10-K 1 cloud-20231231.htm 10-K cloud-20231231
FALSE0001477333FY2023http://fasb.org/us-gaap/2023#AccountingStandardsUpdate201602MemberP1Y0M0D0.00522630.02671870.0285913154254253552246045700014773332023-01-012023-12-3100014773332023-06-30iso4217:USD0001477333us-gaap:CommonClassAMember2024-02-07xbrli:shares0001477333us-gaap:CommonClassBMember2024-02-0700014773332023-12-3100014773332022-12-310001477333us-gaap:CommonClassAMember2022-12-31iso4217:USDxbrli:shares0001477333us-gaap:CommonClassAMember2023-12-310001477333us-gaap:CommonClassBMember2023-12-310001477333us-gaap:CommonClassBMember2022-12-3100014773332022-01-012022-12-3100014773332021-01-012021-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassAMember2020-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassBMember2020-12-310001477333us-gaap:AdditionalPaidInCapitalMember2020-12-310001477333us-gaap:RetainedEarningsMember2020-12-310001477333us-gaap:AccumulatedOtherComprehensiveIncomeMember2020-12-3100014773332020-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassAMember2021-01-012021-12-310001477333us-gaap:AdditionalPaidInCapitalMember2021-01-012021-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassBMember2021-01-012021-12-310001477333us-gaap:RetainedEarningsMember2021-01-012021-12-310001477333us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-01-012021-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassAMember2021-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassBMember2021-12-310001477333us-gaap:AdditionalPaidInCapitalMember2021-12-310001477333us-gaap:RetainedEarningsMember2021-12-310001477333us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-12-3100014773332021-12-310001477333us-gaap:AdditionalPaidInCapitalMembersrt:CumulativeEffectPeriodOfAdoptionAdjustmentMember2021-12-310001477333us-gaap:RetainedEarningsMembersrt:CumulativeEffectPeriodOfAdoptionAdjustmentMember2021-12-310001477333srt:CumulativeEffectPeriodOfAdoptionAdjustmentMember2021-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassAMember2022-01-012022-12-310001477333us-gaap:AdditionalPaidInCapitalMember2022-01-012022-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassBMember2022-01-012022-12-310001477333us-gaap:RetainedEarningsMember2022-01-012022-12-310001477333us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-01-012022-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassAMember2022-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassBMember2022-12-310001477333us-gaap:AdditionalPaidInCapitalMember2022-12-310001477333us-gaap:RetainedEarningsMember2022-12-310001477333us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassAMember2023-01-012023-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassBMember2023-01-012023-12-310001477333us-gaap:AdditionalPaidInCapitalMember2023-01-012023-12-310001477333us-gaap:RetainedEarningsMember2023-01-012023-12-310001477333us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-01-012023-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassAMember2023-12-310001477333us-gaap:CommonStockMemberus-gaap:CommonClassBMember2023-12-310001477333us-gaap:AdditionalPaidInCapitalMember2023-12-310001477333us-gaap:RetainedEarningsMember2023-12-310001477333us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-12-310001477333us-gaap:TechnologyEquipmentMember2023-12-310001477333us-gaap:SubsequentEventMemberus-gaap:TechnologyEquipmentMember2024-01-310001477333srt:MinimumMember2023-01-012023-12-310001477333srt:MaximumMember2023-01-012023-12-310001477333us-gaap:RestrictedStockUnitsRSUMember2023-01-012023-12-310001477333us-gaap:BuildingMember2023-12-310001477333us-gaap:OfficeEquipmentMember2023-12-310001477333us-gaap:FurnitureAndFixturesMember2023-12-310001477333us-gaap:SoftwareDevelopmentMember2023-12-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2023-12-31xbrli:pure0001477333cloud:SeniorConvertibleNotesDue2026Memberus-gaap:ConvertibleDebtMember2023-12-310001477333us-gaap:DevelopedTechnologyRightsMember2023-12-310001477333us-gaap:TradeNamesMember2023-12-310001477333us-gaap:CustomerRelationshipsMember2023-12-31cloud:segment0001477333us-gaap:AccountingStandardsUpdate202006Member2022-01-010001477333us-gaap:AccountingStandardsUpdate202006Membersrt:CumulativeEffectPeriodOfAdoptionAdjustmentMember2022-01-010001477333srt:CumulativeEffectPeriodOfAdoptionAdjustmentMember2022-01-010001477333country:US2023-01-012023-12-310001477333us-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMembercountry:US2023-01-012023-12-310001477333country:US2022-01-012022-12-310001477333us-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMembercountry:US2022-01-012022-12-310001477333country:US2021-01-012021-12-310001477333us-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMembercountry:US2021-01-012021-12-310001477333us-gaap:EMEAMember2023-01-012023-12-310001477333us-gaap:EMEAMemberus-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMember2023-01-012023-12-310001477333us-gaap:EMEAMember2022-01-012022-12-310001477333us-gaap:EMEAMemberus-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMember2022-01-012022-12-310001477333us-gaap:EMEAMember2021-01-012021-12-310001477333us-gaap:EMEAMemberus-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMember2021-01-012021-12-310001477333srt:AsiaPacificMember2023-01-012023-12-310001477333us-gaap:RevenueFromContractWithCustomerMembersrt:AsiaPacificMemberus-gaap:GeographicConcentrationRiskMember2023-01-012023-12-310001477333srt:AsiaPacificMember2022-01-012022-12-310001477333us-gaap:RevenueFromContractWithCustomerMembersrt:AsiaPacificMemberus-gaap:GeographicConcentrationRiskMember2022-01-012022-12-310001477333srt:AsiaPacificMember2021-01-012021-12-310001477333us-gaap:RevenueFromContractWithCustomerMembersrt:AsiaPacificMemberus-gaap:GeographicConcentrationRiskMember2021-01-012021-12-310001477333cloud:OtherGeographicalRegionsMember2023-01-012023-12-310001477333us-gaap:RevenueFromContractWithCustomerMembercloud:OtherGeographicalRegionsMemberus-gaap:GeographicConcentrationRiskMember2023-01-012023-12-310001477333cloud:OtherGeographicalRegionsMember2022-01-012022-12-310001477333us-gaap:RevenueFromContractWithCustomerMembercloud:OtherGeographicalRegionsMemberus-gaap:GeographicConcentrationRiskMember2022-01-012022-12-310001477333cloud:OtherGeographicalRegionsMember2021-01-012021-12-310001477333us-gaap:RevenueFromContractWithCustomerMembercloud:OtherGeographicalRegionsMemberus-gaap:GeographicConcentrationRiskMember2021-01-012021-12-310001477333us-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMember2023-01-012023-12-310001477333us-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMember2022-01-012022-12-310001477333us-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMember2021-01-012021-12-310001477333us-gaap:SalesChannelThroughIntermediaryMember2023-01-012023-12-310001477333us-gaap:SalesChannelThroughIntermediaryMembercloud:SalesChannelConcentrationRiskMemberus-gaap:RevenueFromContractWithCustomerMember2023-01-012023-12-310001477333us-gaap:SalesChannelThroughIntermediaryMember2022-01-012022-12-310001477333us-gaap:SalesChannelThroughIntermediaryMembercloud:SalesChannelConcentrationRiskMemberus-gaap:RevenueFromContractWithCustomerMember2022-01-012022-12-310001477333us-gaap:SalesChannelThroughIntermediaryMember2021-01-012021-12-310001477333us-gaap:SalesChannelThroughIntermediaryMembercloud:SalesChannelConcentrationRiskMemberus-gaap:RevenueFromContractWithCustomerMember2021-01-012021-12-310001477333us-gaap:SalesChannelDirectlyToConsumerMember2023-01-012023-12-310001477333cloud:SalesChannelConcentrationRiskMemberus-gaap:SalesChannelDirectlyToConsumerMemberus-gaap:RevenueFromContractWithCustomerMember2023-01-012023-12-310001477333us-gaap:SalesChannelDirectlyToConsumerMember2022-01-012022-12-310001477333cloud:SalesChannelConcentrationRiskMemberus-gaap:SalesChannelDirectlyToConsumerMemberus-gaap:RevenueFromContractWithCustomerMember2022-01-012022-12-310001477333us-gaap:SalesChannelDirectlyToConsumerMember2021-01-012021-12-310001477333cloud:SalesChannelConcentrationRiskMemberus-gaap:SalesChannelDirectlyToConsumerMemberus-gaap:RevenueFromContractWithCustomerMember2021-01-012021-12-310001477333cloud:SalesChannelConcentrationRiskMemberus-gaap:RevenueFromContractWithCustomerMember2023-01-012023-12-310001477333cloud:SalesChannelConcentrationRiskMemberus-gaap:RevenueFromContractWithCustomerMember2022-01-012022-12-310001477333cloud:SalesChannelConcentrationRiskMemberus-gaap:RevenueFromContractWithCustomerMember2021-01-012021-12-3100014773332024-01-012023-12-310001477333us-gaap:CashMember2023-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:CashMember2023-12-310001477333cloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:CashMember2023-12-310001477333us-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMemberus-gaap:CashMember2023-12-310001477333us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMember2023-12-310001477333us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMemberus-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMembercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2023-12-310001477333us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueInputsLevel2Member2023-12-310001477333us-gaap:CorporateBondSecuritiesMemberus-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueInputsLevel2Membercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2023-12-310001477333us-gaap:FairValueInputsLevel2Memberus-gaap:USTreasurySecuritiesMember2023-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2023-12-310001477333us-gaap:FairValueInputsLevel2Membercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2023-12-310001477333us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMemberus-gaap:USTreasurySecuritiesMember2023-12-310001477333us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Member2023-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Membercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2023-12-310001477333us-gaap:FairValueInputsLevel2Memberus-gaap:CommercialPaperMember2023-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueInputsLevel2Memberus-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:FairValueInputsLevel2Membercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:FairValueInputsLevel2Memberus-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2023-12-310001477333us-gaap:FairValueInputsLevel2Member2023-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:FairValueInputsLevel2Membercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2023-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333cloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001477333us-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2023-12-310001477333us-gaap:CashMember2022-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:CashMember2022-12-310001477333cloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:CashMember2022-12-310001477333us-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMemberus-gaap:CashMember2022-12-310001477333us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMember2022-12-310001477333us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMemberus-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMembercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2022-12-310001477333us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueInputsLevel2Member2022-12-310001477333us-gaap:CorporateBondSecuritiesMemberus-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueInputsLevel2Membercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2022-12-310001477333us-gaap:FairValueInputsLevel2Memberus-gaap:USTreasurySecuritiesMember2022-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2022-12-310001477333us-gaap:FairValueInputsLevel2Membercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2022-12-310001477333us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMemberus-gaap:USTreasurySecuritiesMember2022-12-310001477333us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Member2022-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Membercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2022-12-310001477333us-gaap:FairValueInputsLevel2Memberus-gaap:CommercialPaperMember2022-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueInputsLevel2Memberus-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:FairValueInputsLevel2Membercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:FairValueInputsLevel2Memberus-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2022-12-310001477333us-gaap:FairValueInputsLevel2Member2022-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:FairValueInputsLevel2Membercloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2022-12-310001477333us-gaap:CashAndCashEquivalentsMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333cloud:DebtSecuritiesAvailableForSaleCurrentMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001477333us-gaap:FairValueMeasurementsRecurringMembercloud:RestrictedCashNoncurrentMember2022-12-310001477333us-gaap:USGovernmentAgenciesDebtSecuritiesMember2022-12-310001477333us-gaap:StandbyLettersOfCreditMember2023-12-310001477333us-gaap:StandbyLettersOfCreditMember2022-12-310001477333us-gaap:MoneyMarketFundsMember2023-12-310001477333us-gaap:MoneyMarketFundsMember2022-12-310001477333us-gaap:TechnologyEquipmentMember2022-12-310001477333us-gaap:ConstructionInProgressMember2023-12-310001477333us-gaap:ConstructionInProgressMember2022-12-310001477333us-gaap:SoftwareDevelopmentMember2022-12-310001477333us-gaap:OfficeEquipmentMember2022-12-310001477333us-gaap:FurnitureAndFixturesMember2022-12-310001477333us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2023-12-310001477333us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2022-12-310001477333us-gaap:LeaseholdImprovementsMember2023-12-310001477333us-gaap:LeaseholdImprovementsMember2022-12-310001477333us-gaap:RemediationPropertyForSaleAbandonmentOrDisposalMember2023-12-310001477333us-gaap:RemediationPropertyForSaleAbandonmentOrDisposalMember2022-12-310001477333us-gaap:SoftwareDevelopmentMember2023-01-012023-12-310001477333us-gaap:SoftwareDevelopmentMember2022-01-012022-12-310001477333us-gaap:SoftwareDevelopmentMember2021-01-012021-12-310001477333cloud:VectrixSecurityIncMember2022-01-012022-12-310001477333cloud:Area1SecurityIncMember2022-01-012022-12-310001477333us-gaap:DevelopedTechnologyRightsMember2022-12-310001477333us-gaap:CustomerRelationshipsMember2022-12-310001477333us-gaap:TradeNamesMember2022-12-310001477333us-gaap:DevelopedTechnologyRightsMember2023-10-012023-12-310001477333cloud:OfficeSpaceMember2023-12-310001477333cloud:CoLocationAssetLeaseMember2023-12-31utr:sqft0001477333cloud:LisbonLeaseMember2023-12-310001477333us-gaap:BuildingMember2021-07-060001477333us-gaap:BuildingMember2021-07-062021-07-060001477333cloud:AustinLeaseMember2021-07-06cloud:leasecloud:office_space0001477333cloud:SeniorConvertibleNotesDue2026Memberus-gaap:ConvertibleDebtMember2021-08-310001477333cloud:SeniorConvertibleNotesDue2026Memberus-gaap:ConvertibleDebtMember2021-08-012021-08-310001477333cloud:SeniorConvertibleNotesDue2026Membercloud:ScenarioOneMemberus-gaap:ConvertibleDebtMember2021-08-012021-08-31cloud:day0001477333cloud:SeniorConvertibleNotesDue2026Membercloud:ScenarioTwoMemberus-gaap:ConvertibleDebtMember2021-08-012021-08-310001477333cloud:SeniorConvertibleNotesDue2026Membercloud:CappedCallsMemberus-gaap:CommonClassAMemberus-gaap:ConvertibleDebtMemberus-gaap:LongMember2021-08-012021-08-310001477333cloud:SeniorConvertibleNotesDue2026Membercloud:CappedCallsMemberus-gaap:CommonClassAMemberus-gaap:ConvertibleDebtMemberus-gaap:LongMember2021-08-310001477333cloud:SeniorConvertibleNotesDue2026Memberus-gaap:CommonClassAMemberus-gaap:ConvertibleDebtMember2021-08-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2020-05-310001477333cloud:SeniorConvertibleNotesDue2025Member2020-05-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2021-12-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2021-01-012021-12-310001477333us-gaap:CommonClassAMembercloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2021-01-012021-12-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMembercloud:CertainHoldersConversionMember2022-01-012022-12-310001477333us-gaap:CommonClassAMembercloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2022-01-012022-12-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2023-06-300001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2023-04-012023-06-300001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMembercloud:CertainHoldersConversionMember2023-07-012023-09-300001477333us-gaap:CommonClassAMembercloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2023-07-012023-09-300001477333cloud:CappedCallsMemberus-gaap:CommonClassAMembercloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMemberus-gaap:LongMember2020-05-312020-05-310001477333cloud:CappedCallsMemberus-gaap:CommonClassAMembercloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMemberus-gaap:LongMember2020-05-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2023-01-012023-12-310001477333cloud:SeniorConvertibleNotesDue2026Memberus-gaap:ConvertibleDebtMember2022-12-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2022-12-310001477333cloud:SeniorConvertibleNotesDue2026Memberus-gaap:ConvertibleDebtMember2023-01-012023-12-310001477333cloud:SeniorConvertibleNotesDue2026Memberus-gaap:ConvertibleDebtMember2022-01-012022-12-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2022-01-012022-12-310001477333cloud:SeniorConvertibleNotesDue2026Memberus-gaap:ConvertibleDebtMember2021-01-012021-12-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMember2020-05-012020-05-310001477333cloud:SeniorConvertibleNotesDue2025Memberus-gaap:ConvertibleDebtMembercloud:CertainHoldersConversionMember2020-05-012020-05-31cloud:vote0001477333us-gaap:EmployeeStockOptionMember2023-12-310001477333us-gaap:EmployeeStockOptionMember2022-12-310001477333cloud:EquityIncentivePlan2019Member2023-12-310001477333cloud:EquityIncentivePlan2019Member2022-12-310001477333us-gaap:RestrictedStockUnitsRSUMember2023-12-310001477333us-gaap:RestrictedStockUnitsRSUMember2022-12-310001477333us-gaap:EmployeeStockMember2023-12-310001477333us-gaap:EmployeeStockMember2022-12-310001477333us-gaap:EmployeeStockOptionMemberus-gaap:CommonStockMembercloud:TwoThousandAndTenEquityIncentivePlanMember2023-01-012023-12-310001477333us-gaap:CommonClassAMembercloud:TwoThousandAndNineteenEquityIncentivePlanMember2019-12-310001477333cloud:ClassAAndClassBCommonStockMembercloud:TwoThousandAndNineteenEquityIncentivePlanMember2019-01-012019-12-310001477333us-gaap:CommonClassAMemberus-gaap:EmployeeStockOptionMembercloud:TwoThousandAndTenEquityIncentivePlanMember2023-12-310001477333us-gaap:EmployeeStockOptionMembercloud:TwoThousandAndTenEquityIncentivePlanMemberus-gaap:CommonClassBMember2023-12-310001477333us-gaap:CommonClassAMemberus-gaap:EmployeeStockOptionMembercloud:TwoThousandAndNineteenEquityIncentivePlanMember2023-12-310001477333us-gaap:EmployeeStockOptionMember2023-01-012023-12-3100014773332020-01-012020-12-310001477333cloud:A2010PlanAnd2019PlanMember2023-12-310001477333cloud:A2010PlanAnd2019PlanMember2022-12-310001477333cloud:A2010PlanAnd2019PlanMember2023-01-012023-12-310001477333cloud:A2010PlanAnd2019PlanMember2022-01-012022-12-310001477333cloud:A2010PlanAnd2019PlanMember2021-01-012021-12-310001477333us-gaap:EmployeeStockOptionMembercloud:A2010PlanAnd2019PlanMember2023-12-310001477333us-gaap:EmployeeStockOptionMembercloud:A2010PlanAnd2019PlanMember2023-01-012023-12-310001477333srt:ExecutiveOfficerMembercloud:StockOptionsWithMarketConditionsMember2022-02-142022-02-140001477333cloud:OtherKeyEmployeesMembercloud:StockOptionsWithMarketConditionsMember2022-02-142022-02-140001477333us-gaap:CommonClassAMembercloud:OtherPerformanceAwardsMember2022-02-142022-02-140001477333srt:ExecutiveOfficerMembercloud:OtherPerformanceAwardsMember2022-02-142022-02-140001477333cloud:OtherKeyEmployeesMembercloud:OtherPerformanceAwardsMember2022-02-142022-02-140001477333us-gaap:CommonClassAMembercloud:OtherPerformanceAwardsMember2022-02-140001477333us-gaap:CommonClassAMembercloud:OtherPerformanceAwardsMember2023-05-012023-05-01cloud:tranche0001477333cloud:OtherKeyEmployeesMemberus-gaap:CommonClassAMembercloud:OtherPerformanceAwardsMember2023-01-012023-12-310001477333us-gaap:SubsequentEventMembercloud:OtherPerformanceAwardsMember2024-01-012024-01-310001477333us-gaap:SubsequentEventMembersrt:ScenarioForecastMembercloud:OtherPerformanceAwardsMember2024-02-012024-02-290001477333cloud:OtherPerformanceAwardsMember2023-01-012023-12-310001477333cloud:OtherPerformanceAwardsMember2022-01-012022-12-310001477333cloud:OtherPerformanceAwardsMember2023-12-310001477333us-gaap:CommonClassAMemberus-gaap:EmployeeStockOptionMembercloud:Area1SecurityIncMember2022-04-010001477333us-gaap:EmployeeStockOptionMembercloud:Area1SecurityIncMember2022-04-012022-04-010001477333us-gaap:EmployeeStockOptionMembercloud:Area1SecurityIncMember2023-01-012023-12-310001477333us-gaap:EmployeeStockOptionMember2021-01-012021-12-310001477333cloud:RestrictedStockAndRestrictedStockUnitsMember2020-12-310001477333us-gaap:RestrictedStockUnitsRSUMember2021-01-012021-12-310001477333us-gaap:RestrictedStockMember2021-01-012021-12-310001477333cloud:RestrictedStockAndRestrictedStockUnitsMember2021-01-012021-12-310001477333cloud:RestrictedStockAndRestrictedStockUnitsMember2021-12-310001477333us-gaap:RestrictedStockUnitsRSUMember2022-01-012022-12-310001477333us-gaap:RestrictedStockMember2022-01-012022-12-310001477333cloud:RestrictedStockAndRestrictedStockUnitsMember2022-01-012022-12-310001477333cloud:RestrictedStockAndRestrictedStockUnitsMember2022-12-310001477333cloud:RestrictedStockAndRestrictedStockUnitsMember2023-01-012023-12-310001477333cloud:RestrictedStockAndRestrictedStockUnitsMember2023-12-310001477333us-gaap:EmployeeStockMemberus-gaap:CommonClassAMembercloud:TwoThousandAndNineteenEmployeeStockPurchasePlanMember2019-09-300001477333us-gaap:EmployeeStockMembercloud:ClassAAndClassBCommonStockMembercloud:TwoThousandAndNineteenEmployeeStockPurchasePlanMember2019-09-012019-09-300001477333us-gaap:EmployeeStockMembercloud:TwoThousandAndNineteenEmployeeStockPurchasePlanMember2019-09-012019-09-300001477333us-gaap:EmployeeStockMemberus-gaap:CommonClassAMembercloud:TwoThousandAndNineteenEmployeeStockPurchasePlanMember2019-09-012019-09-300001477333us-gaap:EmployeeStockMemberus-gaap:CommonClassAMembercloud:TwoThousandAndNineteenEmployeeStockPurchasePlanMember2023-01-012023-12-310001477333us-gaap:EmployeeStockMemberus-gaap:CommonClassAMembercloud:TwoThousandAndNineteenEmployeeStockPurchasePlanMember2022-01-012022-12-310001477333us-gaap:EmployeeStockMembercloud:TwoThousandAndNineteenEmployeeStockPurchasePlanMember2023-12-310001477333us-gaap:EmployeeStockMembercloud:TwoThousandAndNineteenEmployeeStockPurchasePlanMember2023-01-012023-12-310001477333us-gaap:EmployeeStockMember2023-01-012023-12-310001477333us-gaap:EmployeeStockMember2022-01-012022-12-310001477333us-gaap:EmployeeStockMember2021-01-012021-12-310001477333us-gaap:CostOfSalesMember2023-01-012023-12-310001477333us-gaap:CostOfSalesMember2022-01-012022-12-310001477333us-gaap:CostOfSalesMember2021-01-012021-12-310001477333us-gaap:SellingAndMarketingExpenseMember2023-01-012023-12-310001477333us-gaap:SellingAndMarketingExpenseMember2022-01-012022-12-310001477333us-gaap:SellingAndMarketingExpenseMember2021-01-012021-12-310001477333us-gaap:ResearchAndDevelopmentExpenseMember2023-01-012023-12-310001477333us-gaap:ResearchAndDevelopmentExpenseMember2022-01-012022-12-310001477333us-gaap:ResearchAndDevelopmentExpenseMember2021-01-012021-12-310001477333us-gaap:GeneralAndAdministrativeExpenseMember2023-01-012023-12-310001477333us-gaap:GeneralAndAdministrativeExpenseMember2022-01-012022-12-310001477333us-gaap:GeneralAndAdministrativeExpenseMember2021-01-012021-12-310001477333cloud:SeniorConvertibleNotesDue2025Member2023-01-012023-12-310001477333cloud:SeniorConvertibleNotesDue2025Member2022-01-012022-12-310001477333cloud:SeniorConvertibleNotesDue2025Member2021-01-012021-12-310001477333cloud:SeniorConvertibleNotesDue2026Member2023-01-012023-12-310001477333cloud:SeniorConvertibleNotesDue2026Member2022-01-012022-12-310001477333cloud:SeniorConvertibleNotesDue2026Member2021-01-012021-12-310001477333cloud:ShareBasedPaymentArrangementSharesSubjectToRepurchaseMember2023-01-012023-12-310001477333cloud:ShareBasedPaymentArrangementSharesSubjectToRepurchaseMember2022-01-012022-12-310001477333cloud:ShareBasedPaymentArrangementSharesSubjectToRepurchaseMember2021-01-012021-12-310001477333us-gaap:EmployeeStockOptionMember2023-01-012023-12-310001477333us-gaap:EmployeeStockOptionMember2022-01-012022-12-310001477333us-gaap:EmployeeStockOptionMember2021-01-012021-12-310001477333cloud:RestrictedStockAwardAndRestrictedStockUnitRSUsAwardMember2023-01-012023-12-310001477333cloud:RestrictedStockAwardAndRestrictedStockUnitRSUsAwardMember2022-01-012022-12-310001477333cloud:RestrictedStockAwardAndRestrictedStockUnitRSUsAwardMember2021-01-012021-12-310001477333us-gaap:EmployeeStockMember2023-01-012023-12-310001477333us-gaap:EmployeeStockMember2022-01-012022-12-310001477333us-gaap:EmployeeStockMember2021-01-012021-12-310001477333us-gaap:DomesticCountryMember2023-12-310001477333us-gaap:DomesticCountryMember2022-12-310001477333us-gaap:ResearchMemberus-gaap:DomesticCountryMember2023-12-310001477333us-gaap:ResearchMemberus-gaap:DomesticCountryMember2022-12-310001477333us-gaap:StateAndLocalJurisdictionMember2023-12-310001477333us-gaap:StateAndLocalJurisdictionMember2022-12-310001477333us-gaap:ResearchMemberus-gaap:StateAndLocalJurisdictionMember2023-12-310001477333us-gaap:ResearchMemberus-gaap:StateAndLocalJurisdictionMember2022-12-310001477333us-gaap:HerMajestysRevenueAndCustomsHMRCMember2023-12-310001477333us-gaap:HerMajestysRevenueAndCustomsHMRCMember2022-12-310001477333us-gaap:ForeignCountryMember2023-12-310001477333us-gaap:ForeignCountryMember2022-12-310001477333cloud:Area1SecurityIncMember2022-04-012022-04-010001477333cloud:BusinessCombinationLiabilityPaymentScenarioOneMembercloud:Area1SecurityIncMember2022-04-010001477333cloud:BusinessCombinationLiabilityPaymentScenarioOneMembercloud:Area1SecurityIncMember2022-04-012022-04-010001477333cloud:BusinessCombinationLiabilityPaymentScenarioTwoMembercloud:Area1SecurityIncMember2022-04-010001477333cloud:Area1SecurityIncMember2022-04-010001477333cloud:Area1SecurityIncMember2022-01-010001477333cloud:VectrixIncMember2022-01-142022-01-140001477333cloud:VectrixIncMember2022-01-140001477333cloud:VectrixIncMember2022-01-142022-12-310001477333us-gaap:DevelopedTechnologyRightsMembercloud:VectrixIncMember2022-01-140001477333cloud:ZarazMember2021-10-152021-10-150001477333cloud:ZarazMember2021-01-012021-12-310001477333cloud:ZarazMemberus-gaap:DevelopedTechnologyRightsMember2021-10-150001477333cloud:ZarazMember2021-10-150001477333country:US2023-12-310001477333country:US2022-12-310001477333us-gaap:NonUsMember2023-12-310001477333us-gaap:NonUsMember2022-12-310001477333cloud:MatthewPrinceMember2023-01-012023-12-310001477333cloud:MatthewPrinceMember2023-10-012023-12-310001477333cloud:MatthewPrinceMember2023-12-310001477333cloud:MichelleZatlynMember2023-01-012023-12-310001477333cloud:MichelleZatlynMember2023-10-012023-12-310001477333cloud:MichelleZatlynMember2023-12-310001477333cloud:ThomasSeifertMember2023-01-012023-12-310001477333cloud:ThomasSeifertMember2023-10-012023-12-310001477333cloud:ThomasSeifertMember2023-12-310001477333cloud:DouglasKramerMember2023-01-012023-12-310001477333cloud:DouglasKramerMember2023-10-012023-12-310001477333cloud:DouglasKramerMember2023-12-310001477333cloud:KatrinSuderMember2023-01-012023-12-310001477333cloud:KatrinSuderMember2023-10-012023-12-310001477333cloud:KatrinSuderMember2023-12-310001477333cloud:MariaEitelMember2023-01-012023-12-310001477333cloud:MariaEitelMember2023-10-012023-12-310001477333cloud:MariaEitelMember2023-12-3100014773332023-10-012023-12-31

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
_____________________________________
____________
FORM 10-K
__________________________________________________
(Mark One)
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2023
or
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from                to              
Commission file number: 001-39039
__________________________________________________
Cloudflare, Inc.
(Exact name of registrant as specified in its charter)
__________________________________________________
Delaware

27-0805829
(State or other jurisdiction of
incorporation or organization)

(I.R.S. Employer
Identification Number)
101 Townsend Street
San Francisco, California 94107
(Address of principal executive offices and zip code)
(888) 993-5273
(Registrant’s telephone number, including area code)
__________________________________________________
Securities registered pursuant to Section 12(b) of the Act:
Title of Each ClassTrading SymbolName of Each Exchange on Which Registered
Class A Common Stock, $0.001 par valueNETThe New York Stock Exchange
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☒  No ☐
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15 (d) of the Act. Yes ☐  No
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.  Yes ☒  No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).  Yes ☒  No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filer

Accelerated filer
Non-accelerated filer

Smaller reporting company



Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements.
2

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act).  Yes ☐  No
The aggregate market value of the common stock held by non-affiliates of the registrant, based on the closing price of the shares of Class A common stock on June 30, 2023 as reported by the New York Stock Exchange on such date was approximately $9,021 million. Shares of the registrant’s common stock held by each executive officer and director and by each other person who may be deemed to be an affiliate of the registrant have been excluded from this computation. This calculation does not reflect a determination that certain persons are affiliates of the registrant for any other purpose.
As of February 7, 2024, 298,376,723 shares of the registrant's Class A common stock were outstanding and 39,282,522 shares of the registrant's Class B common stock were outstanding.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant's definitive Proxy Statement relating to the 2024 Annual Meeting of Stockholders are incorporated herein by reference in Part III of this Annual Report on Form 10-K to the extent stated herein. Such Proxy Statement will be filed with the Securities and Exchange Commission within 120 days of the registrant's fiscal year ended December 31, 2023.

3

TABLE OF CONTENTS
Page
Item 1.
Item 1A.
Item 1B.
Item 1C.
Item 2.
Item 3.
Item 4.
Item 5.
Item 6.
Item 7.
Item 7A.
Item 8.
Item 9.
Item 9A.
Item 9B.
Item 9C.
Item 10.
Item 11.
Item 12.
Item 13.
Item 14.
Item 15.
Item 16.

4

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. Forward-looking statements generally relate to future events or our future financial or operating performance. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expects,” “plans,” “anticipates,” “could,” “intends,” “target,” “projects,” “contemplates,” “believes,” “estimates,” “predicts,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern our expectations, strategy, plans, or intentions.
Forward-looking statements contained in this Annual Report on Form 10-K include, but are not limited to, statements about:
our ability to retain and upgrade paying customers;
our ability to attract new paying customers, including large customers, or convert free customers to paying customers;
our future financial performance, including trends in revenue, costs of revenue, gross profit or gross margin, operating expenses, paying customers, and free cash flow;
our ability to achieve or maintain profitability and positive cash flow;
the impact of adverse economic conditions on our customers’ spending ability and the overall demand for our products;
the consequences we may face resulting from the activities of our customers and the actions we take in response, including associated theories of liability;
the demand, and our ability to generate demand, for our products or for solutions for security, performance, and reliability in general;
possible harm caused by significant disruption of service, loss or unauthorized access to customers’ content, or the actual or perceived failure of our products to prevent security incidents;
our ability to compete successfully in competitive markets;
our ability to respond to rapid technological changes;
our ability to continue to innovate and develop new products;
our expectations and management of future growth;
the impact of the Hamas-Israel and Russia-Ukraine conflicts, other areas of geopolitical tension around the world, or the worsening or expansion of those conflicts or geopolitical tensions, and the related challenging macroeconomic conditions globally, including on our and our customers', vendors', and partners' respective businesses and the markets in which we and our customers, vendors, and partners operate;
our ability to maintain favorable co-location relationships, Internet service provider (ISP) partnerships, and other interconnection arrangements around the world;
our ability to offer high-quality customer support;
our ability to manage our global operations;
our expectations of and ability to comply with applicable laws around the world;
our ability to correctly estimate our tax obligations around the world;
our ability to repay our convertible senior notes when due;
our ability to attract, integrate, and retain key personnel and other highly qualified personnel;
our ability to maintain our brand;
our ability to prevent serious errors or defects across, and to otherwise maintain the uninterrupted operation of, our network;
our ability to maintain, protect, and enhance our intellectual property; and
our ability to successfully identify, acquire, and integrate companies and assets.
5

You should not rely upon forward-looking statements as predictions of future events. We have based the forward-looking statements contained in this Annual Report on Form 10-K primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, results of operations, and prospects. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties, and other factors described in the section titled “Risk Factors” and elsewhere in this Annual Report on Form 10-K. Our Risk Factors are not guarantees that no such conditions exist as of the date of this report and should not be interpreted as an affirmative statement that such risks or conditions have not materialized, in whole or in part. Readers are urged to carefully review and consider the various disclosures made in this Annual Report on Form 10-K and in other documents we file from time to time with the Securities and Exchange Commission (SEC) that disclose risks and uncertainties that may affect our business. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this Annual Report on Form 10-K. We cannot assure you that the results, events, and circumstances reflected in the forward-looking statements will be achieved or occur, and actual results, events, or circumstances could differ materially from those described in the forward-looking statements.
The forward-looking statements made in this Annual Report on Form 10-K relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this Annual Report on Form 10-K to reflect events or circumstances after the date of this Annual Report on Form 10-K or to reflect new information or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements. Our forward-looking statements do not reflect the potential impact of any future acquisitions, mergers, dispositions, joint ventures, or investments we may make.
In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based upon information available to us as of the date of this Annual Report on Form 10-K, and while we believe such information forms a reasonable basis for such statements, such information may be limited or incomplete, and our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all potentially available relevant information. These statements are inherently uncertain and investors are cautioned not to unduly rely upon these statements.
6

SELECTED RISKS AFFECTING OUR BUSINESS

Investing in our Class A common stock involves numerous risks, including those set forth below. This summary does not contain all of the information that may be important to you, and you should read this risk factor summary together with the more detailed discussion of risks and uncertainties set forth in Part I, Item 1A. Risk Factors of this Annual Report on Form 10-K. Below are summaries of some of these risks, any one of which could materially adversely affect our business, financial condition, results of operations, and prospects. In that event, the market price of our Class A common stock could decline, and you could lose part or all of your investment. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that adversely affect our business. Our Risk Factors are not guarantees that no such conditions exist as of the date of this report and should not be interpreted as an affirmative statement that such risks or conditions have not materialized, in whole or in part.
We have a history of net losses and may not be able to achieve or sustain profitability in the future.
We have experienced rapid revenue growth, which may not be indicative of our future performance.
Adverse economic conditions, including reduced spending on products and solutions for network security, performance, and reliability, may adversely impact our revenue and profitability.
The Hamas-Israel and Russia-Ukraine conflicts, other areas of geopolitical tension around the world, or the worsening or expansion of those conflicts or tensions, and any related challenging macroeconomic conditions globally and in various countries in which we and our customers operate may materially adversely affect our customers, vendors, and partners, and the duration and extent to which these factors may impact our future business and operations, results of operations, financial condition, and cash flows remain uncertain.
If we are unable to attract new paying and free customers, our future results of operations could be harmed.
Our business depends on our ability to retain and upgrade paying customers, expand the number of products we sell to paying customers, and, to a lesser extent, convert free customers to paying customers, and any decline in renewals, upgrades, expansions, or conversions could adversely affect our future results of operations.
If we are unable to effectively attract, expand, and retain sales to large customers, or we fail to mitigate the additional risks associated with serving large customers, our business, results of operation, and financial condition may suffer.
Activities of our paying and free customers or the content of their websites or other Internet properties, as well as our response to those activities, could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and others.
We face intense and increasing competition, which could adversely affect our business, financial condition, and results of operations.
If we do not effectively attract, train, and retain our sales force to be able to sell our existing and new products and product features, we may be unable to add new contracted customers, or increase sales to our existing customers and our business would be adversely affected.
We rely on our co-founders and other key technical, sales, and management personnel to grow our business, and the loss of one or more key employees or the inability to successfully attract, integrate, and retain qualified senior management and other personnel, or the failure of new members of our management team to successfully lead and scale our business, could harm our business.
Problems with our internal systems, networks, or data, including actual or perceived breaches or failures, could cause our network or products to be perceived as insecure, underperforming, or unreliable, our customers to lose trust in our network and products, our reputation to be damaged, and our financial results to be negatively impacted.
If our global network that delivers our products or the core co-location facilities we use to operate our network are damaged, interfered with, or otherwise fail to meet the requirements of our business or local regulations, our ability to provide access to our network and products to our customers and maintain the performance of our network could be negatively impacted, which could cause our business, results of operations and financial condition to suffer.
7

Detrimental changes in, or the termination of, any of our co-location relationships, ISP partnerships, or our other interconnection relationships with ISPs could adversely impact our business, results of operations, and financial condition.
The actual or perceived failure of our products to block malware or prevent a security breach or incident could harm our reputation and adversely impact our business, results of operations, and financial condition.
Activities of our paying and free customers or the content of their websites and other Internet properties may violate applicable laws and/or our terms of service and could subject us to lawsuits, regulatory enforcement actions, and/or liability in various jurisdictions.
Our actual or perceived failure to comply with privacy, data protection, information security, and other applicable laws, regulations, and obligations could harm our business.
Our network presence within China is dependent upon our commercial relationship with JD Cloud, and any detrimental changes in, or the termination of, that relationship could jeopardize our ability to offer an integrated global network that includes China.
The trading price of our Class A common stock may be volatile, and you could lose all or part of your investment.
The dual class structure of our common stock has the effect of concentrating voting control with those stockholders who held our capital stock prior to the completion of our initial public offering, and it may depress the trading price of our Class A common stock.
Repaying and servicing our existing and future debt, including our 2026 Notes (as defined below), may require a significant amount of cash, and we may not have sufficient cash flow from our business to pay our indebtedness.
8

PART I

Item 1. Business
Overview
Cloudflare’s mission is to help build a better Internet.
In recent years, the technology industry has undergone a massive transition from on-premises hardware and software that customers buy, to services in the cloud that they rent. Organizations find themselves at different points in this transition to the cloud. Regardless of where organizations are in their transition, they all face a common set of challenges: they exist in a complex, heterogeneous infrastructure environment which exacerbates the fundamental problems of the Internet more than ever, and the on-premises hardware boxes that they once relied upon to solve these problems were never designed to work in such an environment. As more workloads move to the cloud and employees are increasingly working remotely, there is no point in installing additional hardware boxes on premise. An on-premises box will not solve the problems organizations now face. Nor can a business ship a hardware box to a cloud vendor. Even if they wanted to, there is literally no place to install such a box in the cloud.
The result is that a major architectural shift at the network layer is underway. Previously, enterprises would often string together a diverse set of on-premises hardware boxes from different vendors to solve their network challenges. As these solutions move to the cloud, the network latency, support complexity, and cost of overhead makes stringing together multiple point-cloud solutions that only address specific network needs also untenable. Customers are therefore looking to consolidate behind a single, global provider that operates in the cloud — what has been described as a “Connectivity Cloud".
Cloudflare is a leader in this Connectivity Cloud category. We deliver a broad range of services to businesses of all sizes and in all geographies — making them more secure, enhancing the performance of their business-critical applications, and eliminating the cost and complexity of managing individual network hardware. Our network serves as a scalable, easy-to-use, unified control plane to deliver security, performance, and reliability across on-premises, hybrid, cloud, and software-as-a-service (SaaS) applications. We serve comprehensive customer needs across security and connectivity, and increasingly, the distributed and programmable nature of our network is resulting in customers building their applications on top of our network, too — including both traditional applications and those that are enhanced with artificial intelligence (AI).
Our Network
We have built an efficient, scalable, programmable network that allows us to rapidly develop and deploy our products for our customers and that is architected to be flexible, scalable, and get more and more efficient as it expands. Our network is designed to be able to grow capacity quickly and inexpensively; to allow for every server, in every city, to run nearly every Cloudflare service; and to allow us to shift customers and traffic across our network efficiently. We refer to this architecture as “serverless” because it means we can deploy standard, commodity hardware, and our product developers and customers do not need to worry about the underlying servers. Our software is designed to manage the deployment and execution of our product developers’ code and our customers’ code across our network. Because we manage the execution and prioritization of code running across our network, it means that we are both able to improve the performance of our highest paying customers, and also effectively leverage idle capacity across our network.
We have chosen to utilize this idle capacity to create a free tier of service which has generated substantial global scale for us. In turn, this scale makes us attractive partners for Internet Service Providers (ISPs) globally, which reduces our co-location and bandwidth costs. As our network grows, these dynamics become even more powerful. Today, our network spans more than 310 cities in over 120 countries worldwide and interconnects with over 13,000 networks globally, including major ISPs, cloud services, and enterprises.
Increasingly, we are finding that our customers are also using our network to build their applications too. We believe this programmable feature of our network is attractive to our customers for a number of reasons, including:
9

the global reach of our network and how it puts our customers’ applications closer to the world's Internet-connected population;
the nature of our serverless offering, meaning that rather than having to worry about regions, or the deployment and scaling of containers as applications grow in popularity, we do it automatically for them; and
our ongoing deployment of graphics processing units (GPUs) across our global network of servers, which will help our customers build performant AI into their applications natively.
Growth Strategy
Key elements of our growth strategy include:
Acquire New Customers: We believe that anyone that relies on the Internet to deliver products, services, or content can be a Cloudflare customer. We plan to continue to grow our customer base across all of our offerings—contracted, pay-as-you-go, and free.
Contracted and Pay-As-You-Go: We are focused on the continued growth of our paying customer base, particularly contracted customers (our customers on an Enterprise plan) and large customers. We also are continuing to focus on growth in our pay-as-you-go customers (those on paid Pro and/or Business plans) that is predominantly used by our small and medium customers.
Free: In addition to our focus on paying customers, we will continue to invest in awareness and functionality of our products to drive overall customer growth beyond the millions of Internet properties using Cloudflare today.

