to provide our products and services. Certain states also impose stricter requirements for processing certain personal information, including sensitive information, such as conducting data privacy impact assessments. These state laws allow for statutory fines for noncompliance. For example, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CPRA”), collectively ("CCPA") applies to personal information of consumers, business representatives, and employees who are California residents, and requires businesses to provide specific disclosures in privacy notices and honor requests of such individuals to exercise certain privacy rights related to their personal information. The CCPA allows for statutory fines for noncompliance (up to $7,500 per violation), as well as a private right of action for individuals affected by certain data breaches to recover significant statutory damages.
Similar laws have been proposed in several other states and at the federal and local levels, and we expect more states to pass similar laws in the future, which could increase our compliance costs and adversely affect our business.
Our customers may deploy AI models or technologies using our platform, and our employees and personnel may use AI to perform their work. Governments have passed and are likely to pass additional laws regulating AI. Our use of this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. If we are unable to use AI, it could make our business less efficient and result in competitive disadvantages. Due to inaccuracies or flaws in the inputs, outputs, or logic of the AI, the model could be biased and could lead us to make decisions that could bias certain individuals (or classes of individuals), and adversely impact their rights, employment, and ability to obtain certain pricing, products, services, or benefits.
46



Several jurisdictions around the globe, including Europe and certain U.S. states, have proposed, enacted, or are considering laws governing the development, deployment and use of AI, such as the EU’s AI Act. We expect other jurisdictions will adopt similar laws. These obligations may make it harder for us to conduct our business using AI, lead to regulatory fines or penalties, require us to change our business practices, retrain our AI, or prevent or limit our use of AI. If we cannot use or are restricted in using AI technologies, or deployment of AI by our customers using our platform is affected, our business may be less efficient, or we may be at a competitive disadvantage.

Outside of the United States, an increasing number of foreign laws and regulations apply to privacy and data security. For example, the European Union’s General Data Protection Regulation (“EU GDPR”), the United Kingdom’s GDPR (“UK GDPR”), (collectively “GDPR”) Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais or “LGPD”) (Law No. 13,709/2018), Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and Canada’s Anti-Spam Legislation (“CASL”), and China’s Personal Information Protection Law (“PIPL”) impose strict requirements for processing the personal information of individuals. For example, under the GDPR, government regulators may impose restrictions or injunctions on data processing, and fines of up to 20 million euros (£17.5 million) or 4% of annual global revenue, whichever is greater. The GDPR also provides for private litigation related to the processing of personal information, which can be brought by classes of data subjects or consumer protection organizations authorized by law to represent the interests of such classes. European legislative proposals and existing laws and regulations also apply to cookies and similar tracking technologies, electronic communications, and marketing. In the EU and the UK, regulators are increasingly focusing on compliance with requirements related to the online behavioral advertising ecosystem. It is anticipated that the ePrivacy Regulation and national implementing laws will replace the current national laws that implement the ePrivacy Directive that governs electronic communications. Compliance with these laws may require us to make significant operational changes, limit the effectiveness of our marketing activities, divert the attention of our technology personnel, adversely affect our margins, and subject us to liabilities. Furthermore, there is a new regulation in the EU related to AI that will impose onerous obligations related to the use of AI-related systems and may require us to change our business practices. We may also become subject to new laws in the EU that regulate cybersecurity and non-personal information, such as the European Data Act. Depending on how these laws are interpreted, we may have to adapt our business practices and products to comply with such obligations.
Certain jurisdictions have enacted data localization laws and cross-border personal information transfer laws, which could make it more difficult to transfer information across jurisdictions. In particular, the European Economic Area (“EEA”) and the United Kingdom (“UK”) have significantly restricted the transfer of personal information to the United States and other countries whose privacy and data security laws are generally believed to be inadequate. Other jurisdictions may adopt similarly stringent interpretations of their data localization and cross-border personal information transfer laws. Although there are currently various mechanisms that may be used to lawfully transfer personal information to the United States, such as the standard contractual clauses for transfers from the EEA and UK, the UK’s International Data Transfer Agreement / Addendum, and the EU-U.S. Data Privacy Framework (which allows for transfers to relevant U.S.-based organizations who self-certify compliance and participate in the Framework), these mechanisms are subject to legal challenges and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal information to the United States or elsewhere. Certain countries outside Europe (e.g., Russia, China, Brazil) have also passed or are considering laws requiring local data residency or otherwise impeding the transfer of personal information across borders, any of which could increase the cost and complexity of doing business.

If there is no lawful manner for us to transfer personal information from the EEA, the UK or other jurisdictions to the United States or elsewhere, or if the requirements for a legally-compliant transfer are too onerous, we may face significant adverse consequences, such as the interruption or degradation of our operations, increased exposure to regulatory actions, substantial fines, injunctions against processing or transferring personal information, determinations by customers not to use our services, limited ability to collaborate with parties that are subject to cross-border data transfer or localization laws, and the need to increase or relocate our personal information processing capabilities and infrastructure in foreign jurisdictions at significant expense. Additionally, companies that transfer personal information out of the EEA and UK to other jurisdictions, particularly to the United States, are subject to increased scrutiny from regulators, individual litigants, and activist groups. Some European regulators have ordered certain companies to suspend or permanently cease certain transfers out of Europe for allegedly violating the EU GDPR’s cross-border data transfer limitations.

In addition to government regulation, privacy advocates, and industry groups may propose new and different self-regulatory standards that may apply to us. We may publish privacy policies, marketing materials and other statements, such as compliance with certain certifications or self-regulatory principles, regarding privacy and data security. If these policies, materials or statements are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators or other adverse consequences. We may also be bound by contractual obligations related to privacy and data security, and our efforts to comply with such obligations may not be successful. For example, certain privacy and data security laws, such as the EU GDPR and the CCPA, require our customers
47



to impose specific contractual restrictions on their service providers. Additionally, in limited circumstances, under various privacy and data security laws and other obligations, we may be required to obtain certain consents to process personal information. Our inability or failure to do so could result in adverse consequences. Laws relating to the liability of providers of online services for activities of their users and other third parties are currently being tested by a number of claims, including actions based on invasion of privacy and other torts, unfair competition, copyright and trademark infringement, and other theories based on the nature and content of the materials searched, the ads posted, or the content provided by users. Moreover, our global platform outage in June 2021 increased our public profile and resulted in more frequent interest in our company by regulators. Any additional outages may draw additional scrutiny or focused legislation from regulators.

In addition, the United States or foreign jurisdictions may establish new laws or regulations regarding the Internet or online services. These new laws and regulations may affect our products and infrastructure, which could cause us to incur substantial costs to comply, expose us to regulatory scrutiny, criminal or civil liability, require us to fundamentally change our products or operations, or otherwise have an adverse effect on our business.
Obligations relating to privacy and data security (and customers’ data privacy expectations) are evolving, increasingly stringent, creating uncertainty, and may result in increasing scrutiny. Such obligations may be subject to different applications and interpretations, and which may be inconsistent and conflicting among different jurisdictions. Preparing for and complying with these obligations require us to devote significant resources and may necessitate changes to our services, information technologies, systems, and practices and to those of any third parties that process personal information on our behalf. Because the interpretation and application of privacy and data security related obligations are uncertain, they may be interpreted or applied in a manner that is inconsistent with our existing data management practices or the functionality of our platform. We could be required to fundamentally change our business activities and practices or modify our software, which could have an adverse effect on our business. Future restrictions on the collection, use, sharing, or disclosure of data or additional requirements for express or implied consent of our customers, partners, or end-users for the use and disclosure of such information could require us to incur additional costs or modify our platform, possibly in a material manner, and could limit our ability to develop new functionality.

We may at times fail (or be perceived to have failed) in our efforts to comply with our privacy and data security obligations. Moreover, despite our efforts, our personnel or third parties on whom we rely may fail to comply with such obligations, which could negatively impact our business operations.

Any failure or perceived failure by us or third parties upon whom we rely to comply with obligations, relating to privacy and data security may result in significant consequences including but not limited to governmental investigations and enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar), litigation (including class-action claims), additional reporting requirements and/or oversight, bans on processing personal data, and orders to destroy or not use personal information.
Any of these events could have a material adverse effect on our reputation, business, or financial condition, including but not limited to: loss of customers; interruptions or stoppages in our business operations; inability to process personal information or to operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; or substantial changes to our business model or operations.
Activities of our customers or the content of their websites and other Internet properties may violate applicable laws and/or our terms of service and could subject us to lawsuits, regulatory enforcement actions, and/or liability in various jurisdictions.
Through our network, we provide a wide variety of products that enable our customers and our customers’ users to exchange information, conduct business, and engage in various online activities both domestically and internationally. Our customers and our customers’ users may use our network and products in violation of applicable law or in violation of our terms of service or the customer’s own policies. The existing laws relating to the liability of providers of online products and services for activities of their users are highly unsettled and in flux both within the United States and internationally. In the future we may be subject to lawsuits and/or liability arising from the conduct of our customers and our customers’ users. Additionally, the conduct of our customers and our customers’ users may subject us to regulatory enforcement actions and/or liability. There can be no assurance that we will not face litigation in the future or that we will prevail in any litigation we may face. An adverse decision in one or more of these lawsuits could materially and adversely affect our business, results of operations, and financial condition.

Several U.S. federal statutes may apply to us with respect to various activities of our customers, including the Digital Millennium Copyright Act (“DMCA”), which provides recourse for owners of copyrighted material who believe their rights
48



under U.S. copyright law have been infringed on the Internet; and section 230, enacted in the Communications Decency Act (“CDA”), which addresses blocking and screening of content on the Internet. Although these and other similar legal provisions provide limited protections from liability for service providers like us, those protections may not be interpreted in a way that applies to us, may be amended or removed in the future, or may not provide us with complete protection from liability claims. If we are found not to be protected by the safe harbor provisions of the DMCA, CDA or other similar laws, or if we are deemed subject to laws in other countries that may not have the same protections or that may impose more onerous obligations on us, we may owe substantial damages and our brand, reputation, and financial results may be harmed.

Policies and laws in this area remain highly dynamic, and we may face additional theories of intermediary liability in various jurisdictions. For example, policymakers in the United States have called for a re-examination of CDA section 230 and copyright law, the UK has passed the Online Safety Act 2023, and the EU has implemented the Digital Services Act and Digital Markets Act to impose additional legal requirements on certain service providers. The DSA sets out a framework of layered responsibilities targeted at different types of services, including requirements for service providers to act on orders against illegal content and to publish reports on moderation of content. Member States can also issue rules on penalties for violating the DSA, with fines of up to 6% of annual global revenue. Complying with these obligations could cause us to change our products, policies, and procedures. In addition, in 2019, the EU approved a Copyright Directive that will impose additional obligations on service providers and failure to comply could give rise to significant liability. Other laws and pending legislation at the EU level (terrorist content, child sexual abuse materials) and in the UK (online harms), Australia (online harms), and India (Digital India Act), as well as other new laws like them, may also expose Internet companies like us to significant liability. We may incur additional costs to comply with these new laws, which may have an adverse effect on our business, results of operations, and financial condition.

We could be subject to claims for potential damages based on a significant number of online occurrences under statutory or other damage theories. Such claims may result in liability that exceeds our ability to pay or our insurance coverage. Even if potential claims against us are ultimately unsuccessful, defending against such claims could increase our legal expenses and divert management’s attention from the operation of our business, which could materially and adversely impact our business and results of operations.

Our sales to highly regulated organizations and government entities are subject to a number of challenges and risks.
We sell to customers in highly regulated industries such as financial services, insurance, and healthcare, as well as to various governmental agency customers, including state and local agency customers, and foreign governmental agency customers. Sales to such entities are subject to a number of challenges and risks. Selling to such entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Government contracting requirements may change and in doing so restrict our ability to sell into the government sector until we comply with the revised requirements. Government demand and payment for our offerings are affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our offerings.
Further, highly regulated and governmental entities may demand shorter contract terms or other contractual provisions that differ from our standard arrangements, including terms that can lead those customers to obtain broader rights in our offerings than would be standard. Such entities may have statutory, contractual, or other legal rights to terminate contracts with us or our partners due to a default or for other reasons, and any such termination may harm our business. In addition, these governmental agencies may be required to publish the rates we negotiate with them, which could harm our negotiating leverage with other potential customers and in turn harm our business.
The success of our business depends on customers’ continued and unimpeded access to our platform on the Internet.
Our customers must have Internet access in order to use our platform. Some Internet providers may take measures that affect their customers’ ability to use our platform, such as degrading the quality of the content we transmit over their lines, giving that content lower priority, giving other content higher priority than ours, blocking our content entirely, or attempting to charge their customers more for using our platform.
In January 2018, the Federal Communications Commission, or the FCC, repealed the “network neutrality” rules adopted during the Obama Administration, which barred Internet service providers from blocking or slowing down access to online content, protecting services like ours from such interference. The 2018 decision was largely affirmed by the United States Court
49



of Appeals for the District of Columbia Circuit, subject to a remand to consider several issues raised by parties that supported network neutrality, and in November 2020 the FCC affirmed its decision to repeal the rules. On October 19, 2023, the FCC adopted a notice of proposed rulemaking that would reinstate the network neutrality rules, and asked for comment on that proposal and on potential changes to those rules. We cannot predict whether or when the FCC will adopt new rules or the impact of any rules that may be adopted on our operations or business. A number of states have adopted or are adopting or considering legislation or executive actions that would regulate the conduct of broadband providers. California’s state-specific network neutrality law has taken effect, as has a similar law in Vermont, but a challenge to the Vermont law remains pending and has been suspended until an appeal in another case addressing state powers to adopt internet regulation is resolved. In addition, the status of state regimes may be affected by the FCC’s action in its new network neutrality proceeding. We cannot predict whether any FCC order or other state initiatives will be enforced, modified, overturned, or vacated by legal action of the court, federal legislation, or the FCC.
To the extent network operators attempt to interfere with our platform, absent network neutrality rules, attempt to interfere with our services, extract fees from us to deliver our platform, or otherwise engage in discriminatory practices, our business could be adversely impacted. Within such a regulatory environment, we could experience discriminatory or anti-competitive practices that could impede our domestic and international growth, cause us to incur additional expense, or otherwise harm our business. At the same time, re-adoption of network neutrality rules could affect the services used by us and our customers by restricting the offerings made by Internet service providers or reducing their incentives to invest in their networks. Such actions could limit or reduce the quality of Internet access services and have an adverse impact on the quality of the services we provide to our customers.
We are subject to anti-corruption, anti-bribery, anti-money laundering and similar laws, and non-compliance with such laws can subject us to criminal and/or civil liability and harm our business.
We are subject to the United States Foreign Corrupt Practices Act, the United States domestic bribery statute contained in 18 U.S.C. § 201, the United States Travel Act, the U.K. Bribery Act, and other anti-bribery and anti-money laundering laws in the countries in which we conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies and their employees and third-party intermediaries from authorizing, offering or providing, directly or indirectly, improper payments, or benefits to recipients in the public or private sector. As we increase our international sales and business and sales to the public sector, we may engage with business partners and third-party intermediaries to market our platform and to obtain necessary permits, licenses, and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities.
While we have policies and procedures to address compliance with such laws, we cannot assure you that all of our employees and agents will not take actions in violation of our policies and applicable laws, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.
Detecting, investigating, and resolving actual or alleged violations can require a significant diversion of time, resources, and attention from senior management. In addition, noncompliance with anti-corruption, anti-bribery, or anti-money laundering laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution or other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, suspension or debarment from contracting with certain persons, the loss of export privileges, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed or if we do not prevail in any possible civil or criminal litigation, our business could be harmed. In addition, responding to any action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees. Enforcement actions and sanctions could further harm our business.
Changes in our effective tax rate or tax liability may harm our business.
Our effective tax rate could be adversely impacted by several factors, including:
50