Expand Our Relationships with Existing Customers: Customers expand their relationships with us by upgrading to premium plans, increasing their usage of our products, or adding products from our different suites of products or across the same product suite.
Develop New Products and Solutions: We continue to invest in new product development and building new solutions for our existing customers and potential new customers, and as we onboard more customers and more traffic on our network, our ability to identify promising new avenues for innovation improves.
Extend Our Developer Solutions Strategy: We have seen a growing number of customers that have chosen to bring applications to market using our developer-based solutions, including Cloudflare Workers. This has opened up an entirely new market for us: storage and compute. Our developer offerings are attractive in the market because of our architecture and the power of our network, and we believe adoption of these offerings will continue to grow as we further invest in them.
Our Products
We deliver a suite of deeply integrated products that serve as a unified control plane for our customers, allowing them to build, connect, and secure web applications and corporate infrastructure. Customers can quickly and easily join Cloudflare by using just one of our products and then expand their usage of Cloudflare over time by adding additional products. Our full suite of products consists of (1) our website and application services to deliver security, performance, and reliability for an organization's websites, applications, and application programming interfaces (APIs), (2) our secure access service edge (SASE) platform — Cloudflare One — which contains our suite of Zero Trust and network services solutions to help ensure traffic in and out of an organization’s internal network and devices is verified and authorized as well as to securely connect data centers, cloud services, and branch offices to an organization with our Connectivity Cloud, (3) our developer-based solutions to build and deploy serverless applications with scale, performance, security and reliability, and (4) our consumer offerings.
Website and Application Services
Cloudflare offers a suite of website and application services products to help ensure that Internet properties such as websites, applications, and APIs that are exposed to the Internet are safe from attack, and are fast and reliable. This suite of products also includes analytics products to provide a customer with the ability to build customized analytics to provide insights and intelligence to further protect and accelerate their Internet properties, such as monitoring
10

threats, searching for specific search engine crawlers, understanding DNS query traffic, and analyzing real time data traffic.
Website and Application Security
We provide an integrated cloud-based security solution designed to secure any combination of platforms, including public cloud, private cloud, on-premises, SaaS applications, and “Internet of things” devices. Our primary website and application security product offerings include:
Web Application Firewall (WAF): Protects a customer’s Internet properties from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests, with no changes to the customer’s existing infrastructure.
Bot Management: Detects and manages undesired or malicious Internet traffic generated by malicious software programs called bots, while still allowing useful bots to access Internet properties through machine learning and behavioral analytics.
Distributed Denial of Service (DDoS) Protection: Protects a customer’s website applications from DDoS attacks, which are malicious attempts to disrupt the normal operations of an application, targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
API Gateway: Keeps customer APIs secure and productive with API discovery, integrated API management and analytics, and layered API defenses.
SSL / TLS Encryption: Manages encrypted secure socket layer (SSL) and transport layer security (TLS) web traffic to prevent data theft and tampering to improve security as well as application and website productivity. Advanced Certificate Manager (ACM) also provides a consolidated certificate management experience with greater configuration for managing multiple certificates.
Rate Limiting: Provides the ability to configure thresholds, define responses, and gain valuable insights into specific URLs of websites, applications, or API endpoints.
Script Management (Page Shield): Protects website visitors from customer-side attacks that target vulnerabilities directly in the browser environment.
Security Center: An actionable dashboard that provides insights into threats, risks, and configuration suggestions, acting as a security practitioner’s home page.
Website and Application Performance
Our website and application performance solutions improve conversions, reduce churn, and improve visitor experiences by accelerating web and mobile performance, while keeping applications available and allowing our customers to run their digital operations much more efficiently. Our primary website and application performance product offerings include:
Content Delivery: Accelerates content delivery time by automatically serving our customers' most popular content from our network locations close to our customers’ users.
Load Balancing: Enhances performance and reliability for single, hybrid-cloud, and multi-cloud environments. Our cloud-based products provide local and global load balancing to reduce latency by distributing traffic across multiple servers or by routing traffic to the closest geolocation region to the user.
DNS: Authoritative DNS keeps customer Internet properties online and available around the world, and DNS resolver returns the IP addresses of servers when a user enters a domain name.
Argo Smart Routing: Improves Internet performance by intelligently routing end users through less congested and more reliable paths over the Internet using our network.
Video Stream Delivery: Caches and delivers HTTP(S) video content on websites, saving the customer on origin server bandwidth costs.
Web Optimization: Adjusts automatically the way content is delivered based on the particular device accessing the site to improve speed without affecting the customer’s Internet property look or features.
Cache Reserve: Serves a limited copy of a cached website, to keep it online for a customer’s visitors should the customer’s origin server go down.
11

Cloudflare Waiting Room: Allows organizations to route large volumes of users to a custom-branded virtual waiting room, helping preserve customer experience and protect origin servers from being overwhelmed with requests.
Cloudflare Data Localization Suite: Sets rules and controls at the network edge about where data is stored and protected, while taking advantage of Cloudflare's global network.
SASE Platform (Cloudflare One)
Our SASE platform combines network services and Zero Trust security through the Cloudflare One suite of products to provide a comprehensive, cloud-based network-as-a-service solution that is designed to be secure, fast, reliable, and define the future of the corporate network. Whereas some large companies had built their own proprietary networks to control and protect their employees working in virtual space, that model had significant limitations, including a price tag that was prohibitive for most companies and an inability to adapt well to increased use of mobile devices and remote work. By leveraging the public Internet, Cloudflare One brings together in a single pane of glass how employees connect, on-ramps for branch offices, secure connectivity for applications, and controlled access to SaaS applications.

Network Services

These products help our customers connect, secure, and accelerate their corporate networks, without the need to manage legacy network hardware. This effectively enables Cloudflare to act as a secure wide area network (WAN) for all entities on a corporate network regardless of what device they use or where they are located.
Magic WAN: Connects and routes traffic between different networks within an enterprise, which are often broadly geographically dispersed, across Cloudflare's global network.
Magic Transit: Extends the benefits of our network to customers' on-premises and data center networks. Magic Transit is deployed in front of an enterprise network and protects it at the IP layer from DDoS attacks and enables provisioning of a full suite of virtual network functions, including IP packet filtering and firewalling, load balancing, and traffic management tools.
Magic Firewall: Cloud-based firewall enables administrators to set policies for all traffic entering and leaving the network.
Cloudflare Network Interconnect: Direct Internet connectivity between Cloudflare’s global network and on-premises networks wherever they are, whether over a private network interconnect or over an Internet exchange.
Spectrum: Extends Cloudflare’s speed, security, and reliability functionality to TCP/UDP applications at the transport layer of the Internet, such as gaming applications and voice over Internet protocol (VoIP) applications.

Zero Trust Security

These products shield users of a corporate network from attacks, inspect traffic for threats, and apply privilege rules to grant access to the customer's data and applications.
Cloudflare Access: Enforces Zero Trust application access based on identity.
Cloudflare Gateway: Filters all traffic crossing to customer employee devices to prevent malicious traffic reaching end-user devices.
Remote Browser Isolation: Runs a customer's browsers in the cloud as opposed to on-device, insulating devices from attacks.
Cloud Access Security Broker (CASB): Provides visibility and control over SaaS applications to help prevent data leaks and compliance violations.
Cloud Email Security: Protects users of a corporate network from phishing, business email compromise, and email supply chain attacks.
Data Loss Prevention: Inspects HTTP/S traffic for sensitive data like personally identifiable information (PII) and prevents exfiltration of customer information with allow or block policies.
12

Developer-based Solutions
By leveraging our serverless platform, developers can build serverless applications on our network that scale without needing to spend time and effort on infrastructure or operations. This enables developers to deliver more performant applications that have global scale, all while improving their productivity. Our primary developer-based solutions include:
Cloudflare Workers: Allows developers to augment existing applications or create entirely new ones through a lightweight execution environment without configuring or maintaining infrastructure.
R2 Object Storage: Provides global object storage and the ability to create multi-cloud architectures for data storage.
Workers KV: Helps developers manage states for their applications with a globally distributed key-value storage.
Durable Objects: Enables a customer to build and run collaborative applications, such as chat rooms, games, and whiteboards, on our global network.
Cloudflare Pages: Allows front-end developers to quickly and easily build, collaborate on, and deploy websites.
Cloudflare Stream: Enables live and on-demand video streaming from our global network.
Cloudflare Images: Provides an end-to-end solution to cost-effectively build and maintain image infrastructure.
Consumer Offerings
Our consumer products make it easy for individuals to have a performant and secure Internet experience. Adoption of our consumer offerings makes our business offerings more powerful and adoption of our business offerings improves our consumer offerings. Our consumer offerings also have been an effective and differentiated marketing channel to increase the awareness of our brand. Our primary consumer product offerings include:
1.1.1.1: A consumer DNS resolver app that provides a fast and private way to browse the Internet. 1.1.1.1 is a public DNS resolver, but unlike most DNS resolvers, we do not sell user data to advertisers. Our implementation of 1.1.1.1 makes it among the fastest resolvers available, and we support DNS over HTTPS (DoH) which encrypts and secures consumers’ DNS requests. An additional version of our consumer DNS resolver known as 1.1.1.1 for Families adds a layer of protection to consumer home networks and protects them from malware and adult content.
WARP: A virtual private network (VPN) for consumers designed to secure and accelerate traffic on mobile devices. The basic version of WARP is included as an option with the 1.1.1.1 App for free, and a premium version that accelerates a user's Internet access is available for purchase.
Cloudflare Registrar: Offers secure registration and management of domain names.

Our Customers

We view our millions of free and paying customers, which manage millions of Internet properties on our network, as part of a broad, global community.
As of December 31, 2023, we had approximately 190,000 paying customers across more than 120 countries. Our paying customer base is highly diversified across organizations of all sizes in every major industry vertical including technology, healthcare, financial services, consumer and retail, industrial, non-profit, and government. Our large customer count has increased from 1,416 as of December 31, 2021 to 2,042 as of December 31, 2022 to 2,756 as of December 31, 2023. Refer to Part II, Item 7, Management's Discussion and Analysis of Financial Condition and Results of Operations for additional information regarding the definitions of our "paying customers" and "large customers."
No single customer accounted for more than 10% of our revenue in the years ended December 31, 2021, 2022, or 2023.

13

Environmental, Social, and Governance

We believe a better Internet can be not only a force for good but also an engine of global sustainability. Cloudflare Impact — the platform for our corporate social responsibility and sustainability programs — was launched in 2021 and is organized around three core beliefs:
a better Internet is principled;
a better Internet is for everyone; and
a better Internet is sustainable.
As a signatory to the United Nations Global Compact, we are committed to the United Nations Ten Principles and supporting the United Nations Sustainable Development Goals, with annual tracking of our progress. To that end, we document and publish our company-wide direct and indirect emissions consistent with the Greenhouse Gas Protocol, and have committed to powering our operations with 100% renewable energy based on methodology developed by RE100, a global corporate renewable energy initiative. In 2023, we committed to setting near-term company-wide emissions reductions in line with climate science with the Science Based Targets initiative.
We are also committed to respecting human rights under the United Nations Guiding Principles on Business and Human Rights, and advancing and protecting freedom of expression and privacy consistent with the Global Network Initiative (GNI) Principles. As part of those commitments, we continue to develop our internal human rights practice, including mandatory human rights training for all employees, incorporating human rights due diligence into our operations, and multi-stakeholder engagement including through GNI and the United Nations Human Rights Office of the High Commissioner's B-Tech Project, Community of Practice.
In 2023, we conducted our first GNI Assessment, which is a comprehensive audit of our human rights systems, policies, and procedures associated with implementing the GNI Principles. The results of our assessment were presented to GNI's multi-stakeholder board, which includes information and communication technology companies, civil society organizations (including human rights and press freedom groups), academic experts, and investors from around the world, for review and evaluation.
Our Board of Directors, through its nominating and corporate governance committee, oversees Cloudflare Impact and its related corporate social responsibility and sustainability programs and our other environmental, social, and governance (ESG) initiatives and programs. Additional information regarding our ESG initiatives and programs can be found in the latest Cloudflare Impact Report and ESG Index, which are located on our website at https://www.cloudflare.com/impact/. The Cloudflare Impact Report, as well as the ESG Index and Emissions Inventory, are updated annually. This website address is intended to be an inactive textual reference only. None of the information on, or accessible through, our website is part of this Form 10-K or is incorporated by reference herein.
Initiatives We Support
In support of our mission, we have launched various initiatives to help build a better Internet, including:
Project Galileo: Since 2014, we have equipped at-risk public interest groups with a set of our products at no cost to defend themselves against attacks that would otherwise censor their work. In December 2022, we extended our Zero Trust security solutions to organizations under Project Galileo at no cost to further protect against security problems such as data loss, malware, and phishing. The more than 2,400 recipients of services under Project Galileo include independent journalists reporting on repressive regimes, minority rights and arts groups in closed societies, and civil society organizations supporting democratic movements.
Athenian Project: We created the Athenian Project to ensure that state and local governments’ election websites have the highest level of protection and reliability for free, including through our Zero Trust security solutions. We have provided these benefits to more than 390 state and local election websites.
Cloudflare for Campaigns: Since 2020, the Cloudflare for Campaigns program has provided security services to help political campaigns and state political parties in the United States and around the world defend against cyber attacks and election interference. We allow any eligible campaign to access a variety of our security services, including enhanced firewall protection, DDoS attack mitigation, as well as internal data management and security controls.
Project Cybersafe Schools: In August 2023, we launched Project Cybersafe Schools as part of the White House's Back to School Safely: K-12 Cybersecurity Summit. As part of the program, we provide eligible
14

school districts with Zero Trust security solutions that help minimize exposure to harmful online content and common cyber threats such as phishing and credential harvesting. We provide these products for free and with no time limit. Currently, more than 26 school districts in 14 U.S. states participate in the program.
Our Technology
Our distributed and proprietary network is the core of our technology and enables us to move data seamlessly from nearly any point on earth in a fast, efficient, and reliable manner. Our network has been built from the ground up as a single software stack we developed that runs our products in more than 310 cities and over 120 countries worldwide. This allows us to scale quickly while offering a wide range of products and simultaneously lowering operating expenses.

Efficient Serverless Network Design

We have developed a single software stack that is responsible for all of our products. We have been able to efficiently scale our network by building it with commodity hardware components that are powered by our proprietary software. This integrated stack has made scaling, debugging, optimizing, and operating our network and products easier and cheaper. It also allows us to deploy changes across our entire worldwide network in a matter of seconds. In addition, we embed encryption chips into the motherboards of our servers that are designed to preclude anyone else from running unauthorized software on our equipment. This allows us to securely and quickly expand our infrastructure far and wide in order to offer the best service and drive down operating costs.
Our serverless network design allows each individual machine in our global network to run our software suite and provide our products. We have built coordination software that ties together these thousands of machines into a single global network that allows us to efficiently route traffic to different physical locations and to individual machines. This enables us to maximize utilization of our commodity hardware and provide different service levels to different customers. It also allows our network to get more efficient and powerful as we add each incremental server, regardless of where it is located. Every time we add a server or add a new city, our entire network improves.

Network Flexibility

Our network and products are API-driven and designed for developers. We have an API-first mentality, which means anything a customer can do via our web interface can also be performed by our API. This allows our customers to easily embed our service in their own workflows. For example, a customer can use our web interface or API to change its custom configuration and that will be rolled out globally by our configuration software in seconds. This contrasts with many other vendors’ solutions where configuration changes can take hours and require professional services.
Our software is designed to spread loads dynamically across our entire distributed network depending on current network conditions and traffic priority. This enables us to deliver different quality of service depending on what customers pay us, ensuring our highest paying customers get the best performance and permitting us to serve our lower paying and free customers from excess capacity.
Given the distributed and highly efficient nature of our network, we can easily develop new features and products on our platform and deploy them without significant incremental costs. The flexibility of our serverless platform allows us to open it to third parties to write code directly on our network through our Cloudflare Workers product.
Research and Development
Our research and development organization is responsible for the design, development, testing, and delivery of our global network and products. Our R&D team's structure allows us to build a broad swath of products while continuing to innovate. One group works closely with our product management organization to improve, refine, and expand our existing products. A second independent group builds greenfield opportunities that aim to expand our market and reach new markets. In addition, our research team is focused on ensuring that our network, products, and customers are secured with the latest cryptography.
15

We prioritize investment in research and development. Those investments have continued to result in the launch of new products that have helped us attract new customers and sell more products to our existing customers.
Sales
We have a multi-pronged go to market approach that allows us to efficiently serve the needs of very small to very large customers. By using a combination of web self-service, direct sales, and indirect sales, we are able to serve customers across a wide range of sizes, geographies, and vertical markets.
We offer self-service access to certain of our products through our website and hosting partners where customers can either start on a free or paid plan and, as we demonstrate value, upgrade over time. Those customers on paid Pro and/or Business plans, which we refer to as “pay-as-you-go” customers, are able to sign up for plans of bundled products as well as individual offerings that are payable monthly or annually. Pay-as-you-go customers are able to onboard and customize our products through our console and pay for their subscription using a credit card. Our automated and easy to use process enables us to efficiently onboard new customers or existing customers to new products without requiring any interaction with our sales team. As pay-as-you-go customers evolve their usage of our products, some upgrade to an Enterprise plan for greater control, higher service levels and terms, or productivity-related tools while existing contracted customers can add their increased usage or expanded products to their bills. We refer to customers on an Enterprise plan as “contracted” customers.
We sell directly to contracted customers through our global, technically-oriented inside and field sales teams, and indirectly through our ecosystem of channel partners that includes managed service providers, resellers, distributors, and global system integrators. For large contracted customers, our relationships often start with a portion of the customer’s overall network, security and application needs and expand over time as they consolidate other vendors’ services and increase their adoption of our products and services.
Marketing
Our marketing aims to clearly communicate the value of our offerings to a large and diverse set of global customers at scale. We drive organic awareness and adoption of our products by providing a free offering that enables millions of users to experience the benefits of our global network before they adopt our pay-as-you-go offerings or contract for our Enterprise plan. We engage with developers across blogs, social media, and other channels to help build our brand and visibility among technical communities. In addition, our consumer products, including 1.1.1.1 and WARP, provide an effective and differentiated marketing channel to expand the awareness of our brand.
We invest in a variety of targeted digital and non-digital marketing activities and programs to build awareness, engage with prospects, and build pipeline for our global sales teams. We also share stories of how large customers are rapidly adopting our services across use cases, industry verticals, and geographies, to communicate customer trust and our market momentum.
Competition
We compete in the market for network services primarily across three categories:
On-premises network hardware vendors. We compete with companies in this category to provide security, performance, and reliability services. We believe we are positioned favorably against these vendors with our cloud-based, multitenant approach that is better suited to an increasingly cloud-based world and that allows customers to treat our services as operational as opposed to capital costs.
Point solution vendors, which provide cloud-based products and services to address a single use case or challenge, in various categories including cloud security vendors, content delivery network (CDN) vendors, domain name system (DNS) services vendors, email security vendors, and cloud SD-WAN vendors. Providers in these categories are all focused on delivering cloud-based point solutions. However, customers are increasingly looking for an integrated infrastructure platform offering security, performance, and reliability through a single vendor.
16

A subset of services provided by traditional public cloud vendors. We believe customers want the ability to manage a consistent policy across their on-premises, cloud, hybrid, and SaaS vendors, and be able to enforce that policy through an independent and integrated services provider. Customers are concerned about being locked in to any one public cloud provider. Our ability to efficiently and inexpensively move data between multiple clouds allows our customers to pick and choose the best from any cloud provider without fearing lock-in. Furthermore, unlike some public cloud providers, our business model aligns fully with the interests of our customers. We do not sell user data. We do not aim to compete with our customers.
As we open our serverless platform to third-party developers, we believe we are increasingly competing with public cloud vendors for storage and compute workloads. Because of the efficiency of our Cloudflare Workers product, we are able to offer it at prices that are highly competitive with public cloud vendors, and because it is distributed across our entire network, it enables the development of applications that were not previously possible on the traditional public cloud.

The principal competitive factors in the markets in which we operate include:
breadth of network and product features and continued innovation;
integrated solutions across security, performance, and reliability;
unified control plane across on-premises, cloud, hybrid, and SaaS infrastructure;
performance, availability, and effectiveness;
network scalability;
total cost of ownership;
ease of adoption and use;
global network coverage;
quality of customer support;
programmability and extensibility of platform; and
independence, reputation, and trust.

We believe that we are positioned favorably against our competitors based on these principal competitive factors.

Human Capital Resources
As of December 31, 2023, we had 3,682 full-time employees, including 1,592 employees located outside of the United States. We also engage contractors and consultants. None of our employees are represented by a labor union. We have not experienced any work stoppages, and we believe that our employee relations are strong.
Our Culture
A healthy company culture has been a critical part of our success. In order to preserve our culture, we define performance by both results and behaviors. These behaviors — which we call Cloudflare capabilities — are clearly defined, and we use them as part of our hiring, performance, and promotion decisions:
Be curious to learn and grow
Communicate clearly, directly and transparently
Do the right thing
Embrace diversity to make Cloudflare better
Get your work across the finish line
Lead with empathy and assume good intentions

We want everyone at Cloudflare to have rewarding careers, so we invest in development opportunities, aligned with both behaviors and results, to build leadership skills across the company at all levels.
Compensation and Benefits
17

We believe that attracting, motivating, and retaining talent at all levels is vital to our success. Our total rewards programs are built to engage employees, provide support, and encourage career best performance. Through programs that drive employee retention and engagement, we also improve our ability to support customers and protect the long-term interests of our stockholders. We provide our employees with competitive salaries, opportunities for equity ownership, and a comprehensive benefits package that promotes well-being across all aspects of their lives, including health care, life and disability insurance, financial savings, family forming and caregiving benefits, and flexible vacation time. We also offer remote-friendly and flexible work schedules, which allows us to draw from a much larger talent pool and provides potential and current employees with additional opportunities to grow their careers at Cloudflare, while also providing environmental and other benefits.
Diversity, Equity, and Inclusion
We believe that much of our innovation and success is rooted in the diversity of our teams and our commitment to inclusion. We have fostered an inclusive culture through the development of employee-led communities, educational offerings, incorporating behaviors into performance, and reviews of our processes and policies for fairness and inclusion. In recognition of our inclusive culture, we were named one of Human Rights Campaign's 2022 Best Places to Work for LGBTQ Equality. We remain committed to extending our diversity and inclusion initiatives across our global workforce.
We value diversity at all levels and are committed to promoting the advancement of leaders from different backgrounds. We work with our managers to develop strategies for increasing the diversity of their teams and ensuring inclusion, equity, and fairness. An important component of our diversity, equity, and inclusion strategy is to grow a diverse talent pool, and we have established recruiting partnership programs with various organizations to reach underrepresented groups. We are focused on understanding our diversity and inclusion strengths and opportunities in order to execute a strategy to support further progress.
Intellectual Property
Our success depends in part upon our ability to protect and use our core technology and intellectual property rights. We rely on a combination of patents, copyrights, trademarks, trade secrets, know-how, contractual provisions, and confidentiality procedures to protect our intellectual property rights. As of December 31, 2023, we had 290 issued patents and 67 pending patent applications in the United States and abroad. These patents and patent applications seek to protect our proprietary inventions relevant to our business. Our issued patents are scheduled to expire between 2030 and 2043, and cover various aspects of our network and products. In addition, we have registered “Cloudflare” as a trademark in the United States and other jurisdictions, and we have filed other trademark applications in the United States. We are also the registered holder of a variety of domestic and international domain names that include “Cloudflare” (including “Cloudflare.com”).
In addition to the protection provided by our intellectual property rights, we enter into proprietary information and invention assignment agreements or similar agreements with our employees, consultants, and contractors. We further seek to control the use of our proprietary technology and intellectual property rights through provisions in our subscription agreements.
Corporate Information
Cloudflare, Inc. was incorporated in the state of Delaware in July 2009. Our principal executive offices are located at 101 Townsend Street, San Francisco, California 94107, and our telephone number is (888) 993-5273.
Additional Information
Our website is located at https://www.cloudflare.com and our investor relations website is located at https://cloudflare.NET. Copies of our Annual Reports on Form 10-K, our Quarterly Reports on Form 10-Q, our Current Reports on Form 8-K, our Proxy Statements for our annual meetings of stockholders and amendments to these reports filed or furnished pursuant to Section 13(a) or 15(d) of the Exchange Act, as amended, are available free of charge on our investor relations website as soon as reasonably practicable after we file such material electronically
18

with or furnish it to the Securities and Exchange Commission (the SEC). The SEC also maintains a website that contains these filings at www.sec.gov.
We have used, and intend to continue to use, our website, investor relations website, news website (https://www.cloudflare.com/press), blog (https://blog.cloudflare.com), and social media accounts, including our X account (@Cloudflare), our Facebook account (@Cloudflare), and our Instagram account (@cloudflare), as a means of disclosing material non-public information and for complying with our disclosure obligations under Regulation FD.
The contents of the websites provided above are not intended to be incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC. Further, our references to the URLs for these websites are intended to be inactive textual references only.
Item 1A. Risk Factors
Our business involves significant risks, some of which are described below. You should carefully consider the risks and uncertainties described below, together with all of the other information in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes. Any of the following risks could have an adverse effect on our business, results of operations, financial condition, or prospects, and could cause the trading price of our Class A common stock to decline. Our business, results of operations, financial condition, or prospects could also be harmed by risks and uncertainties that are not presently known to us or that we currently believe are not material. In that event, the market price of our Class A common stock could decline, and you could lose part or all of your investment. Our Risk Factors are not guarantees that no such conditions exist as of the date of this report and should not be interpreted as an affirmative statement that such risks or conditions have not materialized, in whole or in part.
Risks Related to Our Business and Our Industry
We have a history of net losses and may not be able to achieve or sustain profitability in the future.
We have incurred net losses in all periods since we began operations and we may not achieve or maintain profitability in the future. We experienced net losses of $183.9 million, $193.4 million, and $260.3 million for the years ended December 31, 2023, 2022, and 2021, respectively, and as of December 31, 2023, we had an accumulated deficit of $1,023.8 million. Because the markets for our products are rapidly evolving, it is difficult for us to predict our future results of operations. We expect our operating expenses to increase over the next several years as we continue to hire additional personnel, expand our operations and infrastructure both domestically and internationally, and continue to develop our products. If we fail to increase our revenue to offset the increases in our operating expenses, we may not achieve or sustain profitability in the future.
We have experienced rapid revenue growth, which may not be indicative of our future performance.
We have experienced rapid revenue growth in recent periods, with revenue of $1,296.7 million, $975.2 million, and $656.4 million for the years ended December 31, 2023, 2022, and 2021, respectively. However, our rate of revenue growth has slowed in recent periods and may continue to slow in future periods. You should not consider our recent growth in revenue as indicative of our future performance. In particular, our revenue growth rates may continue to slow or decline in the future and may not be sufficient to achieve and sustain profitability, as we also expect our costs to increase in future periods. We believe that historical comparisons of our revenue may not be meaningful and should not be relied upon as an indication of future performance. Accordingly, you should not rely on our revenue and other growth for any prior quarter or year as an indication of our future revenue or revenue growth.
Our historical rapid growth and fluctuations in our growth rate more recently may also make it difficult to evaluate our future prospects. Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth, our business, results of operations, and financial condition could be harmed.
19

Adverse economic conditions, including reduced spending on products and solutions for network security, performance, and reliability, may adversely impact our revenue and profitability.
Our operations and financial performance depend in part on worldwide economic conditions and the impact these conditions have on levels of spending on products and solutions for network security, performance, and reliability. Our business depends on the overall demand for these products and on the economic health and general willingness of our current and prospective customers to purchase our products.
The United States, Europe, and the United Kingdom have recently experienced historically high levels of inflation. Although inflation levels have begun to decrease in the United States, the United Kingdom, and Eurozone, the U.S. Federal Reserve, the European Central Bank, and the Bank of England have raised, and may continue to raise or maintain, high interest rates and may implement fiscal policy interventions. Even if these interventions lower inflation, they may also reduce economic growth rates, create a recession, and result in other similar or unexpected effects. For example, the decrease in values of government-issued securities resulting from higher interest rates may have played a significant role in the failures of Silicon Valley Bank and Signature Bank during the first quarter of 2023, the circumstances resulting in the UBS takeover of Credit Suisse during the second quarter of 2023, and generalized uncertainty confronting a number of other financial institutions.
Downturns in economic conditions — including inflation, rising interest rates, reductions in business confidence and activity, the curtailment of government or corporate spending, volatile financial markets, the actual or perceived failure or financial difficulties of additional financial institutions, ongoing supply chain disruptions, and reduced demand for products and services across a variety of industries — have in the past and may in the future affect our business and our current and prospective customers and their industries adversely. For example, during an economic downturn, our current and prospective customers may suffer from reduced operating budgets. Some of our paying customers may view a subscription to our products as a discretionary purchase and may reduce their discretionary spending on our products or reduce or cut their budget to otherwise expand their subscriptions to our products. Moreover, our competitors may respond to market conditions by lowering prices and attempting to lure away our customers.
Further, the sales cycle for new customers of our technology and services could lengthen in the future as a result of challenging macroeconomic conditions, resulting in a potentially longer delay between increasing operating expenses and the generation of corresponding revenue, if any. For example, potentially as a result of these various macroeconomic impacts on our customers, since the first half of 2022, we periodically have experienced lengthening of the average sales cycles for certain types of customers and sales, slowdowns in our pipeline of potential new customers and in the rate of converting sales pipeline opportunities into new sales, increases in average days sales outstanding, higher levels of churn in our paying customer base (which is when any of our paying customers cease to be a paying customer for any reason, including any pay-as-you-go customer converting to a free subscription plan), and lengthening of the timing of payment from some of our customers, all of which may have contributed to a slowdown in our revenue growth over that period (including with respect to new customers). We may also experience increases in new and existing customers requesting concessions in terms of payment amounts and/or timing and earlier or additional termination rights in the future as the challenging macroeconomic conditions continue or worsen.
We continue to monitor economic conditions to assess possible implications to our business and to take appropriate actions in an effort to mitigate the adverse consequences of uncertainty or negative trends. However, there can be no assurances that initiatives we undertake will be sufficient or successful. If there is an economic downturn that affects our current and prospective customers, or if we are unable to address and mitigate the risks associated with any of the foregoing, our business, results of operations and financial condition could be adversely affected.
The Hamas-Israel and Russia-Ukraine conflicts, other areas of geopolitical tension around the world, or the worsening or expansion of those conflicts or tensions, and any related challenging macroeconomic conditions globally and in various countries in which we and our customers operate may materially adversely affect our customers, vendors, and partners, and the duration and extent to which these factors may impact our future business and operations, results of operations, financial condition, and cash flows remain uncertain.
The Hamas-Israel and Russia-Ukraine conflicts, or other areas of geopolitical tension around the world, or any worsening or expansion of those conflicts or geopolitical tensions, and any related challenging macroeconomic
20

conditions globally, could decrease the spending of our existing and potential new customers, adversely affect demand for our products, cause one or more of our customers, vendors, and partners to file for bankruptcy protection or go out of business, cause one or more of our customers to fail to renew, terminate, or seek to renegotiate their contracts with us, affect the ability of our sales team to travel to potential customers, impact expected spending from existing and potential new customers, and negatively impact collections of accounts receivable, all of which could adversely affect our business, results of operations, and financial condition.
Any of the negative impacts of the Hamas-Israel and Russia-Ukraine conflicts, other areas of geopolitical tension around the world, or any worsening of those conflicts or geopolitical tensions, and any related challenging macroeconomic conditions, may have a material adverse effect on our business and operations, results of operations, financial condition, and cash flows. Any of these negative impacts, alone or in combination with others, also could exacerbate many of the other risk factors discussed in this Part I, Item 1A “Risk Factors” of this Annual Report on Form 10-K, including volatility in the trading prices of our Class A common stock. The full extent to which these factors will negatively affect our business and operations, results of operations, financial condition, and cash flows will depend on future developments that are highly uncertain and cannot be predicted, including the scope, severity, and duration of the Hamas-Israel and Russia-Ukraine conflicts, other areas of geopolitical tension around the world, and any economic downturns and the actions taken by governmental authorities and other third parties in response.
If we are unable to attract new paying and free customers, our future results of operations could be harmed.
The success of our business principally depends on our ability to attract new paying and free customers. To do so, we must persuade decision makers at potential customers that our products offer significant advantages over those of our competitors. Other factors, many of which are out of our control, may now or in the future impact our ability to add new paying and free customers, including:
potential customers’ commitments to existing equipment or vendors;
potential customers’ greater familiarity and/or comfort with on-premises, appliance-based products and concerns about potential risks associated with using cloud-based solutions;
actual or perceived switching costs;
our failure to develop new products and features, and to adapt to technological developments, that our potential customers' demand, including potential large customers;
the failure of our new or existing products and features to perform in the manner demanded or expected by potential customers and our existing customers, particularly large customers;
delays in the general availability release of products and features after we have announced their development or beta availability;
our failure to generate demand for our products through effective marketing efforts related to our business and products;
our failure to obtain additional, or maintain existing, government or industry security certifications for our network and products, such as the Federal Risk and Authorization Management Program (FedRAMP) moderate authorization that we achieved in 2022;
negative media, industry, or financial analyst commentary regarding our products and our network and the identities and activities of some of our paying and free customers;
the adoption of new, or amendment of existing, laws, rules, or regulations that negatively impact the utility of, or increase the risk of using, cloud-based solutions generally or our network and products specifically, including changes in new or modified laws and regulations relating to privacy, data protection, and information security;
our failure to effectively recruit, expand, develop, retain, and motivate our sales and marketing personnel;
our failure to develop or expand relationships with existing channel partners or to attract new channel partners;
our failure to help or provide support to our customers, particularly large customers, in order to successfully deploy and use our products in a manner required by them, their industry, or applicable regulators;
21

our failure to educate our customers about our network and products;
the perceived risk, commencement, or outcome of litigation;
deteriorating general economic conditions, including inflation, rising interest rates, and the actual or perceived failure or financial difficulties of financial institutions; and
impacts of the Hamas-Israel and Russia-Ukraine conflicts or other areas of geopolitical tension around the world, or any worsening or expansion of those conflicts or geopolitical tensions.
We believe that the importance of brand recognition for attracting new customers will increase as we introduce new products and continue to expand into new markets. However, the promotion of our brand may require substantial expenditures. We have invested, and expect to continue to invest, substantial resources to increase our brand awareness, both generally and in specific geographies and to specific customer groups. There can be no assurance that our brand development strategies and investment of resources will enhance recognition of our brand or lead to an increased customer base.
If our efforts to attract new paying customers are not successful, our revenue and rate of revenue growth may decline, we may not achieve profitability, and our future results of operations could be materially harmed. If our efforts to attract new free customers are not successful, the benefits to our network and product development cycles from our strategy of providing a free subscription plan will be diminished.
Our business depends on our ability to retain and upgrade paying customers, expand the number of products we sell to paying customers, and, to a lesser extent, convert free customers to paying customers, and any decline in renewals, upgrades, expansions, or conversions could adversely affect our future results of operations.
Our business is subscription-based and it is important for our business and financial results that our paying customers renew their subscriptions for our products when existing contract terms expire. Our pay-as-you-go customers pay with a credit card on a monthly or annual basis and can terminate their subscriptions, or switch to less expensive subscription plans, at will with little advance notice. Because pay-as-you-go customers that subscribe to our basic subscription plans are an important source of revenue, this ease of termination could cause our results of operations to fluctuate significantly from quarter to quarter. Our contracted customers, which consist of customers that sign up for our Enterprise plan, enter into longer term agreements typically ranging from one to three years, and they generally have no obligation to renew their subscriptions for our products after the expiration of their contractual period and are allowed to cancel their subscriptions in the case of our uncured material breach of the agreement. Some contracted customers also have agreements that allow them to terminate the agreement without cause upon little or no advance written notice, or upon our failure to meet certain service level commitments, or to obtain and maintain industry security certifications within a specified time frame. Should certain of our contracted customers, especially our large customers, terminate their agreements, or reduce their expenditures, with us, our financial condition and results of operations may materially suffer. In addition, as we continue to increase our number of large customers, and the amount of revenue we receive from large customers, this risk may increase.
Due to our varied customer base and short average subscription periods, it is difficult to accurately predict our long-term customer retention rate. Our customer retention may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with the security, performance, and reliability of our products and our global network, our development and general availability release of new products and features and adaptation to technological developments, our prices and subscription plans, our ability to provide adequate customer support or otherwise address customer concerns with our products, our customers’ budgetary restrictions (including reductions in spending as a result of uncertain economic conditions or overall industry uncertainty), mergers, acquisitions, joint ventures, and business partnerships and relationships involving our customers, failure or bankruptcy of our customers, the perception that competitive products provide better or less expensive options, negative public perception of us or our free and paying customers, concerns about new or amended laws, rules, or regulations that increase the risk of using cloud-based solutions or our network and products specifically, and deteriorating general economic conditions.
Our future financial performance also depends in part on our ability to continue to upgrade paying customers to higher-tier subscriptions, expand the number of products we sell to paying customers, and, to a lesser extent, to convert free customers into paying customers. Conversely, our paying customers may convert to lower-cost or free plans or reduce the number of products they purchase from us if they do not see the marginal value in paying for
22

our higher-cost plans or for our specific products, or due to challenging macroeconomic conditions and/or reduced operating budgets, thereby impacting our ability to increase revenue. For example, during the second and third quarters of 2022, we experienced a higher level of churn in our paying customer base (which is when any of our paying customers cease to be a paying customer for any reason, including any pay-as-you-go customer converting to a free subscription plan). Moreover, our free customers have no obligation to transition to paying customers at any point. In order to expand our commercial relationship with our customers, existing paying and free customers must decide that the incremental cost associated with such an upgrade in their subscription plans, the purchase of additional, or the expanded use of their currently used, products is justified by the additional functionality they would gain. For example, some of our paying customers may decide that our Enterprise plan offerings do not provide sufficient incremental value to upgrade from our pay-as-you-go offering or to continue any such previously chosen upgrade. Our customers’ decisions whether to upgrade their subscription, purchase additional, or expand current usage, of our products or to continue any such previously chosen upgrade or purchased products are driven by a number of factors, including customer satisfaction with the security, performance, and reliability of our network and products, customer security and networking issues and requirements, general economic conditions, and customer reaction to the price for additional products. If our efforts to expand our relationship with our existing paying and free customers are not successful, our financial condition and results of operations may materially suffer.
If we are unable to effectively attract, expand, and retain sales to large customers, or we fail to mitigate the additional risks associated with serving large customers, our business, results of operation, and financial condition may suffer.
Our growth strategy is dependent, in large part, upon attracting, expanding, and retaining sales to large customers. For our definition of “large customers,” see Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations. Attracting, expanding, and retaining sales to large customers involve risks that may not be present, or that are present to a lesser extent, with sales to smaller customers, including:
competition from companies that traditionally target larger enterprises and that may have pre-existing relationships or purchase commitments from such larger enterprise customers, including companies that seek to bundle sales of their new or existing products that are competitive to our products, or that may have more experienced sales personnel or greater budgetary resources available or committed to such larger enterprise customers;
longer evaluation periods, more detailed evaluations, and more cumbersome contract negotiation and approval processes, including potential requirements for such purchasing decisions to be approved by senior executives of such companies;
increased purchasing power and leverage in negotiating pricing terms and other contractual arrangements with us;
requirements for more technically complex configurations, integrations, deployments, or features;
greater customer support or assistance with migrating their systems from another vendor to our network and products;
more stringent requirements in terms of the security, performance, and reliability of our products and our network and our support and compliance obligations related to our products;
increased usage of our global network that may require us to incur greater network infrastructure expenditures; and
longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that elects not to purchase, expand, or continue to purchase our products.
Historically, the implementation period to start using, or expanding the use of, our products has been short, with most customers under our pay-as-you-go plans implementing usage of our products within a matter of minutes and our sales cycle for customers under our Enterprise plan lasted less than one quarter. Since the first half of 2022, however, we have experienced periodic lengthening of our average sales cycle for our new and existing large customers, and the lengthening of our sales cycle to our large customers could continue in the future to the extent that macroeconomic conditions further deteriorate. In addition, as our sales force continues to target an increasing number of large customers for new and expanded product sales, these larger enterprises often undertake a more significant evaluation and negotiation processes than we have experienced in the past, which could further lengthen our sales cycle materially.
23

In addition, our sales efforts typically involve educating our prospective large customers about the uses, benefits, and value proposition of our network and products. Our sales force develops relationships directly with our customers and our channel partners through account penetration, account coordination, sales, and overall market development. Potential large customers often view the subscription to our products, including any expansion of those subscriptions, as a significant strategic decision and, as a result, in some cases require considerable time to evaluate, test, and qualify our network and products prior to entering into or expanding a relationship with us. As a result, we spend substantial time and resources on our sales efforts without any assurance that our efforts will produce a sale. Subscriptions to our products, including expanded subscriptions, often are subject to budget constraints, multiple approvals, and unanticipated administrative, processing, and other delays. In addition, some of our subscription agreements with our large customers may have more favorable early termination rights, greater usage-based pricing than is the case with our customary subscription-based agreements with our contracted customers and our pay-as-you-go customers, or generate lower margins than other contracted customers. As a result, it is difficult to predict whether or when a sale to a prospective large customer will be completed, how much incremental revenue or gross profit will result from such sales over the duration of the agreement, and when revenue from a subscription will be recognized or will cease.
Further, our ability to improve our sales of products to large customers is dependent on us continuing to attract and retain sales personnel with experience in selling to larger enterprises. Also, because security breaches or a network outage with respect to larger, high-profile enterprises are likely to be heavily publicized, there is increased liability and reputational risks associated with serving these customers if we experience a security breach or network outage. We also believe that large customers may be more likely than our smaller customers to terminate or reduce their usage of our products in such circumstances.
Once we begin selling to a large customer or expand our sales to a large customer, if we fail to retain the large customer or to retain the same amount of sales to the large customer, then the adverse impact on our result of operations and financial conditions could be significant during any specific quarter and could also result in potentially greater and unexpected variability in our results of operations and financial condition from quarter to quarter.
Activities of our paying and free customers or the content of their websites or other Internet properties, as well as our response to those activities, could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and others.
Activities of our paying and free customers or the content of their websites and other Internet properties could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and other third parties. Even if we comply with legal obligations to remove or disable customer content, we may maintain relationships with customers that others find hostile, offensive, or inappropriate. For example, we experienced significant negative publicity in connection with the use of our network by The Daily Stormer, a neo-Nazi, white supremacist website, around the time of the 2017 protests in Charlottesville, Virginia. We also received negative publicity in connection with the use of our network by 8chan, a forum website that served as inspiration for the 2019 attacks in El Paso, Texas and Christchurch, New Zealand. In 2022, we received negative publicity in connection with the use of our network by Kiwi Farms, a forum website tied to harassment campaigns and direct threats toward individuals. We are aware of some potential customers that have indicated their decision to not subscribe to our products was impacted, at least in part, by the actions or potential actions of certain of our paying and free customers. We may also experience other adverse political, business and reputational consequences with prospective and current customers, employees, suppliers, and others related to the activities of our paying and free customers, especially if such hostile, offensive, or inappropriate use is highly publicized.
Conversely, actions we take in response to the activities of our paying and free customers, up to and including banning them from using our products, may harm our brand and reputation. Following the events in Charlottesville, Virginia, we terminated the account of The Daily Stormer. Similarly, following the events in El Paso, Texas, we terminated the account of 8chan, and following escalating, direct threats towards individuals in September 2022, we blocked access to Kiwi Farms content through our infrastructure. We received significant adverse feedback for these decisions from those concerned about our ability to pass judgment on our customers and the users of our network and products, or to censor them by limiting their access to our products, and we are aware of potential customers who decided not to subscribe to our products because of this.
24

Although offering a free plan for certain of our products is an important part of our business strategy, we may not be able to realize all of the expected benefits of this strategy and the costs and other detriments associated with our free plan could outweigh the benefits we receive from our free customers.
We have historically offered a free plan for certain of our products. We believe that this strategy is valuable to us and it is an important part of our overall business strategy. However, to the extent that we do not achieve the expected benefits of this strategy, our business may be adversely affected by the costs and detriments of making certain of our products available on a free basis. While we do not receive any revenue from our free customers, we bear incremental expenses and other liabilities as a result of our free customers’ continuing free use of our network and certain of our products. Adverse political, business, and reputational consequences associated with Internet properties we serve that are perceived as hostile, offensive, or inappropriate may also be disproportionately common among our free customers. The vast majority of our customers do not pay for our products. In addition, a substantial majority of our free customers historically have not converted to paying customers and we expect this will continue in the future.
We face intense and increasing competition, which could adversely affect our business, financial condition, and results of operations.
The markets for our network and products are intensely competitive and characterized by rapid changes in technology, customer requirements, industry standards, and frequent introductions of new, and improvements of, existing products. Our broad portfolio of products exposes us to competition from a large number of competitors in a number of different markets, including companies and their product and services offerings in, among others, virtual private networks, internal and external firewalls, web security (including web application firewalls and content filtering), distributed denial-of-service (DDoS) prevention, intrusion detection and prevention, application delivery controls, content delivery networks, domain name systems, email security vendors, advanced threat prevention, and wide area network (WAN) technology.
Our competitors provide both on-premises, appliance-based solutions, and cloud-based services that have functionality similar to our network and products. We expect competition to increase as other established and emerging companies and start-ups enter the markets for products and solutions for security, performance, and reliability, in particular with respect to cloud-based solutions, as customer requirements evolve and as new products, services, and technologies are introduced. If we are unable to anticipate or effectively react to these competitive challenges, our competitive position could weaken, and we could experience a decline in revenue or our growth rate that could materially and adversely affect our business and results of operations.
Our potential competitors include large companies with substantial infrastructure, such as global telecommunications services provider partners and public cloud providers. These companies could choose to enter the markets for products and solutions for security, performance, and reliability, including by acquiring existing companies, developing their own internal solutions, or establishing cooperative relationships with businesses that may allow them to offer more comprehensive solutions or to offer solutions for lower prices or to adapt more quickly than us to new technologies and customer needs. As our business continues to grow and we increase our market share for various products and services, these larger companies may increase their focus on us as a competitor and the actions they undertake to compete with our business and products. Additionally, if an increasing portion of web content is housed on another company’s network or portions of the Internet are otherwise privatized, it could reduce the demand for our products and increase competitive pressure on us. These competitive pressures in our markets or our failure to compete effectively may result in price reductions, fewer subscriptions, reduced revenue and gross margin, increased net losses, and loss of market share.
Our current competitors include a number of different types of companies, including:
on-premises network hardware vendors;
point solution vendors, which provide cloud-based products and services to address a single use case or challenge, in various categories including cloud security vendors, content delivery network (CDN) vendors, domain name system (DNS) services vendors, email security vendors, and cloud SD-WAN vendors; and
traditional public cloud vendors.
Many of our existing and potential competitors have or could have substantial competitive advantages including, among others:
25

greater name recognition;
longer operating histories;
larger customer bases;
larger sales and marketing budgets and capital resources;
broader distribution and established relationships with channel partners and customers;
greater customer support resources;
greater resources to make acquisitions and enter into strategic partnerships;
lower labor and research and development costs;
more mature products and services developed for large customers;
larger and more mature intellectual property rights portfolios;
control of significant technologies, standards, or networks, including operating systems, with which our products must interoperate;
higher or more difficult to obtain security certifications than we possess; and
substantially greater financial, technical, and other resources.
In addition, some of our larger competitors have substantially broader and more diverse product and services offerings, which may allow them to leverage existing commercial relationships, incorporate functionality into existing products, sell products and services with which we compete at zero or negative margins, offer fee waivers and reductions or other economic and non-economic concessions, bundle products and solutions, maintain closed technology platforms, or render our products unable to interoperate with such platforms. If they were to engage in predatory competitive practices, it could harm our existing product offerings or prevent us from creating viable products in other segments of the markets in which we participate. If our competitors are able to exploit their advantages or are able to persuade our customers or potential customers that their products are superior to ours, we may not be able to compete effectively and our business, financial condition, and results of operations may be materially affected.
If we do not effectively attract, train, and retain our sales force to be able to sell our existing and new products and product features, we may be unable to add new contracted customers, or increase sales to our existing customers and our business would be adversely affected.
A substantial majority of our revenue in the year ended December 31, 2023 was from contracted customers that were acquired through our inside and field sales teams, and we expect our sales teams to continue generating the majority of our revenue for the foreseeable future. As a result, our financial condition and results of operations are dependent to a significant degree on our ability to effectively attract, train, and retain qualified sales personnel, including senior sales leaders, and the ability of our dedicated sales personnel to acquire new contracted customers and expand our relationships with our existing contracted customers. Our sales representatives typically engage in direct interaction with our prospective contracted customers. Increasing our customer base and achieving broader market acceptance of our network and products will depend, to a significant extent, on our ability to expand and further invest in our sales and marketing operations and activities. There is significant competition for sales personnel with the advanced sales skills and technical knowledge we need. We believe that selling subscriptions to our products requires particularly talented sales personnel that understand a very wide array of highly technical topics, including significant portions of global networking, Internet, enterprise and identity security, and application development for both on-premises and cloud requirements. In addition, as we continue to develop and sell newer types of products and product features, such as our Cloudflare One suite of solutions and our developer suite of products, we will need our sales personnel to be proficient in selling both these newer products and features and our overall broader suite of products to our existing and potential customers. Changes in the senior leadership of our sales team, such as the departure of our former President of Revenue and the hiring of our new President of Revenue in February 2024, also could negatively impact our ability to retain current members of our sales team. If we are unable to effectively attract, train, and retain qualified sales personnel, particularly as our lines of products and product features expand, our business, results of operations, and financial condition will be adversely impacted.
Our ability to achieve significant growth in revenue in the future also will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of these talented sales personnel in both the United States and
26

international markets. In addition, our ability to effectively recruit and retain qualified sales personnel outside the United States is reduced if we do not have a local subsidiary and office in that country or, if we do have such a subsidiary and office, we will experience increased costs in operating in that country.
Furthermore, hiring sales personnel in new countries, or expanding our existing presence in the countries in which we currently operate, requires upfront and ongoing expenditures that we may not recover if the sales personnel fail to achieve full productivity or that may be recovered on a more delayed basis than expected.
As we continue to focus on revenue growth, we are seeking to increase our rate of hiring sales personnel and any delays in making these incremental sales hires could have an adverse impact on our ability to increase revenue, particularly with respect to our sales to contracted customers. In addition, if we fail to effectively train and integrate new hires, it could negatively impact the existing sales and marketing personnel and their productivity, relationships with our customers, our ability to generate a pipeline of new customers, and our ability to increase revenue.
New sales hires require significant training and may take significant time before they achieve full productivity. As a result, our new sales hires and planned sales hires may not become as productive as we would like or as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals. In addition, due to our rapid growth, a large percentage of our sales team is new to our company and inexperienced in selling subscriptions to our products, and therefore these personnel may be less effective than our more seasoned employees. For example, beginning in late 2022 and continuing through the end of the first quarter of 2023, we experienced a reduction in average productivity among our sales personnel, which we believe was due in part to new sales hires not becoming as productive as we expected and exacerbated by worsening macroeconomic conditions. While we continue to address productivity and focus on hiring, training, and retaining successful sales personnel, these efforts may take longer than anticipated, which may negatively impact our ability to achieve our targeted revenue growth.
In addition, experienced sales personnel are particularly sought after in our industry and we believe our company's recent growth and increased profile may result in increased efforts by other companies to hire our sales personnel. As a result, we may have to expend significant resources to retain our most productive sales employees. Even with considerable effort, we may be unsuccessful at retaining our experienced sales employees, which would adversely impact our business, results of operations, and financial condition.
We cannot predict whether, or when or to what extent, our sales will increase as we expand our sales force or how long it will take for sales personnel to become productive. If we are unable to hire, train, and retain a sufficient number of effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or increasing sales to our existing customer base, our business and future growth prospects will be materially and adversely affected.
If we fail to effectively manage our growth, we may be unable to execute our business plan, maintain high-quality levels of customer support, ensure the reliability and security of our network, adequately address competitive challenges, or maintain our corporate culture, and our business, financial condition, and results of operations would be harmed.
We have experienced, and may in the future experience, periods of rapid growth. For example, our headcount grew from 2,439 employees as of December 31, 2021, to 3,217 employees as of December 31, 2022, to 3,682 employees as of December 31, 2023. We also have expanded the locations where we have employees to a number of new locations around the world during the past several years. The number of customers, users, and requests on our network also has increased rapidly in recent years. While we expect to continue to expand our operations, network, and products significantly in the future, both domestically and internationally, our growth may not be sustainable. Our growth has placed, and future growth will continue to place, a significant strain on our management and our administrative, operational, and financial infrastructure. Our success will depend in part on our ability to manage this growth effectively, which will require that we continue to improve our administrative, operational, financial, and management systems and controls by, among other things:
effectively attracting, training, and integrating a large number of new employees, particularly members of our sales, marketing, engineering, and management teams;
effectively managing a rapidly increasing number of employees in a growing number of countries around the world, particularly in circumstances when employees are working completely remotely;
27

ensuring the integrity and security of our network and IT infrastructure throughout the world;
maintaining our corporate culture, which we believe fosters innovation, teamwork, and an emphasis on customer-focused results and contributes to our cost-effective business model;
successfully acquiring and integrating companies and assets to improve, expand, and diversify our business and products through strategic acquisitions, investments, and partnerships;
further improving our key business applications, processes, and IT infrastructure, including our network co-location facilities, to support our current and anticipated business needs;
enhancing our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of channel partners, customers, and users;
maintaining high levels of customer support; and
appropriately documenting and testing our IT systems and business processes.
Managing our growth will require significant capital expenditures and allocation of valuable management and employee resources. If we fail to manage our expected growth, the uninterrupted and secure operation of our network and products and key business systems, our corporate culture, our compliance with the rules and regulations applicable to our operations, the quality of our products, and our ability to compete could suffer. Any failure to preserve our culture also could further harm our ability to retain and recruit personnel, innovate and create new products, operate effectively, and execute on our business strategy.
Our quarterly results may fluctuate significantly and may not fully reflect the underlying performance of our business.
Our quarterly results of operations, including our revenue, gross margin, operating margin, profitability, cash flow from operations, deferred revenue, and backlog, may vary significantly in the future and period-to-period comparisons of our results of operations may not be meaningful. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our quarterly results of operations may fluctuate as a result of a variety of factors, many of which are outside of our control, and as a result, may not fully reflect the underlying performance of our business. Fluctuation in quarterly results may negatively impact the trading price of our Class A common stock. Factors that may cause fluctuations in our quarterly results of operations include:
our ability to attract new paying customers, especially large customers, and, to a lesser extent, convert free customers to paying customers;
our ability to retain and upgrade paying customers and expand the number of products sold to paying customers, especially our large customers;
the timing of expenses and recognition of revenue;
the amount and timing of operating expenses related to the maintenance and expansion of our business, operations, and infrastructure, as well as entry into operating and capital leases and co-location, interconnection, and similar agreements related to the expansion of our network;
the timing of expenses related to acquisitions;
any large indemnification payments to our customers or other third parties;
changes in our pricing policies or those of our competitors;
the timing and success of new products, product features and service introductions by us or our competitors;
network outages or actual or perceived security breaches or incidents;
our involvement in litigation or regulatory enforcement efforts, or the threat thereof;
changes in the competitive dynamics of our industry, including consolidation among competitors and the emergence of new competitors;
increases in length of the sales cycle for our contracted customers, particularly as the relative proportion of our revenue from large customers increases and as the sizes of our large customers increase;
28

changes in laws and regulations that impact our business; and
general political, regulatory, economic, market, and social conditions, including inflation, rising interest rates, actual or perceived failure or financial difficulties of financial institutions, other adverse changes in global and regional macroeconomic conditions, and other impacts of the Hamas-Israel and Russia-Ukraine conflicts, or other areas of geopolitical tension around the world, or any worsening of those conflicts or geopolitical tensions.
We rely on our co-founders and other key technical, sales, and management personnel to grow our business, and the loss of one or more key employees or the inability to successfully attract, integrate, and retain qualified senior management and other personnel, or the failure of new members of our management team to successfully lead and scale our business, could harm our business.
Our future success is substantially dependent on our ability to attract, integrate, retain, and motivate the members of our management team and other key employees throughout our organization. In particular, we are highly dependent on the services of our co-founders, Matthew Prince, our Chief Executive Officer, and Michelle Zatlyn, our President and Chief Operating Officer. We rely on our leadership team in the areas of operations, security, marketing, sales, support, research and development, and general and administrative functions, and on individual contributors on our research and development team. Although we have entered into employment offer letters with our key personnel, these agreements have no specific duration and constitute at-will employment. We also do not maintain key person life insurance policies on any of our employees.

From time to time, there may be changes in our management team as a result of the hiring, departure or realignment of our senior management and other key personnel, and such changes may impact our business. Additionally, as our business grows in scale and complexity, other changes to our management team may be necessary. For example, during 2023, we hired several new members of our senior management team, including our Senior Vice President, Engineering; Senior Vice President, Chief Security Officer; and Senior Vice President, Chief People Officer, and our Chief Product Officer left the Company. In addition, in February 2024, our former President of Revenue departed and we hired our new President of Revenue. Any significant leadership change or senior management transition, such as these, involves inherent risks and any failure to ensure timely and suitable replacements and smooth transitions could hinder our strategic planning, business execution, and future performance. In particular, these or any future leadership transitions may result in a loss of personnel with deep institutional or technical knowledge and changes in business strategy or objectives and have the potential to disrupt our operations and relationships with existing employees and customers due to added costs, operational inefficiencies, changes in strategy, decreased employee morale and productivity, and increased turnover. We must successfully integrate our new leadership team members within our organization to achieve our operating objectives. If we lose one or more of our senior management or other key employees and are unable to find adequate replacements, or if we fail to successfully attract, integrate, retain and motivate members of our senior management team and key employees, our business could be harmed.
To execute our growth plan, we must also attract and retain large numbers of highly qualified personnel in a number of job markets globally. In particular, it is critical for us to attract and retain sales and engineering talent in our fast growing industry. Competition for these personnel in the San Francisco Bay Area, where our headquarters is located, and in Lisbon, London, Singapore, Austin, Texas, and other locations where we employ personnel, is intense, especially for experienced sales professionals and for engineers experienced in designing and developing cloud applications. We have from time to time experienced, and we may continue to experience, difficulty in hiring and retaining employees with appropriate qualifications or level of experience. For example, we have experienced, and may continue to experience, difficulty recruiting, hiring, and retaining sales personnel with the appropriate level of experience and knowledge necessary to effectively sell our products to large customers. Additionally, in recent years, recruiting, hiring, and retaining employees with expertise in the cybersecurity industry has become increasingly difficult as the demand for cybersecurity professionals has increased as a result of high-profile cybersecurity attacks on global corporations and governments. Many of the companies with which we compete for experienced personnel have greater resources than we have and may provide higher levels of compensation or more attractive benefits. We may need to increase our existing compensation levels in response to competition, rising inflation, or labor shortages, which may increase our operating costs and reduce our margins. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. Volatility or lack of performance in our stock price has in the past, and may in the future, affect our ability to attract and retain our key employees or require us to increase the number of shares that we include in employee equity awards, which has and may continue to affect our outstanding share count, cause dilution to existing shareholders, and increase our stock-based compensation expense. In addition, upon vesting of equity
29

awards, many of our employees have acquired or may soon acquire a substantial amount of personal wealth. This may make it more difficult for us to retain and motivate these employees, and this wealth could affect their decision about whether or not they continue to work for us. Any failure to successfully attract, integrate, or retain qualified personnel to fulfill our current or future needs could materially and adversely affect our business, results of operations, and financial condition.
We believe our long-term value as a company will be greater if we focus on growth, which may negatively impact our profitability.
A significant part of our business strategy is to focus on long-term growth and to reinvest our cash flow from operations into our business, including the expansion of our global network, the development of new products and features, the expansion of our global workforce, and the potential acquisition of complementary businesses. For example, in the year ended December 31, 2023, we increased our operating expenses to $1,175.2 million as compared to $943.8 million and $637.0 million in the years ended December 31, 2022 and 2021, respectively. In the year ended December 31, 2023 we decreased our net loss to $183.9 million as compared to $193.4 million and $260.3 million in the years ended December 31, 2022 and 2021, respectively. As a result, we may continue to operate at a loss or our profitability may be lower than it would be if our strategy were to maximize short-term profitability. Significant expenditures on sales and marketing efforts, and expenditures on growing our network and expanding our research and development and portfolio of products, each of which we intend to continue to invest in, may not ultimately grow our business or cause long-term profitability. If we are ultimately unable to achieve or improve profitability at the level or during the time frame anticipated by industry or financial analysts and our stockholders, our stock price may decline.
If we are not able to maintain and promote our brand, our business and results of operations may be adversely affected.
We believe that maintaining and enhancing our reputation as a provider of products with the highest levels of security, performance, and reliability is critical to our relationship with our existing customers and our ability to attract new customers. The successful promotion of our brand will depend on a number of factors, including the reliability of our network on which we provide our products and the record of security, performance, and reliability of our products; the timing of releases of our products and related features after the public announcement of such expected products and features; our marketing efforts; our ability to continue to develop high-quality features and products for our network; and our ability to successfully differentiate our products from competitive products and services. Our brand promotion activities may not be successful or yield increased revenue.
Independent industry and financial analysts often provide reviews of our products, as well as those of our competitors. Perception of our offerings in the marketplace may be significantly influenced by these expert reviews. In addition, the difficulty or inability of us to periodically provide certain types of financial information about our business and products requested by industry analysts could adversely impact these analysts’ reviews of our products. If reviews of our products are negative, or less positive than those of our competitors’, our brand may be adversely affected. The performance of our channel partners also may affect our brand and reputation, particularly if customers do not have a positive experience with our channel partners. The promotion of our brand requires us to make substantial expenditures, and we anticipate that the expenditures will increase as our markets become more competitive and we expand into new markets and products. Expenditures intended to maintain and enhance our brand may not be cost-effective or effective at all. If we do not successfully maintain and enhance our brand, we may have reduced pricing power relative to our competitors, we could lose customers, or we could fail to attract potential new customers or expand sales to our existing customers, all of which could materially and adversely affect our business, results of operations, and financial condition.
We have limited experience with some of our pricing models, particularly for our newer products and solutions as well as bundled sales of our products and solutions, and we may not accurately predict the long-term rate of paying customer adoption or renewal, or the impact these will have on our revenue or results of operations.
We generate revenue primarily from subscriptions to our products. We offer subscription plans that provide varying degrees of functionality, and also offer separate subscriptions to various add-on products and network functionality. We have limited experience with respect to determining the optimal prices and pricing models for some of our newer subscription plans and products, as well as our bundled sales of products and solutions and our recently-introduced
30

professional services to assist some of our large customers in their migration from existing vendors and otherwise with the configuration and use of our products. As the markets for our products mature, as we enter into newer product markets for our business, as we shift the way in which we sell our products and solutions, or as new competitors introduce new products or services that compete with ours, we may be unable to attract new customers or retain existing customers at the same price or based on the same pricing model as we have used historically. Moreover, our increasing focus on larger customers may lead to greater price concessions in the future or have a more significant impact period to period on our revenue and results of operations. As a result, in the future we may be required to reduce our prices, which could adversely affect our revenue, gross margin, profitability, financial condition, and cash flow.
We also have limited experience in determining which products and functionality to offer as part of our subscription plans, which to offer as add-on products, and which related products to sell in bundles. Our limited experience in determining the optimal manner in which to bundle and price our various products and functionalities could reduce our ability to capture the value delivered by our offerings, which could adversely impact our business, results of operations, and financial condition.
Our growth depends, in part, on the success of our strategic relationships with third parties, and if we fail to continue to expand, grow, and retain these relationships then our business, results of operations, and financial condition may be adversely impacted.
To grow our business, we anticipate that we will continue to depend on relationships with third parties, such as value-added channel partners, referral partners, systems integrators, global platform providers, telecommunications companies, and managed security service providers. Developing, expanding, and retaining these strategic relationships has played, and will continue to play, an increasingly greater role in our sales efforts, especially with our large customers. However, identifying these types of strategic partners, negotiating and documenting our business and contractual relationships with them, maintaining application programming interfaces (APIs) that some of our strategic partners use to interact with our business, and monitoring the actions of our channel partners and their relationships with our end customers, each require significant time and resources. While in some cases our contractual arrangements with our strategic partners have terms of one year or longer, in many cases these arrangements are short-term in nature and can be terminated on 90 days advance notice. Our competitors also may be effective in providing incentives to third parties to favor their products or services over subscriptions to our products. In addition, acquisitions of such strategic partners by our competitors could result in a decrease in the number of our current and potential customers, as these partners may no longer facilitate the adoption of our applications by potential customers or may seek to terminate their relationships with us. Further, some of our partners are or may become competitive with certain of our products and may elect to no longer integrate with our network and products. If we are unsuccessful in establishing, expanding, or maintaining our relationships with these third parties, our ability to compete in the marketplace or to grow our revenue could be impaired, and our business, results of operations, and financial condition may suffer. Even if we are successful, we cannot assure you that these relationships will result in increased customer usage of our products by, or increased revenue from, our paying customers and large customers.
Our ability to maintain customer satisfaction depends in part on the quality of our customer support. Failure to maintain high-quality customer support could have an adverse effect on our business, results of operation, and financial condition.
We believe that the successful adoption and usage of our network and products requires a high level of support and engagement for many of our customers, particularly our large customers. In order to deliver appropriate customer support and engagement, we must successfully assist our customers in deploying and continuing to use our network and products, migrating from their existing vendors, resolving performance issues, addressing interoperability challenges with the customers’ existing IT infrastructure, and responding to security threats and cyber attacks and performance and reliability problems that may arise from time to time. The IT architecture of our contracted customers, particularly the larger organizations, is very complex and may require high levels of focused technical support to effectively migrate from each customer's existing vendors and to utilize our network and products. Because our network and products are designed to be highly configurable and to rapidly implement customers’ reconfigurations, customer errors in configuring our network and products can result in significant disruption to our customers. Our support organization faces additional challenges associated with large customers in highly regulated industries, as well as our international operations, including those associated with delivering support, training, and documentation in languages other than English. Increased demand for customer support,
31

without corresponding increases in revenue, could increase our costs and adversely affect our business, results of operations, and financial condition. In addition, we have recently begun providing professional services to assist some of our large customers in their migration from existing vendors and otherwise with the configuration and use of our products. We do not have significant experience in providing professional services or determining the pricing for such services, and our failure to provide such services effectively or at pricing that appropriately reflects our costs of providing such services could negatively impact our customer satisfaction and retention and our results of operations.
We also rely on channel partners in order to provide migration assistance and frontline support to some of our customers, including in regions where we do not have a significant physical presence or the customers primarily speak languages other than English. If our channel partners do not provide assistance and support to the satisfaction of our customers, we may lose these customers, such customers may reduce their usage of our products, or we may be required to hire additional personnel and to invest in additional resources in order to provide an adequate level of assistance and support, generally at a higher cost than that associated with our channel partners. There can be no assurance that we will be able to hire sufficient support personnel as and when needed, particularly if our sales exceed our internal forecasts. To the extent that we are unsuccessful in hiring, training, and retaining adequate support resources, our ability to provide high-quality and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our network and products could be adversely affected. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality customer support, could adversely affect our reputation, business, results of operations, and financial condition, particularly with respect to our large customers.
Our business depends, in part, on sales to the United States and foreign government organizations, which are subject to a number of challenges and risks.
We derive a portion of our revenue from contracts with government organizations, and we believe the success and growth of our business will in part depend on adding additional public sector customers. However, demand from government organizations is often unpredictable, and we cannot assure you that we will be able to maintain or grow our revenue from the public sector. Sales to government entities are subject to substantial additional risks that are not present in sales to other customers, including:
selling to government agencies can be more competitive, expensive, and time-consuming than sales to other customers, often requiring significant upfront time and expense without any assurance that such efforts will generate a sale;
increasing numbers of U.S., European, or other government certification and audit requirements potentially applicable to our network, including FedRAMP in the United States, are often difficult and costly to obtain and maintain, and failure to do so will restrict our ability to sell to government customers in the applicable jurisdictions;
government demand, payment for, and continued usage of, our products may be impacted by public sector budgetary cycles, funding authorizations, or government shutdowns;
governments routinely investigate and audit government contractors’ administrative processes and any unfavorable audit could result in fines, civil or criminal liability, further investigations, damage to our reputation, and debarment from further government business;
governments often require contract terms that differ from our standard customer arrangements, including terms that can lead to those customers obtaining broader rights in our products than would be expected under a standard commercial contract and terms that can allow for early termination;

governments may require us to partner with companies based in the governments’ jurisdictions in order for us to sell any of our products to those governments, which could result in a loss of revenue we otherwise would receive for such sales; and
governments may demand better pricing terms and public disclosure of such pricing terms, which may harm our ability to negotiate pricing terms with our non-government customers.
In addition, we must comply with laws and regulations relating to the formation, administration, and performance of contracts with the public sector, including U.S. federal, state, and local governmental organizations, as well as foreign governmental organizations, which affect how we and our channel partners do business with governmental
32

agencies. Selling our products to the U.S. government, whether directly or through channel partners, also subjects us to certain regulatory and contractual requirements, including expanded compliance obligations under the Federal Acquisition Regulations (FARs). Failure to comply with these laws, regulations, and requirements by either us or our channel partners could subject us to investigations, fines, and other penalties, which could have an adverse effect on our business, results of operations, and financial condition. For example, the U.S. Department of Justice (DOJ) and the General Services Administration (GSA) have in the past pursued claims against and financial settlements with vendors under the False Claims Act and other statutes related to misrepresenting cybersecurity practices or protocols, pricing and discount practices and compliance with certain provisions of GSA contracts. The DOJ and GSA continue to actively pursue such claims. Violations of certain regulatory and contractual requirements could also result in us being suspended or debarred from future government contracting. Any of these outcomes could have a material adverse effect on our revenue, results of operations, and financial condition. Any inability to address these risks and challenges could reduce the commercial benefit to us or otherwise preclude us from selling subscriptions to our products to government organizations.
We rely on third-party software for certain essential financial and operational services, and a failure or disruption in these services could materially and adversely affect our ability to manage our business effectively.
We rely on third-party software to provide many essential financial and operational services to support our business, including NetSuite, Salesforce, Atlassian, Stripe, and Workday among others. Many of these vendors are less established and have shorter operating histories than traditional software vendors. Moreover, these vendors provide their services to us via a cloud-based model instead of software that is installed on our premises. As a result, we depend upon these vendors to provide us with services that are always available and are free of errors or defects that could cause disruptions in our business processes. Any failure by these vendors to do so, or any disruption in our ability to access the Internet, would materially and adversely affect our ability to manage our operations.
Our business is exposed to risks associated with credit card and other online payment processing methods.
Many of our customers pay for our service using a variety of different payment methods, including credit and debit cards, prepaid cards, direct debit, and online payment applications and wallets. We rely on internal systems as well as those of third parties to process payments. Acceptance and processing of these payment methods are subject to certain rules and regulations and require payment of interchange and other fees. To the extent there are increases in payment processing fees, material changes in the payment ecosystem, such as large re-issuances of payment cards, delays in receiving payments from payment processors, changes to rules or regulations concerning payment processing, loss of payment partners, and/or disruptions or failures in our payment processing systems or payment products, including products we use to update payment information, our revenue, operating expenses, and results of operation could be adversely impacted. In addition, from time to time, we encounter fraudulent use of payment methods, which could impact our results of operations and if not adequately controlled and managed could create negative consumer perceptions of our service. If we are unable to maintain our chargeback rate at acceptable levels, card networks may impose fines and our card approval rate may be impacted. If we fail to comply with the rules or requirements applicable to processing payments, or if our data security systems are breached, compromised, or otherwise unable to detect or prevent fraudulent activity, we may be liable for card issuing banks’ costs, subject to fines and higher transaction fees, and lose our ability to accept certain payments from our customers. The termination of our ability to process payments using any major payment method our business, results of operations, and financial condition could be harmed.
Because we recognize revenue from subscriptions for our products over the term of the subscription, downturns or upturns in new business may not be immediately reflected in our results of operations and may be difficult to discern.
We generally recognize revenue from customers ratably over the term of their subscription, which in the case of our contracted customers typically range from one to three years and in the case of our pay-as-you-go customers is typically monthly. Consequently, any increase or decline in new sales or renewals to these customers in any one period may not be immediately reflected in our revenue for that period. Any such change, however, may affect our revenue in future periods. Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. We may also be unable to
33

reduce our cost structure in line with a significant deterioration in sales or renewals. Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers must be recognized over the applicable subscription term.
By contrast, a significant majority of our costs are expensed as incurred, which occurs as soon as a customer starts using our network and products. As a result, an increase in customers could result in our recognition of more costs than revenue in the earlier portion of the subscription term. We may not attain sufficient revenue to maintain positive cash flow from operations or achieve profitability in any given period.
If our estimates, assumptions, or judgments relating to our critical accounting policies prove to be incorrect or financial reporting standards or interpretations change, our results of operations could be adversely affected.
The preparation of financial statements in conformity with generally accepted accounting principles in the United States (U.S. GAAP) requires our management to make estimates, assumptions, and judgments that affect the amounts reported and disclosed in our consolidated financial statements and accompanying notes. We base our estimates and assumptions on historical experience and on various other assumptions that we believe to be reasonable under the circumstances. The results of these estimates and assumptions form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant estimates, assumptions, and judgments used in preparing our consolidated financial statements include those related to allowance for doubtful accounts, deferred contract acquisitions costs, the period of benefit generated from our deferred contract acquisition costs, the capitalization and estimated useful life of internal-use software, valuation of acquired intangible assets, the assessment of recoverability of intangible assets and their estimated useful lives, useful lives of property and equipment, the determination of the incremental borrowing rate used for operating lease liabilities, the valuation and recognition of stock-based compensation expense, uncertain tax positions, and the recognition and measurement of current and deferred income tax assets and liabilities. Due to geopolitical and macroeconomic uncertainties, including but not limited to the ongoing conflicts between Hamas and Israel and between Russia and Ukraine, and other areas of geopolitical tension around the world, inflationary pressures, and changes in interest rates, there is ongoing uncertainty and significant disruption in the global economy and financial markets. We are not aware of any specific event or circumstance that would require an update to our estimates or assumptions or a revision of the carrying value of assets or liabilities as of February 21, 2024, the date of issuance of this Annual Report on Form 10-K. These estimates and assumptions may change in the future, however, as new events occur and additional information is obtained. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of industry or financial analysts and investors, resulting in a decline in the trading price of our Class A common stock.
Additionally, we regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and drafts thereof that are relevant to us. As a result of new standards, or changes to existing standards, and changes in their interpretation, we might be required to change our accounting policies, alter our operational policies and implement new or enhance existing systems so that they reflect new or amended financial reporting standards, or we may be required to restate our published financial statements. Such changes to existing standards or changes in their interpretation may have an adverse effect on our reputation, business, financial condition, and profit and loss, or cause an adverse deviation from our revenue and operating profit and loss target, which may negatively impact our results of operations.
Future acquisitions, strategic investments, partnerships, or alliances could be difficult to identify and integrate, divert the attention of key management personnel, disrupt our business, dilute stockholder value, and adversely affect our results of operations, financial condition, and prospects.
Part of our business strategy is to make acquisitions of other companies, products, and technologies. To date, our acquisitions typically have consisted of companies that have developed technology that is complementary to our business but have small numbers of employees and little, if any, customers and revenue. We have limited experience in making acquisitions and integrating acquired businesses into our company, particularly companies with large numbers of employees and customers. However, we expect the number of acquisitions that we undertake to increase and some of the businesses we acquire will have significantly larger numbers of employees and
34

customers and more global operations. For example, in April 2022, we acquired Area 1 Security, Inc., a company that has developed cloud-native email security technology and has a significantly greater number of employees and customers than our prior acquisitions.
In addition, we may not be able to find suitable acquisition candidates and we may not be able to complete acquisitions on favorable terms, if at all. If we identify companies that we would like to buy, we may also face antitrust, competition, and other regulatory scrutiny that may limit our ability to complete such acquisitions. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by customers, developers, or investors. In addition, we may not be able to integrate acquired businesses successfully or effectively manage the combined company following an acquisition. If we fail to successfully integrate our acquisitions, or integrate and retain the people, technologies or customers associated with those acquisitions, into our company, the results of operations of the combined company could be adversely affected. Any integration process in connection with an acquisition will require significant time and resources, require significant attention from management, and disrupt the ordinary functioning of our business, and we may not be able to manage the process successfully, which could adversely affect our business, results of operations, and financial condition. We also frequently provide significant incentives for key employees of acquired companies to remain as our employees after the completion of the acquisition in order to facilitate integration and allow us to achieve the benefits we expect from the acquisition, but these incentives may not prove to be successful in retaining those new key employees. In addition, we may not successfully evaluate or utilize the acquired technology and accurately forecast the financial impact of an acquisition transaction, including accounting charges.
In order to expand our network and product offerings, we also may enter into relationships with other businesses, which could involve joint ventures, preferred or exclusive licenses, additional channels of distribution, or investments in other companies. Negotiating these transactions can be time-consuming, difficult, and costly, and our ability to close these transactions may be subject to third-party approvals, such as government regulatory approvals, which are beyond our control. Consequently, we cannot assure you that these transactions, once undertaken and announced, will close or will lead to commercial benefit for us.
In connection with the foregoing strategic transactions, we may:
issue additional equity securities that would dilute our stockholders;
use cash that we may need in the future to operate our business;
incur debt on terms unfavorable to us or that we are unable to repay;
incur large charges or substantial actual or contingent liabilities associated with acquired businesses;
encounter difficulties integrating diverse business cultures and retaining employees and customers of acquired companies; and
become subject to adverse tax consequences, substantial depreciation, or deferred compensation charges.
These challenges related to acquisitions or other strategic transactions could adversely affect our business, results of operations, financial condition, and prospects.
Certain of our key business metrics could prove to be inaccurate, and any real or perceived inaccuracies may harm our reputation and negatively affect our business.
We rely on assumptions and estimates to calculate certain of our key business metrics, such as dollar-based net retention rate. We regularly review and may adjust our processes for calculating our key business metrics to improve their accuracy. Our key business metrics may differ from estimates published by third parties or from similarly titled metrics of our competitors due to differences in methodology or we may discover inaccuracies in our process for calculating such metrics. For example, during the quarter ended March 31, 2022, we experienced a system error that caused the calculation of our paying customers for such quarter to be overstated by 5,925 pay-as-you-go customers. If investors or analysts do not perceive our key business metrics to be accurate representations of our business, or if we discover material inaccuracies in our key business metrics, our reputation, business, results of operations, and financial condition would be harmed.
We may need additional capital, and we cannot be certain that additional financing will be available on favorable terms, or at all.
35