Changes in the relative amounts of income before taxes in the various jurisdictions in which we operate that have differing statutory tax rates;
Changes in tax laws, tax treaties, and regulations or the interpretation of them;
Changes to our assessment about our ability to realize our deferred tax assets that are based on estimates of our future results, the prudence and feasibility of possible tax planning strategies, and the economic and political environments in which we do business;
The outcome of current and future tax audits, examinations, or administrative appeals; and
Limitations or adverse findings regarding our ability to do business in some jurisdictions.
Should our effective tax rate rise, our business could be harmed.
We could be required to collect additional sales taxes or be subject to other tax liabilities that may increase the costs our clients would have to pay for our offering and harm our business.
An increasing number of states have considered or adopted laws that attempt to impose tax collection obligations on out-of-state companies. Additionally, the Supreme Court of the United States ruled in South Dakota v. Wayfair, Inc. et al (“Wayfair”) that online sellers can be required to collect sales and use tax despite not having a physical presence in the buyer’s state. In response to Wayfair, or otherwise, states or local governments may adopt, or begin to enforce, laws requiring us to calculate, collect, and remit taxes on sales in their jurisdictions. A successful assertion by one or more jurisdictions requiring us to collect taxes where we presently do not do so, or to collect more taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest. The imposition by state governments or local governments of sales tax collection obligations on out-of-state sellers could also create additional administrative burdens for us, put us at a competitive disadvantage if they do not impose similar obligations on our competitors and decrease our future sales, which could harm our business.
Historically, we have not collected such taxes from our customers and have therefore recorded such taxes as general and administrative expenses. We expect that these expenses will decline in future years as we continue to implement our sales tax collection mechanisms and start collecting these taxes from our customers. However, delays in implementing our sales tax collection mechanisms and changing tax laws could result in us incurring additional expenses that we may not be able to pass onto our customers.
Adverse tax laws or regulations could be enacted or existing laws could be applied to us, which could adversely affect our business and financial condition.
We operate, and are subject to taxes, in the United States and numerous other jurisdictions throughout the world. The U.S. federal, state, local, or non-U.S. international tax laws on income, sales, use, indirect, or other tax laws, statutes, rules, regulations, or ordinances on multinational corporations to which we are subject are or under which we operate are unsettled in certain respects and may be subject to significant change. For example, many countries in Europe, as well as a number of other countries and organizations, including the Organization for Economic Cooperation and Development and the European Commission, have recently proposed, recommended, or (in the case of countries) enacted changes to existing tax laws or new tax laws that could significantly increase our tax obligations in the countries where we do business or require us to change the manner in which we operate our business. These proposals, recommendations and enactments include changes to the existing framework in respect of income taxes, as well as new types of non-income taxes (such as taxes based on a percentage of revenue or taxes applicable to digital services), which could apply to our business. These contemplated tax initiatives, if finalized and adopted by countries, may ultimately impact our effective tax rate and could adversely affect our sales activity resulting in a negative impact on our operating results and cash flows.
In addition, existing tax laws, statutes, rules, regulations, or ordinances could be interpreted, modified, or applied adversely to us (possibly with retroactive effect), which could require us to pay additional tax amounts, fines or penalties, and interest for past amounts. The additional tax obligations could relate to our taxes or obligations to report or withhold on
51



customer taxes. We could take steps to collect customer related taxes, but if we are unsuccessful in collecting such taxes from our customers, we could be held liable for such costs, thereby adversely impacting our operating results and cash flows. Further, if our customers must pay additional fines or penalties, it could adversely affect demand for our services.
Legislation enacted in 2017 informally titled the “Tax Act” significantly revised the Internal Revenue Code of 1986, as amended (the “Code”). In 2022, the Inflation Reduction Act of 2022 (the “IRA”) was enacted, which includes provisions that impact the U.S. federal income taxation of corporations, including imposing a minimum tax on the book income of certain large corporations and an excise tax on certain corporate stock repurchases that is imposed on the corporation repurchasing such stock. Future legislation or regulatory guidance, including under the Tax Act or the IRA, or other executive or Congressional actions in the United States may occur, and could ultimately increase or lessen the impact of such taxes on our business and financial condition. We urge our stockholders to consult with their legal and tax advisors with respect to this legislation and the potential tax consequences of investing in or holding our Class A common stock.

Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.
Our net operating loss (“NOL”) carryforwards could expire unused and be unavailable to offset future income tax liabilities because of their limited duration or because of restrictions under United States tax law. For U.S. federal income tax purposes, our NOLs generated in tax years beginning before January 1, 2018 are permitted to be carried forward for 20 years. Our U.S. federal NOLs generated in tax years beginning after December 31, 2017 may be carried forward indefinitely, but our use of such U.S. federal NOLs generally is limited to 80% of such year’s taxable income, computed without regard to the NOL deduction and certain other deductions. It is uncertain if, and to what extent, various states will conform to these limitations on the use of U.S. federal NOLs.
In addition, under Section 382 of the Code, a corporation that undergoes an “ownership change” may be subject to limitations on its ability to utilize its pre-change NOLs to offset future taxable income. A detailed analysis was performed through December 31, 2021 for us to determine whether an ownership change under Section 382 of the Code has occurred, and ownership changes were identified in 2013 and 2020. As a result of this analysis, we concluded that there is no longer any limitation on our utilization of such NOLs. A detailed analysis was performed for the period March 1, 2014 to October 1, 2020 for Signal Sciences to determine whether an ownership change under Section 382 of the Code has occurred and an ownership change was identified in 2020. As a result of this analysis, we concluded that there is no longer any limitation on our utilization of the NOLs of Signal Sciences. We may experience ownership changes in the future as a result of subsequent shifts in our stock ownership, some of which shifts are outside our control. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future may be subject to limitations. For these reasons, we may not be able to utilize a material portion of the NOLs, even if we were to achieve profitability.
Our international operations may subject us to potential adverse tax consequences.
We are expanding our international operations and staff to better support our growth into international markets. Our corporate structure and associated transfer pricing policies contemplate future growth into the international markets, and consider the functions, risks, and assets of the various entities involved in the intercompany transactions. The amount of taxes we pay in different jurisdictions may depend on: the application of the tax laws of the various jurisdictions, including the United States, to our international business activities; changes in tax rates; new or revised tax laws or interpretations of existing tax laws and policies; and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions pursuant to our intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows, and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency.
We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate such controls.
Our products are subject to United States export controls, including the Export Administration Regulations administered by the United States Commerce Department, and economic sanctions administered by the Office of Foreign Assets Control of the United States Treasury Department (“OFAC”). We incorporate encryption technology into certain of our products. These encryption products and the underlying technology may be exported outside of the United States only with the required export
52



authorizations. Other countries also regulate the import and export of certain encryption products and technology through import and export licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries. Additionally, export restrictions recently imposed on Russia and Belarus in connection with the military conflict involving Ukraine specifically restrict the export of encryption software to these locations.
Furthermore, our activities are subject to United States economic sanctions laws and regulations that generally prohibit the direct or indirect exportation or provision of products and services to countries, governments, and individuals and entities targeted by United States embargoes or sanctions, except to the extent authorized by OFAC or exempt from sanctions. For example, following Russia’s invasion of Ukraine, the United States and other countries imposed economic sanctions and severe export control restrictions against Russia and Belarus, and the United States and other countries could impose wider sanctions and export restrictions and take other actions should the conflict further escalate. Obtaining the necessary export license or other authorization for a particular sale may not always be possible, and, even if the export license is ultimately granted, the process may be time-consuming and may result in the delay or loss of sales opportunities. Violations of United States sanctions or export control laws can result in significant fines or penalties, and possible incarceration for responsible employees and managers could be imposed for criminal violations of these laws.
Changes in our products or future changes in export and import regulations may create delays in the introduction of our products in international markets, prevent our customers with international operations from deploying our products globally, or, in some cases, prevent the export or import of our products to certain countries, governments, or persons altogether. From time to time, various governmental agencies have proposed additional regulation of encryption products and technology, including the escrow and government recovery of private encryption keys. Any change in export or import regulations, economic sanctions or related legislation, increased export and import controls, or change in the countries, governments, persons, or technologies targeted by such regulations could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would harm our business.
We are exposed to fluctuations in currency exchange rates.
Our sales contracts are primarily denominated in U.S. dollars, and therefore a majority of our revenue is not subject to foreign currency revaluation. However, a strengthening of the U.S. dollar could increase the real cost of our platform to our customers outside of the United States, which could cause an increase in requests to renegotiate contracts and adversely affect our operating results. Foreign currency exchange rates have recently been and could continue to be subject to increased volatility. In addition, our international sales in the future could become foreign currency denominated sales, increasing our foreign currency risk. In addition, an increasing portion of our operating expenses is incurred outside the United States. These operating expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates. As these expenses become more material and if there are significant fluctuations in foreign currency exchange rates, this could result in significant fluctuations in our operating expenses and results of operations, which could harm our business.
The phase-out of the London Interbank Offered Rate (“LIBOR”), or the replacement of LIBOR with a different reference rate, may adversely affect interest rates.
On July 27, 2017, the Financial Conduct Authority (the “FCA”), the authority that regulates LIBOR, announced that after December 31, 2021, it would no longer compel banks to submit the rates required to calculate LIBOR. On March 5, 2021, the ICE Benchmark Administration, which administers LIBOR, and the FCA announced that all LIBOR settings would either cease to be provided by any administrator, or would no longer be representative, immediately after December 31, 2021 for all non-U.S. dollar LIBOR settings and one-week and two-month U.S. dollar LIBOR settings, and immediately after June 30, 2023 for the remaining U.S. dollar LIBOR settings. On June 28, 2023, we entered into the First Amendment to Credit Agreement with the Lenders and First-Citizens Bank & Trust Company (successor by purchase to the Federal Deposit Insurance Corporation as Receiver for Silicon Valley Bridge Bank, N.A. (as successor to Silicon Valley Bank)), as a lender and as administrative agent and collateral agent for the Lenders to, among other things, amend the interest rate provisions to replace LIBOR with the Secured Overnight Financing Rate (“SOFR”) as the interest rate benchmark. The shift to SOFR from LIBOR is complex and may adversely affect our business, financial condition, results of operations, liquidity, and cash flows.
53



Unfavorable conditions in our industry or the global economy, rising inflation or reductions in information technology spending could harm our business.
Global economic conditions have impacted, and will likely continue to impact, businesses around the world, including ours. Inflation and other macroeconomic pressures in the U.S. and the global economy such as rising interest rates, banking instability and recession fears are creating a complex and challenging environment for us and our customers. Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers and potential customers. Current or future economic uncertainties or downturns could adversely affect our business and results of operations. The U.S. capital markets experienced and continue to experience extreme volatility. While our ability to do business has not been materially affected, and the global restrictive measures that have been taken in response to such events, and could be taken in the future, have created significant global economic uncertainty that could prolong and escalate tensions and expand the geopolitical conflict, which could have a lasting impact on regional and global economies, any of which could harm our business and operating results. Further, due to political uncertainty and international military actions, we and the third parties upon which we rely may be vulnerable to a heightened risk of security breaches, computer malware, social-engineering attacks, supply-chain attacks, software bugs, server malfunctions, software or hardware failures, loss of data or other information technology assets, and other cyber-attacks, including attacks that could materially disrupt our systems and operations, supply chain, and ability to do business. These attacks are expected to continue to occur in the future. Furthermore, inflation rates in the U.S. in the past few years have increased to levels not seen in decades, prompting the Federal Reserve to increase interest rates. Negative conditions in the general economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, currency and interest rate fluctuations, political turmoil, natural catastrophes, warfare, public health issues, and terrorist attacks on the United States, Europe, the Asia Pacific region, or elsewhere, could cause a downturn or recession and a decrease in business investments, including spending on information technology, which would harm our business. To the extent that our platform and our products are perceived by customers and potential customers as too costly, or difficult to deploy or migrate to, our revenue may be disproportionately affected by delays or reductions in general information technology spending. Also, our competitors, many of whom are larger and have greater financial resources than we do, may respond to market conditions by lowering prices and attempting to lure away our customers. In addition, the increased pace of consolidation in certain industries may result in reduced overall spending on our products. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry.
Risks Related to Intellectual Property
We could incur substantial costs in protecting or defending our proprietary rights, and any failure to adequately protect our rights could impair our competitive position and we may lose valuable assets, experience reduced revenue, and incur costly litigation to protect our rights.
Our success is dependent, in part, upon protecting our proprietary technology. We rely on a combination of patents, copyrights, trademarks, service marks, trade secret laws, and contractual provisions in an effort to establish and protect our proprietary rights. However, the steps we take to protect our intellectual property may be inadequate. While we have issued patents in the United States and other countries and have additional pending patent applications, we may be unable to obtain patent protection for the technology covered in our patent applications. In addition, any patents issued in the future may not provide us with competitive advantages, or may be successfully challenged by third parties. Any of our patents, trademarks, or other intellectual property rights may be challenged or circumvented by others or invalidated through administrative process or litigation. There can be no guarantee that others will not independently develop similar products, duplicate any of our products, or design around our patents. Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create products and services that compete with ours. Some license provisions protecting against unauthorized use, copying, transfer, and disclosure of our products may be unenforceable under the laws of jurisdictions outside the United States. To the extent we expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information may increase.
We enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances. No assurance can be given that these agreements will be effective in controlling access to and distribution of our products and proprietary information. Further, these agreements do not prevent our competitors or partners from independently developing technologies that are substantially equivalent or superior to our platform.
54