Historically, we have financed our operations primarily through the sale of our equity and equity-linked securities as well as payments received from customers using our global cloud network and products. For example, we received substantial proceeds from the issuance and sale of our Class A common stock in our initial public offering (IPO) and in the issuances and sales of our 0.75% Convertible Senior Notes due 2025 (the 2025 Notes) and 0% Convertible Senior Notes due 2026 (the 2026 Notes, and together with the 2025 Notes, the Notes). Although we currently anticipate that our existing cash, cash equivalents, and available-for-sale securities, and cash flow from operations will be sufficient to meet our working capital and capital expenditure needs for at least the next 12 months, we may require additional financing. We evaluate financing opportunities from time to time, and our ability to obtain financing will depend, among other things, on our development efforts, business plans, and operating performance, and the condition of the capital markets at the time we seek financing. We cannot assure you that additional financing will be available to us on favorable terms when required, or at all. For example, volatility in equity capital markets has adversely affected and may continue to adversely affect market prices of our shares of Class A common stock. This may materially and adversely affect our ability to fund our business through the sale of our equity and equity-linked securities if such funding were to become necessary. If we raise additional funds through the issuance of equity, equity-linked or debt securities, those securities may have rights, preferences or privileges senior to the rights of our Class A common stock, and, in the case of equity or equity-linked securities, our stockholders may experience dilution.
Risks Related to Our Network and Products
We may not be able to respond to rapid technological changes or develop new products and product features that are attractive to, and that contain all of the capabilities required by, our current and prospective future customers, especially large customers.
The industry in which we compete is characterized by rapid technological change, including frequent introductions of new products and services, evolving industry standards, changing regulations, and the development of novel cyber attacks by hostile parties, as well as changing customer needs, requirements, and preferences. Our need for continuous innovation is driven not only by competitive forces within our industry but also by our need to out-innovate the highly motivated third parties seeking to breach or compromise our network and those of our customers for economic, political, military, or other purposes.
Our ability to attract new customers and retain, and increase, revenue from existing customers will depend in significant part on our ability to anticipate and respond effectively to these forces on a timely basis and continue to introduce enhancements to our network and existing products and develop new products that have the features, and that function with the security, performance, and reliability capabilities, demanded by our customers, especially our large customers. If new technologies or advancements in technologies emerge that deliver competitive products and services at lower prices, more efficiently, more conveniently, more securely or reliably, or are higher performing, these technologies or advancements could render our network and existing products less attractive to our current and prospective future customers, or obsolete. For example, artificial intelligence and machine learning may change the way our industry identifies and responds to cyber threats, and businesses that are slow to adopt or fail to adopt these new technologies may face a competitive disadvantage. The development of novel attacks or exploits by criminal or malicious elements or hostile state actors also could render our network and existing products less effective or obsolete. If we are unable to develop new products and enhance our existing products so that they have the features and capabilities required by existing and potential new customers, especially large customers, our business, results of operations, and financial condition will be materially and adversely affected.
The success of our business also depends on our continued investment in our research and development organization to increase the integrity, reliability, availability, and scalability of our products. We may experience difficulties with development, design, or marketing of such enhancements to our network and products that could delay or prevent their development, introduction, or implementation. For example, in the past we have announced the development of new products and features or the release of new products or features for beta testing and the timing for the general release of the product or feature has been substantially later than we initially expected. We also have in the past experienced delays in the planned expansion of our network and in our internally planned or publicly announced release dates of new products and new features and capabilities, and there can be no assurance that planned expansions of our network will occur on schedule and that new products, features, or capabilities will be released according to schedule or, when released, will function fully as expected. Any such delays could result in adverse publicity or brand reputation, loss of revenue or market acceptance, or claims by
36

customers brought against us, all of which could have a material and adverse effect on our reputation, business, results of operations, and financial condition.
Problems with our internal systems, networks, or data, including actual or perceived breaches or failures, could cause our network or products to be perceived as insecure, underperforming, or unreliable, our customers to lose trust in our network and products, our reputation to be damaged, and our financial results to be negatively impacted.
We face security threats from malicious third parties that could obtain unauthorized access to our internal systems, networks, and data, including the equipment at our network and core co-location facilities. It is virtually impossible for us to entirely mitigate the risk of these security threats and the security, performance, and reliability of our network and products has been in the past, and may be in the future, disrupted by third parties, including nation-states, competitors, hackers, disgruntled employees, former employees, or contractors. For example, in November 2023, we detected that a likely nation-state threat actor had gained unauthorized access to one of our internal systems. While we immediately began investigating the intrusion and believe we cut off the threat actor’s access prior to significant impact on our customer data or systems, we expect we will continue to be subject to similar threats of unauthorized access in the future and we may not be as successful in quickly identifying such intrusions and mitigating the impacts of such intrusions. We also face the possibility of security threats from other sources, such as employee or contractor errors (such as errors in utilizing artificial intelligence or machine learning in our products or in the operation of our business) or malfeasance. For example, hostile third parties, including nation-states, may seek to bribe, extort, or otherwise manipulate our employees or contractors to compromise our network and products. In addition, as our business grows and we employ more employees and engage more contractors in more countries around the world, our ability to supervise the actions of our employees and contractors will decrease and the risk of an employee or contractor error or act of malfeasance will increase. These security threats from third parties are also likely to increase as the numbers, sizes, and types of customers using our network and products increases, particularly our customers that are involved in particularly sensitive industries or activities, such as banking and finance companies and governmental entities or in relation to elections in the United States or elsewhere. Additionally, artificial intelligence and machine learning may increase cybersecurity risks we face through, for example, being used to increase the prevalence or intensity of cyber attacks.
While we have implemented security measures internally and have integrated security measures into our network and products, these measures have not always functioned as expected and have not always detected or prevented all unauthorized activity, prevented all security breaches or incidents, mitigated all security breaches or incidents, or protected against all attacks or incidents and these types of security failures could occur again in the future. For example, we have experienced multiple social engineering attacks where third parties have attempted, and in limited cases succeeded, in breaching our network perimeter security. While these attacks did not effectively get beyond our network perimeter security and we have not suffered any material consequences as a result of these breaches, we cannot be certain that future breaches will be avoided or, if future breaches are successful, that we will not experience material detrimental impacts, particularly if those breaches involve third party access to decrypted or other sensitive data. In addition, there is risk that the vendors we use may be attacked and the controls we have in place are bypassed and our data accessed as a result. For example, one of the IT tools our employees used internally until the first quarter of 2023 was the subject of a large security incident in December 2022, which resulted in unauthorized parties stealing large amounts of the IT tools' customers’ data, including our data. We are not aware of any of our systems having been compromised as a result of this security incident due to additional required authorization and authentication events we have in place, particularly when accessing sensitive systems and resources, and we have since changed to using a new IT tool internally. In addition, in March 2022 and October 2023, breaches of the systems of our identity access management vendor resulted in attacks on our systems. While we quickly discovered these resulting attacks on our systems and believed we had fully contained their impact on our systems and data, the October 2023 breach of our systems contributed to the November 2023 intrusion of our systems by a likely nation-state threat actor. While none of these incidents had a material impact on our business, results of operations or financial condition, we cannot be certain that compromises of our systems will not happen in the future as a result of these incidents or other similar incidents with third party vendors that we use to help secure our internal systems and that such incidents will not have a material impact on our results of operations or financial condition. Such incidents, whether or not successful, could result in our incurring significant costs related to, among other things, changes to our internal systems, remediating or replacing equipment within our global network, implementing additional threat protection measures, making modifications to our products and our global network, defending against litigation, responding to regulatory inquiries or actions, paying damages, providing customers with credits under our agreements with them or other incentives to maintain a business relationship with us, or taking
37

other remedial steps with respect to third parties, as well as incurring significant reputational harm. Because these threats are constantly evolving, we believe successfully defending against them or implementing adequate preventative measures will become increasingly challenging.
The global network that we use to provide our products to our customers is made up of equipment at co-location facilities located in more than 310 cities and over 120 countries worldwide and we expect to continue to increase the size of our network in the future. As we grow the size and scope of our network, the number of our employees and third party contractors that have access to our equipment at these facilities will continue to increase, which will also increase the risk of potential errors or malfeasance such as potential equipment theft or potential attempts to interfere with, or intercept, network and customer data that is held in, or flows through, this equipment. In addition, local government officials may attempt to, or successfully take control of, our equipment in an attempt to interfere with our services or intercept data. Because the equipment in our network co-location facilities is designed to run all of our products, any insertion of ransomware or other malicious code on, unauthorized access to, or other security breach or incident with respect to, any of this equipment at any of these locations around the world could potentially impact all of our products running on this equipment around the world. We may also experience security breaches and other incidents that may remain undetected for an extended period and, therefore, may have a greater impact on our products and the networks and systems used in our business, the proprietary and other confidential data contained on our network or otherwise stored or processed in our operations, and ultimately our business. We expect to incur significant costs in our efforts to detect and prevent security breaches and other security-related incidents, and we have in the past faced, including in connection with the November 2023 intrusion of our systems, and may in the future face, increased costs in the event of actual or perceived security breaches or other security-related incidents. Our internal systems are exposed to the same cybersecurity risks and consequences of a breach as the systems of our customers and other enterprises, any of which could have an adverse effect on our business or reputation. These cybersecurity risks pose a particularly significant risk to a business like ours that is focused on providing highly secure products to customers. With the increase in remote work during recent years, we and our customers face increased risks to the security of infrastructure and data, and geopolitical tensions or events such as the Hamas-Israel and Russia-Ukraine conflicts also may increase these risks. We cannot guarantee that our security measures will prevent security breaches or incidents. We also may face increased costs relating to maintaining and securing our infrastructure and data that we maintain and otherwise process.
There can be no assurance that any security measures that we or our third-party service providers have implemented or that are included in the equipment and related third-party software that we use to operate our global network will be effective against current or future security threats. We also cannot guarantee that our systems and networks or those of our third-party service providers or the equipment and related third-party software that we use to operate our global network have not been breached or otherwise compromised, or that they and any software in our or their supply chains do not contain bugs, vulnerabilities, or compromised code that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us and our services. Unauthorized access to, other security breaches of, or security incidents affecting, systems, networks, equipment, and data used in our business, including those of our vendors, contractors, or those with which we have strategic relationships, even if not resulting in an actual or perceived introduction of ransomware, malware, or other malicious code or other actual or perceived breach of our customers’ networks, systems, or data, could result in the loss, compromise, corruption or other unavailability of data, disruptions to our and our customers' products, systems, networks, and operations, loss of business, reputational damage adversely affecting customer or investor confidence, regulatory investigations and orders, litigation, indemnity obligations, damages for contract breach, penalties for violation of applicable laws or regulations, significant costs for remediation, and other liabilities.
Additionally, even in the absence of malicious actions, our network and products may experience errors, failures, vulnerabilities, or bugs that cause our products not to perform as intended and the likelihood of these problems may increase as we continue to expand the number and complexity of our products and related features, through artificial intelligence or otherwise, that we offer to our customers through our global network. For example, from time to time we are subject to “route leaks” that involve the accidental or, less commonly, illegitimate advertisement of prefixes, or blocks of IP addresses, which propagate across networks such as ours and can lead to incorrect routing of traffic across our network, taking traffic offline, or in extreme cases, potential interception of customers’ traffic by attackers. For example, in June 2019, a route leak spread by a major telecommunications services provider caused significant disruption to our traffic and that of many other providers. Although events like this are outside our control, they could materially harm our reputation and diminish the confidence of our current and potential customers in our network and products. Deployment of our network and products into other computing environments may expose these errors, failures, vulnerabilities, or bugs in our products. In addition, any such errors, failures, vulnerabilities, or bugs may not be found until after they are deployed to our customers and may create the perception that our
38

network and products are insecure, underperforming, or unreliable. For example, we have experienced a limited number of network outages over the past five years due to a variety of causes.
While the June 2019 route leak and the network outages did not have a material impact on our business, results of operations or financial condition, any similar events that may occur in the future may have a material adverse impact on our results of operations or financial condition. In addition, in the event network outages or similar events occur, these events can require additional capital expenditures to lessen the chance that similar events will occur in the future.
We also provide frequent updates and enhancements to our network and products, which increase the possibility of errors. Our quality assurance procedures and efforts to report, track, and monitor issues with our network has not always been sufficient to ensure we detect any such defects in a timely manner. For example, in the past we have made errors that have contributed to outages on our global network or to the leak of customer data. There can be no assurance that our software code is or will remain free from actual or perceived errors, failures, vulnerabilities, or bugs, or that we will accurately route or process all requests and traffic on our network. Given the trillions of Internet requests that route through our network on a monthly basis and the large array of Internet properties (e.g., domains, websites, APIs, and mobile applications) we service, the impact of any such error, failure, vulnerability, or bug can be large in terms of absolute numbers of affected requests and customers.
Actual or perceived problems with our network or systems, or those of our vendors, contractors, or those with which we have strategic relationships, could result in actual or perceived breaches of our or our customers’ networks and systems or data and/or subject us to reputational or financial harm. We are also required to comply with complex and evolving laws, regulations, and standards in many jurisdictions, including regarding our notifications to government agencies or public disclosures with respect to actual or perceived cybersecurity or personal data breaches, or other cybersecurity incidents, which could subject us to additional liability and reputational harm or lead to claims and litigation, indemnity obligations, regulatory reporting and/or audits, proceedings, and investigations and significant legal fees, significant costs for remediation, the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate, or work around errors or defects, to address and eliminate vulnerabilities, and to address any applicable legal or contractual obligations relating to any actual or perceived security breach or incident. Our compliance efforts are complicated by the fact that these requirements and obligations may be subject to uncertain or inconsistent interpretations and enforcement, and may conflict among various jurisdictions.
Actual or perceived breaches or other security incidents could also damage our relationships with our existing customers and have a negative impact on our ability to attract and retain new customers. Because our business is focused on providing secure and high performing network services to our customers, we believe that our products and the networks and systems we use in our business could be targets for hackers and others, and that an actual or perceived breach of, or security incident affecting, our networks, systems, or data, could be especially detrimental to our reputation, customer and channel partner confidence in our solution, and our business. Additionally, our products are designed to operate without interruption, including up to a 100% uptime guarantee for our Business and Enterprise plans. If a breach or security incident were to impact the availability of our network and products, our business, results of operations, and financial condition, as well as our reputation, could be adversely affected.
Any cybersecurity insurance that we carry may be insufficient to cover all liabilities incurred by us in connection with any privacy or cybersecurity incidents or may not cover the kinds of incidents for which we submit claims. For example, insurers may consider cyber attacks by a nation-state as an “act of war” and any associated damages as uninsured. We also cannot be certain that our insurance coverage will be adequate for data handling or data security liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, results of operations, and financial condition, as well as our reputation.
If our global network that delivers our products or the core co-location facilities we use to operate our network are damaged, interfered with, or otherwise fail to meet the requirements of our business or local regulations, our ability to provide access to our network and products to our customers and maintain the
39

performance of our network could be negatively impacted, which could cause our business, results of operations and financial condition to suffer.
As of December 31, 2023, we hosted our global network and served our customers from co-location and Internet Service Provider (ISP) partner facilities located in more than 310 cities and over 120 countries worldwide. In addition to these global facilities, much of the infrastructure for our global network and for our business and operations is maintained through a core co-location facility located in the greater Portland, Oregon area, a second core co-location facility located in Luxembourg that provides certain redundancy to the U.S. core facility, and through a limited number of other U.S. co-location facilities that provide limited subsets of our network support. While we have electronic and, to a lesser extent, physical access to the components and infrastructure of our network and co-location facilities that are hosted by third parties — including ISP-partner facilities — we do not control the operation of these third-party facilities. Consequently, we may be subject to service disruptions as well as failures to provide adequate support for reasons that are outside of our direct control. All of our co-location and ISP-partner facilities and network infrastructure are vulnerable to damage or interruption from a variety of sources including earthquakes; weather events; floods; fires; power loss; system failures; computer viruses; physical or electronic break-ins; human error; malfeasance; or interference, including by disgruntled employees, former employees, or contractors; terrorism; and other catastrophic events. For example, in November 2023, our control plane and analytics services experienced an outage triggered by a power failure at one of our core data centers in the greater Portland, Oregon area, which impacted certain customers' access to some of our products and services for several days and the loss of certain customer logs. In addition, we have experienced a route leak and a limited number of network outages involving our core and network co-location facilities over the past five years due to a variety of causes. Co-location facilities housing our network infrastructure may also be subject to local governmental or other administrative actions, changes to legal or permitting requirements, labor disputes, and litigation to stop, limit, or delay operations. Despite precautions taken at these facilities, such as disaster recovery and business continuity arrangements, the occurrence of a natural disaster or an act of terrorism, a decision to close the co-location facilities without adequate notice, interference with, or sabotage of, our equipment at these facilities, or other unanticipated problems at these facilities could result in interruptions or delays in the availability of our network and products, impede our ability to scale our operations, or have other adverse impacts upon our business, results of operations, and financial condition. In addition, errors or defects in our customers’ software can result in unexpected and unintentional upward spikes in their usage of our products and network, and those spikes can cause strains on, and adversely affect the availability and functioning of, our co-location facilities and our network.
As we have expanded our global network, for efficiency reasons we have increased the amount of automation that is used to update and maintain our network. While we believe this increased automation generally makes our network more reliable and robust, if portions of this automation were to fail then the impact could apply to all or substantially all of our co-location facilities, instead of the more localized impact if we were not using automation. In addition, the components of our global network are interrelated, such that disruptions or outages affecting one or more of our network co-location facilities may increase the strain on other components of our network. Concurrent disruptions or outages at one or more of our network co-location facilities may lead to a cascading effect in which heightened strain on our network causes further disruptions or outages, particularly within the regions where the disruptions and outages occur. In addition, the failure of any of our core co-location facilities for any significant period of time, particularly our U.S. core co-location facility, could place a significant strain upon the ongoing operation of our business, as we have only limited redundant functionality for these facilities. Such a failure of a core co-location facility could degrade and slow down our network, reduce the functionality of our products for our customers, result in gaps or loss in customer analytics or functionality with respect to some of our products, impact our ability to bill our customers, result in the loss of customers or reduction in their purchases from us due to dissatisfaction with the reliability of our products and network, and otherwise materially and adversely impact our business, reputation, and results of operations.
If our customers’ or partners’ access to our network and products is interrupted or delayed for any reason, our business could suffer.
Any interruption or delay in our customers’ or partners’ access to our network and products will negatively impact our customers. Our customers depend on the continuous availability of our network for the delivery and use of our products, and our products are designed to operate without interruption, including up to 100% uptime guarantee for our Business and Enterprise plans. If all or a portion of our network were to fail, our customers and partners could lose access to their internal network and/or the Internet as a whole until such disruption is resolved or they deploy disaster recovery options that allow them to bypass our network. The adverse effects of any network interruptions
40

on our reputation and financial condition may be heightened due to the nature of our business and our customers’ expectation of continuous and uninterrupted Internet access and low tolerance for interruptions of any duration. In addition, because some of our customers’ most critical applications are protected by our products and network and these customers may not be using other providers for similar services, the adverse effect of network disruptions to these customers could be particularly severe. The impact of an interruption in access to our network and products could also impact the ability to run our own business because we use a number of our products in the operation of our business.
While we do not consider them to have been material, we have experienced a limited number of network outages over the past five years, and we may in the future experience network disruptions and other performance problems, in each case due to a variety of factors. The following factors, many of which are beyond our control, can affect the delivery, performance, and availability of our network and products:
the development, maintenance, and functioning of the infrastructure of the Internet as a whole;
the performance and availability of third-party telecommunications services with the necessary speed, data capacity, and security for providing reliable Internet access and services;
decisions by the owners and operators of the co-location and ISP-partner facilities where our network infrastructure is deployed or by global telecommunications service provider partners who provide us with network bandwidth to terminate our contracts, discontinue services to us, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy, breach their contracts with us, or prioritize the traffic of other parties;
the occurrence of earthquakes, floods, weather events, fires, power loss, system failures, physical or electronic break-ins, acts of war or terrorism (including the ongoing conflicts between Hamas and Israel and between Russia and Ukraine or potential consequence of geopolitical tensions in other areas of the world), human error or interference (including by disgruntled employees, former employees, or contractors), and other catastrophic events;
cyber attacks targeted at us, facilities where our network infrastructure is located, our global telecommunications service provider partners, or the infrastructure of the Internet;
errors, defects, or performance problems in the deployment, maintenance, and expansion of our network and products, including the software we use to operate our network and products and provide our related products to our customers;
our customers’ or partners’ improper deployment or configuration of our customers' access to our network and products;
the maintenance of the APIs in our systems that our partners use to interact with us;
the failure of our redundancy systems, in the event of a service disruption at one of the facilities hosting our network infrastructure, to redistribute load to other components of our network; and
the failure of our disaster recovery and business continuity arrangements.
The occurrence of any of these factors, or our inability to efficiently and cost-effectively fix such errors or other problems that may be identified, could damage our reputation, negatively impact our relationship with our customers, or otherwise materially harm our business, results of operations, and financial condition.
Abuse, misuse, or other unauthorized use of our internal network, including network services tools, could cause significant harm to our business and reputation.
Our employees and contractors use our internal network to support the operation of our global network and products for our customers. In addition, in order to provide real-time support to our customers, we have created internal network services tools that are used by our employees and contractors to diagnose and correct customer security, performance, and reliability issues. If any of our employees or contractors were to intentionally abuse our internal network, including these tools, by interfering with or altering our customers’ Internet properties or systems, our customers could be significantly harmed. Similarly, our customers could be harmed if government personnel in any countries in which our employees operate were to pressure our employees, including through the threat of potential prosecution or imprisonment, to use our internal network, including these tools, to access customer data or interfere with or alter our customers' Internet properties or systems. Our employees’ inadvertent misuse of our
41

internal network, including these tools, could similarly harm our customers. For example, third parties have in the past attempted to induce our employees to use their administrative access to reveal, remove, or disable our customers’ information and content, including by submitting fraudulent law enforcement requests, copyright takedown requests, or other content-based complaints. Any such improper disclosure or removal could significantly and adversely impact our business and reputation. While our internal network and tools have been developed only for authorized use by our employees and contractors, any unauthorized use of, or access to, our internal network by, or release of network service tools to, third parties would represent a significant vulnerability in our products. Accordingly, any abuse or misuse of our internal network and services tools could significantly harm our business and reputation. If it became necessary to further restrict the availability or use of our internal network and services tools by our employees and customers in response to any abuse or misuse, our ability to deliver high-quality and timely customer support could be harmed.
Detrimental changes in, or the termination of, any of our co-location relationships, ISP partnerships, or our other interconnection relationships with ISPs could adversely impact our business, results of operations, and financial condition.
Our relationships with ISP partners and other vendors that provide co-location services for our network infrastructure and the pricing and other material contract terms we have with these vendors are important for the maintenance, development, and expansion of our global network. If any of our co-location agreements were to expire or the pricing and other material terms of these agreements were to worsen, our business, results of operations, and financial condition would be adversely affected unless we were able to find a substitute vendor for the impacted facility on comparable or better terms. Moreover, a significant number of our important co-location agreements are with a single company and if our arrangements with this company were to change in a manner adverse to us, we could face difficulty in maintaining or growing our network on commercially viable terms. In addition, as part of our arrangements with some of our ISP partners, the ISP partner has agreed to host our equipment for free or at a discount to the partner’s customary rate. There can be no assurances that these ISP partners will continue to provide these types of favorable equipment hosting arrangements in the future.
The efficient and effective operation of our network also relies upon a series of mutually beneficial arrangements with other Internet infrastructure companies. These arrangements are often referred to as “peering” or “interconnection” agreements, and allow us and our ISP partners to reduce bandwidth costs related to operating our respective networks. If the underlying competitive, business, or operational incentives supporting these arrangements were to change, we or our partners might terminate these agreements or allow them to expire. Many of our peering or interconnection agreements have a term of three years or less, after which such agreements auto-renew on an annual basis. Changes to the underlying incentive structure of peering arrangements may result from parties seeking to take advantage of an essential position or enter into exclusive arrangements, changes to U.S. or international laws, regulations, or policies, increasing competition between us and these Internet infrastructure providers, or changes in the norms governing the relationships among Internet infrastructure providers. Without favorable peering arrangements, we would incur significantly increased costs to continue to provide our products at their current levels and such increased costs could adversely impact our business, results of operations, and financial condition. In addition, to the extent that additional countries begin to regulate peering with outside networks, our costs may increase and our business and results of operations could be adversely impacted.
If our network and products do not interoperate with our customers’ internal networks and infrastructure or with third-party products, websites, or services, our network may become less competitive and our results of operations may be harmed.
Our network and products must interoperate with our customers’ existing internal networks and infrastructure. These complex internal systems are developed, delivered, and maintained by the customer and a myriad of vendors and service providers. As a result, the components of our customers’ infrastructure have different specifications, rapidly evolve, utilize multiple protocol standards, include multiple versions and generations of products, and may be highly customized. We must be able to interoperate and provide products to customers with highly complex and customized internal networks, which requires careful planning and execution between our customers, our customer support teams and, in some cases, our channel partners. Further, when new or updated elements of our customers’ infrastructure or new technology or industry standards or protocols are introduced, we may have to update or enhance our network to allow us to continue to provide our products to customers. Our competitors or other vendors may refuse to work with us to allow their products to interoperate with our network and products, which could make it difficult for our network and products to function properly in customer internal networks and infrastructures that include these third-party products.
42

We may not deliver or maintain interoperability quickly or cost-effectively, or at all. These efforts require capital investment and engineering resources. If we fail to maintain compatibility of our network and products with our customers’ internal networks and infrastructures, our customers may not be able to fully utilize our network and products, and we may, among other consequences, lose or fail to increase our market share and number of customers and experience reduced demand for our products, which would materially harm our business, results of operations, and financial condition.
Because we provide some of our products through a reverse-proxy, which is a network arrangement in which Internet user requests initially are directed to our network’s servers rather than those of our customers, the source of some traffic may be difficult to ascertain. When they cannot identify the source of the traffic, some governments, third-party products, websites, or services may block our traffic or blacklist our IP addresses. If our customers experience significant instances of traffic blockages, they will experience reduced functionality or other inefficiencies, which would reduce customer satisfaction with our network and products and likelihood of renewal of their use of our products.
We rely on a limited number of suppliers for certain components of the equipment we use to operate our network and any disruption in the availability of these components could delay our ability to expand or increase the capacity of our global network or replace defective equipment.
We rely on a limited number of suppliers for several components of the equipment we use to operate our network and provide products to our customers. Our reliance on these suppliers exposes us to risks, including reduced control over production costs and constraints based on the then current availability, terms, and pricing of these components. For example, we generally rely on a limited number of suppliers for the servers that we use in our network and we ordinarily purchase these components on a purchase-order basis, without any long-term contracts guaranteeing supply. While the network equipment and servers we purchase generally are commodity equipment and we believe an alternative supply source for servers on substantially similar terms could be identified quickly, our business could be adversely affected until those efforts are completed. In addition, the technology equipment industry has experienced component shortages and delivery delays in the past, and we may experience shortages or delays, including as a result of natural disasters, increased demand in the industry, or our suppliers lacking sufficient rights to supply the components in all jurisdictions in which we have co-location facilities that support our global network. For example, during 2021 and continuing through the first quarter of 2022, a global shortage of CPUs, RAM, SSDs, and other electronics resulted in supply constraints for a number of electronics firms, including manufacturers of servers. This global shortage disrupted, and other shortages or similar supply constraints in the future may disrupt, some of our expected purchases of network equipment and servers. If our supply of certain components is disrupted or delayed, there can be no assurance that additional supplies or components can serve as adequate replacements for the existing components or that supplies will be available on terms that are favorable to us, if at all. Any disruption or delay in the supply of our hardware components may delay the opening of new co-location facilities, limit capacity expansion or replacement of defective or obsolete equipment at existing co-location facilities, or cause other constraints on our operations that could damage our customer relationships.
The actual or perceived failure of our products to block malware or prevent a security breach or incident could harm our reputation and adversely impact our business, results of operations, and financial condition.
Our security products are designed to reduce the threat to our customers posed by malware and other Internet security threats. Our security products may fail to detect or prevent malware or security breaches or incidents for any number of reasons. Even where our security products perform as intended, the performance of our security products can be negatively impacted by our failure to enhance, expand, or update our network and products; improper classification of websites by our employees, automated systems, and partners which identify and track malicious websites; improper deployment or configuration of our products; the development, maintenance, and functioning of the infrastructure of the Internet as a whole; and many other factors. For example, during August and September of 2023, an unknown threat actor exploited a vulnerability in the standard HTTP/2 protocol critical to the function of the Internet and websites. This threat actor worked to generate a series of the largest-scale DDoS attacks against our network that we have recorded to date. While our systems were able to mitigate the overwhelming majority of incoming attacks, the volume overloaded some components in our network and impacted several customers’ performance, all of which were quickly resolved. During the process of mitigating these attacks, our team developed new technology to stop these types of attacks and further improve our own mitigations for this and other future attacks. Although the impact of the attacks did not have a material impact on our reputation or
43

results of operations or financial condition, other future attacks like these may materially and adversely impact our reputation, results of operations or financial condition if we cannot effectively stop or mitigate the attacks and otherwise suffer performance issues or downtime that exceeds the service level commitments under our agreements and terms of service with our paying customers.
Companies are increasingly subject to a wide variety of attacks on their networks and systems, including traditional computer hackers; malicious code, such as viruses and worms; DDoS attacks; sophisticated attacks conducted or sponsored by nation-states; advanced persistent threat intrusions; ransomware; phishing attacks and other forms of social engineering; employee, vendor, or contractor errors or malfeasance; and theft or misuse of intellectual property or business or personal data, including by disgruntled employees, former employees, or contractors. External events, like the ongoing conflicts between Hamas and Israel and between Russia and Ukraine and other areas of geopolitical tension around the world and elections in the United States and elsewhere, can increase the likelihood of attacks. No security solution, including our products, can address all possible security threats or block all methods of penetrating a network or otherwise perpetrating a security incident. Accordingly, our security products may be unable to detect or prevent a threat until after our customers are impacted. As our products are adopted by an increasing number of enterprises and by increasingly larger enterprises, it is possible that the individuals and organizations behind cyber threats will focus on identifying ways to circumvent or defeat our security products. If our network is targeted by attacks specifically designed to disrupt it, it could create the perception that our security products are not capable of providing adequate security. As a provider of security products, any perceived lack of security to our network or any of our products could erode our customers’ and potential customers’ trust in our network and products. Moreover, a high-profile security breach of, or security incident impacting, another cloud services provider could cause our customers and potential customers to lose trust in cloud solutions generally, and cloud-based products like ours in particular. Any such loss of trust could materially and adversely impact our ability to retain existing customers or attract new customers.
Our customers must rely on complex network and security infrastructures, which include products and services from multiple vendors in addition to us, to secure their networks. If any of our customers becomes infected with malware, or experiences a security breach or incident, they could be disappointed with our products, regardless of whether our security products are intended to block the attack or would have blocked the attack if the customer had properly configured our products or their network, or taken other steps within their control. Additionally, if any enterprises that are publicly known to use our network and products are the subject of a cyber attack that becomes publicized, this could harm our reputation and our current or potential customers may look to our competitors for alternatives to our network and products. Customers subject to cyber attack also may seek to hold us legally liable for any loss or lack of access to sensitive data or highly valued assets that results from such an attack. Although our customer agreements provide significant limitations on our potential liability to our customers for such claims and we do not believe current legal theories would hold a service provider like us liable for such customers’ losses, potential adverse future changes in laws applicable to such claims could result in significant liabilities for us.
From time to time, industry or financial analysts and research firms test our network and related security products against other security products. Our products may fail to detect or prevent threats in any particular test for a number of reasons, including misconfiguration. To the extent potential customers, industry or financial analysts, or testing firms believe that the occurrence of a failure to detect or prevent any particular threat is a flaw or indicates that our products do not provide significant value or provide less value than competitive solutions, our reputation and business could be materially harmed.
Any real or perceived flaws in our network, or any actual or perceived security breaches of, or security incidents impacting, our customers, could result in:
a loss of existing or potential customers or channel partners;
delayed or lost sales and harm to our financial condition and results of operations;
a delay in attaining, or the failure to attain, market acceptance of our products;
the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate, or work around errors or defects, to address and eliminate vulnerabilities, and to address any applicable legal or contractual obligations relating to any actual or perceived security breach or incident;
negative publicity and damage to our reputation and brand; and
44

legal claims and demands (including for stolen assets or information, repair of system damages, and compensation to customers and business partners), litigation, regulatory audits, proceedings or investigations, and other liability.
Any of the above results could materially and adversely affect our business, results of operations, and financial condition.
We may choose to make public disclosures in press releases, on our website and blog, through social media, and in other ways about our network, systems, products, and technology, which may include negative events, when we are not otherwise required by applicable law and those disclosures could materially and adversely impact our business, reputation, and results of operations.
In the past we have been, and in the future we expect to be, transparent about our network, systems, products, and technology with our customers and the public in general. We believe that being rigorously and promptly transparent is an essential part of maintaining trust with our customers. At times, this transparency may result in us publicly disclosing information, including negative events, about our network, systems, products, and technology in circumstances where we may not be required to do so by applicable law. If and when we choose to make these types of non-legally required public disclosures, we may suffer reputational damage, loss of existing and potential new customers, litigation, indemnity obligations, damages for contract breach, penalties for violation of applicable laws or regulations, significant costs for remediation, and other liabilities that could materially and adversely impact our business, reputation, and results of operations. In addition, we face increasing regulation requiring notifications to government agencies and/or public disclosures with respect to cybersecurity, critical infrastructure, privacy and data protection, and other incidents. If we do not believe the requirements of an applicable regulation have been triggered by an incident but we otherwise make a public disclosure about the incident, then one or more government regulators may seek additional information about the incidents or may allege that we failed to comply with our notification obligations to such agency or under applicable law. Such allegations could result in harm to our reputation, distraction to our senior management team, potential investigations and fines, and loss of customers, or result in other liabilities or adverse consequences on our business.
We provide service level commitments under our Enterprise subscription plan customer contracts and our Business subscription plan terms of service. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service or allow customers to terminate their subscriptions and our business could suffer.
Our Enterprise subscription plan agreements and our Business subscription plan terms of service typically provide for service level commitments, which contain specifications regarding the availability and performance of our network. In particular, our Enterprise subscription plan and our Business subscription plan terms of service include up to a 100% uptime guarantee. Any failure of or disruption to our infrastructure could adversely impact the security, performance, and reliability of our network and products for our customers. If we are unable to meet our stated service level commitments or if we suffer extended periods of poor performance or unavailability of our network and products, these customers could seek to bring claims against us or terminate their agreements with us and, in the case of our contracted customers, we may be contractually obligated to provide affected customers with service credits that they may apply against future subscription fees otherwise owed to us, and, in certain cases, refunds of pre-paid and other fees. For example, a route leak and a limited number of network outages during the past five years triggered certain of these types of obligations. Although the impact of the route leak and these outages did not have a material impact on our results of operations or financial condition, other future events like these may materially and adversely impact our results of operations or financial condition. Our revenue, other results of operations, and financial condition could be harmed if we suffer performance issues or downtime that exceeds the service level commitments under our agreements and terms of service with our paying customers.
If our products do not obtain and maintain market acceptance, our ability to grow our business and our results of operations may be adversely affected.
Our products are still evolving and it is difficult to predict customer demand and adoption rates for our product offerings. We believe that our network and cloud-based products represent a major shift from traditional solutions. Many of our potential customers, particularly large enterprises and government entities, face barriers to adopting our offerings because of their prior investment in, and the familiarity of their IT personnel with, on-premises,
45

appliance-based solutions or other providers of cloud-based solutions. As a result, our sales process often involves extensive efforts to educate our customers about our products, particularly as we continue to pursue customer relationships with large organizations. Our customers also expect us to meet voluntary validations or adhere to industry standards and require our policies and practices to be evaluated by an independent third-party assessor. Although we currently have certain certifications and reports such as SOC2 Type 2, PCI DSS, ISO 27001, ISO 27701, and ISO 27018, C5, EU Code of Conduct, and FedRAMP moderate authorization, we may not be successful in continuing to maintain those certifications or in obtaining other certifications. In addition, sales to government entities and other large enterprises may in particular be conditioned upon adherence to PSPC, ISMAP, IRAP, or DoD IL4 compliance in Canada, Japan, Australia, and the United States, and we do not currently have these certifications. The costs of obtaining and maintaining certification pursuant to any of these standards are significant, and any failure to obtain and maintain such certifications for our network and products could reduce demand for them, which would harm our business, results of operations, and financial condition. To the extent our competitors have, and we do not have, these certifications, we may lose the opportunity to obtain subscriptions from certain potential paying customers.
Despite our efforts, we can provide no assurance that our cloud-based products will obtain market acceptance or that competing products or services based on other cloud-based and/or on-premises technologies will not achieve market acceptance. If we fail to achieve market acceptance of our products or are unable to keep pace with industry changes or obtain necessary product certifications, our ability to grow our business, results of operations, and financial condition will be materially and adversely affected.
In connection with our Web3 suite of products and our potential future participation in various Web3 protocol governance activities, we expect to hold certain types of cryptocurrency and similar types of digital assets that may be subject to unique regulatory and accounting risks, volatile market prices, and risks of loss, which could harm our business and reputation.
The regulatory status of digital assets is subject to significant change. Some or all of these assets are subject to significant regulatory restrictions and have even been prohibited or effectively prohibited in some countries. If we fail to comply with regulations or prohibitions applicable to us based on these types of digital assets, we could face regulatory or other enforcement actions and potential fines and other consequences.
The prices of digital assets have been and may continue to be highly volatile, including as a result of various associated risks, uncertainties and events. The prevalence of such assets is a relatively recent trend, and their long-term adoption by investors, consumers, and businesses remains uncertain. For example, the bankruptcy of FTX Trading Ltd. in November 2022 undermined investor confidence in cryptocurrencies resulting in a decline in the price of cryptocurrency and similar types of digital assets. Moreover, digital assets' lack of a physical form, their reliance on technology for their creation, existence, and transactional validation, and their decentralization may subject their integrity to the threat of malicious attacks and technological obsolescence. In addition, if the market value of the digital assets we hold increases significantly relative to the purchase prices, we could be deemed an "investment company" for purposes of the Investment Company Act of 1940, as amended, and may be required to institute burdensome compliance requirements, restricting our activities in a way that could adversely affect our business, financial condition, and results of operations.
Moreover, digital assets are currently considered indefinite-lived intangible assets under applicable accounting rules, meaning that any decrease in their fair values below our carrying values for such assets at any time subsequent to their acquisition will require us to recognize impairment charges, whereas we may make no upward revisions for any market price increases until a sale, which may adversely affect our operating results in any period in which such impairment occurs. There is no guarantee that future changes in U.S. GAAP will not require us to change the way we account for digital assets held by us.
Further, digital assets have been, and may in the future be, subject to security breaches, cyber attacks, or other malicious activities, including unauthorized access and theft, as well as human errors or computer malfunctions that may result in the loss or destruction of private keys needed to access such assets. While we expect to implement appropriate security measures with respect to any future digital assets holdings, those measures may not function as expected and may not detect or prevent all unauthorized activity, prevent all security breaches or incidents, mitigate all security breaches or incidents, or protect against all attacks or incidents. If such threats are realized or the measures or controls that we create or implement to secure such assets fail, it could result in a partial or total misappropriation or loss of such digital assets.
46

Risks Related to Legal, Tax, and Regulatory Matters
Activities of our paying and free customers or the content of their websites and other Internet properties may violate applicable laws and/or our terms of service and could subject us to lawsuits, regulatory enforcement actions, and/or liability in various jurisdictions.
Through our network, we provide a wide variety of products that enable our customers and our customers' users to exchange information, conduct business, and engage in various online activities both domestically and internationally. Our customers and our customers' users may use our network and products in violation of applicable law or in violation of our terms of service or the customer’s own policies. The existing laws relating to the liability of providers of online products and services for activities of their users are highly unsettled and in flux both within the United States and internationally. We are currently, and in the future may be, subject to lawsuits and/or liability arising from the conduct of our customers and our customers' users. Additionally, the conduct of our customers and our customers' users may subject us to regulatory enforcement actions and/or liability. We are a defendant in lawsuits, both in the United States and abroad, seeking injunctive relief and/or damages against us based on content that is made available through our customers’ websites and other Internet properties. A number of these lawsuits involve copyright infringement claims, and courts in Italy and Germany have at times directed us to take action by removing access to content of certain websites and other Internet properties on our network. There can be no assurance that we will not face similar litigation in the future or that we will prevail in any litigation we are facing or may face. An adverse decision in one or more of these lawsuits could materially and adversely affect our business, results of operations, and financial condition.
Several U.S. federal statutes may apply to us with respect to various activities of our customers, including the Digital Millennium Copyright Act (DMCA), which provides recourse for owners of copyrighted material who believe their rights under U.S. copyright law have been infringed on the Internet; and section 230, enacted in the Communications Decency Act (CDA), which addresses blocking and screening of content on the Internet. Although these and other similar legal provisions provide limited protections from liability for service providers like us, those protections may not be interpreted in a way that applies to us, may be amended or removed in the future, or may not provide us with complete protection from liability claims. If we are found not to be protected by the safe harbor provisions of the DMCA, CDA or other similar laws, or if we are deemed subject to laws in other countries that may not have the same protections or that may impose more onerous obligations on us, we may owe substantial damages and our brand, reputation, and financial results may be harmed.
Policies and laws in this area remain highly dynamic, and we may face additional theories of intermediary liability in various jurisdictions. Many policymakers in the United States have called for a re-examination of CDA section 230 and copyright law. The EU has agreed on the Digital Services Act and Digital Markets Act to update the rules governing digital services like ours, including replacing the eCommerce Directive, which is the EU’s current framework for online services, and imposing additional legal requirements on certain service providers. In addition, in 2019, the EU approved a Copyright Directive that will impose additional obligations on service providers and failure to comply could give rise to significant liability. Other laws and pending legislation at the EU level (terrorist content, child sexual abuse materials) and in the United Kingdom (online harms), Australia (online harms), and India (Digital India Act), as well as other new laws like them, may also expose Internet companies like us to significant liability. We may incur additional costs to comply with these new laws, which may have an adverse effect on our business, results of operations, and financial condition.
Current and future litigation subjects us to claims for very large potential damages based on a significant number of online occurrences under statutory or other damage theories. Such claims may result in liability that exceeds our ability to pay or our insurance coverage. Even if claims against us are ultimately unsuccessful, defending against such claims will increase our legal expenses and divert management’s attention from the operation of our business, which could materially and adversely impact our business and results of operations.
Our policies regarding user privacy could cause us to experience adverse business and reputational consequences with customers, employees, suppliers, government entities, and other third parties.
As a company, we strive to protect our customers’ privacy consistent with applicable law. Consequently, we generally do not provide personal information about our customers or their users without legal process. In accordance with our contractual commitments to our customers, we may need to challenge legal process requesting disclosure of personal information where such requests are inconsistent with applicable data protection
47

laws. In addition, from time to time, government entities may seek or demand our assistance with obtaining information about our customers or their users or could request that we modify our network and products in a manner to permit access or monitoring. In light of our privacy commitments, we may legally challenge certain law enforcement requests, such as requests to provide a feed of content transiting our network, to obtain encryption keys, or to modify or weaken encryption. We also may face complaints from individuals who assert we have provided their information improperly to law enforcement or in response to third-party abuse complaints, despite policies we have in place to protect that information. To the extent that we do not provide assistance to or comply with requests from government entities or challenge those requests publicly or in court, we may experience adverse political, business, and reputational consequences. We may also face such adverse political, business, and reputational consequences to the extent that we provide, or are perceived as providing, assistance to government entities that exceeds our legal obligations. For example, we periodically receive requests for information purportedly originating from law enforcement agencies or pursuant to legal process, but which are fraudulent or improper attempts to cause us to reveal customer information. Any such disclosure could significantly and adversely impact our business and reputation.
We publish a transparency report on a semi-annual basis to provide details of law enforcement and government requests we receive. Our transparency report also includes a list of certain actions we have not taken in response to law enforcement requests. If we are ever required by law enforcement to take one or more of the actions covered by those disclosures, then we would have to remove the applicable disclosures from our transparency report. Both the publishing of our transparency report and, conversely, the potential narrowing of the list of actions we have not taken in response to law enforcement requests could damage our business and reputation.
Our business could be adversely impacted by changes in Internet access for our customers as a result of competitive behavior or laws specifically governing the Internet.
Our network performance and reliability depends on the quality of our customers’ access to the Internet. Certain features of our network require significant bandwidth and fidelity to work effectively. Internet access is frequently provided by companies that have significant market power that could take actions that degrade, disrupt, or increase the cost of user access to our network, which would negatively impact our business. We could incur greater operating expenses and our customer acquisition and retention could be negatively impacted if other network operators:
implement usage-based pricing;
discount pricing for competitive products;
otherwise materially change their pricing rates or schemes;
charge us to deliver our traffic at certain levels or at all;
throttle traffic based on its source or type;
implement bandwidth caps or other usage restrictions; or
otherwise try to monetize or control access to their networks.
In addition, there are various laws and regulations that could impede the growth of the Internet or online services, and new laws and regulations may be adopted in the future. These laws and regulations could involve interconnection and network management; taxation; tariffs; privacy; data protection; information security; content; copyrights; distribution; electronic contracts and other communications; consumer protection; and requirements for the characteristics and quality of services, any of which could decrease the demand for, or the usage of, our products. Legislators and regulators may make legal and regulatory changes, or interpret and apply existing laws, in ways that require us to incur substantial costs, expose us to unanticipated civil or criminal liability, or cause us to change our business practices. If these changes are implemented, it could have an adverse and negative impact on our business. In addition, we may be banned from providing our products in certain countries, which would prevent our ability to grow our business in such markets and would also have a detrimental impact on the performance and scope of our network. Russia, for example, has blocked designated virtual private networks since December 2021, and included one of our products, Cloudflare WARP, in its list of banned services. These changes or increased costs could materially harm our business, results of operations, and financial condition.
48

Failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose customers or otherwise harm our business.
Our business is subject to regulation by various federal, state, local, and non-U.S. governmental agencies, including agencies responsible for monitoring and enforcing compliance with various legal obligations, such as privacy, data protection, and information security laws and regulations, intellectual property laws, telecommunications laws and regulations, employment and labor laws, workplace safety, environmental laws, consumer protection laws, anti-bribery laws, governmental trade sanctions laws, import and export controls, anti-corruption and anti-bribery laws, federal securities laws, and tax laws and regulations. In addition, emerging tools and technologies we may utilize in providing our products and solutions, like artificial intelligence and machine learning, may also become subject to regulation under new laws or new applications of existing laws. In certain jurisdictions, some or all of these regulatory requirements may be more stringent than in the United States.
In addition, many countries are considering expanding or have expanded regulatory requirements for services such as ours, with potential requirements such as collection and verification of customer data, limitations on the use of non-personal data, cybersecurity incident reporting obligations, expanded registration requirements, or requirements to have personnel in the country. The rapid expansion of proposed regulations, as well as possible conflicting requirements, may make it challenging for us to identify and comply with all new global regulations that may apply to our services.
These laws and regulations impose added costs on our business. Actual or perceived noncompliance with applicable regulations or requirements could subject us to:
investigations, enforcement actions, and sanctions;
mandatory changes to our network and products;
disgorgement of profits, fines, and damages;
civil and criminal penalties or injunctions;
claims for damages by our customers or channel partners;
termination of contracts;
loss of intellectual property rights; and
temporary or permanent debarment from sales to government organizations.
If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, results of operations, and financial condition could be adversely affected. In addition, responding to any action will likely result in a significant diversion of our management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could materially harm our business, results of operations, and financial condition.
Additionally, companies in the technology industry have recently experienced increased regulatory scrutiny. The rapid growth of our business and the products that we offer may also result in increased regulatory scrutiny of our company in particular. Any reviews by regulatory agencies or legislatures may result in substantial regulatory fines, changes to our business practices, and other penalties, which could negatively affect our business and results of operations. Changes in social, political, and regulatory conditions or in laws and policies governing a wide range of topics may cause us to change our business practices. Further, our expansion into a variety of new fields also could raise a number of new regulatory issues. These factors could negatively affect our business and results of operations in material ways.
Our actual or perceived failure to comply with privacy, data protection, information security, and other applicable laws, regulations, and obligations could harm our business.
We receive, store, use, and otherwise process personal information and other information relating to individuals. There are numerous federal, state, local, and international laws and regulations regarding privacy, data protection, information security, and the storing, sharing, use, processing, transfer, disclosure, and protection of personal information and other content, the scope of which are changing, subject to differing interpretations, and may be inconsistent among jurisdictions, or conflict with other rules. Not only is the number of data protection laws rising
49

globally and within the United States, but existing laws and regulations are evolving. Together, this legislative framework may result in ever-increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions. For example, the EU’s General Data Protection Regulation (GDPR) imposes stringent data protection requirements and provides for penalties for noncompliance of up to the greater of €20 million or four percent of worldwide annual revenues. In addition, the GDPR and the data protection laws of a number of other jurisdictions such as Japan, China, and South Korea, prohibit cross-border data transfers unless certain contractual and other conditions are met. This requires us to incur substantial costs and engage in additional contract negotiations with some of our customers and vendors to ensure the conditions established by these data protection regulations are met.
Some countries are also considering or have enacted legislation and/or certification schemes requiring local storage and processing of data, or other sovereignty-oriented requirements, that could increase the cost and complexity of delivering our services. For example, the European Union Agency for Cybersecurity’s draft version of the European Cybersecurity Certification Scheme for Cloud Services would require EU data sovereignty for companies seeking to obtain the highest certification level.
In addition, the interpretation of existing privacy, data protection, and information security laws and regulations by governmental entities and the courts may change significantly over time in a manner that can have a significantly adverse impact on both our business and our customers’ businesses. For example, in July 2020, the Court of Justice of the European Union (CJEU) in the "Schrems II" case invalidated the U.S.-EU Privacy Shield that was widely used by us and other companies to allow for the lawful transfer of personal data of European Economic Area (EEA) residents to the United States for processing under the GDPR and placed additional requirements on the use of the EU Standard Contractual Clauses (EU SCCs) as a mechanism for transferring EEA personal data to the United States. We incurred substantial costs and needed to engage in additional contract negotiations with some of our customers and vendors in connection with updated EU SCCs and the United Kingdom addendum to the EU SCCs or other appropriate contractual provisions that we sought to put in place with our customers and vendors.
In July 2023, the European Commission adopted an adequacy decision for the new EU-U.S. Data Privacy Framework, which is designed to address the concerns raised in the Schrems II case. However, the European Commission’s adequacy decision regarding this framework will be subject to future reviews and may be subject to suspension, amendment, repeal, or limitations to its scope by the European Commission. While this new framework may serve as a means for cloud service providers like our company to freely transfer EU personal data to the United States, many aspects of this new framework remain uncertain. It has already been subject to legal challenge, and some customers and vendors are unwilling to rely on the new framework due to this uncertainty. In addition, in January 2023, the European Data Protection Board issued its 2022 Coordinated Enforcement Action on the use of cloud-based services by the public sector, in which it expressed concerns that EU public sector entities may not be able to use U.S.-based cloud service providers consistently with GDPR due to their concerns about the ability of U.S. government agencies to access EU personal data.
Whether as a result of this or otherwise, we may continue to see more findings from privacy regulators around the world against cloud service providers relating to cross-border personal data transfers, and may find it necessary or appropriate to modify our policies and practices to address any such findings or other legislative developments relating to cross-border personal data transfers. Implementing any new guidance from applicable regulatory authorities and otherwise responding to or addressing developments relating to cross-border personal data transfers may result in substantial costs, require changes to our policies and business practices, require us to engage in additional contractual negotiations, limit our ability to provide certain products in certain jurisdictions, limit our ability to provide certain products to certain customers, or materially adversely affect our business and operating results.
Meanwhile, the United Kingdom's data protection legislation is substantially consistent with the GDPR, and the UK has adopted an extension to the EU-U.S. Data Privacy Framework, but it remains to be seen how data transfers to and from the United Kingdom will be regulated and enforced in the longer term. To the extent future United Kingdom data protection requirements diverge significantly from the GDPR, they may result in substantial costs, require changes to our business practices, limit our ability to provide certain products in certain jurisdictions, limit our ability to provide certain products to certain customers, or materially adversely affect our business and operating results.
We also expect that there will continue to be new, and amendments to existing, laws, regulations, and industry standards concerning privacy, data protection, and information security proposed and enacted in the United States and various individual U.S. states. In the United States, various federal laws and regulations already apply to the
50

collection, processing, disclosure and security of certain types of data, including the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, the Health Insurance Portability and Accountability Act of 1996, and the Gramm-Leach-Bliley Act. In addition, there are also a number of recently enacted or proposed U.S. federal and state privacy and data protection bills in Congress and state legislatures across the country.
We are also subject to the terms of our privacy policies and contractual obligations to third parties related to privacy, data protection, and information security. We strive to comply with applicable laws, regulations, policies, and other legal obligations relating to privacy, data protection, and information security to the extent possible. However, the regulatory framework for privacy and data protection worldwide is evolving rapidly, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. As data protection compliance complexity grows, we may be required to incur substantial costs to adapt our policies and business practices as well as engage in additional contractual negotiations.
Any failure or perceived failure by us to comply with our privacy policies, our privacy-related obligations to customers or other third parties, applicable laws or regulations, or any of our other legal obligations relating to privacy, data protection, or information security may result in governmental investigations or enforcement actions, litigation, claims, or public statements against us by consumer advocacy groups or others and could result in significant liability or cause our customers to lose trust in us, which could cause them to cease or reduce use of our products and otherwise have an adverse effect on our reputation and business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our customers may limit the adoption and use of, and reduce the overall demand for, our products.
Additionally, if third parties we work with, such as sub-processors, vendors, or developers, violate applicable laws or regulations, contractual obligations, or our policies—or if it is perceived that such violations have occurred—such actual or perceived violations may also have an adverse effect on our business. Further, any significant change to applicable laws, regulations, or industry practices regarding the collection, use, retention, security, disclosure, or other processing of users’ content, or regarding the manner in which the express or implied consent of users for the collection, use, retention, disclosure, or other processing of such content is obtained, could increase our costs and require us to modify our network, products, and features, possibly in a material manner, which we may be unable to complete, and may limit our ability to store and process customer data or develop new products and features.
We are subject to anti-corruption, anti-bribery, and similar laws, and noncompliance with such laws can subject us to criminal penalties or significant fines and harm our business and reputation.
We are subject to the U.S. Foreign Corrupt Practices Act of 1977, the UK Bribery Act 2010, and other anti-corruption, anti-bribery, anti-money laundering, and similar laws in the United States and other countries in which we conduct activities. Anti-corruption and anti-bribery laws, which have been enforced aggressively and are interpreted broadly, prohibit companies and their employees and agents from promising, authorizing, making, or offering improper payments or other benefits to government officials and others in the public sector. We leverage third parties, including channel partners, to sell subscriptions to our products, host many of our co-location facilities for our network, and conduct our business in the United States and abroad. We and these third parties may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and we may be held liable for the corrupt or other illegal activities of our business partners and intermediaries, our employees, representatives, contractors, channel partners and agents, even if we do not explicitly authorize such activities. Further, some of our international sales activity occurs, and some of our network infrastructure is located, in parts of the world that are recognized as having a greater potential for business practices that violate anti-corruption, anti-bribery, or similar laws.
We cannot assure you that all of our employees and agents, including our channel partners, have complied with, or in the future will comply with, our policies and applicable law. As we continue to increase our international sales and business and expand our network globally, our risks under these laws may increase. The investigation of possible violations of these laws, including internal investigations and compliance reviews that we may conduct from time to time, could have a material adverse effect on our business. Actual or perceived noncompliance with these laws could subject us to investigations, severe criminal or civil sanctions, settlements, prosecution, loss of export privileges, suspension or debarment from U.S. government contracts and other contracts, other enforcement actions, the appointment of a monitor, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, whistleblower complaints, adverse media coverage and other consequences. Other internal
51

and government investigations, regulatory proceedings, or litigation, including private litigation filed by our stockholders, may also follow as a consequence. Any investigations, actions, or sanctions could materially harm our reputation, business, results of operations, and financial condition. Further, the promulgation of new anti-corruption and anti-bribery laws, rules or regulations or new interpretations of current anti-corruption and anti-bribery laws, rules or regulations could impact the way we do business in other countries, including requiring us to change certain aspects of our business to ensure compliance, which could reduce revenue, increase costs, or subject us to additional liabilities.
We may face fines, penalties, or other costs, either directly or vicariously, if any of our partners, resellers, contractors, vendors or other third parties fail to adhere to their compliance obligations under our policies and applicable law.
We use a number of partners, resellers, contractors, vendors and other third parties to perform services or act on our behalf in areas like sales, network infrastructure, administration, research, and marketing. It may be the case that one or more of those third parties fail to adhere to our policies or violate applicable federal, state, local, and international laws, including but not limited to, those related to corruption, bribery, economic sanctions, and export/import controls. Despite the significant challenges in asserting and maintaining control and compliance by these third parties, we may be held fully liable for third parties’ actions as fully as if they were a direct employee of ours. Such liabilities may create harm to our reputation, inhibit our plans for expansion, or lead to extensive liability either to private parties or government regulators, which could adversely impact our business, results of operations, and financial condition.
We may have exposure to greater than anticipated income tax liabilities in the United States and in foreign jurisdictions, requiring us to exercise judgment in determining the applicability of certain tax laws, and this could subject us to potentially adverse tax consequences and adversely impact our results of operations.
We operate in a number of tax jurisdictions globally, including in the United States at the federal, state, and local levels, and in many other countries, and plan to continue to expand the scale of our operations in the future. As a result, we are subject to income tax in the United States and a number of other jurisdictions. In the ordinary course of our global business, we are also subject to various jurisdictional rules regarding the timing and allocation of revenue and expenses, resulting in intercompany transactions and calculations where the ultimate tax determination is uncertain. To the extent taxing authorities may disagree with our positions, it could result in additional taxes, interest, and penalties.
Significant judgment is required in determining our worldwide provision for income taxes. Our effective income tax rate may be impacted by changes in the mix of earnings in countries with differing statutory tax rates, changes in non-deductible expenses, changes in excess tax benefits from stock-based compensation, changes in the valuation of deferred tax assets and liabilities and our ability to utilize them, the applicability of withholding taxes, and the effects from acquisitions.
Changes in accounting principles, changes in global tax laws, regulations or rates, or changes in taxing jurisdictions’ administrative interpretations, decisions, policies, and positions could also impact our provision for income taxes. For example, the United States enacted the Inflation Reduction Act in August 2022, which, among other provisions, implements a 15% corporate alternative minimum tax on adjusted financial statement income, effective in taxable years beginning after December 31, 2022, and a 1% excise tax on share repurchases, effective for repurchases made after December 31, 2022, which could include transactions with respect to capped call transactions such as those we entered into in 2020 and 2021. Additionally, the Organization for Economic Cooperation and Development (OECD) published model rules within the OECD/G20 Inclusive Framework on Base Erosion and Profit Shifting (the Inclusive Framework) to address the challenges arising from the digitalization of the global economy. The Inclusive Framework includes provisions related to the taxation of the digital economy and the establishment of a 15% global minimum tax under Pillar Two. While several countries have adopted, or intend to adopt, parts of the Inclusive Framework, some other countries are considering similar changes to their existing tax laws. Any of the foregoing changes could have an adverse impact on our results of operations, cash flows, and financial condition.
From time to time, we may be subject to income tax audits. While we believe our tax estimates are reasonable and that we have complied with all applicable tax laws, there can be no assurance that a governing tax authority will not have a different interpretation of the law and assess us with additional taxes, including with respect to intercompany transfer pricing. We cannot ensure that the final determination of tax audits or tax disputes will not be different from
52

what is reflected in our historical income tax provisions and accruals and that the outcomes from these continuous examinations will not have an adverse effect on our results of operations.
Our results of operations may be harmed if we are required to collect sales and use, value-added, or similar taxes for our products in jurisdictions where we have not historically done so.
We are subject to indirect taxes, such as payroll, sales, use, value-added, goods and services, property, and digital services taxes, in both the United States and various foreign jurisdictions. Sales and use, value-added, goods and services, and similar tax laws and rates vary greatly by jurisdiction. Our customers can be located in one jurisdiction, utilize our network and products through our network equipment in a different jurisdiction, and pay us from an account located in a third jurisdiction. This divergence, along with the jurisdiction-by-jurisdiction variance in tax laws, causes significant uncertainty in the tax treatment of our business. There is further uncertainty as to what constitutes sufficient physical presence or nexus for a national, state, or local jurisdiction to levy taxes, fees, and surcharges for sales made over the Internet. There is also uncertainty as to whether our characterization of our network and products as not taxable in certain jurisdictions will be accepted by national, state, and local taxing authorities. In determining our tax filing obligations, management has made judgments regarding whether our activities in a jurisdiction rise to the level of taxability. These judgments may prove inaccurate, and one or more states or countries may seek to impose additional sales, use, or other tax collection obligations on us, including for past sales made by us.
We currently face, and in the future may continue to face, non-income tax audits. In the event of an adverse audit outcome, tax authorities could assert that we are obligated to collect additional taxes from our customers, which could exceed our estimated liabilities. A successful assertion by a state, country, or other jurisdiction that we should have been or should be collecting additional sales, use, or other taxes on our network and products could, among other things, result in substantial tax liabilities for past sales, create significant administrative burdens for us, discourage customers from purchasing our network and products, or otherwise harm our business, results of operations, and financial condition.
Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.
Under certain circumstances, our income tax obligations may be reduced as a result of our net operating loss carryforwards and other tax attributes. As of December 31, 2023, we had net operating loss carryforwards for U.S. federal and state income tax purposes of $1,385.1 million and $756.1 million, which will begin to expire in 2029 and 2030, respectively. We had net operating loss carryforwards for U.K. income tax purposes of $207.2 million that can be carried forward indefinitely. Also as of December 31, 2023, we had U.S. federal and state research and development tax credit carryforwards of $63.6 million and $29.8 million that will begin to expire in 2029 and 2039, respectively.
Utilization of our net operating loss carryforwards and other tax attributes, such as research and development tax credits, may be subject to annual limitations, or could be subject to other limitations on utilization or benefit due to the ownership change limitations provided by Sections 382 and 383 of the Internal Revenue Code of 1986, as amended (the Code), and other similar provisions. Under Sections 382 and 383 of the Code, if a corporation undergoes an “ownership change,” the corporation’s ability to use its pre-change net operating loss carryforwards and other pre-change attributes, such as research tax credits, to offset its post-change income may be limited. In general, an “ownership change” will occur if there is a cumulative change in our ownership by “5-percent shareholders” that exceeds 50 percentage points over a rolling three-year period. Similar rules may apply under state tax laws. We may have experienced various ownership changes in the past, and we may experience ownership changes in the future as a result of subsequent changes in our stock ownership, some of which may be outside our control.
Net operating loss carryforwards and other tax assets could expire before utilization and could be subject to limitations, which could harm our business, revenue, and financial results. It is also possible that federal, state, and non-U.S. tax authorities will enact additional legislation limiting our ability to use our carryforwards, some of which may adversely impact our business.
53

If we are deemed an investment company under the Investment Company Act of 1940, as amended (the 1940 Act), applicable restrictions could make it impractical for us to continue our business as contemplated and could have a material adverse effect on our business, results of operations, and financial condition.
Under the 1940 Act, a company generally will be deemed to be an “investment company” if (1) it is, or holds itself out as being, engaged primarily, or proposes to engage primarily, in the business of investing, reinvesting or trading in securities or (2) it engages, or proposes to engage, in the business of investing, reinvesting, owning, holding or trading in securities and it owns or proposes to acquire investment securities having a value exceeding 40% of the value of its total assets (exclusive of U.S. government securities and cash items) on an unconsolidated basis. We do not believe that we are an “investment company” under the 1940 Act.
We have historically qualified for an exemption from registration under the 1940 Act for “research and development companies” as defined in Rule 3a-8 promulgated under the 1940 Act. To provide clarity on our investment company status in the longer term, we applied for and, in April 2023, received an order from the SEC stating that we are primarily engaged in a business other than that of investing, reinvesting, owning, holding or trading in securities, and therefore not an investment company, subject to compliance with certain conditions. Notwithstanding the exemptive order, we believe that we have never been an investment company because, among other reasons, we are primarily engaged in the business of a global cloud services provider.
We intend to operate our business as described in the exemptive order; however, it is possible that our business will change in the future. If the SEC were to find that the circumstances that gave rise to the issuance of the exemptive order no longer exist, the SEC may revoke the exemptive order. If the exemptive order were revoked or we are unable otherwise to rely on the exemptive order or another applicable exemption, we may be required to institute burdensome requirements to comply with the 1940 Act, which may restrict our activities in a way that could adversely affect our business, results of operations, and financial condition.
Risks Related to International Operations
Our international operations expose us to significant risks, and failure to manage those risks could materially and adversely impact our business and results of operations.
Historically, we have derived a significant portion of our revenue from outside the United States. We derived 48%, 47%, and 48% of our revenue from our international customers for the years ended December 31, 2023, 2022, and 2021, respectively. We are continuing to adapt to and develop strategies to address international markets and our growth strategy includes expansion into geographies around the world, but there is no guarantee that such efforts will be successful. In addition, our global network includes co-location facilities located in more than 310 cities and over 120 countries worldwide as of December 31, 2023. We expect that our international sales and network activities will continue to grow in the future, as we continue to pursue opportunities in international markets and further grow our network around the world. These international operations will require significant management attention and financial resources and are subject to substantial risks, including:
geopolitical, economic, and social uncertainties, including the potential nationalization of key peering partners by foreign governments or political unrest that affects our ability to continue to work with particular peering partners, potential terrorist activities, military conflict or war, trade policies and sanctions, and the unknown impact of regional or global health crises, or epidemic or pandemic diseases, such as the COVID-19 pandemic;
changes in a specific country’s or region’s political or economic conditions;
unexpected costs for the localization of our products, including translation into foreign languages and adaptation for local practices, certifications, and legal and regulatory requirements;
greater difficulty in enforcing contracts and accounts receivable collection, and longer collection periods;
reduced or uncertain protection for intellectual property rights in some countries;
requirements to open local offices or otherwise maintain a local presence in some countries;
greater risk of unexpected changes in regulatory practices, tariffs, and tax laws and treaties, including with respect to our business in China;
54

increased risk to our local employees of government pressure, including potential threats of prosecution or imprisonment, in connection with enforcement of local legal and regulatory requirements;
greater risk of a failure of foreign employees and channel partners to comply with both U.S. and foreign laws, including antitrust regulations, anti-bribery laws, export and import control laws, and any applicable trade regulations ensuring fair trade practices;
heightened security risks associated with our co-location facilities and related equipment in high-risk countries and the software code and systems access shared with our service providers located in such countries, including in the Hong Kong region as a result of the National Security Law passed in June 2020;
greater security and oversight risks associated with third-party contractors that we use to install and maintain our hardware in co-location facilities in foreign countries and the limited background checks and screening that we can perform on such service providers;
laws and regulations related to privacy, data protection, security requirements, data localization, or content restriction that could pose risks to our intellectual property, increase the cost of doing business in a country, subject us to greater risks of claims and enforcement actions by regulators or others, subject us and our current and potential customers to burdensome requirements, increase the chance that current and potential customers may be unable to use our products or may be required to lessen or alter how they use our products, or create other disadvantages to our business or negative impacts on our results of operations;
increased expenses incurred in establishing and maintaining office space and equipment for our international operations;
greater difficulty in identifying, attracting, and retaining local qualified personnel and the costs and expenses associated with such activities;
differing employment practices and labor relations issues, which may make expansion or contraction of our workforce, or changes in the terms of employment, in such countries more costly and time-consuming and subject us to a greater risk of disputes or litigation;
increased regulatory requirements and litigation risk related to the presence of our physical infrastructure in countries around the world;
difficulties in managing and staffing international offices and increased travel, infrastructure, and legal compliance costs associated with operating multiple international locations; and
fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business, particularly the United Kingdom, the European Union, and Singapore where we have large offices or a large number of employees and pay employees in local currency.
The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks could limit the future growth of our business. In particular, we are exposed to risks in China, which amounts to a significant part of both our short-term and long-term revenue growth plans. Our Chinese operations are substantially dependent on our relationship with JD Cloud and due to economic and political challenges in servicing the Chinese market, the loss of this arrangement could have a significant adverse effect on our business and results of operations.
Geopolitical events, including the ongoing conflicts between Hamas and Israel and between Russia and Ukraine or other areas of geopolitical tension around the world, or any worsening or expanding of those conflicts or geopolitical tensions, may increase the likelihood of certain of these risks materializing or heighten their impact on us in affected regions. In addition, heightened use of trade restrictions and sanctions, including tariffs or prohibitions on technology transfers to achieve diplomatic ends could impact our ability to conduct our business as planned.
As discussed in greater detail above in our risk factor titled “Our actual or perceived failure to comply with privacy, data protection, information security, and other applicable laws, regulations, and obligations could harm our business,” recent changes in privacy and data protection laws in a number of countries and supranational organizations have created uncertainty around the requirements related to transfers of personal data between jurisdictions, including transfers to the United States. As a result of this uncertainty, our current and potential customers in certain regions may be concerned about whether they are able to transfer personal data to the United States in connection with the usage of our global network and products. If these concerns result in our current and
55

potential customers in those regions reducing their usage of our products, then our results of operations could be adversely impacted. Further, we anticipate needing to identify different transfer mechanisms and/or change our use of certain standard contractual clauses in order to lawfully transfer certain personal data from those regions to the United States. This could result in substantial costs, require changes to our policies and business practices, require us to engage in additional contractual obligations, limit our ability to provide certain products in certain jurisdictions, or materially adversely affect our business and operating results.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our results of operations.
Substantially all of our sales contracts are denominated in U.S. dollars and, therefore, substantially all of our revenue is not subject to foreign currency risk. However, a strengthening of the U.S. dollar has increased and may continue to increase the real cost of our products to our customers outside of the United States, which could reduce demand for our products or cause us to discount our products, which could adversely affect our financial condition and results of operations.
As our international operations expand, an increasing portion of our operating expenses is incurred outside the United States and is denominated in foreign currencies, such as the British Pound, Euro, and Singapore Dollar. In addition, in the future we may begin to generally allow customers in some countries outside the United States to pay us for our products in the currencies of those countries. Accordingly, our revenue and operating expenses may be increasingly subject to fluctuations due to changes in foreign currency exchange rates. As we continue to expand our international operations, we may become more exposed to foreign currency risk or remeasurement risk. If we become more exposed to currency fluctuations and are not able to successfully hedge against the risks associated with currency fluctuations, our results of operations could be materially and adversely affected.
Our business could be adversely impacted by the decision of foreign governments, Internet service providers, or others, to block transmission from Cloudflare IP addresses or domains in order to enforce certain Internet content blocking efforts.
Some of our security products involve making origin IP addresses and other operational assets of our customers more difficult for cyber attackers to target. The evolving design of our network and products may create challenges for various organizations, including governments, that seek to block certain content based on IP address “block lists” or other mechanisms. This problem is exacerbated by the fact that a single Cloudflare IP address may be used for a number of Internet properties, and the Cloudflare IP used for any one Internet property may change over time. This means that efforts by ISPs to block a single domain name may end up blocking a number of other domains or content. If these challenges become too difficult for those organizations to overcome, they could make the decision to block content in an overbroad manner or block completely websites and other Internet properties that are using our network and/or transmitted using known Cloudflare IP addresses. Some of these blocking efforts would be out of our control once they have been put in place and may limit our ability to provide our products on a fully global basis, which could reduce demand for our products among current or potential customers that are focused on the impacted regions or could otherwise adversely impact our business, results of operations, and financial condition.
Our network presence within China is dependent upon our commercial relationship with JD Cloud, and any detrimental changes in, or the termination of, that relationship could jeopardize our ability to offer an integrated global network that includes China.
We believe our offering of an integrated global network that includes facilities in China is important to our existing and potential future customers. Our ability to continue to offer an integrated network presence that includes China currently is dependent on our commercial relationship with JD Cloud. Regulation of Internet infrastructure and traffic by the Chinese government creates challenges to the peering of Chinese and non-Chinese networks. We have a strategic agreement with JD Cloud to provide solutions that accommodate the requirements imposed by Chinese regulations through JD Cloud's development and operation of facilities in China that are included as part of our network. Our original agreement with JD Cloud was announced in 2020 and was set to expire in April 2023. A new agreement, extending the relationship, was executed in April 2023 and is set to expire in March 2026. The new agreement contains economic terms that are less favorable to us than the terms of the original agreement. Consistent with the original agreement, our new agreement with JD Cloud is subject to earlier termination by either party under certain circumstances such as the other party’s material breach and can be terminated by JD Cloud
56

under certain circumstances if necessary Chinese governmental approvals are revoked or become limited or impaired or if public law or regulatory action by the Chinese or U.S. government expressly prohibits or materially restricts the collaboration contemplated by the agreement. The risk of such an early termination event may have increased during the current environment of economic trade negotiations and tensions between the Chinese and U.S. governments.
Our customers that use our network presence in China through our JD Cloud commercial relationship are subject to Chinese laws and regulations of Internet infrastructure, traffic, and content. Under our agreement with JD Cloud, in some circumstances, these customers’ use of our Chinese network presence can be terminated if they violate these laws and regulations. The removal of our customers from our Chinese network presence could result in these customers deciding to terminate their overall relationship with us. In addition, any adverse publicity associated with the removal of some or all of our customers from our Chinese network presence as a result of the application of Chinese laws and regulations could cause us to experience adverse reputational and business consequences.
If our commercial relationship with JD Cloud is terminated, identifying an alternative solution in China could be difficult, time-consuming, and expensive. Even if an alternative solution is identified, we cannot be certain that the economic terms or performance of any such alternative arrangement will be comparable to our existing relationship with JD Cloud, which could materially negatively impact our financial results and customer satisfaction with such alternative arrangement. A lack of network presence in China would represent a significant loss of utility to many of our customers and could materially harm our business, financial condition, or results of operations.
We are subject to governmental trade sanctions laws, and export and import controls, that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.
Our business activities are subject to various economic and trade sanctions regulations administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and U.S. export control and similar foreign laws and regulations, including the U.S. Department of Commerce’s Export Administration Regulations (EAR). We incorporate encryption technology into certain of our products, and the encryption products and the underlying technology may be exported outside the United States only with the required export authorizations, including by license, a license exception, or other appropriate government authorizations, including the filing of classification requests or self-classification reports. Further, the U.S. economic sanctions laws and export control laws include restrictions or prohibitions on the sale or supply of most products and services to U.S. embargoed or sanctioned countries, governments, persons, and entities. Even though we take precautions and have implemented policies and practices to assist in compliance, there is a risk that we may not be in full compliance with these laws.
In 2019, we learned that we may have failed to comply with certain U.S. export-related filing and reporting requirements and may have submitted incorrect information to the U.S. government in connection with certain hardware exports. Upon learning of these potential violations and associated export control requirements, we promptly initiated a voluntary internal review and are taking remedial measures to prevent similar export control anomalies from occurring in the future. In May 2019, we submitted an initial voluntary self-disclosure to the Bureau of Industry and Security regarding potential violations of EAR and a voluntary self-disclosure to the Census Bureau regarding potential violations of the Foreign Trade Regulations. In July 2019, we filed the full and complete voluntary self-disclosures. The voluntary self-disclosure to the Census Bureau was completed with no penalties in November 2019. The voluntary self-disclosure to the Bureau of Industry and Security was completed with no penalties in June 2020.
In May 2019, we submitted an initial voluntary self-disclosure to OFAC related to our non-compliance with certain economic and trade sanctions programs, and we filed the full and complete voluntary self-disclosure to OFAC in July 2019. Specifically, we identified that our products were used by, or for the benefit of, certain individuals and entities included in OFAC’s Specially Designated Nationals and Blocked Persons List, including entities identified in OFAC’s counter-terrorism and counter-narcotics trafficking sanctions programs and individuals or entities affiliated with governments currently subject to comprehensive U.S. sanctions or located in regions subject to comprehensive sanctions. A small number of these parties made payments to us in connection with their use of our products. The voluntary self-disclosure, which we may supplement as appropriate, remains under an ongoing review by OFAC.
57

Although we have implemented, and are working to implement additional controls and screening tools designed to prevent similar activity from occurring in the future, there is no guarantee that we will not inadvertently provide our products to additional individuals, entities, or governments prohibited by U.S. sanctions in the future.
Additionally, we currently provide products to certain OFAC-sanctioned regions based upon general licenses issued by OFAC to engage in such activity. We continue to review the OFAC sanctions and our practices to verify compliance.
These efforts related to export controls and OFAC sanctions could result in negative consequences for us, including costs related to government investigations, financial penalties and harm to our reputation. The impact on us related to these matters could be substantial.
In addition, various countries regulate the import of certain technologies and have enacted or could enact laws that could limit our ability to provide our products and operate our network or could limit our customers’ ability to access or use our network and products in those countries.
If we are found to have violated the U.S. or foreign laws and regulations, we and certain of our employees could be subject to civil or criminal penalties, including the possible loss of export privileges and fines. We may be materially and adversely affected through penalties, reputational harm, loss of access to certain markets, loss of customers, or otherwise. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed, and may result in the delay or loss of sales opportunities. In addition, changes in our network, products, or screening process, or changes in export, sanctions, and import laws, could delay the introduction and sale of subscriptions to our products in international markets, prevent customers in certain countries from accessing our network and products or, in some cases, prevent the provision of our network and products to certain countries, governments, persons, or entities altogether. Any decrease in our ability to sell our products could materially and adversely affect our business, results of operations, and financial condition.
Risks Related to Intellectual Property
We are currently, and may be in the future, party to intellectual property rights claims and other litigation matters that, if resolved adversely, could have a material impact on our business, results of operations, or financial condition.
We own a large number of patents, copyrights, trademarks, domain names, and trade secrets and, from time to time, are subject to litigation based on allegations of infringement, misappropriation, or other violations of intellectual property or other rights. As we face increasing competition and gain an increasingly high profile, the possibility of intellectual property rights claims, commercial claims, and other assertions against us grows. In addition, a number of companies in our industry hold a large number of patents and also protect their copyright, trade secret, trademark, and other intellectual property rights, and companies in the networking and security industry frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. We have in the past been, are currently, and may from time to time in the future become, a party to litigation and disputes related to intellectual property, our business practices, and our products. For example, we are a defendant in lawsuits, both in the United States and abroad, seeking injunctive relief and/or damages against us based on claims of alleged patent infringement and claims of alleged copyright infringement through content on our customers’ websites. We may also be subject to governmental and other regulatory investigations from time to time. The costs of supporting litigation and dispute resolution proceedings are considerable, and there can be no assurances that a favorable outcome will be obtained. Disputes, whether or not favorably resolved, also may generate negative publicity and damage our reputation. We may need to settle litigation and disputes on terms that are unfavorable to us, or we may be subject to an unfavorable judgment that may not be reversible upon appeal. The terms of any settlement or judgment may require us to cease some or all of our operations or pay substantial amounts to the other party. With respect to any intellectual property rights claim, we may have to seek a license to continue practices found to be in violation of third-party rights, which may not be available on reasonable terms and may significantly increase our operating expenses. A license to continue such practices may not be available to us at all, and we may be required to develop alternative non-infringing technology or practices or discontinue the practices. The development of alternative, non-infringing technology or practices could require significant effort and expense. Our business, results of operations, and financial condition could be materially and adversely affected as a result.
58

Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.
Our agreements with certain of our customers or other third parties may include indemnification or other provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of intellectual property infringement, damages caused by us to property or persons, or other liabilities relating to or arising from the use of our network and products or other acts or omissions. The term of these contractual provisions often survives termination or expiration of the applicable agreement. We have in the past been sued on the basis of alleged violation of intellectual property rights in the form of patents and trade secrets. Although we were successful in defending the claims to date, as we continue to grow, the possibility of these and other intellectual property rights claims against us may increase. For any intellectual property rights indemnification claim against us or our customers, we may incur significant legal expenses and have to pay damages, pay license fees and/or stop using technology found to be in violation of the third party’s rights. Large indemnity payments could harm our business, results of operations, and financial condition. We may also have to seek a license for the disputed technology, but such a license may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deliver certain products. As a result, we may also be required to develop alternative non-infringing technology, which could require significant effort and expense and/or cause us to alter our network or products, which could negatively affect our business.
From time to time, customers require us to indemnify or otherwise be liable to them for breach of confidentiality, violation of applicable law, or failure to implement adequate security measures with respect to their data stored, transmitted, or accessed using our network and products. Our standard Enterprise plan agreements provide limited indemnification to our customers based on third-party claims related to our violation of intellectual property rights, and some of our Enterprise plan agreements offer indemnification for claims beyond that scope. The existence of such a dispute may have adverse effects on our customer relationship and reputation and we may still incur substantial liability related to them.
Any assertions by a third party, whether or not successful, with respect to such indemnification obligations could subject us to costly and time-consuming litigation, expensive remediation and licenses, divert management attention and financial resources, harm our relationship with that customer and other current and prospective customers, reduce demand for our products, and harm our brand, business, results of operations, and financial condition.
Our failure to protect our intellectual property rights and proprietary information could diminish our brand and other intangible assets.
We rely and expect to continue to rely on a combination of patent, patent licenses, trade secret, domain name protection, trademarks, copyrights, and confidentiality and license agreements with our employees, consultants, and third parties in order to protect our intellectual property rights and proprietary information. As of December 31, 2023, we had 290 issued patents and 67 pending patent applications in the United States and abroad. However, third parties may knowingly or unknowingly infringe our intellectual property rights. Third parties may challenge our intellectual property rights, pending and future patent, trademark, and copyright applications may not be approved, and we may not be able to prevent infringement, misappropriation, or violations of our intellectual property rights without incurring substantial expense. We have also devoted substantial resources to the development of our proprietary technologies and related processes, and we provide access to these technologies and processes to certain of our vendors and partners, including JD Cloud with respect to the facilities included within our network in China. We must protect this proprietary information in order to realize commercial benefit from our investment.
In order to protect our proprietary technologies and processes, we rely in part on trade secret laws and confidentiality agreements with our employees, contractors, consultants, and third parties. These agreements may not effectively prevent disclosure of confidential information and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. Further, errors made by our employees or contractors in utilizing artificial intelligence or machine learning in our products or in the operation of our business could result in proprietary or other confidential information being exposed externally. In addition, others may independently discover our trade secrets or develop similar technologies and processes, in which case we would not be able to assert trade secret rights against them. Laws in certain jurisdictions may afford little or no trade secret protection, and any changes in, or unexpected interpretations of, the intellectual property laws in any country in which we operate may compromise our ability to enforce our intellectual property rights. We may not be effective in policing
59

unauthorized use of our intellectual property rights, and even if we do detect violations, costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and any such litigation could be unsuccessful, lead to the invalidation of our proprietary rights, or lead to counterclaims by other parties against us. If the protection of our proprietary rights is inadequate to prevent use or appropriation by third parties, the value of our network and products, brand, and other intangible assets may be diminished and competitors may be able to more effectively replicate our network and products and their features. Any of these events could materially and adversely affect our business, results of operations, and financial condition.
We depend and rely upon software and technologies licensed from third parties to operate our business, and interruptions or the unavailability of these technologies may adversely affect our products, network, business, and results of operations.
We rely on software, services, and other technology from third parties that we incorporate into, or integrate with, our network and products. We also rely on software, services, and other technology from third parties in order to operate critical functions of our business, including enterprise resource planning and customer relationship management services. If the software, services, or other technology we rely on become unavailable due to extended outages, the third-party provider disabling our access, expiration or termination of licenses, or because they are otherwise no longer available on commercially reasonable terms, our expenses could increase, and our ability to operate our network, provide our products, and our results of operations could be impaired until equivalent software, technology, or services are obtained or replacements are developed, all of which could adversely affect our business.
If we are unable to license necessary technology from third parties now or in the future, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and we may be required to use alternative technology of lower quality or performance. This could limit and delay our ability to offer new or competitive products and increase our costs of production. As a result, our business and results of operations could be significantly harmed.
We cannot be certain that those from whom we license software and other technology are not infringing the intellectual property rights of third parties or have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our products. Accordingly, our use of this intellectual property may expose us to third-party claims of infringement. In addition, many licenses are non-exclusive and may not prevent our competitors from licensing the same technology on equivalent or more favorable terms.
Some of our technology incorporates “open source” software, we license some of our software through open source projects and we voluntarily make available some of our software on an open source basis, which could negatively affect our ability to sell our products, subject us to possible litigation, and be used by other companies to compete against us.
Our network and products incorporate software licensed under open source licenses, including open source software included in software we receive from third-party commercial software vendors. Use of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide support, updates, or warranties, or other contractual protections regarding infringement claims or the quality of the software. In addition, the wide availability of source code incorporated in our products could allow hostile parties to more easily identify security vulnerabilities in our network and products. The terms of some open source licenses may provide that under certain conditions we could be required to release the source code of our proprietary software, and to make our proprietary software available under open source licenses, including authorizing further modification and redistribution. In the event that certain portions of our proprietary software are determined to be subject to such requirements by an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all or a portion of our network or applicable products, or otherwise be limited in the licensing of our products, each of which provide an advantage to our competitors or other entrants to the market, create security vulnerabilities in our products, and could reduce or eliminate the value of our products. Because the terms of open source licenses are novel and have not been widely interpreted by courts, we could be subject to lawsuits by parties claiming ownership of what we believe to be open source software or by third parties seeking to enforce the terms of open source licenses against us in a manner we do not anticipate. In addition, we voluntarily make available certain portions of our software on an open source basis to the public and such software could then be used by other companies to compete against us.
60

Any unanticipated disclosure of, or litigation regarding, our source code and any open source software incorporated into our source code could result in adverse judgments and liabilities, require us to reengineer all or a portion of our network and products, limit the marketing of our products, provide an advantage to our competitors or other entrants to the market, create new security vulnerabilities or highlight existing security vulnerabilities in our network and products, and reduce or eliminate the value of our network and products. We cannot assure you that our processes for controlling our use of open source software in our network and products will be effective.
Risks Related to Ownership of Our Class A Common Stock
The trading price of our Class A common stock may be volatile, and you could lose all or part of your investment.
The trading price of our Class A common stock may be volatile and could be subject to fluctuations in response to various factors, some of which are beyond our control. These fluctuations could cause you to lose all or part of your investment in our Class A common stock. Factors that could cause fluctuations in the trading price of our Class A common stock include:
price and volume fluctuations in the overall stock market from time to time;
volatility in the trading prices and trading volumes of technology stocks or high growth companies;
changes in operating performance and stock market valuations of other technology or high growth companies generally, or those in our industry in particular;
sales of shares of our Class A common stock and Class B common stock by us or our stockholders;
issuance of shares of our Class A common stock and Class B common stock, whether in connection with an acquisition, upon conversion of some or all of our outstanding 2026 Notes, or in connection with employee equity awards;
failure of securities analysts to maintain coverage of us, changes in financial estimates or share price targets by securities analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
the financial guidance we may provide to the public, any changes in such guidance, or our failure to meet such guidance;
announcements by us or our competitors of new products, features, or services or any delays in our general release of products we previously announced as being in development or beta testing;
the public’s reaction to our press releases, other public announcements, and filings with the SEC;
rumors and market speculation involving us or other companies in our industry;
actual or anticipated changes in our results of operations or fluctuations in our results of operations;
actual or anticipated developments in our business, our competitors’ businesses or the competitive landscape generally;
investments we may make in equity that is, or may become, publicly held, and volatility we may experience due to changes in the market prices of such equity investments;
litigation involving us, our industry, or both, or investigations by regulators into our operations or those of our competitors;
developments or disputes concerning our intellectual property or other proprietary rights;
actual or perceived network or data security breaches or other network or data security incidents, including any network or product outages or failures;
announced or completed acquisitions of businesses, products, services, or technologies by us or our competitors;
failures or alleged failures to comply with laws or regulations applicable to our business;
new laws or regulations or new amendments to, or interpretations of, existing laws or regulations applicable to our business;
61

changes in accounting standards, policies, guidelines, interpretations, or principles;
any departure of one of our co-founders from our company or any other significant change in our management; and
general economic conditions and slow or negative growth of our markets, including inflation and related changes in monetary policy, rising interest rates, volatile energy prices, and other impacts of the Hamas-Israel and Russia-Ukraine conflicts, or other areas of geopolitical tension around the world, or any worsening or expanding of those conflicts or geopolitical tensions.
In addition, in the past, following periods of volatility in the overall market and the market price of a particular company’s securities, securities class action litigation has often been instituted against these companies. This litigation, if instituted against us, could result in substantial costs and a diversion of our management’s attention and resources.
The dual class structure of our common stock has the effect of concentrating voting control with those stockholders who held our capital stock prior to the completion of our initial public offering, and it may depress the trading price of our Class A common stock.
Our Class B common stock has 10 votes per share and our Class A common stock has one vote per share. As of December 31, 2023, our directors, executive officers, and holders of more than 5% of our common stock, and their respective affiliates, held in the aggregate 75.4% of the voting power of our capital stock, with our co-founders together holding approximately 54.8% of the voting power of our capital stock. Because of the ten-to-one voting ratio between our Class B and Class A common stock, the holders of our Class B common stock collectively continue to control a majority of the combined voting power of our common stock and therefore are able to control all matters submitted to our stockholders for approval. This concentrated control will limit or preclude the ability of holders of Class A common stock to influence corporate matters for the foreseeable future, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval. In addition, this may prevent or discourage unsolicited acquisition proposals or offers for our capital stock that you may feel are in your best interest as one of our stockholders.
Future transfers by holders of shares of Class B common stock and the cessation of employment by holders of our Class B common stock generally result in those shares converting to Class A common stock, subject to limited exceptions, such as certain transfers effected for estate planning purposes and transfers between related entities. The conversion of Class B common stock to Class A common stock will have the effect, over time, of increasing the relative voting power of those individual holders of Class B common stock who retain their shares in the long-term.
In July 2017, FTSE Russell announced that it would cease to include most newly public companies utilizing dual or multi-class capital structures in its indices, including the Russell 1000, Russell 2000, and Russell 3000. Under the announced policies, our multi-class capital structure in some cases may make us ineligible for inclusion in some or all of these indices, and as a result, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track these indices may not invest in our stock if we are not included. It is unclear what effect, if any, these policies have on the valuations of publicly traded companies excluded from the indices, but it is possible that they may depress these valuations compared to those of other similar companies that are included. Previously, Standard & Poor’s also excluded companies utilizing dual or multi-class capital structures from its indices, including the S&P 500, the S&P MidCap 400, and the S&P SmallCap 600, which S&P indices together make up the S&P Composite 1500. However, in April 2023, it reversed this policy and announced that companies with dual or multi-class capital structures will again be eligible for inclusion on its indices. We cannot be sure that such policy, or the policies of other indices, will not change further and make us ineligible for inclusion on the S&P Composite 1500, or other indices, in the future.
Substantial future sales could depress the market price of our Class A common stock.
The market price of our Class A common stock could decline as a result of sales of a large number of shares of such stock, and the perception that these sales could occur may also depress the market price of our Class A common stock.
62

Under our investors’ rights agreement, certain stockholders can require us to register shares owned by them for public sale in the United States. In addition, we file registration statements to register shares reserved for future issuance under our equity compensation plans. As a result, subject to the satisfaction of applicable exercise periods, the shares issued upon exercise of outstanding stock options or upon settlement of outstanding RSU awards are available for immediate resale in the United States in the open market.
Sales of our shares may make it more difficult for us to sell equity securities in the future at a time and at a price that we deem appropriate. These sales also could cause the trading price of our Class A common stock to fall and make it more difficult for you to sell shares of our Class A common stock.
We have broad discretion over the use of the net proceeds from our financing activities, and we may not use them effectively.
We cannot specify with any certainty the particular uses of the net proceeds that we received from our prior financing activities, including from the issuances of the Notes in 2020 and 2021, and our management has broad discretion in the application of the net proceeds. The failure by our management to apply these proceeds effectively could adversely affect our business, results of operations, and financial condition. Pending their use, we may invest our proceeds in a manner that does not produce income or that loses value. Our investments may not yield a favorable return to our investors and may negatively impact the price of our Class A common stock.
Delaware law and provisions in our amended and restated certificate of incorporation and amended and restated bylaws could make a merger, tender offer, or proxy contest difficult, thereby depressing the market price of our Class A common stock.
Our status as a Delaware corporation and the anti-takeover provisions of the Delaware General Corporation Law may discourage, delay, or prevent a change in control by prohibiting us from engaging in a business combination with an interested stockholder for a period of three years after the person becomes an interested stockholder, even if a change of control would be beneficial to our existing stockholders. In addition, our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that may make the acquisition of our company more difficult, including the following:
our dual-class common stock structure, which provides Mr. Prince and Ms. Zatlyn with the ability to significantly influence the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the shares of our outstanding Class A common stock and Class B common stock;
our Board of Directors is classified into three classes of directors with staggered three-year terms and directors are only able to be removed from office for cause;
vacancies on our Board of Directors will be able to be filled only by our Board of Directors and not by stockholders;
only the Chair of our Board of Directors, our Chief Executive Officer, or a majority of our entire Board of Directors are authorized to call a special meeting of stockholders;
certain litigation against us can only be brought in Delaware;
our amended and restated certificate of incorporation authorizes undesignated preferred stock, the terms of which may be established and shares of which may be issued, without the approval of the holders of Class A common stock;
advance notice procedures apply for stockholders to nominate candidates for election as directors or to bring matters before an annual meeting of stockholders;
our stockholders will only be able to take action at a meeting of stockholders and not by written consent; and
any amendment of the above anti-takeover provisions in our amended and restated certificate of incorporation or amended and restated bylaws will require the approval of two-thirds of the combined vote of our then-outstanding shares of Class A common stock and Class B common stock.
These anti-takeover defenses could discourage, delay, or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect
63

directors of their choosing and to cause us to take other corporate actions they desire, any of which, under certain circumstances, could limit the opportunity for our stockholders to receive a premium for their shares of our capital stock, and could also affect the price that some investors are willing to pay for our Class A common stock.
Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware and the federal district courts of the United States will be the exclusive forums for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to choose the judicial forum for disputes with us or our directors, officers or employees.
Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware is the sole and exclusive forum for the following types of actions or proceedings under Delaware statutory or common law: (i) any derivative action or proceeding brought on our behalf; (ii) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, stockholders, officers, or other employees to us or our stockholders; (iii) any action arising pursuant to any provision of the Delaware General Corporation Law, our amended and restated certificate of incorporation or our amended and restated bylaws; or (iv) any other action asserting a claim that is governed by the internal affairs doctrine shall be the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, the federal district court for the District of Delaware), in all cases subject to the court having jurisdiction over indispensable parties named as defendants. Our amended and restated bylaws further provide that the U.S. federal district courts will be the sole and exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act, against any person in connection with any offering of our securities, including any auditor, underwriter, expert, control person, or other defendant.
Any person or entity purchasing, holding, or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to this provision. These exclusive-forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum of its choosing for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers, and other employees. If a court were to find the exclusive-forum provision in our amended and restated bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving the dispute in other jurisdictions, which could harm our results of operations.
Our Class A common stock market price and trading volume could decline if equity or industry analysts do not publish research or publish inaccurate or unfavorable research about our business.
The trading market for our Class A common stock depends in part on the research and reports that equity or industry analysts publish about us or our business. The analysts’ estimates are based upon their own opinions and are often different from our estimates or expectations. If one or more of the analysts who cover us downgrade our Class A common stock or publish inaccurate or unfavorable research about our business, the price of our securities would likely decline. If few securities analysts commence coverage of us, or if one or more of these analysts cease coverage of us or fail to publish reports on us regularly, demand for our securities could decrease, which might cause the price and trading volume of our Class A common stock to decline.
An active trading market for our Class A common stock may not be sustained.
Our Class A common stock is listed on the NYSE under the symbol “NET.” However, we cannot assure you of the likelihood that an active trading market for our Class A common stock will be maintained, the liquidity of any trading market, your ability to sell your shares of our Class A common stock when desired, or the prices that you may obtain for your shares.
We do not intend to pay dividends for the foreseeable future.
We have never declared nor paid cash dividends on our capital stock. We currently intend to retain any future earnings to finance the operation and expansion of our business, and we do not expect to declare or pay any dividends in the foreseeable future. As a result, stockholders must rely on sales of their Class A common stock after price appreciation as the only way to realize any future gains on their investment.
64

Risks Related to our Outstanding Convertible Senior Notes
Repaying and servicing our existing and future debt, including our 2026 Notes, may require a significant amount of cash, and we may not have sufficient cash flow from our business to pay our indebtedness.
In August 2021, we issued $1,293.8 million in aggregate principal amount of the 2026 Notes. As of December 31, 2023, the remaining aggregate principal amount was $1,293.8 million of the 2026 Notes. Our ability to make scheduled payments of the principal of, or to refinance our indebtedness, including the 2026 Notes, depends on our future performance, which is subject to economic, financial, competitive, and other factors beyond our control. Our business may not generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt, or obtaining additional debt financing or equity capital on terms that may be onerous or highly dilutive. Our ability to refinance any future indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations. In addition, any of our future debt agreements may contain restrictive covenants that may prohibit us from adopting any of these alternatives. Our failure to comply with these covenants could result in an event of default which, if not cured or waived, could result in the acceleration of our debt.
In addition, our indebtedness, combined with our other financial obligations and contractual commitments, could have other important consequences. For example, it could:
make us more vulnerable to adverse changes in general U.S. and worldwide economic, industry, and competitive conditions and adverse changes in government regulation;
limit our flexibility in planning for, or reacting to, changes in our business and our industry;
place us at a disadvantage compared to our competitors who have less debt;
limit our ability to borrow additional amounts to fund acquisitions, for working capital, and for other general corporate purposes; and
make an acquisition of our company less attractive or more difficult.
Any of these factors could harm our business, results of operations, and financial condition. In addition, if we incur additional indebtedness, the risks related to our business and our ability to service or repay our indebtedness would increase.
We may not have the ability to raise the funds necessary for cash settlement upon conversion of the 2026 Notes or to repurchase the 2026 Notes for cash upon a fundamental change, and our future debt may contain limitations on our ability to pay cash upon conversion of the 2026 Notes or to repurchase the 2026 Notes.
Holders of the 2026 Notes have the right to require us to repurchase their 2026 Notes upon the occurrence of a fundamental change (which is defined in the 2026 Indenture) at a repurchase price equal to 100% of the principal amount of such 2026 Notes to be repurchased, plus accrued and unpaid interest, if any, to, but excluding, the fundamental change repurchase date for such series of 2026 Notes. In addition, upon conversion of the 2026 Notes, unless we elect to deliver solely shares of our Class A common stock to settle such conversion (other than paying cash in lieu of delivering any fractional share), we will be required to make cash payments in respect of the 2026 Notes being converted. However, we may not have enough available cash or be able to obtain financing at the time we are required to make repurchases of the 2026 Notes surrendered or 2026 Notes being converted. In addition, our ability to repurchase the 2026 Notes or to pay cash upon conversions of the 2026 Notes may be limited by law, by regulatory authority or by agreements governing our future indebtedness. Our failure to repurchase the 2026 Notes at a time when the repurchase is required by the 2026 Indenture or to pay any cash payable on future conversions of the 2026 Notes as required by the 2026 Indenture would constitute a default. A default under the 2026 Indenture or the occurrence of a fundamental change under the 2026 Notes could also lead to a default under agreements governing our future indebtedness. If the repayment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the 2026 Notes or make cash payments upon conversions thereof in accordance with
65

the terms of the 2026 Indenture. Any failure by us to repay the indebtedness and repurchase the 2026 Notes or make cash payments upon conversions thereof, in each case, when required to do so pursuant to the terms of the 2026 Indenture could harm our business, results of operations, and financial condition.
The conditional conversion feature of the 2026 Notes, when triggered, may adversely affect our financial condition and operating results.
If the conditional conversion feature of the 2026 Notes is triggered, holders of the 2026 Notes are entitled to convert their 2026 Notes at any time during specified periods at their option. If one or more holders elect to convert their 2026 Notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our Class A common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely affect our liquidity. In addition, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the 2026 Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital.
Transactions relating to the Notes may affect the value of our Class A common stock.
The conversion of some or all of the 2026 Notes would dilute the ownership interests of our existing stockholders to the extent we satisfy our conversion obligation by delivering shares of our Class A common stock upon any conversion of the 2026 Notes. The 2026 Notes may become convertible at the option of their holders under certain circumstances set forth in the 2026 Indenture. If holders of the 2026 Notes elect to convert their 2026 Notes, we may settle our conversion obligation by delivering to them a significant number of shares of our Class A common stock, which would cause dilution to our existing stockholders. In addition, from time to time, we may enter into certain exchange transactions with respect to the 2026 Notes which may also cause dilution to our existing stockholders. For example, in August 2021, we entered into privately-negotiated exchange agreements with certain holders of the 2025 Notes for the exchange of approximately $400.7 million in cash and approximately 7.6 million shares of our Class A common stock for $400.0 million in aggregate principal amount of the 2025 Notes. In addition, during the year ended December 31, 2023, we settled conversions of approximately $35.4 million aggregate principal amount of the 2025 Notes for approximately 0.5 million shares of our Class A common stock. These conversions were exercised by the holders of the 2025 Notes in connection with our issuance of a redemption notice.
In connection with the pricing of each series of Notes, we entered into privately negotiated capped call transactions with the applicable option counterparties. The capped call transactions are expected generally to reduce the potential dilution upon conversion of the applicable series of Notes and/or offset any cash payments we are required to make in excess of the principal amount of such converted Notes, as the case may be, with such reduction and/or offset subject to a cap.
In connection with establishing their initial hedges of the capped call transactions, the applicable option counterparties or their respective affiliates entered into various derivative transactions with respect to our Class A common stock and/or purchased shares of our Class A common stock concurrently with or shortly after the pricing of the applicable series of Notes. From time to time, the option counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our Class A common stock and/or purchasing or selling our Class A common stock or other securities of ours in secondary market transactions prior to the maturity of the applicable series of Notes (and are likely to do so following any conversion, repurchase, or redemption of such Notes, to the extent we exercise the relevant election under the applicable capped call transactions). This activity could also cause a decrease and/or increased volatility in the market price of our Class A common stock.
We are subject to counterparty risk with respect to the capped call transactions.
The option counterparties are financial institutions, and we will be subject to the risk that any or all of them might default under the capped call transactions. Our exposure to the credit risk of the option counterparties will not be secured by any collateral. Past macroeconomic conditions have resulted in the actual or perceived failure or financial difficulties of many financial institutions, including the failures of Silicon Valley Bank and Signature Bank, and the UBS takeover of Credit Suisse. If an option counterparty becomes subject to insolvency proceedings, we
66

will become an unsecured creditor in those proceedings with a claim equal to our exposure at that time under the capped call transactions with such option counterparty. Our exposure will depend on many factors but, generally, an increase in our exposure will be correlated to an increase in the market price and in the volatility of our Class A common stock. In addition, upon a default by an option counterparty, we may suffer adverse tax consequences and more dilution than we currently anticipate with respect to our Class A common stock. We can provide no assurance as to the financial stability or viability of the option counterparties.
General Risk Factors
If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
We are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the Exchange Act), the Sarbanes-Oxley Act of 2002 (the Sarbanes-Oxley Act), and the rules and regulations of the applicable listing standards of the New York Stock Exchange (the NYSE). We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we file with the SEC (including, without limitation, the new SEC requirement to file current reports regarding material cybersecurity incidents) is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. We are also continuing to improve our internal control over financial reporting. In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs, and significant management oversight. In addition, our independent registered public accounting firm is required to audit the effectiveness of our internal control over financial reporting pursuant to Section 404(b) of the Sarbanes-Oxley Act annually. Testing, or the subsequent testing by our independent registered public accounting firm, may reveal material weaknesses or significant deficiencies. If material weaknesses are identified or we are not able to comply with the requirements of Section 404 in a timely manner, our reported financial results could be materially misstated, we could receive an adverse opinion regarding our internal control over financial reporting from our independent registered public accounting firm, we could be subject to investigations or sanctions by regulatory authorities, and we could incur substantial expenses.
Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, weaknesses in our disclosure controls and internal control over financial reporting may be discovered in the future. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will eventually be required to include in our periodic reports that will be filed with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our Class A common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on the NYSE.
Our business is subject to the risks of catastrophic events.
The occurrence of any catastrophic event, including an earthquake, volcanic event, fire, flood, tsunami, the effects of climate change, or other weather event, power loss, telecommunications failure, software or hardware malfunction, epidemic or pandemic disease (such as the COVID-19 pandemic), cyber attack, military conflict or war, or terrorist attack, could result in lengthy interruptions in our service. Our corporate headquarters is located in the San Francisco Bay Area and one of our core co-location facilities is located in the greater Portland, Oregon area,
67

both regions known for seismic and/or volcanic activity, and we also have a second core co-location facility in Luxembourg. Our insurance coverage may not compensate us in full or at all for losses that may occur in the event of any of these potential future catastrophic events. In addition, any of these catastrophic events could cause disruptions to the Internet or the economy as a whole. Even with our disaster recovery arrangements, our service could be interrupted. If our systems were to fail or be negatively impacted as a result of a natural disaster or other event, our ability to deliver products to our customers would be impaired or we could lose critical data.
Our partners, suppliers, and customers are also subject to the risk of catastrophic events. In those events, our ability to deliver our products in a timely manner, as well as the demand for our products, may be divided on account of factors outside our control.
Further, the effects of climate change on the global economy and the technology industry are rapidly evolving. While we seek to mitigate our business risks associated with climate change by establishing robust environmental programs and partnering with organizations who are focused on mitigating their own climate-related risks, there are inherent climate-related risks wherever business is conducted. Any of our locations may be vulnerable to the adverse effects of climate change. For example, our corporate headquarters in the San Francisco Bay Area and one of our core co-location facilities located in the greater Portland, Oregon area have experienced and may continue to experience, climate-related events and at an increasing frequency, including severe storms, floods, drought, water scarcity, heat waves, wildfires and resultant air quality impacts and power shutoffs associated with these types of events. Additionally, it will remain difficult to mitigate the impact of these events on our employees who continue to work remotely. Changing market dynamics, global policy developments and increasing frequency and impact of extreme weather events on critical infrastructure in the United States and elsewhere have the potential to disrupt our business, the business of our partners, suppliers and customers, and may cause us to experience higher attrition, losses and additional costs to maintain or resume operations.
The requirements of being a public company may strain our resources, divert management’s attention, and affect our ability to attract and retain executive management and qualified board members.
We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the listing requirements of the NYSE, and other applicable securities rules and regulations. Compliance with these rules and regulations increases our legal and financial compliance costs, makes some activities more difficult, time-consuming, or costly, and increases demand on our systems and resources. The Exchange Act requires, among other things, that we file annual, quarterly, and current reports with respect to our business and results of operations.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. In order to maintain and, if required, improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, significant resources and management oversight is required. We are required to disclose changes made in our internal control and procedures on a quarterly basis and to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting. In addition, our independent registered public accounting firm is required to attest to the effectiveness of our internal control over financial reporting. As a result of the complexity involved in complying with the rules and regulations applicable to public companies, our management’s attention may be diverted from other business concerns, which could adversely affect our business and results of operations. Although we have already hired additional employees and have engaged outside consultants to assist us in complying with these requirements, we may need to hire more employees in the future or engage additional outside consultants, which will increase our operating expenses.
In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs, and making some activities more time consuming. These laws, regulations, and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest substantial resources to comply with evolving laws, regulations, and standards, and this investment may result in increased general and administrative expenses and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations, and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their
68

application and practice, regulatory authorities may initiate legal proceedings against us and our business may be adversely affected.
Failure to comply with the aforementioned rules and regulations may make it more expensive for us to maintain director and officer liability insurance, and in the future we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified members of our Board of Directors, particularly to serve on our audit committee and compensation committee, and qualified executive officers.
As a result of disclosure of information in our filings with the SEC, our business and financial condition are visible, which we believe may result in threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business and results of operations could be adversely affected, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and adversely affect our business and results of operations.
Item 1B. Unresolved Staff Comments
None.

Item 1C. Cybersecurity
Risk Management and Strategy
We regularly face cybersecurity threats from malicious third parties that could obtain unauthorized access to our internal systems, networks, and data, including the equipment at our network and core co-location facilities. It is virtually impossible for us to entirely mitigate the risk of these and other security threats we face, and the security, performance, and reliability of our network and products has been in the past, and may be in the future, disrupted by third parties, including nation-states, competitors, hackers, disgruntled employees, former employees, or contractors. While we have implemented security measures internally and have integrated security measures into our systems, network, and products, these measures have not always functioned as expected and have not always detected or prevented all unauthorized activity, prevented all security breaches or incidents, mitigated all security breaches or incidents, or protected against all attacks or incidents. We have experienced breaches of, and unauthorized access to, our internal systems in the past and we believe such breaches and unauthorized access and other incidents may happen again in the future. As of the date of the filing of this Annual Report on Form 10-K, we do not believe these risks from cybersecurity threats, including the results of prior cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, but there can be no guarantee that we will not experience such a security breach or incident in the future. Refer to Part 1, Item 1A “Risk Factors” of this Annual Report on Form 10-K for additional information regarding cybersecurity risks related to our systems, products, and network.
Particularly in light of the extensive cybersecurity risks facing our company and the fact that we provide cybersecurity products to our customers, we recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to protect our internal systems, our global network, and our customers’ data. We have established a multi-layered approach to manage our cybersecurity risks with preventative and detective capabilities enabled in our network and internal systems that are designed to protect against cyber threats. This approach to cybersecurity includes, among other things, annual and periodic enterprise-wide risk assessments; ongoing collaboration with our product and engineering teams for the purpose of securing our products, systems, data, and global network; a vulnerability management program focused on proactively identifying, triaging and mitigating security vulnerabilities within our systems, network and data through ongoing testing, penetration tests and other simulations; regularly required security training for all employees; and a comprehensive incident response process to identify, contain, and remediate cybersecurity incidents. We also engage with external cybersecurity assessors and consultants in evaluating and testing our risk management systems. These processes are integrated into our overall risk management systems and processes to promote a company-wide culture of cybersecurity risk management.
69

We are aware of the risks associated with engaging third-party service providers, so we have implemented processes to oversee and manage these risks. We conduct security assessments of third-party providers who may have access to sensitive information before engagement and maintain ongoing monitoring of their compliance with our cybersecurity standards. The monitoring includes periodic reviews conducted by our security team. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties.
Governance
Our Board of Directors, including through its audit committee, oversees our enterprise risk management processes, including our cybersecurity risk exposure and the steps management has taken to monitor, control, and address such exposure. The audit committee regularly reviews and discusses with our senior management, our internal audit team, and our independent auditor, our policies and processes designed to identify, monitor, and address enterprise risks, including risks from cybersecurity threats and incidents. This oversight and review of our risks from cybersecurity threats includes, among other things, our SVP, Chief Security Officer (CSO) providing regular quarterly briefings to our Board of Directors regarding cybersecurity threats, processes for preventing and/or addressing current threats, ongoing cybersecurity initiatives and strategy and regulatory compliance; our internal audit team reporting on a quarterly basis to the audit committee regarding cybersecurity and other enterprise risk management efforts and related audits and management action plans to mitigate risks by internal audits; and periodic other updates to our Board of Directors by our CEO and CSO in the event of specific critical cybersecurity threats.
Our CSO, who reports regularly and directly to our CEO, has primary responsibility for assessing, monitoring and managing our cybersecurity risks, including the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CSO, who joined us in 2023, has over 20 years of experience assessing and managing cybersecurity programs and cybersecurity risk at a number of different companies. Our internal security leadership team that reports to our CSO regularly communicates and meets to discuss cybersecurity threats and risk management, the effectiveness of our internal security programs, and cybersecurity emerging trends, risks, and incidents that may require increased focus. In addition, our internal audit team regularly reviews cybersecurity risks with our security team as part of our ongoing enterprise risk management program and conducts internal audits on various areas of cybersecurity risk. In addition, our CEO chairs an internal compliance committee that includes our CSO and other members of our security team and meets at least quarterly to review compliance with various laws, rules, and regulations applicable to our company, including with respect to cybersecurity matters.
Item 2. Properties
Our corporate headquarters is located in San Francisco, California, where we lease approximately 112,000 square feet. Of the total leased space in San Francisco, approximately 67,000 square feet is concentrated in our adjoining buildings located at 101 Townsend Street and 111 Townsend Street pursuant to lease agreements expiring in October 2027. In addition, we lease approximately 45,000 square feet at 634 Second Street pursuant to a lease agreement expiring in December 2027.
We also maintain offices around the world including Austin, Texas; London, United Kingdom; Lisbon, Portugal; and Singapore to support our global team.
We lease all of our facilities and do not own any real property.
We believe that our facilities are suitable to meet our current needs. We intend to expand our facilities or add new facilities as we add employees and enter new geographic markets, and we believe that suitable additional or alternative space will be available as needed to accommodate any such growth.

70

Item 3. Legal Proceedings
From time to time we are subject to legal proceedings and claims arising in the ordinary course of business. We are not presently a party to any legal proceeding that we believe is likely to have a material impact on our business, results of operations, or financial condition.
Future litigation may be necessary, among other things, to defend ourselves or our customers by determining the scope, enforceability, and validity of third-party proprietary rights or to establish our proprietary rights. The results of any litigation cannot be predicted with certainty, particularly in the areas of unsettled and evolving law in which we operate, and an unfavorable resolution in any legal proceedings could materially affect our future business, results of operations, or financial condition. Regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources, and other factors. For additional information, see "Risk Factors" - "Activities of our paying and free customers or the content of their websites and other Internet properties may violate applicable laws and/or our terms of service and could subject us to lawsuits, regulatory enforcement actions, and/or liability in various jurisdictions" and "We are currently, and may be in the future, party to intellectual property rights claims and other litigation matters that, if resolved adversely, could have a material impact on our business, results of operations, or financial condition" and Note 8 to the consolidated financial statements included in this Annual Report on Form 10-K.

Item 4. Mine Safety Disclosures
Not applicable.
71

PART II

Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Market Information for Our Class A Common Stock
Our Class A common stock has been listed on the New York Stock Exchange (NYSE) under the symbol "NET" since September 13, 2019. Prior to that date, there was no public trading market for our Class A common stock. Our Class B common stock is not listed on any stock exchange nor traded on any public market.
Holders of Record
As of February 7, 2024, we had 59 holders of record of our Class A common stock and 109 holders of record of our Class B common stock. The actual number of stockholders is greater than this number of record holders and includes stockholders who are beneficial owners but whose shares are held in street name by brokers and other nominees.
Dividend Policy
We have never declared nor paid any cash dividends on our capital stock. We currently intend to retain any future earnings and do not expect to pay any dividends in the foreseeable future. Any future determination to declare cash dividends will be made at the discretion of our Board of Directors, subject to applicable laws, and will depend on a number of factors, including our financial condition, results of operations, capital requirements, contractual restrictions, general business conditions, and other factors that our Board of Directors may deem relevant.
Stock Performance Graph
This performance graph shall not be deemed “soliciting material” or to be “filed” with the Securities and Exchange Commission (the SEC) for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the Exchange Act), or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any of our filings under the Securities Act of 1933, as amended (the Securities Act).
The following graph compares (i) the cumulative total stockholder return on our Class A common stock from September 13, 2019 (the date our Class A common stock commenced trading on the NYSE) through December 31, 2023 with (ii) the cumulative total return of the Standard & Poor's 500 Index and Standard & Poor's Information Technology Index over the same period, assuming the investment of $100 in our Class A common stock and in each index on September 13, 2019 and the reinvestment of dividends. The graph uses the closing market price on September 13, 2019 of $18.00 per share as the initial value of our common stock. The comparisons are based on historical data and are not indicative of, nor intended to forecast, future performance of our Class A common stock.


72

2984
Company/IndexBase Period
9/13/2019
12/31/201912/31/202012/31/202112/31/202212/31/2023
Cloudflare$100.00 $94.78 $422.17 $730.56 $251.17 $462.56 
S&P 500 Index100.00 107.43 124.89 158.48 127.67 158.60 
S&P 500 Information Technology Index100.00 113.36 161.21 214.98 152.83 239.02 

Unregistered Sales of Equity Securities
None.
Issuer Purchases of Equity Securities    
None.
Item 6. [Reserved]
73

Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. This section of this Form 10-K generally discusses 2023 and 2022 items and year-to-year comparisons between 2023 and 2022. Discussions of 2021 items and year-to-year comparisons between 2022 and 2021 are not included in this Form 10-K, and such disclosure can be found in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II, Item 7 of the Company’s Annual Report on Form 10-K for the fiscal year ended December 31, 2022, which information is incorporated herein by reference. In addition to historical financial information, the following discussion contains forward-looking statements that are based upon current plans, expectations, and beliefs that involve risks and uncertainties. Our actual results may differ materially from those anticipated in these forward-looking statements as a result of various factors, including those factors discussed in the section titled “Risk Factors” and in other parts of this Annual Report on Form 10-K. Our fiscal year end is December 31.
Overview
Cloudflare’s mission is to help build a better Internet. We have built a global network that delivers a broad range of services to businesses of all sizes and in all geographies—making them more secure, enhancing the performance of their business-critical applications, and eliminating the cost and complexity of managing individual network hardware. Our network serves as a scalable, easy-to-use, unified control plane to deliver security, performance, and reliability across their on-premises, hybrid, cloud, and software-as-a-service (SaaS) applications.
Our Business Model
Our business model benefits from our ability to serve the needs of all customers ranging from individual developers to the largest enterprises, in a cost-effective manner. Our products are easy to deploy and allow for rapid and efficient onboarding of new customers and expansion of our relationships with our existing customers over time. Given the large customer base we have and the immense amount of Internet traffic that we manage, we are able to negotiate mutually beneficial agreements with Internet service providers (ISPs) that allow us to place our equipment directly in their data centers, which drives down our bandwidth and co-location expenses. This symbiotic relationship that we have with ISPs and the efficiency of our serverless network architecture allows us to introduce new products on our network at low marginal cost.
We generate revenue primarily from sales to our customers of subscriptions to access our network and products. We offer a variety of plans to our free and paying customers depending on their required features and functionality.
Contracted customers. Our contracted customers, which consist of customers that enter into contracts for our Enterprise subscription plan, have contracts that typically range from one to three years and are typically billed on a monthly or annual basis. Our agreements with contracted customers are tailored and priced to meet their varying needs and requirements. Enterprise subscription plan agreements for our contracted customers generally include a base subscription and a smaller portion based on usage or per seat.
Pay-as-you-go customers. For our pay-as-you-go customers, we offer the ability to purchase our products through our website. We make our pay-as-you-go product solutions available in several configurations. For customers securing and accelerating their Internet properties using our website and application services, we offer Pro and Business subscription plans through our website per registered domain, and it is common for customers to purchase subscriptions to cover multiple Internet properties (e.g., domains, websites, application programming interfaces (APIs), and mobile applications). Pay-as-you-go customers can subscribe to more than one solution and purchase add-on products and network functionality we offer to meet their more advanced needs. For pay-as-you-go or contracted customers who need a scalable Zero Trust security solution to secure users and internal resources using our Cloudflare One suite of products, we make these products available on a per seat basis. In addition, for developers building serverless applications, we offer our Cloudflare Workers product to these customers on a usage-based plan that is metered by requests and execution time. Our pay-as-you-go customers typically pay with a credit card on a monthly or annual basis for our Pro and Business subscription plans and on a monthly basis for our other pay-as-you-go plans and add-on products.

74

Key elements of our business model include:
Significant investment in ongoing product development. We invest significantly in research and development. Our focus on research and development allows us to continually enhance the capabilities and functionality of our global network with new products and product features that are innovative and powerful and can be quickly adopted by our customers and helps us grow our customer base, which allows us to serve a greater portion of the world's Internet traffic. That in turn provides us with greater knowledge and insight into the challenges that Internet users face every day.
Investments in our network for growth. We believe that the size, sophistication, and distributed nature of our network provide us with a significant competitive advantage. We intend to continue to make substantial investments in network infrastructure to support the growth of our business. As we invest in our network, we believe the service that we can provide our customers and the insight and knowledge that we can gain will continue to grow.
Efficient go-to-market model. We have built an efficient go-to market model that reflects the flexibility and ease of use our products offer to our customers around the world. This has enabled us to acquire new customers as well as to expand within our existing customer base in a rapid, cost-effective manner. In particular, we have invested heavily in our contracted customer sales efforts.
New customer acquisition. We believe that anyone that relies on the Internet to deliver products, services, or content or to operate its business can be a Cloudflare customer. As such, we are focused on driving an increased number of customers onto our network and products to support our long-term growth. We continue to invest to build our direct sales force, increase brand awareness, leverage and expand channel partners, and improve the sophistication of our sales operations for contracted customers, particularly large customers. Additionally, through our pay-as-you-go offering, a customer can subscribe to one of our many plans and begin using our network quickly, with minimal technical skill and no professional services. This has allowed us to acquire a large portion of our paying customers very rapidly and at significantly lower customer acquisition costs than our other product offerings.
Expansion of our existing customers. We believe that our network enables a large opportunity for growth within our existing customer base given the breadth of products we offer on our infrastructure platform. Our relationships with customers often start with servicing a portion of their overall needs and expand over time as they realize the significant value we deliver. Once a customer has adopted one product on our network, it can easily add additional products. As we add more products and functionality to our network, we see opportunities to drive upsell as customers seek to consolidate onto one infrastructure platform to meet all of their security, performance, and reliability network requirements. We also intend to continue to invest in market awareness of our new products to improve growth within our existing customers.
International reach. Our global network, with a presence in more than 310 cities and over 120 countries worldwide, has helped to foster our strong international growth. International markets represented 48%, 47% and 48% of our revenue in the years ended December 31, 2023, 2022, and 2021, respectively, and we intend to continue to invest in our international growth as a strategy to expand our customer base around the world.
Free customer base. Free customers are an important part of our business. These customers are typically individual developers, early-stage startups, hobbyists, and other users and, like our pay-as-you-go customers, sign up for our service through our website. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees. These free customers expose us to diverse traffic, threats, and problems, often allowing us to see potential security, performance, and reliability issues at the earliest stage. This knowledge allows us to improve our products and deliver more effective solutions to our paying customers. In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses. Finally, the enthusiastic engagement of our free customer base represents a "virtual quality assurance" function that allows us to maintain a high rate of product innovation, while ensuring our products are extensively tested in real world environments before they are deployed to our paying customers.
Opportunities, Challenges, and Risks
75

We believe that the growth of our business and our future success are dependent upon many factors, including growing our paying customer base, particularly large customers, expanding our relationships with existing paying customers, developing and successfully launching new products and features, expanding into additional market segments, expanding our base of free customers, and developing and maintaining favorable peering and co-location relationships. Each of these factors presents significant opportunities for us, but also poses material challenges and risks that we must successfully address in order to grow our business and improve our operating results. We expect that addressing these challenges and risks will increase our operating expenses significantly over the next several years. The timing of our future profitability, if we achieve profitability at all, will depend upon many variables, including the success of our growth strategies and the timing and size of investments and expenditures that we choose to undertake, as well as market growth and other factors that are not within our control. In addition, we must comply with complex, uncertain, and evolving laws, rules, and regulatory requirements across federal, state, and international jurisdictions. If we fail to successfully address these challenges, risks, and variables, our business, operating results, financial condition, and prospects may be adversely affected.
Impact of Macroeconomic Developments
We are closely monitoring macroeconomic developments and global events, such as the Hamas-Israel and the Russia-Ukraine conflicts and the potential expansion of those conflicts and other areas of geopolitical tension around the world, and how they may adversely impact our and our customers’ businesses. Weak economic conditions or significant uncertainty regarding the stability of financial markets related to stock market volatility, inflation, recession, changes in tariffs, trade agreements or governmental fiscal, monetary and tax policies, among others, could adversely impact our and our customers’ business, financial condition and operating results. In addition, general tightening in the credit market, lower levels of liquidity, increases in rates of default and bankruptcy, and significant volatility in equity and fixed-income markets could all negatively impact our customers’ purchasing decisions. Starting in the first half of 2022, potentially as a result of these various macroeconomic impacts on our customers, we periodically have experienced lengthening of the average sales cycle for certain types of customers and sales (including sales to new customers and expansion sales to existing customers), slowdowns in our pipeline of potential new customers and in the rate of converting sales pipeline opportunities into new sales, increase in average days sales outstanding, higher levels of churn in our paying customer base (which is when any of our paying customers cease to be a paying customer for any reason, including any pay-as-you-go customer converting to a free subscription plan), and lengthening of the timing of payment from some of our customers, all of which may have contributed to a slowdown in our revenue growth over that period (including with respect to new customers). We believe macroeconomic uncertainty could persist through 2024. As a result, we expect that some or all of the negative trends described in this paragraph may emerge or recur during future quarters.
To the extent challenging macroeconomic conditions persist, we may experience additional adverse effects on our business, financial condition, or results of operations in future periods. These effects could include, among others, reduction or increased delays in purchasing decisions by existing and potential new paying customers, additional lengthening of the sales cycle for some of our existing and potential new paying customers, potential customer requests for concessions (including in terms of payment amounts and/or timing and earlier or additional termination rights), potential losses of paying customers as a result of economic distress or bankruptcy (particularly among our small and medium paying customer base), potential reductions in new non-U.S. customers and expansion of sales to existing non-U.S. paying customers as a result of our products, which are substantially all sold in U.S. dollars, becoming relatively more expensive for such customers due to the higher value of the U.S. dollar relative to other currencies, and increased costs for employee compensation and equipment purchases resulting from continued inflationary cost pressures.
For further discussion of the challenges and risks we confront related to macroeconomic conditions and geopolitical tension around the world, please refer to Part I, Item 1A “Risk Factors” of this Annual Report on Form 10-K.
76