In order to monitor and protect our intellectual property rights, we may be required to spend significant resources. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Litigation brought to protect and enforce our intellectual property rights could be costly, time consuming, and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our platform, impair the functionality of our platform, delay introductions of new products, result in our substituting inferior or more costly technologies into our products, or injure our reputation. We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Moreover, policing unauthorized use of our technologies, trade secrets, and intellectual property may be difficult, expensive, and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the United States and where mechanisms for enforcement of intellectual property rights may be weak. If we fail to meaningfully protect our intellectual property and proprietary rights, our business may be harmed.
We may in the future be subject to legal proceedings and litigation relating to intellectual property disputes, which are costly and may subject us to significant liability and increased costs of doing business. Our business may suffer if it is alleged or determined that our technology infringes the intellectual property rights of others.
Our industry is characterized by the existence of a large number of patents, copyrights, trademarks, trade secrets, and other intellectual property rights. From time to time, we may be required to defend against litigation claims by other companies based on allegations of infringement or other violations of their intellectual property rights. Many of these companies have the capability to dedicate substantially greater resources than us to enforce their intellectual property rights and to defend claims that may be brought against them. Therefore, we may not be able to withstand any third-party claims or rights against their use. In addition, we may be required to defend against litigation claims by patent holding companies or other adverse patent owners that have no relevant product revenue. If a third party is able to obtain an injunction preventing us from accessing such third-party intellectual property rights, or if we cannot license or develop technology for any infringing aspect of our business, we would be forced to limit or stop selling products impacted by the claim or injunction or cease business activities covered by such intellectual property, and may be unable to compete effectively. Any inability to license third-party technology in the future would have an adverse effect on our business and operating results, and would adversely affect our ability to compete. We may also be contractually obligated to indemnify our customers in the event of infringement of a third party’s intellectual property rights. We receive demands for such indemnification from time to time and expect to continue to do so. Responding to such claims, regardless of their merit, can be time consuming, costly to defend in litigation, and damage our reputation and brand.
Lawsuits are time-consuming and expensive to resolve and they divert management’s time and attention. Although we carry insurance, our insurance may not cover potential claims of this type or may not be adequate to indemnify us for all liability that may be imposed. We cannot predict the outcome of lawsuits, and the results of any such actions may harm our business.
Elements of our platform and our products use open source software, which may restrict the functionality of our platform and our products, or require that we release the source code of certain products subject to those licenses.
Our platform incorporates software licensed under open source licenses. Such open source licenses typically require that source code subject to the license be made available to the public and that any modifications or derivative works to open source software continue to be licensed under open source licenses. Few courts have interpreted open source licenses, and the manner in which these licenses may be interpreted and enforced is therefore subject to some uncertainty. We rely on multiple software programmers to design our proprietary technologies, and we do not exercise complete control over the development efforts of our programmers and we cannot be certain that our programmers have not incorporated open source software into our proprietary products and technologies or that they will not do so in the future. In the event that portions of our proprietary technology are determined to be subject to an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all or a portion of our technologies, or otherwise be limited in the licensing of our technologies, each of which could reduce or eliminate the value of our platform and technologies and materially and adversely affect our ability to sustain and grow our business.
55



Provisions in various agreements potentially expose us to substantial liability for intellectual property infringement, data protection, and other losses.
Our agreements with customers and other third parties generally include provisions under which we are liable or agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, data protection, damages caused by us to property or persons, or other liabilities relating to or arising from our platform, services, or other contractual obligations. Some of these agreements provide for uncapped liability for which we would be responsible, and some provisions survive termination or expiration of the applicable agreement. Large liability payments could harm our business, results of operations, and financial condition. Although we normally contractually limit our liability with respect to such obligations, we may still incur substantial liability related to them, and in case of an intellectual property infringement indemnification claim, we may be required to cease use of certain functions of our platform as a result of any such claims. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business. Even when we have contractual protections against such customer claims, we may choose to honor a customer’s request for indemnification or otherwise seek to maintain customer satisfaction by issuing customer credits, assisting our customer in defending against claims, or in other ways.
Risks Related to Ownership of Our Class A Common Stock
Our stock price may be volatile, and the value of our Class A common stock may decline.
Historically, our stock price has been volatile. During the year ended December 31, 2023, our stock traded as high as $24.31 per share and as low as $7.97 per share, and from January 1, 2024 to February 20, 2024, our stock price has ranged from $25.87 per share to $14.78 per share. The market price of our Class A common stock may continue to be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, some of which are beyond our control or are related in complex ways, including:
actual or anticipated fluctuations in our financial condition and operating results;
decreased usage by one or more of our customers;
variance in our financial performance from expectations of securities analysts or investors;
changes in the pricing we offer our customers;
changes in our projected operating and financial results;
changes in laws or regulations applicable to our platform or related products;
announcements by us or our competitors of significant business developments, acquisitions, or new offerings;
publicity associated with network outages and problems;
our involvement in litigation;
changes in senior management or key personnel;
the trading volume of our Class A common stock;
potential equity or debt financings;
changes in the anticipated future size and growth rate of our market; and
general political, social, economic, regulatory, and market conditions, in both domestic and our foreign markets, including the effects of global events like the war in Ukraine and the more recent hostilities in Israel on the global
56



economy, labor shortages, supply chain disruptions, inflation, increased interest rates, banking instability and slow or negative growth of our markets.
Broad market and industry fluctuations, as well as general economic, political, social, regulatory, and market conditions, may impact the market price of our Class A common stock. For example, in connection with the COVID-19 pandemic, we initially experienced an increase in the usage of our platform, and as a result, the trading price of our Class A common stock significantly increased. Over the past few years, our stock price has declined significantly. There are no assurances that the trading price of our Class A common stock will recover to prior levels. Moreover, the trading price of our Class A common stock could experience further volatility and declines. These fluctuations could cause you to lose all or part of your investment in our Class A common stock.
In addition, extreme price and volume fluctuations in the stock markets have affected and continue to affect many technology companies’ stock prices, including ours. Often, their stock prices have fluctuated in ways unrelated or disproportionate to the companies’ operating performance.
In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial costs and divert our management’s attention.
We may not have the ability to raise the funds necessary to repay or settle conversions of the Notes in whole or in part in cash or to repurchase the Notes upon a fundamental change, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of the Notes.
In March 2021, we entered into a purchase agreement for the sale of an aggregate of $948.8 million principal amount of our 0% convertible senior notes due 2026 (the “Notes”). During the year ended December 31, 2022, we entered into separate, privately negotiated transactions with certain holders of the Notes to repurchase approximately $235.0 million aggregate outstanding principal amount of the Notes for an aggregate cash repurchase price of approximately $176.4 million. During the year ended December 31, 2023, we entered into several separate, privately negotiated transactions with certain holders of the Notes to repurchase (the “Repurchases”) $367.3 million of aggregate principal amount of the Notes for an aggregate cash repurchase price of $309.1 million and aggregate transaction costs of $2.0 million. The remaining Notes with an aggregate principal amount of $346.5 million will mature on March 15, 2026, unless earlier converted, redeemed or repurchased. Holders of the Notes will have the right, subject to certain conditions and limited exceptions, to require us to repurchase all or a portion of their Notes upon the occurrence of a fundamental change at a fundamental change repurchase price equal to 100% of the principal amount of the Notes to be repurchased, plus accrued and unpaid special interest, if any, as described in the indenture governing the Notes. If our stock price is lower than the conversion price of the Notes on maturity, the holders of our Notes will likely not convert and we will have to repay those Notes in cash. In addition, upon conversion of the Notes, unless we elect to deliver solely shares of our Class A common stock to settle such conversion (other than paying cash in lieu of delivering any fractional share), we will be required to make cash payments in respect of the Notes being converted as described in the indenture governing the Notes. However, we may not have enough available cash or be able to obtain financing at the time we are required to repay or make repurchases of Notes surrendered therefor or pay cash with respect to Notes being converted. In addition, our ability to repurchase the Notes or to pay cash upon conversions of the Notes may be limited by law, by regulatory authority or by agreements governing our future indebtedness. Our failure to repurchase notes at a time when the repurchase is required by the indenture or to pay any cash payable on future conversions of the Notes as required by the indenture would constitute a default under the indenture. A default under the indenture governing the Notes or the fundamental change itself could also lead to a default under agreements governing our future indebtedness. If the repayment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the Notes or make cash payments upon conversions thereof. Such acceleration could result in our bankruptcy. In a bankruptcy, the holders of the Notes would have a claim to our assets that is senior to the claims of our equity holders.
Conversion of the Notes may dilute the ownership interest of our stockholders or may otherwise depress the price of our Class A common stock.
The conversion of some or all of the Notes will dilute the ownership interests of our stockholders. Upon conversion of the Notes, we have the option to pay or deliver, as the case may be, cash, shares of our Class A common stock, or a combination of cash and shares of our Class A common stock. If we elect to settle our conversion obligation in shares of our Class A common stock or a combination of cash and shares of our Class A common stock, any sales in the public market of our Class A common stock issuable upon such conversion could adversely affect prevailing market prices of our Class A common stock. In addition, the existence of the Notes may encourage short selling by market participants because the conversion of the
57



Notes could be used to satisfy short positions, or anticipated conversion of the Notes into shares of our Class A common stock could depress the price of our Class A common stock.

Servicing our debt requires a significant amount of cash, and we may not have sufficient cash flow from our business to pay our substantial debt.
Our ability to make scheduled payments of the principal of or to refinance our indebtedness, including the Notes, depends on our future performance, which is subject to economic, financial, competitive, and other factors beyond our control. Our business may not generate cash flow from operations in the future sufficient to service our debt, including the Notes, and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, refinancing or restructuring debt or obtaining additional equity capital on terms that may be onerous or highly dilutive. Our ability to refinance or restructure our indebtedness will depend on the capital markets and our financial condition at such time, and if the financial markets become difficult or costly to access, including due to rising interest rates, fluctuations in foreign currency exchange rates or other changes in economic conditions, our ability to raise additional capital may be negatively impacted. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations. Even if we can refinance or restructure our debt, the revised terms may harm our business.

Regulatory actions and other events may adversely affect the trading price and liquidity of the Notes.
We expect that many investors in, and potential purchasers of, the Notes may employ, or seek to employ, a convertible arbitrage strategy with respect to the Notes. Investors would typically implement such a strategy by selling short the Class A common stock underlying the Notes and dynamically adjusting their short position while continuing to hold the Notes. Investors may also implement this type of strategy by entering into swaps on our Class A common stock in lieu of or in addition to short selling the Class A common stock.
The SEC and other regulatory and self-regulatory authorities have implemented various rules and taken certain actions and may in the future adopt additional rules and take other actions, that may impact those engaging in short selling activity involving equity securities (including our Class A common stock). Such rules and actions include Rule 201 of SEC Regulation SHO, the adoption by the Financial Industry Regulatory Authority, Inc. and the national securities exchanges of a “Limit Up-Limit Down” program, the imposition of market-wide circuit breakers that halt trading of securities for certain periods following specific market declines, and the implementation of certain regulatory reforms required by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. Any governmental or regulatory action that restricts the ability of investors in, or potential purchasers of, the Notes to effect short sales of our Class A common stock, borrow our Class A common stock or enter into swaps on our Class A common stock could adversely affect the trading price and the liquidity of the Notes.
The conditional conversion feature of the Notes, if triggered, may adversely affect our financial condition and operating results.
In the event the conditional conversion feature of the Notes is triggered, holders of Notes will be entitled to convert their Notes at any time during specified periods at their option. If one or more holders elect to convert their Notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our Class A common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely affect our liquidity. In addition, even if holders do not elect to convert their Notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital, which could impact our existing covenants and inhibit our ability to raise future debt. For additional information regarding the conditional conversion feature of the Notes, see Note 9, Debt Instruments.
Future sales and issuances of our capital stock or rights to purchase capital stock could result in dilution of the percentage ownership of our stockholders and could cause the price of our Class A common stock to decline.
Future sales and issuances of our capital stock or rights to purchase our capital stock could result in substantial dilution to our existing stockholders. For example, we may issue approximately 3.4 million shares of our Class A common stock if the Notes convert, subject to customary anti-dilution adjustments. In addition, we may need to secure additional funds for our existing debt obligations, including repayment of the Notes. We may sell Class A common stock, convertible securities, and other equity securities in one or more transactions at prices and in a manner as we may determine from time to time. If we sell
58



any such securities in subsequent transactions, investors may be materially diluted. New investors in such subsequent transactions could gain rights, preferences, and privileges senior to those of holders of our Class A common stock.

Future sales of our Class A common stock in the public market could cause the market price of our Class A common stock to decline.
Sales of a substantial number of shares of our Class A common stock in the public market, or the perception that these sales might occur, could depress the market price of our Class A common stock and could impair our ability to raise capital through the sale of additional equity securities. We are unable to predict the effect that such sales may have on the prevailing market price of our Class A common stock.
As of December 31, 2023, we have outstanding a total of 133.0 million shares of Class A common stock. All of our outstanding shares are eligible for sale in the public market, other than shares and options held by directors, executive officers, and other affiliates that are subject to volume limitations under Rule 144 of the Securities Act, various vesting agreements, and shares that must be sold under an effective registration statement. Additionally, the shares of Class A common stock subject to outstanding options and restricted stock unit awards under our equity incentive plans and the shares reserved for future issuance under our equity incentive plans will become eligible for sale in the public market upon issuance, subject to applicable insider trading policies. The outstanding portion of the Notes will also become convertible at the option of the holders, subject to certain limitations and restrictions, prior to March 15, 2026.
Future sales also could cause the trading price of our Class A common stock to decline and make it more difficult for investors to sell shares of our Class A common stock.
If securities or industry analysts do not publish research or publish unfavorable or inaccurate research about our business, our Class A common stock price and trading volume could decline.
Our stock price and trading volume are heavily influenced by the way analysts and investors interpret our financial information and other disclosures. If securities or industry analysts do not publish research or reports about our business, delay publishing reports about our business, or publish negative reports about our business, regardless of accuracy, our Class A common stock price and trading volume could decline.
The trading market for our Class A common stock depends, in part, on the research and reports that securities or industry analysts publish about us or our business. We do not have any control over these analysts. If the number of analysts that cover us declines, demand for our Class A common stock could decrease and our Class A common stock price and trading volume may decline.
Even if our Class A common stock is actively covered by analysts, we do not have any control over the analysts or the measures that analysts or investors may rely upon to forecast our future results. Over-reliance by analysts or investors on any particular metric to forecast our future results may result in forecasts that differ significantly from our own.
Regardless of accuracy, unfavorable interpretations of our financial information and other public disclosures could have a negative impact on our stock price. If our financial performance fails to meet analyst estimates, for any of the reasons discussed above or otherwise, or one or more of the analysts who cover us downgrade our Class A common stock or change their opinion of our Class A common stock, our stock price would likely decline.
We do not intend to pay dividends for the foreseeable future.
We have never declared or paid any cash dividends on our capital stock, and we do not intend to pay any cash dividends in the foreseeable future. Any determination to pay cash dividends in the future will be at the discretion of our board of directors and are restricted by the terms of our Credit Agreement. The Credit Agreement permits the payment of cash dividends so long as, after giving effect to any such dividend, we maintain a consolidated adjusted quick ratio of at least 1.50 to 1.00 and are otherwise in pro forma compliance with all covenants under the Credit Agreement. In addition, the Credit Agreement permits us to pay up to $10.0 million in cash dividends per fiscal year so long as, after giving effect to any such dividend, we are in pro forma compliance with all covenants under the Credit Agreement, including a consolidated adjusted quick ratio of at least 1.25 to 1.00. Accordingly, investors must rely on sales of their Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
59



We incur significant costs as a result of operating as a public company, and our management is required to devote substantial time to compliance with our public company responsibilities and corporate governance practices.
As a public company, we incur significant legal, accounting, and other expenses that we did not incur as a private company. Such expenses have further increased now that we are no longer an “emerging growth company.” The Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the listing requirements of the NYSE, and other applicable securities rules and regulations impose various requirements on public companies. Furthermore, the senior members of our management team do not have significant experience with operating a public company. As a result, our management and other personnel have to devote a substantial amount of time to compliance with these requirements. Moreover, these rules and regulations increase our legal and financial compliance costs and make some activities more time-consuming and costly. We cannot predict or estimate the amount of additional costs we will incur as a public company or the timing of such costs.
Anti-takeover provisions in our charter documents, the indenture governing the Notes, and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current board of directors or management and limit the market price of our Class A common stock.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in board of directors or our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:
authorize our board of directors to issue, without further action by the stockholders, shares of undesignated preferred stock with terms, rights, and preferences determined by our board of directors that may be senior to our Class A common stock;
require that any action to be taken by our stockholders be effected at a duly called annual or special meeting and not by written consent;
specify that special meetings of our stockholders can be called only by our board of directors, the chairperson of our board of directors, or our chief executive officer;
establish an advance notice procedure for stockholder proposals to be brought before an annual meeting, including proposed nominations of persons for election to our board of directors;
establish that our board of directors is divided into three classes, with each class serving three-year staggered terms;
prohibit cumulative voting in the election of directors;
provide that our directors may be removed for cause only upon the vote of the holders of a majority of our outstanding shares of common stock; and
provide that vacancies on our board of directors may be filled only by a majority of directors then in office, even though less than a quorum.
These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management. In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which generally, subject to certain exceptions, prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any “interested” stockholder for a period of three years following the date on which the stockholder became an “interested” stockholder. Any delay or prevention of a change of control transaction or changes in our management could cause the market price of our Class A common stock to decline.
60



Certain provisions in the indenture governing the Notes may make it more difficult or expensive for a third party to acquire us. For example, the indenture governing the Notes will require us, except as described therein, to repurchase the Notes for cash upon the occurrence of a fundamental change and, in certain circumstances, to increase the conversion rate for a holder that converts its notes in connection with a make-whole fundamental change. A takeover of us may trigger the requirement that we repurchase the Notes, increase the conversion rate, or both, which could make it costlier for a potential acquirer to engage in such takeover. Such additional costs may have the effect of delaying or preventing a takeover of us that would otherwise be beneficial to investors.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware and, to the extent enforceable, the federal district courts of the United States of America will be the exclusive forums for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware is the exclusive forum for the following types of actions or proceedings under Delaware statutory or common law:
any derivative action or proceeding brought on our behalf;
any action asserting a breach of fiduciary duty;
any action asserting a claim against us arising under the Delaware General Corporation Law,
our amended and restated certificate of incorporation, or our amended and restated bylaws; and
any action asserting a claim against us that is governed by the internal-affairs doctrine.
This provision would not apply to suits brought to enforce a duty or liability created by the Exchange Act. Furthermore, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all such Securities Act actions. Accordingly, both state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated certificate of incorporation provides that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. While the Delaware courts have determined that such choice of forum provisions are facially valid, and several state trial courts have enforced such provisions and required that suits asserting Securities Act claims be filed in federal court, there is no guarantee that courts of appeal will affirm the enforceability of such provisions and a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our amended and restated certificate of incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions, and there can be no assurance that the provisions will be enforced by a court in those other jurisdictions. If a court were to find either exclusive forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with litigating Securities Act claims in state court, or both state and federal court, which could seriously harm our business, financial condition, results of operations, and prospects.
These forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers, and other employees. If a court were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions, all of which could harm our business.
61



Item 1B.     Unresolved Staff Comments

None.

Item 1C.     Cybersecurity

Risk management and strategy

We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, trade secrets, personal information, and data of our customers (including their end-users) (“Information Systems and Data”).

Our Chief Information Security Officer (“CISO”) and security organization help identify, assess, and manage the Company’s cybersecurity threats and risks, including through the use of the Company’s security risk register. The CISO and security organization identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and the Company’s risk profile using various methods including, for example: (1) identifying vulnerabilities through automated scans, vulnerability assessments, and subscriptions to threat intelligence feeds and notices; (2) assessing security weaknesses identified through internal security reviews, external penetration tests, and reports on our products and services; and (3) assessing the Company’s threat landscape given the industry’s risk profile, the results of our enterprise risk assessment, and information technology, privacy, and security audits.

Depending on the environment, system, and data, we implement and maintain various technical, physical, and organizational measures, processes, standards, and/or policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: an incident response plan; incident detection and response; vulnerability management policy; disaster recovery plans; risk assessments; implementation of security standards and certifications; encryption of data; network security protocols; data segregation; access controls; physical security; asset management, tracking and disposal; systems monitoring, vendor risk management program; employee training; penetration testing; cybersecurity insurance; and a dedicated CISO and security organization.

Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. For example, (1) the security organization is engaged in all major changes to the Company’s environment or products to conduct a risk assessment and identify potential cybersecurity risk; (2) cybersecurity risk is a component of the Company’s enterprise risk management program and managed within the Company’s risk register; (3) the security organization works with senior leadership across the Company to prioritize our risk management processes and mitigate cybersecurity threats that are most likely to lead to a material impact to our business; and (4) our senior management evaluates material risks from cybersecurity threats against our overall business objectives and reports the results to the board of directors, which evaluates our overall enterprise risk.

We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example: professional services firms, including legal counsel; cybersecurity software providers; managed cybersecurity service providers; penetration testing firms; and forensic investigators.

We use third-party service providers to perform a variety of functions throughout our business, such as providing cloud-based infrastructure, hosting third party applications, and delivering content to customers, as well as data center hosting. We have a formal vendor management program to manage cybersecurity risks associated with our use of these providers. The security organization conducts a risk assessment to determine the criticality of the vendor prior to onboarding. Depending on the criticality of the vendor–which is based on the nature of the services provided, the sensitivity of the Information Systems and Data at issue, and the identity of the provider–our vendor security review process involves different levels of assessment designed to identify cybersecurity risks associated with a provider prior to onboarding and on a periodic basis, including, for example: (1) a vendor security questionnaire; (2) results of audit reports and certifications; and (3) policies and standards detailing the third-party’s security program. Based on the results of the vendor security review, a decision is made on whether the third-party can be engaged. We review our most critical providers' audit reports and certifications on an annual basis to reassess whether or not they have experienced any material changes or degradations to their security programs since our initial
62



review that may warrant re-evaluation. The Company generally engages reputable third-party service providers and when appropriate, imposes contractual obligations related to cybersecurity on its providers.

For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including “If our information technology systems or data, or those of third parties upon which we rely, are compromised now, or in the future, or the security, confidentiality, integrity or availability of our information technology, software, services, networks, communications or data is compromised, limited or fails, our business could experience materially adverse consequences, including but not limited to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, loss of revenue or profits, loss of customers or sales, reputational harm, and other adverse consequences.”

Governance

Our board of directors addresses the Company’s cybersecurity risk management as part of its general oversight function. The board of directors is responsible for overseeing Company’s cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats.

Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including our CISO, Mr. Marshall Erwin. Our CISO has experience in the technology and government industries, including through his previous roles as CISO for a major Internet company and an analyst in the US intelligence community. He also served as the cybersecurity and counterterrorism advisor on the Senate Homeland Security and Government Affairs Committee and as the intelligence specialist at the Congressional Research Service.

Our CISO is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy, and communicating key priorities to relevant personnel. Our CISO is responsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports.

Our incident response plan is designed to escalate certain cybersecurity incidents, including breaches, to members of management depending on the circumstances, including our CISO, general counsel, and other members of leadership when appropriate. The security incident and response team works with relevant subject matter experts across the organization when necessary to help the Company mitigate and remediate cybersecurity incidents of which they are notified. In addition, the Company’s incident response plan includes reporting to the board of directors for cybersecurity incidents the Company's disclosure committee determines are material. The disclosure committee, which includes members of management such as our Chief Financial Officer and general counsel, meets quarterly. The CISO acts in an advisory capacity to the Company's disclosure committee on an as-needed basis.

Our board of directors receives periodic reports at least annually from our CISO concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them. Our board of directors also receives various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.


Item 2.         Properties
Our corporate headquarters is located in San Francisco, California and consists of approximately 71,343 square feet of space under a lease that expires on July 31, 2027. We also maintain offices in Culver City, Denver, Pleasanton, New York, London and Tokyo. We lease all of our facilities and do not own any real property. We believe that our facilities are sufficient to meet our needs for the immediate future, and that, should it be needed, suitable additional space will be available to accommodate expansion of our operations.

Item 3.         Legal Proceedings

Please refer to Note 10—Commitments and Contingencies for discussion around our legal proceedings.


63



Item 4.         Mine Safety Disclosures
Not applicable.
64



PART II

Item 5.         Market for Registrant’s Common Equity, Related Stockholder Matters, and Issuer Purchases of                          Equity Securities
Market Information
Our Class A common stock has traded on The New York Stock Exchange (“NYSE”) under the symbol “FSLY” since May 17, 2019.

Holders of Record

As of December 31, 2023, there were 47 holders of record of our Class A common stock. The number of beneficial stockholders is substantially greater than the number of holders of record because a large portion of our common stock is held through brokerage firms.

Dividend Policy

We have never declared or paid any cash dividends on our capital stock. We currently intend to retain any future earnings and do not expect to pay any dividends in the foreseeable future. Any future determination to declare cash dividends will be made at the discretion of our Board of Directors, subject to applicable laws, and will depend on a number of factors, including our financial condition, results of operations, capital requirements, contractual restrictions, general business conditions, and other factors that our Board of Directors may deem relevant. In addition, the terms of our revolving credit facility place certain limitations on the amount of cash dividends we can pay, even if no amounts are currently outstanding.

Stock Performance Graph
This performance graph shall not be deemed “soliciting material” or to be “filed” with the Securities and Exchange Commission, or the SEC, for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, or the Exchange Act, or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any of our filings under the Securities Act of 1933, as amended, or the Securities Act.

We have presented below the cumulative total return to our stockholders between May 17, 2019 (the date our Class A common stock commenced trading on the NYSE) through December 31, 2023 in comparison to the S&P 500 Index and S&P 500 Information Technology Index. The graph assumes a $100 initial investment at the market close on May 17, 2019 which was the initial trading day of our Class A common stock, and the reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our Class A common stock.

2337


65



Unregistered Sales of Equity Securities

None.


Issuer Purchases of Equity Securities

None.
66



Item 6.         Reserved

Not required.

67



ITEM 7.     Management’s Discussion and Analysis of Financial Condition and Results of Operations
You should read the following discussion and analysis of our financial condition and results of operations together with the consolidated financial statements and related notes that are included elsewhere in this Annual Report on Form 10-K. This discussion contains forward-looking statements based upon current plans, expectations, and beliefs that involve risks and uncertainties. Actual results may differ materially from those anticipated in these forward-looking statements as a result of various factors, including those set forth under “Risk Factors” and in other parts of this Annual Report on Form 10-K. Our fiscal year ends on December 31.
As used herein, “Fastly, “we, “our, “the Company and similar terms include Fastly, Inc. and its subsidiaries, unless the context indicates otherwise.