Non-GAAP Financial Measures and Key Business Metrics
We review a number of financial and operating metrics, including the following non-GAAP financial measures and key metrics to evaluate our business, measure our performance, identify trends affecting our business, formulate business plans, and make strategic decisions.
Year Ended December 31,
202320222021
(dollars in thousands)
Gross profit
$989,740 $742,631 $509,292 
Gross margin
76 %76 %78 %
Loss from operations
$(185,485)$(201,203)$(127,684)
Non-GAAP income (loss) from operations
$122,017 $35,679 $(7,024)
Operating margin
(14)%(21)%(19)%
Non-GAAP operating margin
%%(1)%
Net cash provided by operating activities
$254,406 $123,595 $64,648 
Net cash used in investing activities
$(186,201)$(235,696)$(709,322)
Net cash provided by (used in) financing activities
$(192,185)$6,347 $847,486 
Free cash flow
$119,464 $(39,769)$(43,090)
Net cash provided by operating activities (as a percentage of revenue)
20 %13 %10 %
Free cash flow margin
%(4)%(7)%
Paying customers(1)
189,791 162,086 140,096 
Paying customers (> $100,000 Annualized Revenue)(1)
2,756 2,042 1,416 
(1)Key business metrics are derived on a quarterly basis. Refer to Key Business Metrics section below for further detail.
The following table summarizes the revenue by region based on the billing address of customers who use the Company’s products:
Year Ended December 31,
202320222021
(dollars in thousands)
AmountPercentage
of Revenue
AmountPercentage
of Revenue
AmountPercentage
of Revenue
United States$678,184 52 %$515,722 53 %$342,578 52 %
Europe, Middle East, and Africa
356,569 28 %258,291 26 %172,129 26 %
Asia Pacific168,826 13 %133,353 14 %96,537 15 %
Other93,166 %67,875 %45,182 %
Total$1,296,745 100 %$975,241 100 %$656,426 100 %
Non-GAAP Financial Measures
In addition to our results determined in accordance with generally accepted accounting principles in the United States (U.S. GAAP), we believe the following non-GAAP measures are useful in evaluating our operating performance. We use the following non-GAAP financial information to evaluate our ongoing operations and for internal planning and forecasting purposes. We believe that non-GAAP financial information, when taken collectively, may be helpful to investors because it provides consistency and comparability with past financial performance. However, non-GAAP financial information is presented for supplemental informational purposes only, has limitations as an analytical tool, and should not be considered in isolation or as a substitute for financial information presented in accordance with U.S. GAAP. In particular, free cash flow is not a substitute for cash provided by (used in) operating activities. Additionally, the utility of free cash flow as a measure of our liquidity is further limited as it does not represent the total increase or decrease in our cash balance for a given period. In addition, other companies, including companies in our industry, may calculate similarly-titled non-GAAP measures
77

differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our non-GAAP financial measures as tools for comparison. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with U.S. GAAP. Investors are encouraged to review the related U.S. GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable U.S. GAAP financial measures, and not to rely on any single financial measure to evaluate our business.
Non-GAAP Income (Loss) from Operations and Non-GAAP Operating Margin
We define non-GAAP income (loss) from operations and non-GAAP operating margin as U.S. GAAP income (loss) from operations and U.S. GAAP operating margin, respectively, excluding stock-based compensation expense and its related employer payroll taxes, amortization of acquired intangible assets, and acquisition-related and other expenses. We exclude stock-based compensation expense, which is a non-cash expense, from certain of our non-GAAP financial measures because we believe that excluding this item provides meaningful supplemental information regarding operational performance. We exclude employer payroll tax expenses related to stock-based compensation, which is a cash expense, from certain of our non-GAAP financial measures, because such expenses are dependent upon the price of our Class A common stock and other factors that are beyond our control and do not correlate to the operation of our business. We exclude amortization of acquired intangible assets, which is a non-cash expense, related to business combinations from certain of our non-GAAP financial measures because such expenses are related to business combinations and have no direct correlation to the operation of our business. We exclude acquisition-related and other expenses from certain of our non-GAAP financial measures because such expenses are related to business combinations and have no direct correlation to the operation of our business. Acquisition-related and other expenses can be cash or non-cash expenses incurred in connection with the acquisition, and include third-party transaction costs and compensation expense for key acquired personnel.
Year Ended December 31,
202320222021
(dollars in thousands)
Loss from operations$(185,485)$(201,203)$(127,684)
Add:
Stock-based compensation expense and related employer payroll taxes
287,500 217,766 117,334 
Amortization of acquired intangible assets20,002 15,169 2,946 
Acquisition-related and other expenses— 3,947 380 
Non-GAAP income (loss) from operations
$122,017 $35,679 $(7,024)
Operating margin(14)%(21)%(19)%
Non-GAAP operating margin (non-GAAP income (loss) from operations as a percentage of revenue)
%%(1)%
Free Cash Flow and Free Cash Flow Margin
Free cash flow is a non-GAAP financial measure that we calculate as net cash provided by (used in) operating activities less cash used for purchases of property and equipment and capitalized internal-use software. Free cash flow margin is calculated as free cash flow divided by revenue. We believe that free cash flow and free cash flow margin are useful indicators of liquidity that provide information to management and investors about the amount of cash generated from our operations that, after the investments in property and equipment and capitalized internal-use software, can be used for strategic initiatives, including investing in our business, and strengthening our financial position. We believe that historical and future trends in free cash flow and free cash flow margin, even if negative, provide useful information about the amount of cash generated (or consumed) by our operating activities that is available (or not available) to be used for strategic initiatives. For example, if free cash flow is negative, we may need to access cash reserves or other sources of capital to invest in strategic initiatives. One limitation of free cash flow and free cash flow margin is that they do not reflect our future contractual commitments. Additionally, free cash flow does not represent the total increase or decrease in our cash balance for a given period.
78

Year Ended December 31,
202320222021
(dollars in thousands)
Net cash provided by operating activities
$254,406 $123,595 $64,648 
Less: Purchases of property and equipment
(114,396)(143,606)(92,986)
Less: Capitalized internal-use software
(20,546)(19,758)(14,752)
Free cash flow
$119,464 $(39,769)$(43,090)
Net cash used in investing activities
$(186,201)$(235,696)$(709,322)
Net cash provided by (used in) financing activities
$(192,185)$6,347 $847,486 
Net cash provided by operating activities (as a percentage of revenue)
20 %13 %10 %
Less: Purchases of property and equipment (as a percentage of revenue)
(9)%(15)%(14)%
Less: Capitalized internal-use software (as a percentage of revenue)
(2)%(2)%(2)%
Free cash flow margin
%(4)%(7)%
Key Business Metrics
In addition to our results determined in accordance with U.S. GAAP and the non-GAAP measures discussed above, we also review the key business metrics discussed below to assist us in evaluating our business, measuring performance, identifying trends, formulating business plans, and making strategic decisions. There are a number of limitations associated with the use of key business metrics as analytical tools, however, and we do not rely upon any single key business metric to evaluate our business. In addition, other companies, including companies in our industry, may calculate similarly-titled business metrics differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of these business metrics as tools for comparison to such companies.
Paying Customers
We believe our ability to grow the number of paying customers on our network provides a key indicator of growth of our business and our future business opportunities. We define a paying customer at the end of the quarter as a person or entity who has generated revenue and has an active contract with us or one of our partners during such quarter, excluding (i) customers that were not acquired through ordinary sales channels, (ii) customers using only our registrar product, and (iii) customers using our consumer applications, such as 1.1.1.1 and WARP, which agreements and customers together represent an insignificant amount of our revenue. An entity is defined as a company, a government institution, a non-profit organization, or a distinct business unit of a large company. An active contract is defined as a customer relationship for which we have provided services during the quarter. The number of paying customers was 189,791, 162,086, and 140,096 as of December 31, 2023, 2022, and 2021, respectively.
Paying Customers (> $100,000 Annualized Revenue)
While we continue to grow customers across all sizes, over time, our large customers have contributed an increasing share of our revenue. We view the number of customers with Annualized Revenue greater than $100,000 as indicative of our penetration within large enterprise accounts. To measure Annualized Revenue at the end of a quarter, we take the sum of revenue for each customer in the quarter and multiply that amount by four. For example, if we signed a new customer that generated $1,800 of revenue in a quarter, that customer would account for $7,200 of Annualized Revenue for that year. Our Annualized Revenue calculation excludes (i) agreements that were not entered into through ordinary sales channels, (ii) revenue generated from customers using only our registrar product, and (iii) customers using our consumer applications, such as 1.1.1.1 and WARP, which agreements and customers together represent an insignificant amount of our revenue. Our Annualized Revenue metric also includes any usage charges by a customer during a period, which represents a small portion of our total revenue and may not be recurring. As a result, Annualized Revenue may be higher than actual revenue over the
79

course of the year. The number of paying customers with Annualized Revenue greater than $100,000 was 2,756, 2,042, and 1,416 as of December 31, 2023, 2022, and 2021, respectively.
Dollar-Based Net Retention Rate
Our ability to maintain long-term revenue growth and achieve profitability is dependent on our ability to retain and grow revenue generated from our existing paying customers. We believe that we will achieve these objectives by continuing to focus on customer loyalty and adding additional products and functionality to our network. Our dollar-based net retention rate is a key way we measure our performance in these areas. Dollar-based net retention measures our ability to retain and expand recurring revenue from existing customers. To calculate dollar-based net retention for a quarter, we compare the Annualized Revenue from paying customers four quarters prior to the Annualized Revenue from the same set of customers in the most recent quarter. Our dollar-based net retention includes expansion and is net of contraction and attrition, but excludes Annualized Revenue from new customers in the current period. Our dollar-based net retention excludes the benefit of free customers that upgrade to a paid subscription between the prior and current periods, even though this is an important source of incremental growth. We believe this provides a more meaningful representation of our ability to add incremental business from existing paying customers as they renew and expand their contracts. Our dollar-based net retention rates for the three months ended December 31, 2023, 2022, and 2021 were 115%, 122%, and 125%, respectively.

Components of Our Results of Operations
Revenue
We generate revenue primarily from sales to our customers of subscriptions to access our network and products, together with related support services. Arrangements with customers generally do not provide the customer with the right to take possession at any time of our software operating our global network. Instead, customers are granted continuous access to our network and products over the contractual period. A time-elapsed output method is used to measure progress because we transfer control evenly over the contractual period. Accordingly, the fixed consideration related to subscription and support revenue is generally recognized on a straight-line basis over the contract term beginning on the date that the service is made available to the customer. Usage-based consideration is primarily related to fees charged for our customer’s use of excess bandwidth when accessing our network in a given period and is recognized as revenue in the period in which the usage occurs.
The typical subscription and support term for our contracted customers is one year and subscription and support term lengths range from one to three years. Most of our contracts with contracted customers are non-cancelable over the contractual term. Customers may have the right to terminate their contracts for cause if we fail to perform in accordance with the contractual terms. For our pay-as-you-go customers, subscription and support term contracts are typically monthly.
Cost of Revenue
Cost of revenue consists primarily of expenses that are directly related to providing our service to our paying customers. These expenses include expenses related to operating in co-location facilities, network and bandwidth costs, depreciation of our equipment located in co-location facilities, certificate authority services costs for paying customers, related overhead costs, the amortization of our capitalized internal-use software, and the amortization of acquired developed technologies. Cost of revenue also includes employee-related costs, including salaries, bonuses, benefits, and stock-based compensation for employees whose primary responsibilities relate to supporting our paying customers. Other costs included in cost of revenue include credit card fees related to processing customer transactions and allocated overhead costs.
As our customers expand and increase the use of our global network and products driven by additional applications and connected devices, we expect that our cost of revenue will increase due to higher network and bandwidth costs and expenses related to operating in additional co-location facilities. However, we expect to continue to benefit from economies of scale as our customers increase the use of our global network and products. We intend to continue to invest additional resources in our global network and products and our customer support organizations as we grow our business. The level and timing of investment in these areas could affect our cost of revenue in the future.
Gross Profit and Gross Margin
80

Gross profit is revenue less cost of revenue and gross margin is gross profit as a percentage of revenue. Our gross profit and gross margin have and are expected to continue to fluctuate from period to period due to the timing of acquisition of new customers and our renewals with existing customers, expenses related to operating in co-location facilities and network and bandwidth costs to operate and expand our global network, and amortization of costs associated with capitalized internal-use software. We expect our gross profit to increase in absolute dollars and our gross margin to remain consistent over the long term, although our gross margin could fluctuate from period to period depending on the interplay of all of these factors.
Operating Expenses
Sales and Marketing
Sales and marketing expenses consist primarily of employee-related costs, including salaries, benefits, and stock-based compensation expense, sales commissions that are recognized as expenses over the period of benefit, marketing programs, certificate authority services costs for free customers, travel-related expenses, bandwidth and co-location costs for free customers, and allocated overhead costs. Sales commissions earned by our sales force and the associated payroll taxes that are direct and incremental to the acquisition of channel partner and direct customer contracts are deferred and amortized over an estimated period of benefit of three years for the initial acquisition of a contract and over the contractual term of the renewals for renewal contracts. We plan to continue to invest in sales and marketing to grow our customer base and increase our brand awareness, including marketing efforts to continue to drive our pay-as-you-go business model. As a result, we expect our sales and marketing expenses to increase in absolute dollars for the foreseeable future. However, we expect our sales and marketing expenses to decrease as a percentage of our revenue over the long term, although our sales and marketing expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
Research and Development
Research and development costs consist primarily of employee-related costs, including salaries, benefits, and stock-based compensation expense, consulting costs, depreciation of equipment used in research and development, and allocated overhead costs. Research and development costs support our efforts to add new features to our existing offerings and to ensure the security, performance, and reliability of our global network. We expect our research and development expenses to increase in absolute dollars for the foreseeable future as we continue to invest in research and development efforts to enhance the functionality of our global network and products. We expect our research and development expenses to decrease as a percentage of our revenue over the long term, although our research and development expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
General and Administrative
General and administrative expenses consist primarily of employee-related costs, including salaries, benefits, and stock-based compensation expense for our finance, legal, human resources, and other administrative personnel, professional fees for external legal services, accounting, and other consulting services, bad debt expense, and allocated overhead costs. We expect our general and administrative expenses to continue to increase in absolute dollars for the foreseeable future to support our growth as well as due to additional costs associated with legal, accounting, compliance, insurance, investor relations, and other costs as a result of operating as a public company. However, we expect our general and administrative expenses to decrease as a percentage of our revenue over the long term, although our general and administrative expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
Non-Operating Income (Expense)
Interest Income
Interest income consists primarily of interest earned on our cash, cash equivalents, and our investment holdings.
Interest Expense
81

Interest expense consists primarily of contractual interest expense and amortization of the debt issuance costs on our 0.75% Convertible Senior Notes due 2025 (the 2025 Notes) and 0% Convertible Senior Notes due 2026 (the 2026 Notes, and together with the 2025 Notes, the Notes). Upon adoption of the Accounting Standards Update (ASU) 2020-06 effective January 1, 2022, the Company is no longer recording the conversion feature of its convertible senior notes in equity. Instead, the Company combined the previously separated equity component with the liability component, which together is now classified as debt, thereby eliminating the subsequent amortization of the debt discount as interest expense.
Loss on Extinguishment of Debt
Loss on extinguishment of debt consists of loss recognized from privately-negotiated exchange agreements with certain holders of the 2025 Notes to exchange approximately $400.0 million in aggregate principal amount of the 2025 Notes for an aggregate of $400.7 million in cash (including accrued interest) and approximately 7.6 million shares of our Class A common stock (the 2025 Notes Exchange).
Loss on extinguishment of debt also consists of loss recognized from open market transactions to repurchase approximately $123.0 million in aggregate principal amount of the 2025 Notes for an aggregate of $172.7 million in cash (including accrued interest) (the 2025 Notes Repurchases). Refer to Note 7 to the consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for further detail.
Other Income (Expense), Net
Other income (expense), net consists primarily of gain on sale of property and equipment and foreign currency transaction gains and losses.
Provision for (Benefit from) Income Taxes
Provision for (benefit from) income taxes consists primarily of income taxes in certain foreign jurisdictions in which we conduct business, as well as state income taxes in the United States. We have a full valuation allowance on our U.S. federal, U.S. state, and U.K. deferred tax assets as we have concluded that it is more likely than not that the deferred tax assets will not be realized.

82

Results of Operations
The following tables set forth our consolidated results of operations for the periods presented in dollars and as a percentage of our revenue for those periods:
Year Ended December 31,
202320222021
(in thousands)
Revenue$1,296,745 $975,241 $656,426 
Cost of revenue(1)
307,005 232,610 147,134 
Gross profit989,740 742,631 509,292 
Operating expenses:
Sales and marketing(1)
599,117 465,762 328,065 
Research and development(1)
358,143 298,303 189,408 
General and administrative(1)
217,965 179,769 119,503 
Total operating expenses1,175,225 943,834 636,976 
Loss from operations(185,485)(201,203)(127,684)
Non-operating income (expense):
Interest income68,167 14,877 1,970 
Interest expense(5,872)(4,984)(49,234)
Loss on extinguishment of debt(50,300)— (72,234)
Other income (expense), net(4,372)577 (794)
Total non-operating income (expense), net7,623 10,470 (120,292)
Loss before income taxes(177,862)(190,733)(247,976)
Provision for income taxes
6,087 2,648 12,333 
Net loss$(183,949)$(193,381)$(260,309)
_______________
(1)Includes stock-based compensation expense as follows:
Year Ended December 31,
202320222021
(in thousands)
Cost of revenue$7,967 $6,251 $2,583 
Sales and marketing73,682 50,317 27,277 
Research and development132,417 103,276 44,196 
General and administrative59,923 42,933 16,081 
Total stock-based compensation expense$273,989 $202,777 $90,137 

83

Year Ended December 31,
202320222021
Percentage of Revenue Data:
Revenue
100 %100 %100 %
Cost of revenue24 24 22 
Gross margin
76 76 78 
Operating expenses:
Sales and marketing46 48 50 
Research and development27 31 29 
General and administrative17 18 18 
Total operating expenses
90 97 97 
Loss from operations
(14)(21)(19)
Non-operating income (expense):
Interest income— 
Interest expense— (1)(8)
Loss on extinguishment of debt(4)— (11)
Other income (expense), net— — — 
Total non-operating income (expense), net
(19)
Loss before income taxes
(13)(20)(38)
Provision for income taxes
— 
Net loss
(14)%(20)%(40)%

Comparison of the Years Ended December 31, 2023 and 2022
Revenue
Year Ended December 31,Change
20232022$%
(dollars in thousands)
Revenue$1,296,745 $975,241 $321,504 33 %
Revenue increased by $321.5 million, or 33%, for the year ended December 31, 2023 compared to the year ended December 31, 2022. The increase in revenue was primarily due to the addition of new paying customers, which increased by 17% during the year ended December 31, 2023, as well as expansion within our existing paying customers, which was reflected by our dollar-based net retention rate of 115% for the three months ended December 31, 2023.
Cost of Revenue and Gross Margin
Year Ended December 31,Change
20232022$%
(dollars in thousands)
Cost of revenue$307,005 $232,610 $74,395 32 %
Gross margin76 %76 %
Cost of revenue increased by $74.4 million, or 32%, for the year ended December 31, 2023 compared to the year ended December 31, 2022. The increase in the cost of revenue was primarily due to an increase of $24.2 million in expenses related to operating in co-location facilities and network and bandwidth costs for operating our global
84

network for our expanded customer base, as well as increased capacity to support our growth, an increase of $17.4 million in depreciation expense related to purchases of equipment located in co-location facilities, an increase of $14.2 million in third-party technology services costs, registry fees, and payment processing fees, and an increase of $10.1 million in employee-related costs due to a 41% increase in headcount in our customer support and technical operations organizations. The remainder of the increase was primarily due to an increase of $5.6 million related to the amortization of acquired developed technology and capitalized internal-use software costs.
Gross margin did not significantly fluctuate during the year ended December 31, 2023 as compared to the year ended December 31, 2022.
Operating Expenses
Sales and Marketing
Year Ended December 31,Change
20232022$%
(dollars in thousands)
Sales and marketing$599,117 $465,762 $133,355 29 %
Sales and marketing expenses increased by $133.4 million, or 29%, for the year ended December 31, 2023 compared to the year ended December 31, 2022. The increase was primarily driven by $86.1 million in increased employee-related costs due to a 15% increase in headcount in our sales and marketing organization, including an increase of $26.2 million in stock-based compensation expense. The remainder of the increase was primarily due to an increase of $15.7 million in expenses for marketing programs due to investments in brand awareness advertising, third-party industry events, and digital performance marketing, an increase of $13.0 million in co-location and bandwidth expenses for free customers, an increase of $6.9 million in travel-related expenses, an increase of $3.6 million in allocated overhead costs, an increase of $2.8 million in subscriptions expenses, and an increase of $1.4 million in consulting expenses.
Research and Development
Year Ended December 31,Change
20232022$%
(dollars in thousands)
Research and development$358,143 $298,303 $59,840 20 %
Research and development expenses increased by $59.8 million, or 20%, for the year ended December 31, 2023 compared to the year ended December 31, 2022. The increase was primarily driven by $55.1 million in increased employee-related costs due to a 11% increase in headcount in our research and development organization, including an increase of $30.3 million in stock-based compensation expense. The remainder of the increase was primarily due to an increase of $3.3 million in allocated overhead costs.
General and Administrative
Year Ended December 31,Change
20232022$%
(dollars in thousands)
General and administrative$217,965 $179,769 $38,196 21 %
General and administrative expenses increased by $38.2 million, or 21%, for the year ended December 31, 2023 compared to the year ended December 31, 2022. The increase was primarily driven by $30.3 million in increased employee-related costs due to a 10% increase in headcount in our general and administrative organization, including an increase of $14.9 million in stock-based compensation expense. The remainder of the increase was primarily due to an increase of $8.8 million in bad debt expense, an increase of $2.6 million in subscription
85

expenses, and an increase of $2.3 million in travel-related expenses, partially offset by $7.4 million of decreased allocated overhead costs.
Non-Operating Income (Expense)
Interest Income
Year Ended December 31,Change
20232022$%
(dollars in thousands)
Interest income$68,167 $14,877 $53,290 *
Interest income increased by $53.3 million, for the year ended December 31, 2023 compared to the year ended December 31, 2022. The increase was primarily driven by an increase in interest rates.
______________
* Not meaningful
Interest Expense
Year Ended December 31,Change
20232022$%
(dollars in thousands)
Interest expense$(5,872)$(4,984)$(888)18 %
Interest expense did not significantly fluctuate during the year ended December 31, 2023 as compared to the year ended December 31, 2022.
Loss on Extinguishment of Debt
Year Ended December 31,Change
20232022$%
(dollars in thousands)
Loss on extinguishment of debt$(50,300)$— $(50,300)*
______________
* Not meaningful
Loss on extinguishment of debt increased by $50.3 million for the year ended December 31, 2023 as compared to the year ended December 31, 2022. The increase was driven by the loss on extinguishment of debt we recognized in connection with the 2025 Notes Repurchases. Refer to Note 7 to the consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K.
Other Income (Expense), net
Year Ended December 31,Change
20232022$%
(dollars in thousands)
Other income (expense), net$(4,372)$577 $(4,949)*
______________
* Not meaningful
Other income (expense), net did not significantly fluctuate during the year ended December 31, 2023 as compared to the year ended December 31, 2022.
86

Provision for Income Taxes
Year Ended December 31,Change
20232022$%
(dollars in thousands)
Provision for income taxes
$6,087 $2,648 $3,439 *
______________
* Not meaningful
We recorded an income tax expense of $6.1 million during the year ended December 31, 2023 as compared to an income tax expense of $2.6 million for the year ended December 31, 2022. The income tax expense of $6.1 million for the year ended December 31, 2023 was primarily related to withholding taxes in the United States and income tax expense from profitable foreign jurisdictions. The income tax expense of $2.6 million for the year ended December 31, 2022 was primarily related to withholding taxes in the United States and income tax expense from profitable foreign jurisdictions, offset by the partial release of the U.S. valuation allowance in connection with acquisitions.

Liquidity and Capital Resources
Since our inception, we have financed our operations primarily through net proceeds from the sale of our equity and debt securities, as well as payments received from customers using our global network and products, and we expect to continue to finance our operations using the same sources for the foreseeable future. In May 2020, we issued $575.0 million aggregate principal amount of the 2025 Notes in a private offering to qualified institutional buyers pursuant to Rule 144A promulgated under the Securities Act, from which we received total proceeds, net of initial purchaser discounts and commissions and debt issuance costs, of $562.5 million. In August 2021, we issued $1,293.8 million aggregate principal amount of the 2026 Notes in a private offering to qualified institutional buyers pursuant to Rule 144A promulgated under the Securities Act, from which we received total proceeds, net of initial purchaser discounts and commissions and debt issuance costs of $1,274.0 million. Concurrently with the completion of the offering of the 2026 Notes, we also entered into privately-negotiated exchange agreements with certain holders of the 2025 Notes to exchange approximately $400 million in aggregate principal amount of the 2025 Notes for an aggregate of $400.7 million in cash (including accrued interest) and approximately 7.6 million shares of our Class A common stock. During the three months ended June 30, 2023, we repurchased approximately $123.0 million in aggregate principal amount of the 2025 Notes for $172.7 million in cash (including accrued interest). During the three months ended September 30, 2023, we settled conversions of the remaining $35.4 million aggregated principal amount outstanding of the 2025 Notes in a combination of $35.4 million cash and approximately 0.5 million shares of our Class A common stock.
As of December 31, 2023, we had cash and cash equivalents of $86.9 million, including $19.5 million held by our foreign subsidiaries. Our cash and cash equivalents primarily consist of cash and highly liquid money market funds. We also had available-for-sale securities of $1,586.9 million consisting of U.S. treasury securities, commercial paper, and corporate bonds. As of December 31, 2023, our investment portfolio consisted of investment grade securities with an average credit rating of AA. We have generated significant operating losses from our operations as reflected in our accumulated deficit of $1,023.8 million as of December 31, 2023. We expect to continue to incur operating losses and cash flow that may fluctuate between positive and negative for the foreseeable future due to the investments we intend to make in our business, and as a result we may require additional capital resources to execute on our strategic initiatives to grow our business.
We believe that our existing cash, cash equivalents, and available-for-sale securities will be sufficient to meet our working capital and capital expenditure needs for at least the next 12 months. For the period beyond the next 12 months, we believe we will be able to meet our working capital and capital expenditure needs from our existing cash, cash equivalents, and available-for-sale-securities, the cash flows from our operating activities and, if necessary, proceeds from potential equity or debt financings. Our assessments of the period of time through which our existing financial resources will be adequate to support our operations and our expected sources of capital for the future operation of our business after such period of time are forward-looking statements and involve risks and uncertainties. Our actual results could vary as a result of, and our near- and long-term future capital requirements will depend on, many factors, including our growth rate, subscription renewal activity, the timing and extent of
87

spending to support our infrastructure and research and development efforts, the expansion of sales and marketing activities, the timing of new introductions of products or features, the continuing market adoption of our global network and products, and the impact of macroeconomic conditions to our and our customers', vendors', and partners' businesses. We may in the future enter into arrangements to acquire or invest in complementary businesses, services and technologies, including intellectual property rights, and such acquisitions and investments could increase our need for additional capital. We have based our estimates on assumptions that may prove to be wrong, and we could use our available capital resources sooner than we currently expect. Additionally, some of the factors that may influence our operations are not within our control, such as general economic conditions. We may seek, or be required to seek, additional equity or debt financing from time to time in the future. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results, and financial condition would be adversely affected.

As of December 31, 2023, our material cash requirements include contractual obligations from the 2026 Notes, purchase commitments and lease obligations. Refer to Notes 6, 7, and 8 to the consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for more information regarding these material cash requirements.
In addition to the contractual obligations described above, as of December 31, 2023, we had $4.4 million recognized as total restricted cash on our consolidated balance sheets which mainly related to irrevocable standby letters of credit and bank guarantees that are required under lease agreements and indemnity holdback consideration associated with asset acquisitions.
Cash Flows
The following table summarizes our cash flows for the periods presented:
 Year Ended December 31,
 202320222021
 (in thousands)
Net cash provided by operating activities
$254,406 $123,595 $64,648 
Net cash used in investing activities$(186,201)$(235,696)$(709,322)
Net cash provided by (used in) financing activities
$(192,185)$6,347 $847,486 
Operating Activities
Net cash provided by operating activities during the year ended December 31, 2023 was $254.4 million, which resulted from a net loss of $183.9 million, adjusted for non-cash charges of $543.1 million and net cash outflow of $104.7 million from changes in operating assets and liabilities. Non-cash charges primarily consisted of $274.0 million for stock-based compensation expense, $135.8 million for depreciation and amortization expense, $61.4 million for amortization of deferred contract acquisition costs, $50.3 million for loss on extinguishment of debt, $44.8 million for non-cash operating lease costs, $13.6 million for provision for bad debt, and $4.5 million for amortization of convertible note issuance costs, which were partially offset by $44.4 million for net accretion of discounts. The net cash outflow from changes in operating assets and liabilities was primarily the result of a $113.4 million increase in accounts receivable, net, which increased due to our growing customer base and timing of collections from our customers, a $101.5 million increase in deferred contract acquisition costs due to increased sales commissions from the addition of new customers, a $40.0 million increase in payments for operating lease liabilities, a $22.1 million increase in prepaid expenses and other current assets related to operating activities, which were partially offset by a $134.5 million increase in deferred revenue, a $25.8 million increase in accrued expenses and other current liabilities related to operating activities, and a $11.8 million increase in accounts payable related to operating activities.
Net cash provided by operating activities during the year ended December 31, 2022 was $123.6 million, which resulted from a net loss of $193.4 million, adjusted for non-cash charges of $396.3 million and net cash outflow of $79.3 million from changes in operating assets and liabilities. Non-cash charges primarily consisted of $202.8 million for stock-based compensation expense, $102.3 million for depreciation and amortization expense, $45.1 million for amortization of deferred contract acquisition costs, $36.3 million for non-cash operating lease costs, $4.8 million for provision for bad debt, and $4.7 million for amortization of convertible note issuance costs. The net cash
88

outflow from changes in operating assets and liabilities was primarily the result of a $67.9 million increase in deferred contract acquisition costs due to increased sales commissions from the addition of new customers, a $56.2 million increase in accounts receivable, net, which increased due to our growing customer base and timing of collections from our customers, a $31.7 million decrease in operating lease liabilities, a $9.6 million decrease in accounts payable related to operating activities, a $7.7 million increase in prepaid expenses and other current assets related to operating activities, a $5.4 million decrease in accrued expenses and other current liabilities related to operating activities, and a $2.2 million increase in contract assets, which were partially offset by a $102.2 million increase in deferred revenue.
Investing Activities
Net cash used in investing activities during the year ended December 31, 2023 of $186.2 million resulted primarily from the purchases of available-for-sale securities of $1,877.5 million, capital expenditures of $114.4 million, capitalization of internal-use software development costs of $20.5 million, and cash paid for asset acquisitions of $6.1 million. These activities were partially offset by the maturities of available-for-sale securities of $1,812.0 million and the sales of available-for-sale securities of $20.2 million.
Net cash used in investing activities during the year ended December 31, 2022 of $235.7 million resulted primarily from the purchases of available-for-sale securities of $1,133.0 million, capital expenditures of $143.6 million, cash paid for acquisitions, net of cash acquired of $88.2 million, and capitalization of internal-use software development costs of $19.8 million. These activities were partially offset by the maturities of available-for-sale securities of $1,148.8 million.
Financing Activities
Net cash used in financing activities of $192.2 million during the year ended December 31, 2023 was primarily due to $207.6 million of repayments of the 2025 Notes, $10.5 million of payments of indemnity holdback, and $8.0 million payment of tax withholding on Restricted Stock Unit (RSU) settlements, which were partially offset by $19.1 million proceeds from the issuance of Class A common stock pursuant to the 2019 Employee Stock Purchase Plan (ESPP) and $14.9 million of proceeds from the exercise of vested and unvested stock options.
Net cash provided by financing activities of $6.3 million during the year ended December 31, 2022 was primarily due to $15.3 million proceeds from the issuance of Class A common stock pursuant to the ESPP and $10.1 million of proceeds from the exercise of vested and unvested stock options, which were partially offset by $16.6 million of repayments of the 2025 Notes, and $2.5 million payment of tax withholding on RSU settlements.
Off-Balance Sheet Arrangements
As of December 31, 2023, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities, which would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes.

Critical Accounting Estimates
Our consolidated financial statements are prepared in accordance with U.S. GAAP. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, and related disclosures. Such estimates include, but are not limited to, allowance for doubtful accounts, deferred contract acquisitions costs, the period of benefit generated from the deferred contract acquisition costs, the capitalization and estimated useful life of internal-use software, valuation of acquired intangible assets, the assessment of recoverability of intangible assets and their estimated useful lives, useful lives of property and equipment, the determination of the incremental borrowing rate used for operating lease liabilities, the valuation and recognition of stock-based compensation awards, uncertain tax positions, and the recognition and measurement of current and deferred income tax assets and liabilities. None of these estimates are critical accounting estimates for the preparation of our consolidated financial statements. Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances, and we evaluate our estimates and assumptions on an ongoing basis. Due in part to the Hamas-Israel and Russia-Ukraine conflicts, and other geopolitical and macroeconomic conditions, there is ongoing uncertainty and significant
89

disruption in the global economy and financial markets. We are not aware of any specific event or circumstance that would require an update to our estimates or assumptions or a revision of the carrying value of assets or liabilities as of February 21, 2024, the date of issuance of this Annual Report on Form 10-K. These estimates and assumptions may change in the future, however, as new events occur and additional information is obtained. Our actual results could differ from these estimates.
Change in Accounting Estimate
In January 2024, we completed an assessment of the useful lives of our servers-network infrastructure, resulting in a change in the estimated useful lives of our servers-network infrastructure from four years to five years, which we expect to result in a reduction of depreciation of approximately $20 million for the fiscal year 2024 for assets in service as of December 31, 2023, recorded primarily in cost of revenue. See Note 1 of the Notes to Consolidated Financial Statements included in Item 8 of this Annual Report on Form 10-K for information relating to the useful lives of our servers-network infrastructure.

Recent Accounting Pronouncements
Refer to Note 2 to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for more information regarding recently adopted accounting pronouncements.
Recently Issued Accounting Pronouncements Not Yet Effective
In November 2023, the FASB issued ASU 2023-07, Segment Reporting (Topic 280): Improvements to Reportable Segment Disclosures, which requires an enhanced disclosure of significant segment expenses on an annual and interim basis. The ASU is effective for annual periods beginning after December 15, 2023, and for interim periods beginning after December 15, 2024, with early adoption permitted. We are currently evaluating the impact of the new standard.
In December 2023, the FASB issued ASU 2023-09, Income Taxes (Topic 740): Improvements to Income Tax Disclosures, which requires an entity, on an annual basis, to disclose additional income tax information, primarily related to the rate reconciliation and income taxes paid. The amendment in the ASU is intended to enhance the transparency and decision usefulness of income tax disclosures. The ASU is effective for annual periods beginning after December 15, 2024. We are currently evaluating the impact of the new standard.
Item 7A. Quantitative and Qualitative Disclosures About Market Risk
We have operations in the United States and internationally, and we are exposed to market risk in the ordinary course of our business.
Interest Rate Risk
In August 2021, we issued $1,293.8 million in aggregate principal amount of the 2026 Notes. The 2026 Notes do not have regularly scheduled interest payments; therefore, we do not have economic interest rate exposure on the 2026 Notes. We carry the 2026 Notes at face value less the unamortized issuance costs on our consolidated balance sheets. Generally, the fair market value of the 2026 Notes will increase as interest rates decline and decrease as interest rates rise. In addition, the fair market value of the 2026 Notes fluctuates when the market price of our Class A common stock fluctuates.
In May 2020, we issued $575.0 million in aggregate principal amount of the 2025 Notes. In August 2021, we entered into privately-negotiated exchange agreements with certain holders of the 2025 Notes to exchange approximately $400 million in aggregate principal amount of the 2025 Notes for an aggregate of $400.7 million in cash (including accrued interest) and approximately 7.6 million shares of our Class A common stock. During the three months ended June 30, 2023, we repurchased approximately $123.0 million in aggregate principal amount of the 2025 Notes for $172.7 million in cash (including accrued interest of $0.5 million). During the three months ended September 30, 2023, we paid approximately $35.4 million in cash and delivered approximately 0.5 million shares of our Class A common stock to settle the conversion of approximately $35.4 million aggregate principal amount of the 2025 Notes. Subsequent to the conversion, none of the 2025 Notes remain outstanding.
90

As of December 31, 2023, we had cash and cash equivalents of $86.9 million and available-for-sale securities of $1,586.9 million. The carrying amount of our cash equivalents approximates fair value, due to the short maturities of these instruments. The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs, and the fiduciary control of cash and investments. Our available-for-sale securities are held for capital preservation purposes. We do not enter into investments for trading or speculative purposes.
Our cash equivalents and our investment portfolio are subject to market risk due to fluctuations in interest rates. Our future investment income may fall short of our expectations due to changes in interest rates or we may suffer losses in principal if we are forced to sell securities that decline in market value due to changes in interest rates. However, because we classify our securities as “available-for-sale,” no gains or losses are recognized due to changes in interest rates unless such securities are sold prior to maturity or declines in fair value are determined to be other-than-temporary.
A sensitivity analysis performed on our investment portfolio indicated that a hypothetical 1% increase or decrease in interest rates would have resulted in a decrease of $9.8 million or an increase of $9.8 million in the market value of our investments in available-for-sale securities as of December 31, 2023.
Foreign Currency Risk
The functional currency of our foreign subsidiaries is the U.S. dollar and our results of operations and cash flows are subject to fluctuations due to changes in foreign currency exchange rates relative to the U.S. dollar. The substantial majority of our revenue is denominated in U.S. dollars. Our expenses are generally denominated in the currencies of the countries in which our operations are located and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the British Pound, Euro, and Singapore Dollar. As exchange rates may fluctuate significantly between periods, revenue, and operating expenses, when converted into U.S. dollars, may also experience significant fluctuations between periods. During the years ended December 31, 2023, 2022, and 2021 a hypothetical 10% change in foreign currency exchange rates applicable to our business would not have had a material impact on our consolidated financial statements. To date, we have not had a formal hedging program with respect to foreign currency, but we may do so in the future if our exposure to foreign currency should become more significant.
Inflation Risk
We do not believe that inflation has had a material effect on our business, results of operations, or financial condition. Nonetheless, if our costs in connection with the operation of our business were to become subject to significant inflationary pressures, we may not be able to fully offset such higher costs through price increases. Our inability or failure to do so could harm our business, financial condition and results of operations.

91

Item 8. Financial Statements and Supplementary Data
Index to Consolidated Financial Statements


The supplementary financial information required by this Item 8, is included in Part II, Item 7, Management's Discussion and Analysis of Financial Condition and Results of Operations, under the caption "Quarterly Results of Operations Data," which is incorporated herein by reference.
92

Report of Independent Registered Public Accounting Firm
To the Stockholders and Board of Directors
Cloudflare, Inc.:

Opinions on the Consolidated Financial Statements and Internal Control Over Financial Reporting

We have audited the accompanying consolidated balance sheets of Cloudflare, Inc. and subsidiaries (the Company) as of December 31, 2023 and 2022, the related consolidated statements of operations, comprehensive loss, stockholders’ equity, and cash flows for each of the years in the three-year period ended December 31, 2023, and the related notes (collectively, the consolidated financial statements). We also have audited the Company’s internal control over financial reporting as of December 31, 2023, based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.

In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of the Company as of December 31, 2023 and 2022, and the results of its operations and its cash flows for each of the years in the three-year period ended December 31, 2023, in conformity with U.S. generally accepted accounting principles. Also in our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2023 based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.

Change in Accounting Principle

As discussed in Note 2 to the consolidated financial statements, the Company has changed its method of accounting for convertible senior notes as of January 1, 2022 due to the adoption of Accounting Standards Update 2020-06, Debt—Debt with Conversion and Other Options and Derivatives and Hedging - Contracts in Entity's Own Equity.

Basis for Opinions

The Company’s management is responsible for these consolidated financial statements, for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management's Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s consolidated financial statements and an opinion on the Company’s internal control over financial reporting based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audits to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud, and whether effective internal control over financial reporting was maintained in all material respects.

Our audits of the consolidated financial statements included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audits also included performing such other procedures as we considered necessary in the circumstances. We believe that our audits provide a reasonable basis for our opinions.

Definition and Limitations of Internal Control Over Financial Reporting

A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in
93

accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

Critical Audit Matter

The critical audit matter communicated below is a matter arising from the current period audit of the consolidated financial statements that was communicated or required to be communicated to the audit committee and that: (1) relates to accounts or disclosures that are material to the consolidated financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of a critical audit matter does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates.

Sufficiency of audit evidence over revenue from contracted customers

As discussed in Notes 2 and 3 to the consolidated financial statements, the Company recorded $1,296.7 million of total revenues for the year-ended December 31, 2023, a portion of which related to contracted customers. The Company’s revenue is generated from pay-as-you-go and contracted customers and is comprised of subscription fees to access its network and products, support services, and usage-based fees. The Company’s performance obligation primarily consists of subscription and support services, as they are provided over the same service period.

We identified the evaluation of the sufficiency of audit evidence over revenue from contracted customers as a critical audit matter. Challenging auditor judgment was required to evaluate the nature and extent of audit evidence obtained for that revenue with contracted customers due to the nature of the revenue contracts.

The following are the primary procedures we performed to address this critical audit matter. We applied auditor judgment to determine the nature and extent of procedures to be performed over revenue from contracted customers. We evaluated the design and tested the operating effectiveness of certain internal controls related to the Company’s revenue recognition process for contracted customers, including controls over the Company’s identification and evaluation of contract terms. For certain contracted customer agreements, we read a selection of contracts and evaluated the Company’s assessment of the contract terms impacting the timing of revenue recognition. For certain contracted customer transactions, we compared the amount of revenue recognized for consistency with the terms of the underlying documentation, including contracts with customers. We evaluated the sufficiency of audit evidence obtained by assessing the results of procedures performed, including the appropriateness of the nature and extent of such evidence.



/s/ KPMG LLP

We have served as the Company’s auditor since 2014.

Santa Clara, California
February 21, 2024
94


CLOUDFLARE, INC.