Overview
Organizations around the world are more dependent on the quality of digital experiences they provide than ever before. At Fastly, we deliver an edge cloud platform capable of delivering fast, safe, and engaging digital experiences. By focusing holistically on edge cloud from developer inspiration to end-user experience, we have the opportunity to differentiate with our global footprint, dynamic infrastructure, and security solution. Performance, security, and building the most engaging applications are paramount to driving mission success for Fastly’s customers.
The edge cloud is a category of Infrastructure as a Service (“IaaS”) that enables developers to build, secure, and deliver digital experiences, at the edge of the Internet. This service represents the convergence of the Content Delivery Network (“CDN”) with functionality that has been traditionally delivered by hardware-centric appliances such as Application Delivery Controllers (“ADC”), Web Application Firewalls (“WAF”), Bot Detection, Distributed Denial of Service (“DDoS”) and observability solutions. It also includes the emergence of a new, but growing, edge computing market which aims to move compute power and logic as close to the end user as possible. When milliseconds matter, processing at the edge is an ideal way to handle highly dynamic and time-sensitive data. This has led to its acceptance and adoption by organizations who monetize or grow their user base with every millisecond saved. Organizations that want to improve their user experience, whether it’s faster loading websites or reduced shopping cart abandonment, can benefit from processing at the edge. The edge cloud complements data center, central cloud, and hybrid solutions.
Organizations must keep up with complex and ever-evolving end-user requirements. We help them surpass their end users’ expectations by powering fast, safe, and engaging digital experiences. We built a powerful edge cloud platform, designed from the ground up to be programmable and support agile software development. We believe that our platform gives our customers a significant competitive advantage, whether they were born into the digital age or are just embarking on their digital transformation journey.
Developers on the Fastly platform have a high degree of flexibility with granular control and real-time visibility, where they can write and deploy code in a serverless environment and push application logic to the edge. Our infrastructure is built for the software-defined future. Our network is powerful, efficient, and flexible, designed to enable us to rapidly scale to meet the needs of the most demanding customers. Our approach to scalable, secure reliability integrates security into multiple layers of development: architecture, engineering, and operations. That’s why we invest in building security into the fabric of our platform, alongside performance. We provide developers and security operations teams with a fast and safe environment to create, build, and run modern applications.
We serve established enterprises, mid-market companies, and technology-savvy organizations. Our customers represent a diverse set of organizations across many industries with one thing in common: they care about delivering best-in-class digital experiences. With our edge cloud platform, our customers are disrupting existing industries and creating new ones. For example, several of our customers have reinvented digital publishing by connecting readers through subscription models to indispensable content. Fastly’s ability to dynamically manage content in real time enables readers to have instant access to the most up to date information.
Our customers’ ecommerce solutions use Fastly’s edge compute functionality to deliver very low-latency customer experiences, including providing better recommendations to their shoppers, converting more shopping carts into sales and executing fast and secure financial transactions. Content streaming organizations leverage Fastly’s platform to deliver content
68



to users around the world and those that livestream gain easy access to enormous edge compute resources for even greater reliability. The range of applications that developers build with our edge cloud platform continues to expand rapidly.
Our mission is to make the Internet a better place where all experiences are fast, safe, and engaging. We want all developers to have the ability to deliver the next transformative digital experience on a global scale. And because big ideas often start small, we love it when developers experiment and iterate on our platform, coming up with exciting new ways to solve today’s complex problems.
For the years ended December 31, 2023 and 2022, our revenue was $506.0 million and $432.7 million, respectively, an increase of 17%.
Our 10 largest customers generated an aggregate of 37% and 35% of our revenue in the trailing 12 months ended December 31, 2023 and 2022, respectively.
No customer accounted for more than 10% of revenue for the years ended December 31, 2023 and 2022. Affiliated customers that are business units of a single company in the streaming entertainment space generated an aggregate of 12% and 11% of the Companys revenue for the years ended December 31, 2023 and 2022, respectively. We incurred a net loss of $133.1 million and $190.8 million in the years ended December 31, 2023 and 2022, respectively.
We focus our direct selling efforts on expanding our customer’s use of our platform, which includes companies that are exhibiting significant growth. We engage with and support these customers with our field sales representatives, account managers, and technical account managers who focus on customer satisfaction and drive expansion of their usage of our platform and products. These teams work with technical and business leaders to help our customers’ end-users receive the best possible digital experience, while also lowering our customers’ total cost of ownership. These direct selling efforts are reflected by the revenue generated from our enterprise customers. Our Dollar-Based Net Expansion Rate (“DBNER”), Net Retention Rate (“NRR”) and Last-Twelve Months Net Retention Rate (“LTM NRR”) metrics also measure the revenue growth from existing customers attributable to increased usage of our platform and features, and purchase of additional products and services. For additional details on our key metrics, refer to the “Key Business Metrics” section.
We believe that an annual cohort analysis of Fastly’s customers, as depicted in the chart below, demonstrates the continued expansion of our customers’ use of our platform. Once a customer begins to generate revenue for us, they tend to increase their usage of our platform, in particular in their second year. Customer accounts acquired in 2019, 2020, 2021, 2022 and 2023 are referred to as the 2019 Cohort, 2020 Cohort, 2021 Cohort, 2022 Cohort and 2023 Cohort, respectively. We calculate the Compound Annual Growth Rate (“CAGR”), which represents the rate of revenue return of our revenue cohorts, over a five year history from when they were first customers.

69



    Summary of Revenue Generated by Customer Cohorts Over Time (in millions):

Screenshot 2024-02-09 at 11.15.50 AM.jpg
Our 2019 Cohort increased its revenue 5.5 times in fiscal 2021 and has grown at approximately a 88% CAGR over the next four years from fiscal 2020 to fiscal 2023.
We generate substantially all of our revenue from charging our customers based on their usage of our platform, and we generate a substantial majority of our revenue from customers that have negotiated contracts with us. Initially, customers typically choose to become platform customers, for which we charge fees based on their committed or actual use of our platform, as measured in gigabytes and requests. Many of our customers generate billings in excess of their minimum commitment. We also generate revenue from additional products as well as professional and other services, such as implementation, account management and enhanced customer support. We charge a flat one-time or recurring monthly fee depending on the additional products and services selected. Typically, the term of our contracts with customers is 12 months and includes a minimum monthly billing commitment in exchange for more favorable pricing terms. In addition, customers can sign up online by providing their credit card information and agreeing to a minimum monthly fee. We also offer subscriptions to access a unified security web application and application programming interface at a fixed rate.
The majority of our revenue is usage based and changes in usage by our largest customers can create volatility in our revenue. The length of our sales cycles, from initial evaluation to payment, can range from several months to well over a year and can vary substantially from customer to customer. Similarly, the onboarding and ramping process with new as well as existing enterprise customers with new business can take several months and can be subject to delays for unanticipated reasons. The timing of new revenue from our sales efforts and changes in usage by our largest customers can make revenue difficult to predict.
Factors Affecting Our Performance
Winning New Customers
We are focused on continuing to attract new customers, including those in diverse vertical markets, and expanding our relationship with existing customers, by enhancing our product experience, investing in technology, and leveraging our partner ecosystem. Our customer base includes large, established enterprises that are undergoing digital transformation and emerging companies spanning a wide array of industries and verticals. Developers within these companies often use and advocate for the adoption of our platform by their companies and promotion across the broader developer community. We will continue to invest in our products and features and developer outreach, leveraging it as a cost-efficient approach to attracting new customers, and our sales and marketing programs, including various online marketing activities as well as targeted account-based marketing.
70



We are continuing to bring a durable, consistent, and predictable pipeline of new innovations to our edge cloud platform and software-defined modern network architecture, and are seeing interest from customers in our existing product lines like Network Services and Security, and newer product lines like Compute and Observability. We will continue to build out a single, unified platform, simplify customer onboarding and service usage, and simplify our pricing and packaging. This will require us to dedicate significant resources to further develop the market for our platform and differentiate our platform from competitive products and services. We will also need to expand, retain, and motivate our sales and marketing personnel in order to target our sales efforts at larger enterprises and senior management of these potential customers.
Many jurisdictions have enacted laws on data localization and cross-border data transfers, and the evolving enforcement and interpretation of such laws has created uncertainty regarding data stored abroad and transferred across borders, which could impact customer growth and acquisition for customers and potential customers conducting business in Europe and elsewhere outside of the United States. For additional details, refer to the section titled “Risk Factors.”
Expanding into New Markets and within Our Existing Customer Base
We aim to continue to add customers from a diverse set of industry verticals through our differentiated platform that offers a broad range of capabilities. By focusing on our key differentiators, including performance and security, we have an opportunity to continue to add customers from a diverse set of industries.
We emphasize retaining our customers and expanding their usage of our platform and adoption of our other products. Customers often begin with smaller deployments of one of our products and then expand their usage over time. Our platform includes a variety of offerings across Network Services, Security, Compute and Observability product lines. As our customers mature, we assist them in expanding their use of our platform, including the use of additional offerings beyond content delivery or security. As enterprises grow and experience increased traffic, their needs evolve, leading them to find additional use cases for our platform and expand their usage accordingly. In addition, given that customer acquisition costs are incurred largely for acquiring and initial onboarding, we may gain operating leverage to the extent that existing customers expand their use of our platform and products.
Our ability to retain customers and expand their usage could be impaired for a variety of reasons, including a customer moving to another provider or reducing usage within the term of their contract. Even if our customers expand their usage of our platform, we cannot guarantee that they will maintain those usage levels for any meaningful period of time or that they will renew their commitments. The data localization and cross-border data transfer issues described above also impact current customers usage of our products and services.
In addition, we cannot be certain what actions the United States or another country’s government may take with respect to certain of our customers that may adversely affect our ability to do business with our customers that operate in China, target China as a market or that have strong business ties to China.
International Expansion
We intend to continue expanding our efforts to attract customers outside of the United States by augmenting our sales teams and strategically increasing our presence in the number of markets in select international locations. As of both December 31, 2023 and 2022, our edge network spanned across 58 markets and 34 countries that are outside of the United States.
Our international expansion, including our global sales efforts, continues to add increased complexity and cost to our business. This requires us to expand our sales and marketing capabilities outside of the United States, increase the number of markets we have a presence in around the world to support our customers, and manage the administrative aspects of a global organization, each of which place a strain on our business and culture. In addition, our bandwidth costs are higher in markets outside of the United States and Europe, which may impact our gross margins.
We are closely monitoring the unfolding events of the Russian invasion of Ukraine, as well as the more recent hostilities in Israel, and their global impacts. While the conflicts are still evolving and the outcomes remain highly uncertain, we do not believe the Russia-Ukraine or Israel-Hamas conflicts will have a material impact on our business and results of operations. We do not have POPs or operations in Russia, Ukraine, or Israel. However, some threat actors now engage and are expected to continue to engage in cyber-attacks, including without limitation nation-state actors for geopolitical reasons and in conjunction with military conflicts and defense activities. During times of war and other major conflicts, we, the third parties upon which we rely, and our customers may be vulnerable to a heightened risk of these attacks, including retaliatory cyber-
71



attacks, that could materially disrupt our systems and operations, supply chain, and ability to produce, sell and distribute our goods and services. If either conflict continues or worsens, leading to greater global economic disruptions and uncertainty, our business and results of operations could be materially impacted. Our customers operating in Russia, Ukraine, and Israel represented an immaterial portion of our consolidated revenue as of December 31, 2023 and 2022, respectively.
Investing in Sales and Marketing
Our customers have been pivotal in driving brand awareness and broadening our reach. While we continue to leverage the self-service approach to drive adoption by developers, we will continue to expand our sales and marketing efforts, with an increased focus on sales to enterprises globally. Utilizing our direct sales force, we have multiple selling points within organizations to acquire new customers and increase usage from our existing customers. We will continue to increase our discretionary marketing spend, including account-based, targeted demand generation and brand spend, to drive the effectiveness of our sales teams. As a result, we expect our total operating expenses to increase as we continue to expand. Our investments in sales and marketing teams are intended to help accelerate our sales, onboarding, and ramp cycles.
These efforts will require us to continue to invest in sales and marketing resources. Furthermore, we believe that there is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel to support our growth.
Continued Investment in Our Platform and Network Infrastructure
We must continue to invest in our platform and network infrastructure to maintain our position in the market. We expect our revenue growth to be dependent on an expanding customer base and continued adoption of our edge cloud delivery, security, and other products and services. In anticipation of winning new customers and staying ahead of our customers’ needs, we plan to continue to invest in order to expand the scale and capacity of our software-defined modern network. This could result in increased network service provider fees, which could adversely affect our gross margins if we are unable to offset these costs with revenue from new customers and increase revenue from existing customers. Our customers require constant innovation within their own organizations and expect the same from us. Therefore, we will continue to invest in resources to enhance our development capabilities and introduce new products and features on our platform. We believe that investment in research and development will contribute to our long-term growth but may also negatively impact our short-term profitability. For the years ended December 31, 2023 and 2022, our research and development expenses as a percentage of revenue were 30% and 36%, respectively. Our research and development expenses each period is impacted by the amount of software development costs that meet the criteria for capitalization. We may also seek to acquire or invest in businesses, products, or technologies that we believe could complement or expand our platform, enhance our technical capabilities, or otherwise offer growth opportunities. For example, in May 2022, we acquired Glitch, a software company specializing in developer project management tools to bolster our existing product offerings, by making it easier to innovate at a layer in the Fastly software stack.
Developers use our platform to build custom applications and require a state-of-the-art infrastructure to test and run these applications. We will continue to invest in our network infrastructure by strategically increasing our POPs. We also anticipate making investments in upgrading our technology and hardware to continue providing our customers a fast and secure platform. Our gross margins and operating results are impacted by these investments. As of December 31, 2023, our global network is located in 79 markets across 35 countries. As we continue to experience growth, we may face challenges managing adequate server capacity in our POPs due to potential component delays, shortages, price increases, hardware efficiencies gained through internal development, or any potential changes in server architecture, including due to technological advances or obsolescence. We have in the past needed to, and may need to continue to, write-down or write-off server assets if we have server asset levels in excess of forecasted network capacity needs. For example, in the year ended December 31, 2023, we recognized computer and networking equipment related write-off charges of $4.3 million. Conversely, if we underestimate network capacity needs, we may in future periods be unable to meet demand and be required to incur higher costs to secure necessary parts and components of our servers.
In the event that there are errors in software, failures of hardware, damages to a facility or misconfigurations of any of our services, whether caused by our own error, security breaches, third-party error, or natural disasters, we could experience lengthy interruptions in our platform availability as well as delays and additional expenses in arranging new facilities and services. In addition, there can be no assurance that we are adequately prepared for unexpected increases in bandwidth demands by our customers, particularly when we or our customers experience cyber-attacks. The bandwidth we have contracted to purchase may become unavailable for a variety of reasons, including service outages, payment disputes, network providers
72



going out of business, natural disasters, networks imposing traffic limits, or governments adopting regulations that impact network operations.
Key Business Metrics
We use the following key metrics presented in the table below to evaluate our business, measure our performance, identify trends affecting our business, prepare financial projections, and make strategic decisions. The calculation of these key metrics below may differ from other similarly titled metrics used by other companies, analysts, or investors.
In the first quarter of 2023, we updated the methodology (“new methodology”) by which we calculate our customer count metrics, including Total Customer Count, Enterprise Customer Count and associated metrics. We believe that the new methodology more accurately reflects the trends in our business, gives management more insight into these trends, including customer usage of our platform and the seasonality we experience, and reduces lagging indicators inherent in our previous methodology (“prior methodology”). In conjunction with this update, for comparability purposes we will continue to report our customer count metrics using both the prior and new methodology, for the current and comparative periods presented in our Annual Reports on Form 10-K through the end of the fiscal year ended December 31, 2023. We will no longer report our customer count metrics using the prior methodology beginning with our Quarterly Report on Form 10-Q for the quarter ended March 31, 2024.
As of December 31,
20232022
Customer metrics (prior methodology):
Total Customer Count (based on last month revenue)3,097 2,958 
Enterprise Customer Count (based on trailing 12-month revenue)532 493 
Average Enterprise Customer Spend (based on trailing 12-month revenue; in thousands)
$859 $782 
Annual Revenue Retention (“ARR”) Rate
99.1 %99.2 %
Customer metrics (new methodology):
Total Customer Count (based on current quarter revenue)3,243 3,062 
Enterprise Customer Count (based on annualized revenue)578 533 
Average Enterprise Customer Spend (based on annualized current quarter revenues; in thousands)
$880 $822 
Annual Revenue Retention Rate
99.2 %98.9 %
Other key metrics:
Dollar-Based Net Expansion Rate (“DBNER”)119.0 %122.7 %
Net Retention Rate (“NRR”)110.1 %110.7 %
Last-twelve Months Net Retention Rate (“LTM NRR”)113.4 %119.1 %
73



Due to the revisions reflected in the above methodology, the customer count metrics included above calculated using our new methodology are not comparable to the historical customer count metrics included in our previously filed Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q and Form S-1 and Form S-3 Registration Statements, outside of the data included in the table above.
Total Customer Count
We believe that our total number of customers is an important indicator of the adoption of our platform. Our definition of a customer consists of identifiable operating entities with which we have a billing relationship in good standing and which we have recognized revenue from. An identifiable operating entity is defined as a company, a government entity, or a distinct business unit of a larger company that has a relationship with us through direct sales or through one of our reseller partners where charges are identified on an end-customer basis. We may treat separate subsidiaries, segments, divisions, or business units of a single organization that use our platform as unique customers where they have distinct account identifiers. In cases where charges are identified through a reseller partner rather than on an end-customer basis, we would count the reseller as a single customer in our customer count. Our customer groupings may be impacted by changes to our customers’ business, including any impact from acquisition activities, internal business reorganizations leading to operational and decision-making changes, and corporate structure changes such as subsidiary consolidation and reorganization that may arise in the future.
Our prior methodology by which we calculate total customer count, includes identifiable operating entities with which we have a billing relationship in good standing, from which we recognized revenue during the last month of the quarter. As of December 31, 2023 and 2022, we had 3,097 and 2,958 customers, respectively.
Our new methodology by which we calculate total customer count, includes identifiable operating entities with which we have a billing relationship in good standing, from which we recognized revenue during the quarter. As of December 31, 2023 and 2022, we had 3,243 and 3,062 customers, respectively.
In addition to our paying customers, we also have trial, developer, nonprofit and open source programs, and other non-paying accounts that are excluded from our customer count metric. We operate globally and as a result, the success of our ability to retain our customers is also affected by general economic and market conditions around the world.
Enterprise Customer Count
Historically our revenue has been driven primarily by a subset of our customers, our enterprise customers, who have leveraged our platform substantially from a usage standpoint. We believe that the recruitment and cultivation of enterprise customers is critical to our long-term success.

Under our prior methodology, our enterprise customer count is defined as customers with revenue in excess of $100,000 over the trailing 12-month period. As of December 31, 2023, we had 532 of such enterprise customers, which generated 90% of our revenue for the trailing 12 months ended December 31, 2023. As of December 31, 2022, we had 493 of such enterprise customers which generated 89% of our revenue for the trailing 12 months ended December 31, 2022.

Under our new methodology, our enterprise customer count is defined as customers with annualized current quarter revenue in excess of $100,000. This is calculated by taking the revenue we recognized for each customer in the current quarter and multiplying it by four. As of December 31, 2023, we had 578 of such enterprise customers which generated 92% of the total annualized current quarter revenue for our total customers for the period ended December 31, 2023. As of December 31, 2022, we had 533 of such enterprise customers which generated 92% of the total annualized current quarter revenue for our total customers for the period ended December 31, 2022.
Average Enterprise Customer Spend
Our enterprise customers continue to leverage our platform, increasing their spend on our platform and driving our revenue growth year over year. The continued retention and growth of our enterprise customer spend is key to our long-term growth strategy.
Under the prior methodology, our average enterprise customer spend is calculated by taking the sum of the trailing 12-month revenue contributed by enterprise customers, as defined under our prior methodology as customers with revenue in excess of $100,000 over the trailing 12-month period, existing as of December 31, 2023, and dividing that by that same number
74



of enterprise customers as of December 31, 2023. As of December 31, 2023, our average enterprise customer spend under the prior methodology was $859 thousand, as compared to $782 thousand as of December 31, 2022.
Under the new methodology, our average enterprise customer spend is calculated by taking the annualized current quarter revenue contributed by enterprise customers, as defined under our new methodology as customers with annualized current quarter revenue in excess of $100,000, existing as of December 31, 2023, and dividing that by that same number of enterprise customers as of December 31, 2023. As of December 31, 2023, our average enterprise customer spend under the new methodology was $880 thousand, as compared to $822 thousand as of December 31, 2022.
Annual Revenue Retention Rate (“ARR”)
We separately monitor customer retention and churn on an annual basis by measuring our annual revenue retention rate, which we calculate by first multiplying the final full month of revenue from a customer that terminated its contract with us (a Churned Customer) by the number of months remaining in the same calendar year to get our Annual Revenue Churn. The quotient of the Annual Revenue Churn from all of our Churned Customers divided by our annual revenue of the same calendar year is then subtracted from 100% to determine our annual revenue retention rate. We believe this calculation is helpful in that it is based on the amount of revenue that we would expect to have received in the remaining portion of a particular period had a customer not terminated its contract with us. It is not indicative of the actual revenue contribution from churned customers in past periods. By comparing this amount to actual revenue for the period, we are able to assess our ability to replace terminated revenue by generating revenue from new and continuing customers.
Under the prior methodology, our ARR rate is calculated by subtracting the quotient of the Annual Revenue Churn from all of our Churned Customers from which we recognized revenue during the last month of the prior year divided by our annual revenue of the same calendar year from 100%. For the years ended December 31, 2023 and 2022 the ARR was 99.1% and 99.2%, respectively.
Under the new methodology, our ARR rate is calculated by subtracting the quotient of the Annual Revenue Churn from all of our Churned Customers from which we recognized revenue during the last quarter of the prior year divided by our annual revenue of the same calendar year from 100%. For the years ended December 31, 2023 and 2022 the ARR was 99.2% and 98.9%, respectively.
Dollar-Based Net Expansion Rate (“DBNER”)
Our ability to generate and increase our revenue depends on our ability to increase the number of new customers and usage of our edge cloud delivery platform, security, and other products and services by our existing customers. We track our growth, in part, by measuring DBNER. Our DBNER increases when customers increase their usage of our platform or purchase additional products, and declines when they reduce their usage, benefit from lower pricing on their existing usage, or curtail their purchases of additional products. We believe that DBNER is a key metric in measuring the long-term value of our customer relationships and our ability to grow our revenue through increased usage of our edge cloud delivery platform, security, and purchase of additional products and services by our existing customers. However, our calculation of DBNER indicates only expansion among continuing customers and does not indicate any decrease in revenue attributable to former customers, which may differ from similar metrics of other companies.
We calculate DBNER by dividing the revenue for a given period from customers who remained customers as of the last day of the given period (“current period”) by the revenue from the same customers for the same period measured one year prior (“base period”). The revenue included in the current period excludes revenue from (i) customers that churned after the end of the base period and (ii) new customers that entered into a customer agreement after the end of the base period. For example, to calculate our DBNER for the trailing 12 months ended December 31, 2023, we divide (i) revenue, for the trailing 12 months ended December 31, 2023, from customers that entered into a customer agreement on or before December 31, 2023, and that remained customers as of December 31, 2023, by (ii) revenue for the trailing 12 months ended December 31, 2022, from the same set of customers.
For the trailing 12 months ended December 31, 2023 and 2022 our DBNER was 119.0% and 122.7%, respectively. DBNER may fluctuate from quarter to quarter based on, among other things, the timing associated with new customer accounts. We expect our DBNER for individual cohorts to decrease once customers in that cohort have used our platform for more than two years and become a larger portion of both our overall customer base and the revenue that we use to calculate DBNER.
75



Net Retention Rate (“NRR”) and Last-Twelve Months Net Retention Rate (“LTM NRR”)
Our ability to generate and increase our revenue is also dependent upon our ability to retain our existing customers. In addition to measuring expansion using DBNER, NRR and LTM NRR also allow us to track customer retention which demonstrates the stickiness of our edge cloud platform.
Our NRR measures the net change in monthly revenue from existing customers in the last month of the period (the “current” period month) compared to the last month of the same period one year prior (the “prior” period month) and includes revenue contraction due to billing decreases or customer churn and revenue expansion due to billing increases, but excludes revenue from new customers. We calculate Net Retention Rate by dividing the revenue from the current period month by the revenue in the prior period month. For the last month of the years ended December 31, 2023 and 2022 our NRR was 110.1% and 110.7%, respectively.
Our LTM NRR removes some of the volatility that is inherent in a usage-based business model from the measurement of the NRR metric. We calculate LTM NRR by dividing the total customer revenue for the prior twelve-month period (“prior 12-month period”) ending at the beginning of the last twelve-month period (“LTM period”) minus revenue contraction due to billing decreases or customer churn, plus revenue expansion due to billing increases during the LTM period from the same customers by the total prior 12-month period revenue. For the trailing twelve months ended December 31, 2023 and 2022 our LTM NRR was 113.4% and 119.1%, respectively.
Remaining Performance Obligations (“RPO”)
RPO represent future committed revenue for periods within current contracts with customers, as well as deferred revenue arising from consideration invoiced for which the related performance obligations have not been satisfied. As of December 31, 2023, the aggregate amount of the transaction price in our contracts allocated to RPO that were unsatisfied or partially unsatisfied was $235.7 million. Subsequent to December 31, 2023, we entered into a modification of an existing contract with a total commitment of $9.5 million, which contributed to additional RPO.
Key Components of Statement of Operations
Revenue
We derive our revenue primarily from usage-based fees earned from customers using our platform. We also earn fixed-rate recurring revenue from security and other products and services.
Our usage-based fees earned from customers using our platform are generally billed in arrears. Our security products are primarily annual subscriptions that are billed in advance. Many customers have tiered usage pricing which reflects discounted rates as usage increases. For most contracts, usage charges are determined on a monthly basis based on actual usage within the month and do not impact usage charges within any other month. Our larger customers often enter into contracts that contain minimum billing commitments and reflect discounted pricing associated with such usage levels.
We define United States revenue as revenue from customers that have a billing address in the United States, and we define international revenue as revenue from customers that have a billing address outside of the United States.
Cost of Revenue and Gross Margin
Cost of revenue consists primarily of fees paid to network providers for bandwidth and to third-party network data centers for housing servers, also known as colocation costs. Cost of revenue also includes employee costs for network operation, build-out and support and services delivery, network storage costs, cost of managed services and software-as-a-service, depreciation of network equipment used to deliver services, and amortization of network-related internal-use software. Our arrangements with network service providers require us to pay fees based on bandwidth use, in some cases subject to minimum commitments, which may be underutilized. Over the long term we expect cost of revenue to decrease as a percentage of revenue as we continue to drive efficiencies in our operations. However, our cost of revenue may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
76



Our gross margin has been and will continue to be affected by a number of factors, including utilization of our network, the timing of our investments in the expansion of our network, which can increase depreciation and colocation costs in advance of expected demand, our ability to manage our network service providers and cloud infrastructure-related fees, the timing of amortization of capitalized software development costs, changes in personnel costs to provide customer support and operate the network, and customer pricing. Over the long term we expect gross margin to increase as we continue to drive efficiencies in our operations and increase in revenue. However, our gross margin may fluctuate from period to period.
Research and Development
Research and development expenses consist primarily of personnel costs, including salaries, benefits, bonuses, and stock-based compensation. Research and development expenses also include cloud infrastructure fees for development and testing, and an allocation of our general overhead expenses. We capitalize the portion of our software development costs that meet the criteria for capitalization.
We continue to focus our research and development efforts on adding new features and products including new use cases, improving the efficiency and performance of our network, and increasing the functionality of our existing products. Over the long term we expect our research and development expenses to decrease as a percentage of our revenue. However, our research and development expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
Sales and Marketing
Sales and marketing expenses consist primarily of personnel costs, including commissions for our sales employees, salaries, benefits, bonuses, and stock-based compensation. Sales and marketing expenses also include expenditures related to advertising, marketing, our brand awareness activities, bandwidth and co-location costs for free trial users, costs related to our customer conferences, including our Altitude conference, professional services fees, amortization of our intangible assets, and an allocation of our general overhead expenses.
We focus our sales and marketing efforts on generating awareness of our platform and products, creating sales leads, and establishing and promoting our brand, both domestically and internationally. Over the long term, we expect our sales and marketing expenses to decrease as a percentage of our revenue. However, our sales and marketing expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
General and Administrative
General and administrative expenses consist primarily of personnel costs, including salaries, benefits, bonuses, and stock-based compensation for our administrative support personnel. General and administrative expenses also include costs related to legal and other professional services fees, SaaS costs, an allocation of our general overhead expenses, credit losses and acquisition-related costs.
Our general and administrative expenses also include sales and other tax expenses to which we are subject to based on the manner in which we sell and deliver our products. Historically, we have not collected such taxes from our customers and have therefore recorded such taxes as general and administrative expenses. We expect that these expenses will decline in future years as we continue to implement our sales tax collection mechanisms and start collecting these taxes from our customers.
In the near term, we expect to continue to incur costs associated with supporting the growth of our business, including international expansion, but expect these costs to decrease as a percentage of our revenue over the long term as we continue to drive efficiencies in our operations. However, our general and administrative expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
Impairment expense
Our impairment expense relates to write-off of excess computer and networking equipment including software that we do not expect to use.
77



Net Gain on Extinguishment of Debt
Our net gain on extinguishment of debt relates to the partial repurchases of our outstanding senior convertible notes in May 2022, May 2023, November 2023, and December 2023.
Other Income and Expenses
Our interest income consists primarily of interest earned on our cash, cash equivalents and investments. Our interest expense consists primarily of the interest expense on our finance leases and amortization of discount and debt issuance costs associated with our debt obligations. Our other income (expense), net, consists primarily of foreign currency transaction gains and losses.
Income Taxes
Our income tax expense (benefit) consists primarily of income taxes in certain foreign jurisdictions where we conduct business. The Company currently maintains a full valuation allowance on the Company’s U.S. Federal and state net deferred tax assets. We expect to maintain this valuation allowance for the foreseeable future.
Results of Operations
In this section, we discuss the results of our operations for the year ended December 31, 2023 compared to the year ended December 31, 2022. For a discussion of the year ended December 31, 2022 compared to the year ended December 31, 2021, please refer to Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in our Annual Report on Form 10-K for the year ended December 31, 2022.
Year ended December 31,
20232022
(in thousands)
Consolidated Statement of Operations:
Revenue$505,988 $432,725 
Cost of revenue239,660 222,944 
Gross profit266,328 209,781 
Operating expenses:
Research and development152,190 155,308 
Sales and marketing191,773 179,869 
General and administrative116,077 120,803 
Impairment expense4,316 — 
Total operating expenses464,356 455,980 
Loss from operations(198,028)(246,199)
Net gain on extinguishment of debt52,416 54,391 
Interest income18,186 7,044 
Interest expense(4,051)(5,887)
Other expense, net
(1,832)(29)
Loss before income tax expense(133,309)(190,680)
Income tax expense (benefit)(221)94 
Net loss attributable to common stockholders$(133,088)$(190,774)
78



The following tables set forth our results of operations for the period presented as a percentage of our revenue:
Year ended December 31,
20232022
Consolidated Statements of Operations, as a percentage of revenue:*
Revenue100 %100 %
Cost of revenue47 52 
Gross profit53 48 
Operating expenses:
Research and development30 36 
Sales and marketing38 42 
General and administrative23 28 
Impairment expense— 
Total operating expenses92 105 
Loss from operations(39)(57)
Net gain on extinguishment of debt10 13 
Interest income
Interest expense(1)(1)
Other income (expense), net— — 
Loss before income tax expense(26)(43)
Income tax expense (benefit)— — 
Net loss attributable to common stockholders(26)%(43)%
__________
*    Columns may not add up to 100% due to rounding.

Revenue
Year ended December 31,Change
20232022$ Change% Change
(in thousands)
Revenue$505,988 $432,725 $73,263 17 %
Revenue was $506.0 million for the year ended December 31, 2023 compared to $432.7 million for the year ended December 31, 2022, an increase of $73.3 million, or 17%. Revenue growth was driven by a $58.1 million increase in revenue related to further adoption of our modern edge platform and products, as well as a $14.7 million increase in revenue related to products acquired from the acquisition of Signal Sciences.
For the years ended December 31, 2023 and 2022, approximately 95% and 94% of our revenue was driven by usage on our platform, respectively. Revenue was primarily from existing customers, as revenue from new customers contributed less than 10% of our revenue. The proportion of the revenue contribution between new and existing customers is consistent with prior periods and typical customer behavior as customers tend to contribute more revenue over time as their use of the platform increases. The remainder of our revenue was generated by our other products and services, including support and professional services.
Under the prior methodology, as defined earlier in the ‘Key Business Metrics’ section, we had 3,097 customers and 532 enterprise customers as of December 31, 2023, compared to 2,958 customers and 493 enterprise customers as of December 31, 2022. This represents an increase of 139, or 5%, in customers and 39, or 8%, in enterprise customers from December 31, 2022.
79



Under the new methodology, as defined earlier in the ‘Key Business Metrics’ section, we had 3,243 customers and 578 enterprise customers as of December 31, 2023, compared to 3,062 customers and 533 enterprise customers as of December 31, 2022. This represents an increase of 181, or 6% in customers and 45, or 8%, in enterprise customers from December 31, 2022.
U.S. revenue was $370.4 million and 73% of revenue for the year ended December 31, 2023, and $316.1 million and 73% of revenue for the year ended December 31, 2022. This represents an increase of $54.3 million, or 17%. International revenue was $135.6 million and 27% of revenue for the year ended December 31, 2023, compared to $116.6 million and 27% of revenue for the year ended December 31, 2022. This represents an increase of $19.0 million, or 16%.
Under the prior methodology, we had 2,028 domestic customers and 1,069 international customers as of December 31, 2023, and 2,074 domestic customers and 884 international customers as of December 31, 2022. There was a decrease in domestic customers of 46, or 2%, and an increase in international customers of 185, or 21%, compared to December 31, 2022.
Under the new methodology, we had 2,117 domestic customers and 1,126 international customers as of December 31, 2023, and 2,145 domestic customers and 917 international customers as of December 31, 2022. There was a decrease in domestic customers of 28, or 1%, and an increase in international customers of 209, or 23%, compared to December 31, 2022.
Cost of Revenue
Year ended December 31,Change
20232022$ Change% Change
(in thousands)
Cost of revenue$239,660 $222,944 $16,716 %
Cost of revenue was $239.7 million for the year ended December 31, 2023 compared to $222.9 million for the year ended December 31, 2022, an increase of $16.7 million, or 7%. The increase in cost of revenue is a result of an increase in bandwidth costs of $10.1 million, $7.9 million increase in depreciation expense as a result of increased investments in our platform as well as an increase in repair and maintenance cost of $1.2 million. There was also a $1.3 million increase in personnel-related costs due to an increase in headcount and equity awards granted to employees supporting the growth of our business. This increase was partially offset by a decrease of $2.0 million in software and network costs, a $1.1 million decrease in colocation costs as well as a $0.6 million decrease in loss on disposals of fixed assets.
Gross Profit and Gross Margin
Year ended December 31,Change
20232022$ Change% Change
(in thousands)
Gross profit$266,328 $209,781 $56,547 27 %
Gross margin53 %48 %%
Gross profit was $266.3 million for the year ended December 31, 2023 compared to $209.8 million for the year ended December 31, 2022, an increase of $56.5 million, or 27%. Gross margin was 53% for the year ended December 31, 2023 compared to 48% for the year ended December 31, 2022, an increase of 5%. The increase in gross margin was driven by revenue related to further adoption of our modern edge platform and products, as well as an increase in revenue related to products acquired from the acquisition of Signal Sciences. Our revenue growth during the year ended December 31, 2023 outpaced the increases in the costs incurred to support the growth of our network.
80



Operating Expenses
Year ended December 31,Change
20232022$ Change% Change
(in thousands)
Research and development$152,190 $155,308 $(3,118)(2)%
Sales and marketing191,773 179,869 $11,904 %
General and administrative116,077 120,803 $(4,726)(4)%
Impairment expense
4,316 — $4,316 100 %
Total operating expenses$464,356 $455,980 $8,376 %
Percentage of revenue:
Research and development30 %36 %(6)%
Sales and marketing38 %42 %(4)%
General and administrative23 %28 %(5)%
Impairment expense%— %%
Research and development
Research and development expenses were $152.2 million for the year ended December 31, 2023 compared to $155.3 million for the year ended December 31, 2022, a decrease of $3.1 million, or 2%. This decrease was primarily due to a decrease of $12.9 million in stock-based compensation expense primarily related to restricted stock awards that fully vested in 2022. The decrease was also due to a $3.1 million increase in capitalized software from headcount growth as well as a $1.6 million decrease in professional fees related to temporary agency costs. This decrease was partially offset by an increase of $10.4 million of personnel-related costs, such as salaries and benefits due to an increase in headcount as well as a $2.8 million increase in costs associated with the transition and separation of a former executive.
Sales and marketing
Sales and marketing expenses were $191.8 million for the year ended December 31, 2023 compared to $179.9 million for the year ended December 31, 2022, an increase of $11.9 million, or 7%. This increase was primarily due to a $15.0 million increase in personnel related costs, such as salaries, sales commissions, and benefits. The increase was also due to a $4.4 million increase in marketing spend associated with brand campaign and advertising, as well as $1.0 million increase in travel and entertainment expenses. The increase was partially offset by a $5.4 million decrease in stock-based compensation expenses primarily due to restricted stock awards that fully vested in 2022. There was also a $1.0 million decrease in corporate expenses, $0.9 million decrease in professional fees, $0.9 million decrease in amortization expense as well as a $0.6 million decrease of capitalized software.
General and administrative
General and administrative costs were $116.1 million for the year ended December 31, 2023 compared to $120.8 million for the year ended December 31, 2022, a decrease of $4.7 million, or 4%. The decrease was primarily due to a $6.7 million decrease in professional fees related to temporary agency costs, as well as a $4.1 million decrease due to sales tax refund and changes in sales tax reserve. The decrease was also due to a $1.9 million decrease in acquisition-related costs, a $1.4 million decrease in impairment of right of use assets, $1.1 million decrease in insurance. This decrease was partially offset by a $6.9 million increase in stock-based compensation expenses primarily due to new awards granted, a $3.1 million increase in personnel related costs, as well as a $1.1 million increase in travel and entertainment expenses.
Impairment expense
During the year ended December 31, 2023, the Company recognized an impairment charge of $4.3 million, of which $3.0 million related to property and equipment, net and $1.3 million related to advance payments for the purchase of property and equipment. The write-off was primarily related to excess computer and networking equipment including software we expect to not be used. There were no such impairment charges recognized during the year ended December 31, 2022.
81



Net Gain on Extinguishment of Debt
Year ended December 31,Change
20232022$ Change% Change
(in thousands)
Net gain on extinguishment of debt$52,416 $54,391 $(1,975)(4)%
Net gain on extinguishment of debt was $52.4 million for the year ended December 31, 2023 compared to $54.4 million for the year ended December 31, 2022, a decrease of $2.0 million, or 4%. The decrease was primarily due to a lower repurchase price we paid for the transaction during the year ended December 31, 2022 as compared to the repurchase transactions during the year ended December 31, 2023.
Other Income and Expense
Interest income
Year ended December 31,Change
20232022$ Change% Change
(in thousands)
Interest income$18,186 $7,044 $11,142 158 %
Interest income was $18.2 million for the year ended December 31, 2023 compared to $7.0 million for the year ended December 31, 2022, an increase of $11.1 million, or 158%. This increase was due to an increase in interest rates on our cash balances and investments portfolio.
Interest expense
Year ended December 31,Change
20232022$ Change% Change
(in thousands)
Interest expense$(4,051)$(5,887)$1,836 (31)%
Interest expense was $4.1 million for the year ended December 31, 2023 compared to $5.9 million for the year ended December 31, 2022, a decrease of $1.8 million, or 31%. This decrease was primarily due to the repurchases that occurred during the years ended December 31, 2022 and December 31, 2023 which reduced the principal amount of our notes.
Other income (expense), net
Year ended December 31,Change
20232022$ Change% Change
(in thousands)
Other expense, net
$(1,832)$(29)$(1,803)6,217 %
Other expense, net was $1.8 million for the year ended December 31, 2023 compared to other expense, net, of less than $0.1 million for the year ended December 31, 2022, a decrease of $1.8 million, or 6217%. The decrease was mainly driven by our foreign currency transaction gains between the periods.
Income Taxes
Year ended December 31,Change
20232022$ Change% Change
(in thousands)
Income tax expense (benefit)
$(221)$94 $(315)(335)%
Income tax benefit was $0.2 million for the year ended December 31, 2023 and income tax expense of $0.1 million for the year ended December 31, 2022. The Company continues to maintain a full valuation allowance in the U.S. and the tax expense (benefit) for the periods were primarily due to foreign tax expense.
82



Liquidity and Capital Resources
As of December 31, 2023, we had cash, cash equivalents, and marketable securities totaling $328.8 million. Our cash, cash equivalents, and marketable securities primarily consisted of bank deposits, money market funds, investment-grade commercial paper, corporate notes and bonds, U.S. treasury securities, municipal securities, foreign government and supranational securities and asset-backed securities held at major financial institutions. As of December 31, 2023, our marketable securities balance includes $6.1 million of marketable securities that were classified as non-current.
To date, we have financed our operations primarily through equity issuances, payments received from customers, the net proceeds we received through sales of our debt securities, and proceeds from our convertible notes. Our principal uses of cash in the near term have primarily been around funding our operations, our capital expenditures, business acquisitions, investments and fulfilling our debt and contractual commitments. We have also entered into longer term commitments to support our operations, including arrangements to directly lease and operate our infrastructure assets and colocation facilities. We have not entered into any off-balance sheet arrangements and do not have any holdings in variable interest entities.
We believe that our cash and cash equivalents balances, and available borrowing capacity under our credit facility, and the cash flows generated by our operations, net of the cash outflows used in our operations, will be sufficient to satisfy our anticipated cash needs for working capital and capital expenditures for at least the next 12 months. We have generated losses from operations in the past and expect to continue to incur operating losses for the foreseeable future due to the investments and strategic initiatives we intend to make to grow our business. Our uses of cash beyond the next 12 months will depend on many factors, including the general economic environment in which we operate and our ability to generate cash flow from operations, which are uncertain. We may also use our cash to buy back any outstanding debt on our convertible notes or on any future equity issuances.
Senior Secured Credit Facilities Agreement
On February 16, 2021, we entered into a Senior Secured Credit Facilities Agreement (“Credit Agreement”) with the lenders from time to time party thereto (the “Lenders”) and Silicon Valley Bank, as a lender and as administrative agent and collateral agent for the Lenders for an aggregate commitment amount of $100.0 million, with a maturity date of February 16, 2024. The Credit Agreement originally bore interest at a rate per annum equal to the sum of LIBOR for the applicable interest period plus 1.75% to 2.00%, depending on the average daily outstanding balance of all loans and letters of credit under the Credit Agreement. On June 28, 2023, we entered into the First Amendment to Credit Agreement with the Lenders and First-Citizens Bank & Trust Company (successor by purchase to the Federal Deposit Insurance Corporation as Receiver for Silicon Valley Bridge Bank, N.A. (as successor to Silicon Valley Bank)), as a lender and as administrative agent and collateral agent for the Lenders, which, among other things, amended the interest rate provisions of the Credit Agreement to replace LIBOR with the Secured Overnight Finance Rate (“SOFR”) as the interest rate benchmark. On February 16, 2024, we entered into the Second Amendment to Credit Agreement with the Lenders and Silicon Valley Bank, a division of First-Citizens Bank & Trust Company, as a lender and as administrative agent and collateral agent for the Lenders, which, among other things, extended the maturity date of the loans under the Credit Agreement to June 14, 2024. As amended, the revolving loans bear interest, at the Company’s election, at an annual rate based on SOFR or a base rate. Loans based on SOFR bear interest at a rate per annum equal to SOFR, plus an adjustment of 0.10%, plus 1.75% to 2.00%, depending on the average daily outstanding balance of all loans and letters of credit under the Credit Agreement. Loans based on the base rate bear interest at a rate per annual equal to the base rate plus 0.75% to 1.00%, depending on the average daily outstanding balance of all loans and letters of credit under the Credit Agreement.
Interest payments on outstanding borrowings are due on the last day of each interest period. The Credit Agreement has a commitment fee on the unused portion of the borrowing commitment, which is payable on the last day of each calendar quarter at a rate per annum of 0.20% to 0.25% depending on the average daily outstanding balance of all loans and letters of credit under the Credit Agreement. The Credit Agreement contains a financial covenant that requires us to maintain a consolidated adjusted quick ratio of at least 1:25 to 1:00 tested on a quarterly basis as well as a springing revenue growth covenant for certain periods if our consolidated adjusted quick ratio falls below 1.75 to 1:00 on the last day of any fiscal quarter. As of December 31, 2023, we were in compliance with these covenants and we expect to continue to be in compliance for at least the next 12 months. During the year ended December 31, 2023 and 2022, no amounts were drawn down on the Credit Agreement.
83



Convertible Senior Notes
In March 2021, we issued $948.8 million aggregate principal amount of 0% convertible senior unsecured notes due in 2026 (the “Notes”) in a private placement to qualified institutional buyers pursuant to Rule144A under the Securities Act.
During the year ended December 31, 2023, we entered into several separate, privately negotiated transactions with certain holders of the Notes to repurchase $367.3 million aggregate principal amount of the Notes for an aggregate repurchase price of $309.1 million and aggregate transaction costs of $2.0 million. The Repurchases were accounted for as a debt extinguishment that resulted in a net gain of $52.4 million, which was recorded as non-operating income on our consolidated statement of operations for the year ended December 31, 2023.
The remaining Notes will mature on March 15, 2026, unless earlier converted, redeemed or repurchased.
Cash Flows
The following table summarizes our cash flows for the period indicated:
Year ended December 31,
202320222021
(in thousands)
Net cash (used in) provided by operating activities$362 $(69,632)$(38,482)
Net cash (used in) provided by investing activities 294,940 235,751 (794,511)
Net cash (used in) provided by financing activities (331,380)(189,149)936,551 
Cash Flows from Operating Activities
For the year ended December 31, 2023, cash provided by operating activities consisted primarily of our net loss of $133.1 million, adjusted for non-cash items of $203.3 million, and net cash flows used in operating assets and liabilities of $69.9 million. The main drivers of the changes in operating assets and liabilities were an increase in accounts receivable of $32.9 million, primarily due to an increase in revenue and the timing of cash receipts, an increase in other assets of $23.1 million related to deferred contract costs as well as $22.1 million of operating lease payments. This was partially offset by decreases of $8.7 million in prepaid expenses.
For the year ended December 31, 2022, cash used in operating activities consisted primarily of our net loss of $190.8 million, adjusted for non-cash items of $207.3 million, and net cash flows used in operating assets and liabilities of $86.2 million. The main drivers of the changes in operating assets and liabilities were an increase in other assets of $35.4 million related to deferred contract costs, an increase in accounts receivable of $27.4 million, primarily due to an increase in revenue and the timing of cash receipts from certain of our larger customers and an increase of $6.8 million in prepaid expenses and other assets due to pre-payments for hosting services and software licenses. We also had $27.0 million of operating lease payments. There were also increases of $8.3 million in accrued expenses and $2.1 million in accounts payable and other liabilities due to timing of payments.
For the year ended December 31, 2021, cash used in operating activities consisted primarily of our net loss of $222.7 million adjusted for non-cash items of $227.3 million. With respect to changes in operating assets and liabilities, there was an increase in accounts receivable of $14.6 million, primarily due to an increase in revenue and the timing of cash receipts from certain of our larger customers and an increase of $15.2 million in prepaid expenses and other assets due to pre-payments for software licenses. We also had $26.4 million of operating lease payments. This was partially offset by increases of $4.3 million in accrued expenses and $8.9 million in other liabilities due to timing of payments.
Cash Flows from Investing Activities
For the year ended December 31, 2023, cash provided by investing activities was $294.9 million, primarily consisting of $459.4 million of maturities and sales of marketable securities. This was offset by $132.2 million in purchases of marketable securities, $21.3 million of additions to capitalized internal-use software, and $11.0 million of payments related to purchases of property and equipment to expand our network.
84



For the year ended December 31, 2022, cash provided by investing activities was $235.8 million, primarily consisting of $697.0 million of maturities and sales of marketable securities. This was offset by $355.5 million in purchases of marketable securities, $42.2 million of advanced payments and $20.0 million of payments related to purchases of property and equipment to expand our network, $26.0 million related to business acquisitions and $18.1 million of additions to capitalized internal-use software.
For the year ended December 31, 2021, cash used in investing activities was $794.5 million, primarily consisting of $928.2 million in purchases of marketable securities, $34.8 million of payments related to purchases of property and equipment to expand our network, and $13.5 million of additions to capitalized internal-use software. This was partially offset by $184.6 million of maturities and sales of marketable securities.
Cash Flows from Financing Activities
For the year ended December 31, 2023, cash used in financing activities was $331.4 million, primarily consisting of $310.5 million used for the partial repurchase of our convertible debt, $27.2 million of finance lease liabilities repayments and $4.4 million in payments for deferred consideration for business acquisitions. This was partially offset by $8.6 million in proceeds from the employee stock purchase plan (ESPP”) and $2.2 million in proceeds from stock option exercises by our employees and directors.
For the year ended December 31, 2022, cash used in financing activities was $189.1 million, primarily consisting of $177.1 million used for the partial repurchase of our convertible debt and $22.5 million of finance lease liabilities repayments. This was partially offset by $4.8 million in proceeds from the ESPP and $5.7 million in proceeds from stock option exercises by our employees and directors.
For the year ended December 31, 2021, cash provided by financing activities was $936.6 million, primarily consisting of $930.8 million of proceeds from the issuance of the Notes, net of issuance costs, $8.1 million in proceeds from the ESPP and $12.6 million in proceeds from stock option exercises by our employees and directors. This was partially offset by $13.6 million of finance lease liabilities repayments.
Contractual Obligations and Other Commitments
The following table summarizes our non-cancelable contractual obligations as of December 31, 2023:
Less than 1 Year1-3 Years3-5 YearsMore than 5 YearsTotal
(in thousands)
Purchase obligations – non-equipment(1)
$54,638 $7,990 $151 $— $62,779 
Purchase obligations – equipment (2)
4,541 12,120 — — 16,661 
Operating lease obligations(3)
28,160 39,764 12,948 1,838 82,710 
Finance lease obligations(4)
16,064 1,617 — — 17,681 
Debt obligation(5)
— 346,489 — — 346,489 
Total$103,403 $407,980 $13,099 $1,838 $526,320 
__________
(1)    Purchase obligations-non equipment represent total future minimum payments under contracts with our cloud infrastructure providers, network service providers, and other vendors. Purchase obligations exclude agreements that are cancellable without penalty. Our purchase obligations exclude our operating lease commitments associated with our colocation arrangements which have been separately disclosed under our operating lease obligations.
(2)     Purchase obligations-equipment represent total future minimum payments under contracts for capital expenditures.
(3)     Operating lease obligations represent total future minimum rent payments under non-cancelable operating lease agreements, such as our facilities and colocation (i.e. data center) leases.
(4)    Finance lease obligations represents principal and interest payments under our networking equipment leases.
(5)    Debt obligation aggregate principal amount of our 0% convertible senior notes due on March 15, 2026.

These commitments will generally be settled with existing cash on hand, cash generated from operations and our current or any future financing arrangements.
85



Critical Accounting Estimates
We prepare our consolidated financial statements in accordance with U.S. GAAP. The preparation of our consolidated financial statements requires us to make estimates, judgments, and assumptions that affect the reported amounts of assets, liabilities, revenue, costs, expenses, and related disclosures. Actual results and outcomes could differ significantly from our estimates, judgments, and assumptions. To the extent that there are material differences between these estimates and actual results, our future financial statement presentation, financial condition, results of operations, and cash flows will be affected.
Revenue recognition
We recognize revenue in accordance with ASC 606, where revenue is recognized upon transfer of control of promised products or services to customers in an amount that reflects the consideration we expect to receive in exchange for those products or services. The processing and recording of certain revenue requires a manual process, which uses a complex set of procedures to generate complete and accurate data to record these revenue transactions. We enter into contracts that can include various combinations of products and services, each of which are distinct and accounted for as separate performance obligations.
Our performance obligations generally represent stand-ready obligations that are satisfied over time as the customer simultaneously receives and consumes the benefits provided by us. These obligations can be network services, security, compute, professional services, support, and other edge cloud platform services. For contracts with multiple performance obligations that are delivered over different time periods, we allocate the contract transaction price to each performance obligation using the estimated standalone selling price (SSP”) of each distinct good or service in the contract. Judgment is required to determine the SSP for each distinct performance obligation. We analyze separate sales of our products and services or the discounted list price per our approved price list as a basis for estimating the SSP of these products and services. In instances where SSP is not directly observable, such as when we do not sell the product or service separately, we determine the SSP using information that may include market conditions and other observable inputs. We typically have more than one SSP for individual products and services due to the stratification of those products and services by customers and circumstances. In these instances, we may use information, such as geographic region and distribution channel, in determining the SSP.
Stock-based Compensation Fair Value determination
We recognize compensation expense related to stock options based on the fair value of stock-based awards on the date of grant. We determine the grant date fair value of the awards using the Black-Scholes option-pricing model. The related stock-based compensation expense is recognized on a straight-line basis over the period in which an employee is required to provide service in exchange for the stock-based award, which is generally four years. Our stock price volatility and expected option life involve management’s best estimates, both of which impact the fair value of the option calculated under the Black-Scholes option pricing model and, ultimately, the expense that will be recognized over the life of the option.

We recognize stock-based compensation expense related to market-based performance stock awards based on the grant-date fair value of the awards. We determine the grant date fair value of the awards using the Monte Carlo simulation valuation model. The related stock-based compensation expense is recognized on an accelerated attribution method over the derived service period. The expected volatility was a blended volatility rate which incorporated both our observed equity volatility and our relevant guideline companies’ volatilities. The derived service period and the expected volatility involve management’s best estimates, both of which impact the fair value of the option calculated under the Monte Carlo simulation valuation model and, ultimately, the expense that will be recognized over the life of the option.
Valuation of Goodwill and Other Acquired Intangible Assets in Business Combinations
We account for our acquisitions using the acquisition method of accounting, which requires, among other things, allocation of the fair value of purchase consideration to the tangible and intangible assets acquired and liabilities assumed at their estimated fair values on the acquisition date. The excess of the fair value of purchase consideration over the values of these identifiable assets and liabilities is recorded as goodwill.
Determining the fair value of assets acquired and liabilities assumed requires significant judgment and estimates including the selection of valuation methodologies, future expected cash flows, discount rates, and useful lives. Our estimates of fair value are based on assumptions believed to be reasonable, but which are inherently uncertain and, as a result, actual results may
86



differ from estimates. During the measurement period, not to exceed one year from the date of acquisition, we may record adjustments to the assets acquired and liabilities assumed with a corresponding offset to goodwill to reflect new information obtained about facts and circumstances that existed as of the acquisition date. At the conclusion of the measurement period, or final determination of the values of assets acquired or liabilities assumed, whichever comes first, any subsequent adjustments are reflected in the consolidated statements of operations.
Long-lived Assets Impairment
Long-lived assets, including property and equipment, are reviewed for impairment whenever events or changes in circumstances, such as service discontinuance, technological obsolescence, facility closures, planned use of the assets or work-force reductions indicate that the carrying amount of the long-lived asset or asset group may not be recoverable. When such events occur, we compare the carrying amount of the asset or asset group to the undiscounted expected future cash flows related to the asset or asset group. If this comparison indicates that an impairment is present, the amount of the impairment is calculated as the difference between the carrying amount and the fair value of the asset or asset group. The estimates required to apply this accounting policy include forecasted usage of the long-lived assets, the useful lives of these assets and expected future cash flows.
Goodwill Impairment
Goodwill represents the excess of the purchase price of an acquired business over the fair value of the net tangible and identifiable intangible assets acquired. The carrying amount of goodwill is reviewed for impairment at least annually, in the fourth quarter, or whenever events or changes in circumstances indicate that the carrying value may not be recoverable. We have a single operating segment and reporting unit structure for all of the periods presented.

To test for goodwill impairment, we compare the carrying value of our reporting unit with its fair value. If the carrying value of the goodwill is considered impaired, a loss is measured as the excess of the reporting unit’s carrying value over the fair value. As of December 31, 2023, we believe the estimated fair value of our one single reporting unit has substantially exceeded its carrying value.

Recent Accounting Pronouncements
Please refer to Note 2—Summary of Significant Accounting Policies included in the Notes to consolidated financial statements.
87



Item 7A.     Quantitative and Qualitative Disclosures about Market Risk
We are exposed to certain market risks in the ordinary course of our business. These risks primarily include interest rate and currency exchange risks as follows:
Interest Rate Risk
We had cash, cash equivalents, and marketable securities of $328.8 million, as of December 31, 2023 which primarily consisted of bank deposits, money market funds, investment-grade commercial paper, corporate notes and bonds, U.S. treasury securities, agency bonds, foreign government and supranational securities and asset-backed securities held at major financial institutions. The cash and cash equivalents are held for working capital purposes. The restricted cash is held as cash collateral in connection with our existing lease arrangements. Our cash equivalents and our investment portfolio are subject to market risk due to fluctuations in interest rates. The primary objective of our investment activities is to preserve principal while generating income without significantly increasing risk. We do not enter into investments for trading or speculative purposes and have not used any derivative financial instruments to manage our interest rate risk exposure. Due to the short-term nature of our investments, we have not been exposed to, nor do we anticipate being exposed to, material risks due to changes in interest rates. A hypothetical 10% change in interest rates during the period presented would not have had a material impact on our consolidated financial statements.
Currency Exchange Risks
The functional currency of our foreign subsidiaries is the U.S. dollar. Therefore, we are exposed to foreign exchange rate fluctuations as we convert the financial statements of our foreign subsidiaries into U.S. dollars. Our foreign subsidiaries remeasure monetary assets and liabilities at period-end exchange rates, while non-monetary items are remeasured at historical rates. Revenue and expense accounts are remeasured at the average exchange rate in effect during the period. If there is a change in foreign currency exchange rates, the conversion of our foreign subsidiaries’ financial statements into U.S. dollars would result in a realized gain or loss which is recorded in our consolidated statements of operations. We do not currently engage in any hedging activity to reduce our potential exposure to currency fluctuations, although we may choose to do so in the future. A hypothetical 10% change in foreign exchange rates during the period presented would not have had a material impact on our consolidated financial statements.
88



Item 8.         Financial Statements and Supplementary Data

FASTLY, INC.
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS

The following financial statements are filed as part of this Annual Report on form 10-K:



89

<