CONSOLIDATED BALANCE SHEETS
(in thousands, except par value)
December 31,
20232022
Assets
Current assets:
Cash and cash equivalents
$86,864 $204,178 
Available-for-sale securities
1,586,880 1,445,759 
Accounts receivable, net
248,268 148,544 
Contract assets
11,041 8,292 
Restricted cash short-term2,522 10,555 
Prepaid expenses and other current assets
47,502 70,556 
Total current assets
1,983,077 1,887,884 
Property and equipment, net322,813 286,600 
Goodwill148,047 148,047 
Acquired intangible assets, net19,564 32,483 
Operating lease right-of-use assets138,556 132,360 
Deferred contract acquisition costs, noncurrent133,236 93,145 
Restricted cash1,838 471 
Other noncurrent assets12,636 6,918 
Total assets
$2,759,767 $2,587,908 
Liabilities and Stockholders’ Equity
Current liabilities:
Accounts payable
$53,727 $35,607 
Accrued expenses and other current liabilities63,597 68,327 
Accrued compensation63,801 42,014 
Operating lease liabilities38,351 33,275 
Deferred revenue347,608 218,647 
Total current liabilities
567,084 397,870 
Convertible senior notes, net1,283,362 1,436,192 
Operating lease liabilities, noncurrent113,490 107,624 
Deferred revenue, noncurrent17,244 11,732 
Other noncurrent liabilities15,540 10,526 
Total liabilities
1,996,720 1,963,944 
Commitments and contingencies (Note 8)
Stockholders’ Equity
Class A common stock; $0.001 par value; 2,250,000 shares authorized as of December 31, 2023 and 2022; 298,089 and 286,561 shares issued and outstanding as of December 31, 2023 and 2022, respectively
297 286 
Class B common stock; $0.001 par value; 315,000 shares authorized as of December 31, 2023 and 2022; 39,443 and 43,525 shares issued and outstanding as of December 31, 2023 and 2022, respectively
40 42 
Additional paid-in capital1,784,566 1,475,423 
Accumulated deficit(1,023,840)(839,891)
Accumulated other comprehensive income (loss)
1,984 (11,896)
Total stockholders’ equity763,047 623,964 
Total liabilities and stockholders’ equity
$2,759,767 $2,587,908 

The accompanying notes are an integral part of these consolidated financial statements.
95

CLOUDFLARE, INC.
CONSOLIDATED STATEMENTS OF OPERATIONS
(in thousands, except per share data)

Year Ended December 31,
202320222021
Revenue$1,296,745 $975,241 $656,426 
Cost of revenue307,005 232,610 147,134 
Gross profit
989,740 742,631 509,292 
Operating expenses:
Sales and marketing
599,117 465,762 328,065 
Research and development
358,143 298,303 189,408 
General and administrative
217,965 179,769 119,503 
Total operating expenses1,175,225 943,834 636,976 
Loss from operations(185,485)(201,203)(127,684)
Non-operating income (expense):
Interest income
68,167 14,877 1,970 
Interest expense
(5,872)(4,984)(49,234)
Loss on extinguishment of debt(50,300) (72,234)
Other income (expense), net
(4,372)577 (794)
Total non-operating income (expense), net7,623 10,470 (120,292)
Loss before income taxes(177,862)(190,733)(247,976)
Provision for income taxes
6,087 2,648 12,333 
Net loss$(183,949)$(193,381)$(260,309)
Net loss per share attributable to common stockholders, basic and diluted
$(0.55)$(0.59)$(0.83)
Weighted-average shares used in computing net loss per share attributable to common stockholders, basic and diluted
333,656 326,332 312,321 

The accompanying notes are an integral part of these consolidated financial statements.
96

CLOUDFLARE, INC.
CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS
(in thousands)
Year Ended December 31,
202320222021
Net loss$(183,949)$(193,381)$(260,309)
Other comprehensive income (loss):
Change in unrealized gain (loss) on investments, net of tax
13,880 (9,251)(2,808)
Other comprehensive income (loss)13,880 (9,251)(2,808)
Comprehensive loss$(170,069)$(202,632)$(263,117)

The accompanying notes are an integral part of these consolidated financial statements.
97

CLOUDFLARE, INC.
CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY
(in thousands)
Class A common stockClass B common stockAdditional
paid-in
capital
Accumulated
deficit
Accumulated
other
comprehensive
income (loss)
Total
stockholders’
equity
SharesAmountSharesAmount
Balance as of December 31, 2020249,401 $249 59,239 $55 $1,236,993 $(420,520)$163 $816,940 
Issuance of common stock in connection with acquisition9 — — — 1,565 — — 1,565 
Issuance of unvested restricted stock in connection with acquisition39 — — — — — — — 
Issuance of common stock upon exercise of stock options686 1 3,727 4 21,381 — — 21,386 
Repurchases of unvested common stock(75)— — — — — — — 
Issuance of common stock related to early exercised stock options— — 42 — — — — — 
Vesting of shares issued upon early exercise of stock options— — — 2 3,877 — — 3,879 
Issuance of common stock related to settlement of RSUs1,457 1 1,297 1 (3)— — (1)
Tax withholding on RSU settlement— — (29)— (3,634)— — (3,634)
Conversion of Class B to Class A common stock18,372 18 (18,372)(18)— — —  
Equity component of convertible senior notes, net of issuance costs— — — — 262,077 — — 262,077 
Purchases of capped calls related to convertible senior notes— — — — (86,293)— — (86,293)
Issuance of common stock in connection with partial repurchase of convertible senior notes7,559 8 — — 920,241 — — 920,249 
Equity component of extinguishment of convertible senior notes— — — — (965,684)— — (965,684)
Temporary equity reclassification— — — — (4,439)— — (4,439)
Common stock issued under employee stock purchase plan260  — — 14,984 — — 14,984 
Stock-based compensation— — — — — 93,447 — — 93,447 
Net loss— — — — — (260,309)— (260,309)
Other comprehensive loss— — — — — — (2,808)(2,808)
Balance as of December 31, 2021277,708 277 45,904 44 1,494,512 (680,829)(2,645)811,359 
Cumulative effect adjustment from adoption of ASU 2020-06— — — — (318,756)34,319 — (284,437)
Issuance of common stock in connection with acquisition522 1 — — 65,504 — — 65,505 
Issuance of restricted stock in connection with acquisition52 — — — — — — — 
Issuance of common stock upon exercise of stock options249  2,194 2 9,998 — — 10,000 
Repurchases of unvested common stock(1)— — — — — — — 
Issuance of common stock related to early exercised stock options— — 41 — — — — — 
Vesting of shares issued upon early exercise of stock options— — — 1 2,861 — — 2,862 
Issuance of common stock related to settlement of RSUs1,723 2 1,125 1 (3)— —  
Tax withholding on RSU settlement— — (32)— (2,483)— — (2,483)
Conversion of Class B to Class A Common stock5,707 6 (5,707)(6)— — —  
Common stock issued under employee stock purchase plan302 — — — 15,291 — — 15,291 
Settlement of common stock in connection with convertible senior notes299 — — — (201)— — (201)
Stock-based compensation— — — — 208,700 — — 208,700 
Net loss— — — — — (193,381)— (193,381)
Other comprehensive loss— — — — — — (9,251)(9,251)
Balance as of December 31, 2022286,561 286 43,525 42 1,475,423 (839,891)(11,896)623,964 
Issuance of common stock upon exercise of stock options448 — 2,541 3 14,848 — — 14,851 
Repurchases of unvested common stock(17)— — — — — — — 
Vesting of shares issued upon early exercise of stock options— — — 1 1,760 — — 1,761 
Issuance of common stock related to settlement of RSUs3,291 3 398 1 (4)— —  
The accompanying notes are an integral part of these consolidated financial statements.
98

Tax withholding on RSU settlement(105)— (18) (7,953)— — (7,953)
Conversion of Class B to Class A Common stock7,003 7 (7,003)(7)— — —  
Common stock issued under employee stock purchase plan447 1 — — 19,082 — — 19,083 
Settlement of common stock in connection with convertible senior notes461 — — — 46 — — 46 
Stock-based compensation— — — — 281,364 — — 281,364 
Net loss— — — — — (183,949)— (183,949)
Other comprehensive income— — — — — — 13,880 13,880 
Balance as of December 31, 2023298,089 $297 39,443 $40 $1,784,566 $(1,023,840)$1,984 $763,047 
The accompanying notes are an integral part of these consolidated financial statements.
99

CLOUDFLARE, INC.
CONSOLIDATED STATEMENTS OF CASH FLOWS
(in thousands)
Year Ended December 31,
202320222021
Cash Flows From Operating Activities
Net loss
$(183,949)$(193,381)$(260,309)
Adjustments to reconcile net loss to cash provided by operating activities:
Depreciation and amortization expense
135,820 102,335 66,607 
Non-cash operating lease costs44,792 36,332 25,091 
Amortization of deferred contract acquisition costs
61,374 45,115 29,267 
Stock-based compensation expense
273,989 202,777 90,137 
Amortization of debt discount and issuance costs4,519 4,659 46,174 
Net accretion of discounts and amortization of premiums on available-for-sale securities
(44,441)(263)8,357 
Deferred income taxes
2,264 (140)8,738 
Provision for bad debt
13,637 4,828 3,804 
Loss on extinguishment of debt50,300  72,234 
Exchange of convertible senior notes attributable to the accreted interest related to debt discount (29,353)
Other
829 629 511 
Changes in operating assets and liabilities, net of effect of acquisitions:
Accounts receivable, net
(113,361)(56,195)(35,848)
Contract assets
(2,749)(2,213)(2,541)
Deferred contract acquisition costs
(101,465)(67,940)(55,411)
Prepaid expenses and other current assets
(22,125)(7,701)(2,395)
Other noncurrent assets
1,018 (539)1,534 
Accounts payable
11,781 (9,605)2,462 
Accrued expenses and other current liabilities
25,788 (5,363)58,897 
Operating lease liabilities(40,046)(31,691)(23,071)
Deferred revenue
134,473 102,204 64,390 
Other noncurrent liabilities
1,958 (253)(4,627)
Net cash provided by operating activities
254,406 123,595 64,648 
Cash Flows From Investing Activities
Purchases of property and equipment
(114,396)(143,606)(92,986)
Capitalized internal-use software
(20,546)(19,758)(14,752)
Asset acquisitions and business combinations, net of cash acquired
(6,083)(88,187)(5,605)
Purchases of available-for-sale securities
(1,877,513)(1,132,951)(1,589,265)
Sales of available-for-sale securities
20,248  25,714 
Maturities of available-for-sale securities
1,812,015 1,148,770 967,519 
Other investing activities
74 36 53 
Net cash used in investing activities(186,201)(235,696)(709,322)
Cash Flows From Financing Activities
Gross proceeds from issuance of convertible senior notes  1,293,750 
Purchases of capped calls related to convertible senior notes  (86,293)
Cash consideration paid in exchange of convertible senior debt  (370,647)
Cash paid for issuance costs on convertible senior notes  (19,797)
Repayments of convertible senior notes(207,649)(16,571) 
Proceeds from the exercise of stock options
14,851 10,000 21,385 
Proceeds from the early exercise of stock options
 113 115 
Repurchases of unvested common stock
(34)(3)(189)
Proceeds from the issuance of common stock for employee stock purchase plan19,083 15,291 14,984 
Payment of tax withholding obligation on RSU settlement(7,953)(2,483)(3,634)
Payment of indemnity holdback(10,483) (2,188)
Net cash provided by (used in) financing activities
(192,185)6,347 847,486 
Net (decrease) increase in cash, cash equivalents, and restricted cash
(123,980)(105,754)202,812 
Cash, cash equivalents, and restricted cash, beginning of period
215,204 320,958 118,146 
Cash, cash equivalents, and restricted cash, end of period
$91,224 $215,204 $320,958 
Supplemental Disclosure of Cash Flow Information:
Cash paid for interest
$670 $1,238 $3,634 
Cash paid for income taxes, net of refunds$4,454 $2,223 $1,546 
The accompanying notes are an integral part of these consolidated financial statements.
100

Cash paid for operating lease liabilities$40,747 $28,881 $22,765 
Supplemental Disclosure of Non-cash Investing and Financing Activities:
Stock-based compensation capitalized for software development
$6,641 $5,452 $3,212 
Accounts payable and accrued expenses related to property and equipment additions
$26,423 $28,979 $13,544 
Vesting of early exercised stock options
$1,761 $2,862 $3,878 
Indemnity holdback consideration associated with asset acquisitions and business combinations
$1,000 $10,483 $ 
Issuance of common stock related to an acquisition$ $65,504 $1,565 
Operating lease right-of-use assets obtained in exchange for operating lease liabilities$44,707 $33,137 $109,821 
Issuance of common stock for exchange of convertible senior notes$ $ $920,249 
The accompanying notes are an integral part of these consolidated financial statements.
101

CLOUDFLARE, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
Note 1. Organization and Basis of Presentation
Organization and Description of Business
Cloudflare, Inc. (the Company, Cloudflare, we, us, or our) is a global cloud services provider that delivers a broad range of services to businesses of all sizes and in all geographies, making them more secure, enhancing the performance of their business-critical applications, and eliminating the cost and complexity of managing individual network hardware. Cloudflare’s network serves as a scalable, easy-to-use, unified control plane to deliver security, performance, and reliability across on-premises, hybrid, cloud, and software-as-a-service (SaaS) applications. Cloudflare serves comprehensive customer needs across security and connectivity, and increasingly, the distributed and programmable nature of the Company’s network is resulting in customers building their applications on top of its network, too — including both traditional applications and those that are enhanced with artificial intelligence. The Company was incorporated in Delaware in July 2009. The Company is headquartered in San Francisco, California.
Basis of Presentation and Principles of Consolidation
The accompanying consolidated financial statements and accompanying notes have been prepared in conformity with generally accepted accounting principles in the United States (U.S. GAAP) and include the accounts of the Company and its wholly-owned subsidiaries. All intercompany balances and transactions have been eliminated in consolidation. The Company’s fiscal year ends on December 31.
Use of Estimates
The preparation of consolidated financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported and disclosed in the consolidated financial statements and accompanying notes to the consolidated financial statements. Such estimates include, but are not limited to, allowance for doubtful accounts, deferred contract acquisitions costs, the period of benefit generated from the Company’s deferred contract acquisition costs, the capitalization and estimated useful life of internal-use software, valuation of acquired intangible assets, the assessment of recoverability of intangible assets and their estimated useful lives, useful lives of property and equipment, the determination of the incremental borrowing rate used for operating lease liabilities, the valuation and recognition of stock-based compensation awards, uncertain tax positions, and the recognition and measurement of current and deferred income tax assets and liabilities. Management bases these estimates and assumptions on historical experience and on various other assumptions that are believed to be reasonable. Due in part to the Hamas-Israel and Russia-Ukraine conflicts and other macroeconomic and geopolitical conditions, there is ongoing uncertainty and significant disruption in the global economy and financial markets. The Company is not aware of any specific event or circumstance that would require an update to its estimates or assumptions or a revision of the carrying value of its assets or liabilities as of February 21, 2024, the date of issuance of this Annual Report on Form 10-K. These estimates and assumptions may change in the future, however, as new events occur and additional information is obtained. Actual results could differ materially from these estimates.
In January 2024, we completed an assessment of the useful lives of our servers-network infrastructure and adjusted the estimated useful lives of our servers-network infrastructure from four years to five years. This change in accounting estimate is effective beginning in fiscal year 2024.
Note 2. Summary of Significant Accounting Policies
Concentrations of Risks
The Company’s revenue is reliant on its customers utilizing Internet-based services. These services can be prone to rapid changes in technology and government regulation. If the Company were unable to keep pace with customers’ needs and continue to improve its technological capabilities, or if another firm were to introduce competitive products, or a government jurisdiction were to enact legislation detrimental to the Company’s business, such an event or events could adversely affect the Company’s operating results.
102

The Company serves its customers from co-location facilities located in various cities and countries around the world. The Company has internal procedures to restore services in the event of disasters at its current co-location facilities. Even with these procedures for disaster recovery in place, the Company’s services could be significantly interrupted during the implementation of restoration procedures.
The Company’s financial instruments that are exposed to concentrations of credit risk consist primarily of cash, cash equivalents, restricted cash, available-for-sale securities, and accounts receivable. Although the Company maintains cash deposits and cash equivalent balances with multiple financial institutions, the deposits, at times, may exceed federally insured limits. Cash and cash equivalents may be withdrawn or redeemed on demand. The Company believes that the financial institutions that hold its cash and cash equivalents and available-for-sale securities are financially sound and, accordingly, minimal credit risk exists with respect to these balances. The Company also maintains investments in U.S. treasury securities, U.S. government agency securities, commercial paper, and corporate bonds that carry high credit ratings and accordingly, minimal credit risk exists with respect to these balances. Cash equivalents consist of money market funds, commercial paper, and corporate bonds which are invested through financial institutions in the United States.
The Company’s accounts receivable are derived from net revenue to customers located throughout the world. The Company grants credit to its customers in the normal course of business. For the years ended December 31, 2023, 2022, and 2021, no customer accounted for more than 10% of the Company’s revenue. No customer represented 10% or more of accounts receivable, net as of December 31, 2023 and 2022.
Revenue Recognition
In accordance with ASC 606, revenue is recognized when a customer obtains control of promised services. The amount of revenue recognized reflects the consideration that the Company expects to be entitled to receive in exchange for these services. To achieve this standard, the Company applies the following five steps:
1. Identify the contract with a customer
2. Identify the performance obligations in the contract
3. Determine the transaction price
4. Allocate the transaction price to performance obligations in the contract
5. Recognize revenue when or as the Company satisfies a performance obligation
The Company generates sales directly through its sales team and through its channel partners. Revenue from sales to channel partners are recorded once all revenue recognition criteria above are met. Channel partners generally receive an order from an end-customer prior to placing an order with the Company. Payment from channel partners is not contingent on the partner’s collection from end-customers. The Company’s performance obligation primarily consists of subscription and support services that are provided over the same service period.
Variable Consideration
If the Company’s services do not meet certain service level commitments, its customers are entitled to receive service credits, and in certain cases, refunds, each representing a form of variable consideration. Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of these forms of variable consideration to the extent that a significant reversal of cumulative revenue is probable to not occur in a future period. The Company has historically not experienced any incidents that had a material impact on its consolidated financial statements. Accordingly, any estimated refunds related to these agreements in the consolidated financial statements are not material during the periods presented. Usage-based consideration is primarily related to fees charged for the Company’s customer’s use of excess bandwidth when accessing the Company’s network and products in a given period and is recognized as revenue in the period in which the usage occurs.
Subscription and Support Revenue
103

The Company generates revenue primarily from sales to its customers of subscriptions to access its network and products, together with related support services. Arrangements with customers generally do not provide the customer with the right to take possession of the Company’s software operating its global network and products at any time. Instead, customers are granted continuous access to the Company’s global network and products over the contractual period. Access to the Company’s network and products is considered a monthly series comprising one performance obligation. A time-elapsed output method is used to measure progress because the Company transfers control evenly over the contractual period. Accordingly, the fixed consideration related to subscription and support revenue is generally recognized on a straight-line basis over the contract term beginning on the date that the Company’s service is made available to the customer. Usage-based consideration is primarily related to fees charged for the Company’s customer’s use of excess bandwidth when accessing the Company’s network and products in a given period and is recognized as revenue in the period in which the usage occurs.
The subscription and support term contracts for the Company’s contracted customers, typically range from one to three years. Most of the Company’s contracts with contracted customers are non-cancelable over the contractual term. Customers may have the right to terminate their contracts for cause, if the Company fails to perform in accordance with the contractual terms. For the Company’s pay-as-you-go customers, which consist of customers that sign up for the Company's Pro or Business subscription plans through the Company's website (and which the Company previously referred to as self-serve customers), subscription and support terms of service are typically monthly.
Costs to Obtain and Fulfill a Contract
The Company capitalizes sales commission and associated payroll taxes paid to internal sales personnel that are incremental to the acquisition of channel partner and direct customer contracts. These costs are recorded as deferred contract acquisition costs on the consolidated balance sheets. The Company determines whether costs should be deferred based on its sales compensation plans, if the commissions are in fact incremental and would not have occurred absent the customer contract.
Sales commissions for renewal of a contract are not considered commensurate with the commissions paid for the acquisition of the initial contract. Commissions paid upon the initial acquisition of a contract are amortized over an estimated period of benefit of three years while commissions paid for renewal contracts are amortized over the contractual term of the renewals. Amortization of deferred contract acquisition costs is recognized on a straight-line basis commensurate with the pattern of revenue recognition and included in sales and marketing expense in the consolidated statements of operations. The Company determines the period of benefit for commissions paid for the acquisition of the initial contract by taking into consideration the expected subscription term and expected renewals of its customer contracts, the duration of its relationships with its customers, customer retention data, its technology development lifecycle, and other factors. The Company periodically reviews the carrying amount of deferred contract acquisition costs to determine whether events or changes in circumstances have occurred that could impact the period of benefit of these deferred costs.
Accounts Receivable and Allowance
Accounts receivable are recorded at the invoiced amount and are non-interest bearing. Accounts receivable are stated at their net realizable value, net of a sales allowance and an allowance for doubtful accounts. Credit is extended to customers based on an evaluation of their financial condition and other factors. The Company establishes a sales allowance at the time of revenue recognition based on its history of adjustments and credits provided to customers. In determining the necessary allowance for doubtful accounts, the Company considers the current aging and financial condition of its customers, the amount of receivables in dispute, and current payment patterns. Accounts receivable are written off against the allowance when management determines a balance is uncollectible and the Company no longer actively pursues collection of the receivable. The Company does not have any off-balance-sheet credit exposure related to its customers.
Cost of Revenue
Cost of revenue consists primarily of expenses that are directly related to providing the Company's service to its paying customers. These expenses include expenses related to operating in co-location facilities, network and bandwidth costs, depreciation of the Company's equipment located in co-location facilities, certificate authority services costs for paying customers, related overhead costs, the amortization of the Company's capitalized internal-use software, and the amortization of acquired developed technologies. Cost of revenue also includes employee-
104

related costs, including salaries, bonuses, benefits, and stock-based compensation for employees whose primary responsibilities relate to supporting the Company's paying customers and delivering paid customer support. Other costs included in cost of revenue include credit card fees related to processing customer transactions and allocated overhead costs.
Research and Development
The Company charges costs related to research, design, and development of products to research and development expense in the consolidated statements of operations as incurred. Research and development expenses support the Company's efforts to add new features to its existing offerings and to ensure the security, performance, and reliability of its global network. The majority of the Company's research and development expenses result from employee-related costs, including salaries, bonuses and benefits, consulting costs, depreciation of equipment used in research and development, and allocated overhead costs.
Advertising Expense
Advertising costs are charged to sales and marketing expense in the consolidated statements of operations as incurred. Advertising expense for the years ended December 31, 2023, 2022, and 2021 was $57.6 million, $43.5 million, and $36.2 million, respectively.
Stock-based Compensation
The Company measures and recognizes stock-based compensation expense based on the grant date fair value of the awards. The Company accounts for forfeitures as they occur. The grant date fair value of restricted stock units (RSUs) is estimated based on the fair value of the Company's underlying common stock. The grant date fair value of stock options with service-based vesting only is estimated using the Black-Scholes option pricing model. The grant date fair value of stock options with market conditions is estimated using the Monte Carlo simulation pricing model. The grant date fair value and the stock-based compensation expense related to purchase rights issued under the 2019 Employee Stock Purchase Plan (ESPP) is estimated using the Black-Scholes option pricing model and is based on the estimated number of awards as of the beginning of the offering period, respectively.
The Black-Scholes and Monte Carlo simulation option pricing models require the use of highly subjective assumptions, including the award’s expected term, the fair value of the underlying common stock, the expected volatility of the price of the common stock, risk-free interest rates, and the expected dividend yield of the common stock.
The assumptions used to determine the fair value of the stock-based awards are management’s best estimates and involve inherent uncertainties and the application of judgment. The expected term represents the period that the Company’s stock-based awards are expected to be outstanding. As the Company does not have sufficient historical experience for determining the expected term of the stock option awards granted, it has based its expected term on the simplified method available under U.S. GAAP.
Stock-based compensation expense for awards with service-based vesting only is recognized on a straight-line basis over the requisite service period of the awards, which is generally four years. Stock-based compensation expense for awards with service and market conditions is recognized on a graded attribution basis over the requisite service period of the awards as derived from the Monte Carlo simulation pricing model.
The 2010 Plan (as defined in Note 10 to these consolidated financial statements) allows for the early exercise of stock options for certain individuals as determined by the Company’s Board of Directors. Shares of common stock issued upon early exercises of unvested options are not deemed, for accounting purposes, to be issued until those shares vest according to their respective vesting schedules and accordingly, the consideration received for early exercises is initially recorded as a liability and reclassified to common stock and additional paid-in capital as the underlying awards vest. Stock options that are early exercised are subject to a repurchase option that allows the Company to repurchase within six months of an individual’s termination for any reason, including death and disability (or in the case of shares issued upon exercise of an option after termination, within six months of the date of exercise), any unvested shares of such individual for a repurchase price equal to the amount previously paid by the individual for such unvested shares. Liability for early exercise of unvested stock options and the related number of unvested shares subject to repurchase were not material as of December 31, 2023 and 2022.
105

Income Taxes
The Company accounts for income taxes using the asset and liability method. Deferred income taxes are recognized by applying the enacted statutory tax rates applicable to future years to differences between the carrying amounts of existing assets and liabilities and their respective tax bases and net operating loss and tax credit carryforwards. The effect of a change in tax rates on deferred tax assets and liabilities is recognized in the period that includes the enactment date. The measurement of deferred tax assets is reduced, when necessary, by a valuation allowance to amounts that are more likely than not to be realized.
The Company recognizes tax benefits from uncertain tax positions only if it believes that it is more likely than not that the tax position will be sustained on examination by the taxing authorities based on the technical merits of the position.
Foreign Currency Remeasurement
The Company's functional currency of its foreign subsidiaries is the U.S. dollar. The monetary assets and liabilities that are denominated in a currency other than the U.S. dollar of the Company's foreign subsidiaries are remeasured into U.S. dollars at the exchange rate on the balance sheet date, while nonmonetary items are remeasured at historical rates. Revenue and expenses are remeasured at average exchange rates during the period. Transaction gains and losses that arise from exchange rate fluctuations on transactions denominated in a currency other than the functional currency are included in other income (expense), net in the consolidated statements of operations. Remeasurement gains and losses were not material for all periods presented.
Cash and Cash Equivalents
Cash and cash equivalents consist of highly liquid investments with an original maturity from the date of purchase of 90 days or less.
Restricted Cash
The Company's restricted cash at December 31, 2023 is primarily related to irrevocable standby letters of credit and bank guarantees that are required under lease agreements and indemnity holdback consideration associated with acquisition of an intangible asset. Restrictions typically lapse at the end of the lease or holdback term, and the Company classifies restricted cash as current or non-current based on the remaining term of the restriction.
The Company's restricted cash at December 31, 2022 is primarily related to indemnity holdback consideration associated with business combinations. Restrictions typically lapse at the end of the holdback term, and the Company classifies restricted cash as current or non-current based on the remaining term of the restriction.
Available-for-sale Securities
The Company’s available-for-sale securities consist of U.S. treasury securities, U.S. government agency securities, commercial paper, and corporate bonds. The Company has designated all securities held by it as available-for-sale and therefore, such securities are reported at fair value, with unrealized gains and losses recorded in accumulated other comprehensive income (loss) on the consolidated balance sheets. For securities sold prior to maturity, the cost of securities sold is based on the specific identification method. Realized gains and losses on the sale of available-for-sale securities are recorded in other income (expense), net in the consolidated statements of operations. All securities are classified within current assets as such securities can be liquidated to fund current operations without penalty.
Other-than-temporary Impairment
All of the Company’s investments are subject to a periodic impairment review. The Company recognizes an impairment charge when a decline in the fair value of its investments below the cost basis is determined to be other-than-temporary. Factors considered in determining whether a loss is temporary include the extent and length of time the investment’s fair value has been lower than its cost basis, the financial condition and near-term prospects of the investee, the extent of the loss related to credit of the issuer, the expected cash flows from the security, the Company’s intent to sell the security, and whether or not the Company will be required to sell the security prior to
106

the expected recovery of the investment’s amortized cost basis. No such impairment charges were recorded during the years ended December 31, 2023, 2022, and 2021.
Fair Value Measurements
The Company's available-for-sale securities are recorded at fair value. The Company’s cash and cash equivalents and restricted cash are recorded at cost, which approximates fair value. Additionally, accounts receivable, accounts payable, and accrued expenses approximates fair value due to their short-term nature.
Property and Equipment
Property and equipment are stated at cost, net of accumulated depreciation. Depreciation is computed on a straight-line basis over the estimated useful lives of the assets, which is generally as follows:
Useful Lives
Servers—network infrastructure4 years
Buildings30 years
Office and computer equipment3 years
Office furniture3 years
Software3 years
Leasehold improvementsLesser of useful life or term of lease
Asset retirement obligationLesser of useful life or term of lease
Expenditures for maintenance and repairs are expensed as incurred.
Capitalized Internal-Use Software Development Costs
Certain development costs related to the Company’s global network and products during the application development stage are capitalized. Costs incurred in the preliminary stages of development are analogous to research and development activities and are expensed as incurred. The preliminary stage includes such activities as conceptual formulation of alternatives, evaluation of alternatives, determination of existence of needed technology, and final selection of alternatives. Once the application development stage is reached, internal and external costs are capitalized until the software is substantially complete and ready for its intended use. Capitalized costs are recorded as part of property and equipment, net. Capitalized internal-use software is amortized on a straight-line basis over its estimated useful life, which is generally three years, and is recorded as cost of revenue in the consolidated statements of operations.
Business Combinations
The Company includes the results of operations of the businesses that the Company acquires from the date of acquisition. The fair value of the assets acquired and liabilities assumed is based on their estimated fair values as of the respective date of acquisition. Upon early adoption of Accounting Standards Update (ASU) 2021-08, Business Combinations (Topic 805): Accounting for Contract Assets and Contract Liabilities from Contracts with Customers, effective January 1, 2022, the Company measures and recognizes contract assets and contract liabilities acquired in a business combination on the acquisition date in accordance with ASC 606. Refer to Recent Accounting Pronouncements sub-section below for further detail of the adoption of ASU 2021-08. The excess purchase price over the fair value of the net assets acquired and liabilities assumed is recorded as goodwill. Where the purchase price is less than the fair value of the net assets acquired and liabilities assumed, the difference is recorded as a bargain purchase gain. Determining the fair value of assets acquired and liabilities assumed requires significant judgment and estimates including the selection of valuation methodologies, future expected cash flows, discount rates, and useful lives. The Company’s estimates of fair value are based on assumptions believed to be reasonable, but which are inherently uncertain and, as a result, actual results may differ from estimates. During the measurement period, not to exceed one year from the date of acquisition, the Company may record adjustments to the assets acquired and liabilities assumed with a corresponding offset to goodwill. At the conclusion of the measurement period, or final determination of the values of assets acquired or liabilities assumed, whichever comes first, any subsequent adjustments are reflected in the consolidated statements of operations.
107

When the Company issues payments or grants of equity to selling stockholders in connection with an acquisition, the Company evaluates whether the payments or awards are compensatory. This evaluation includes whether cash payments or stock award vesting is contingent on the continued employment of the selling stockholder beyond the acquisition date. If continued employment is required for the cash to be paid or stock awards to vest, the award is treated as compensation for post-acquisition services and is recognized as compensation expense.
Transaction costs associated with business combinations are expensed as incurred, and are included in general and administrative expense in the Company’s consolidated statements of operations.
Convertible Senior Notes
Prior to January 1, 2022, the Company accounted for its 0.75% Convertible Senior Notes due 2025 (the 2025 Notes) and its 0.00% Convertible Senior Notes due 2026 (the 2026 Notes and together with the 2025 Notes, the Notes) as separate liability and equity components. On issuance, the carrying amount of the liability component was calculated by measuring the fair value of a similar debt instrument that did not have an associated convertible feature. The carrying amount of the equity component, representing the conversion option, was calculated by deducting the fair value of the liability component from the total principal of the Notes. The excess of the principal amount of the liability component over its book value (debt discount) is amortized to interest expense over the term of the Notes. In accounting for the issuance costs related to the Notes, the allocation of issuance costs incurred between the liability and equity components was based on their relative values. Issuance costs attributable to the liability component are being amortized over the contractual term of the Notes.
Effective January 1, 2022, the Company adopted ASU 2020-06. As a result, the Notes are each accounted for as a single liability measured at its amortized cost, as no other embedded features require bifurcation and recognition as derivatives, thereby eliminating the subsequent amortization of the debt discount as interest expense. For further details on the ASU 2020-06 adoption, refer to Recent Accounting Pronouncements section below.
Transactions involving contemporaneous exchanges of cash between the same debtor and creditor in connection with the issuance of a new debt obligation and satisfaction of an existing debt obligation by the debtor are evaluated as a modification or an exchange transaction depending on whether the exchange is determined to have substantially different terms. For exchange transactions that are considered an extinguishment of debt, the total consideration for such an exchange is separated into liability and equity components by estimating the fair value of a similar liability without a conversion option and assigning the residual value to the equity component. The gain or loss on extinguishment of the debt is subsequently determined by comparing repurchase consideration allocated to the liability component to the sum of the carrying value of the liability component, net of the proportionate amounts of unamortized debt discount and remaining unamortized debt issuance costs.
Goodwill and Intangible Assets
Goodwill represents the excess of the purchase price of an acquired business over the fair value of the net tangible and identifiable intangible assets acquired. The carrying amount of goodwill is reviewed for impairment at least annually, in the fourth quarter, or whenever events or changes in circumstances indicate that the carrying value may not be recoverable. At December 31, 2023 and 2022, the Company had a single operating segment and reporting unit structure. As part of the annual goodwill impairment test, the Company first performs a qualitative assessment to determine whether further impairment testing is necessary. If, as a result of the qualitative assessment, it is more likely than not that the fair value of the reporting unit is less than its carrying amount, the quantitative impairment test will be required. If the Company has determined it necessary to perform a quantitative impairment assessment, the Company will compare the fair value of the reporting unit with its carrying amount and recognize an impairment charge for the amount by which the carrying amount exceeds the reporting unit’s fair value, limited to the total amount of goodwill of the reporting unit. The Company did not recognize any goodwill impairment charges for any of the periods presented.
Intangible assets are carried at cost, net of accumulated amortization. Intangible assets are amortized on a straight-line basis over their estimated useful lives. The Company estimates the useful life by estimating the expected period of economic benefit. The estimated useful life of the Company’s acquired developed technology and trade name intangible assets is two years and the estimated useful life of the Company's acquired customer relations intangible assets is eight years.
108

Indefinite lived intangibles are assessed annually for impairment, which includes an assessment of whether there were any triggering events that required an impairment assessment of the Company’s definite lived intangible assets, and whether it was more likely than not that the Company’s indefinite lived intangible asset was impaired. The Company performed an evaluation for impairment and determined there were no impairments for the years ended December 31, 2023, 2022, and 2021.
Impairment of Long-Lived Assets
The Company evaluates long-lived assets, which include depreciable tangible assets, for impairment whenever events or changes in circumstances indicate that the carrying value of long-lived assets may not be recoverable. The recoverability of these assets is measured by comparing the carrying amounts to the future undiscounted cash flows these assets are expected to generate. The Company recognizes an impairment in the event the carrying amount of such assets exceeds the fair value attributable to such assets. There were no events or changes in circumstances that indicated the long-lived assets were impaired during any of the periods presented.
Operating Leases
The Company enters into lease arrangements for real estate assets related to office space and for co-location assets related to space and equipment located in co-location facilities. The Company determines if an arrangement is, or contains, a lease at its inception by assessing whether there is an identified asset and whether the arrangement conveys the right to control the use of the identified asset in exchange for consideration for a period of time. All of the Company's leases are classified as operating leases. At lease commencement, the Company recognizes right-of-use assets, operating lease liabilities, and operating lease liabilities, noncurrent in the Company’s consolidated balance sheets, with the exception of short-term leases with an original term of 12 months or less. Right-of-use assets represent the Company's right to use an underlying asset for the lease term including any renewal options that it is reasonably certain to exercise. The Company generally uses the base, non-cancelable lease term when initially recognizing the right-of-use assets and lease liabilities, unless it is reasonably certain that a renewal or termination option will be exercised. A lease may be modified subsequent to its initial measurement for changes in reasonably certain holding period related to significant events. Such events include, but are not limited to, significant leasehold improvements, and points in time when the Company elects to exercise an option that it was not previously reasonably certain to exercise. Operating lease liabilities represent the present value of the Company's obligation to make payments arising from the lease. Right-of-use assets are initially measured based on the corresponding lease liability adjusted for (i) payments made to the lessor at or before the commencement date, (ii) initial direct costs incurred and (iii) tenant incentives received, incurred or payable under the lease. Right-of-use assets are periodically reviewed for impairment. Lease liabilities are initially measured at the present value of total minimum lease payments not yet paid. As the implicit rate of the Company's leases is not determinable, the Company uses an incremental borrowing rate (IBR) based on the information available at the lease commencement date in determining the present value of lease payments. Minimum lease payments consist of the fixed payments under the arrangement and variable payments that depend on an underlying index or rate, less any lease incentives such as tenant improvement allowances not yet received at commencement date. Variable lease costs that do not depend on an index or a rate are expensed as incurred and not included within the calculation of right-of-use assets and lease liabilities. The Company's operating lease arrangements contain both lease and non-lease components. At inception of an arrangement for co-location assets related to space and equipment located in co-location facilities, the Company allocates the consideration to the lease and non-lease components and recognizes a right-of-use asset and corresponding lease liability for only the lease components. Lease expense for operating leases is recognized on a straight-line basis over the term of the lease.
Legal Contingencies
The Company accrues a liability for an estimated loss for legal contingencies if the potential loss from any claim or legal proceeding is considered probable, and the amount can be reasonably estimated. The Company believes there are no legal proceedings pending that could have, individually or in the aggregate, a material adverse effect on its results of operations or financial condition.
Net Loss per Share Attributable to Common Stockholders
Basic and diluted net loss per share attributable to common stockholders is presented in conformity with the two-class method required for multiple classes of common stock and participating securities. The Company considers any shares issued on the early exercise of stock options subject to repurchase to be participating securities
109

because holders of such shares have nonforfeitable dividend rights in the event a dividend is paid on common stock. Under the two-class method, net income is attributed to common stockholders and participating securities based on their participation rights. The holders of early exercised shares subject to repurchase do not have a contractual obligation to share in the losses of the Company. As such, the Company’s net losses for the years ended December 31, 2023, 2022, and 2021 were not allocated to these participating securities. The rights, including the liquidation and dividend rights, of the Class A common stock and Class B common stock are substantially identical, other than voting rights. Accordingly, the Class A common stock and Class B common stock share proportionately in the Company’s net losses.
Under the two-class method, basic net loss per share attributable to common stockholders is computed by dividing the net loss attributable to common stockholders by the weighted-average number of shares of common stock outstanding during the period, less shares subject to repurchase. Vested RSUs that have not been settled have been included in the appropriate common share class used to calculate basic net loss per share.
Diluted net loss per share attributable to common stockholders adjusts basic net loss per share for the effect of dilutive securities, including awards under the Company's equity incentive plans. As the Company has reported losses for all periods presented, all potentially dilutive securities are antidilutive and accordingly, basic net loss per share equals diluted net loss per share.
Segment and Geographic Information
The Company has one reportable and operating segment. Financial information about the Company’s operating segment and geographic areas is presented in Note 14 to these consolidated financial statements.
Recent Accounting Pronouncements
Recently Adopted Accounting Pronouncements
The Company adopted ASU 2020-06, Debt—Debt with Conversion and Other Options (ASC 470-20) and Derivatives and Hedging - Contracts in Entity's Own Equity (ASC 815-40), effective January 1, 2022 using the modified retrospective method and therefore financial information for periods before January 1, 2022 were not impacted. Adoption of ASU 2020-06 resulted in an increase in the carrying value of the Notes by approximately $288.9 million, of which $4.4 million was classified as a current portion of convertible senior notes, net, to reflect the full principal amount of the Notes outstanding, net of unamortized debt discount and issuance costs, a decrease in additional paid-in capital of approximately $318.8 million and temporary equity, convertible senior notes of approximately $4.4 million to remove the equity component separately recorded for the conversion option associated with the Notes and its allocated issuance costs, and a cumulative-effect adjustment of approximately $34.3 million to the beginning balance of accumulated deficit as of January 1, 2022.
In October 2021, the Financial Accounting Standards Board (FASB) issued ASU 2021-08, Business Combinations (Topic 805): Accounting for Contract Assets and Contract Liabilities from Contracts with Customers, which requires contract assets and contract liabilities acquired in a business combination to be recognized and measured by the acquirer on the acquisition date in accordance with ASC Topic 606, Revenue from Contracts with Customers. Historically, such assets and liabilities are recognized by the acquirer at fair value in accordance with Topic 805.The ASU is effective for interim and annual periods beginning after December 15, 2022, on a prospective basis, with early adoption permitted. The Company early adopted this standard effective January 1, 2022, and such adoption did not have a material impact on its consolidated financial statements.
Reclassification of prior year presentation
Certain prior year amounts have been reclassified for consistency with the current year presentation. Specifically, Liability for early exercise of unvested stock options, which was previously presented as a separate line item on the consolidated balance sheets, is now included within Accrued expense and other current liabilities.
Note 3. Revenue
Disaggregation of Revenue
110

Subscription and support revenue is recognized over time and accounted for substantially all of the Company’s revenue for the years ended December 31, 2023, 2022, and 2021.
The following table summarizes the revenue by region based on the billing address of customers who have contracted to use the Company’s global network and products:
Year Ended December 31,
202320222021
(dollars in thousands)
AmountPercentage
of Revenue
AmountPercentage
of Revenue
AmountPercentage
of Revenue
United States$678,184 52 %$515,722 53 %$342,578 52 %
Europe, Middle East, and Africa
356,569 28 %258,291 26 %172,129 26 %
Asia Pacific168,826 13 %133,353 14 %96,537 15 %
Other93,166 7 %67,875 7 %45,182 7 %
Total$1,296,745 100 %$975,241 100 %$656,426 100 %
The following table summarizes the revenue from contracts by type of customer:
Year Ended December 31,
202320222021
(dollars in thousands)
AmountPercentage
of Revenue
AmountPercentage
of Revenue
AmountPercentage
of Revenue
Channel partners
$202,404 16 %$122,522 13 %$73,802 11 %
Direct customers
1,094,341 84 %852,719 87 %582,624 89 %
Total$1,296,745 100 %$975,241 100 %$656,426 100 %
Contract Balances
Contract liabilities consist of deferred revenue and include payments received in advance of performance under the contract. Such amounts are recognized as revenue over the contractual period. For the years ended December 31, 2023, 2022, and 2021 the Company recognized revenue of $220.0 million, $116.0 million, and $55.3 million, respectively, that was included in the corresponding contract liability balance at the beginning of the periods presented.
The Company receives payments from customers based upon contractual billing schedules; accounts receivable are recorded when the right to consideration becomes unconditional. Standard payment terms are due upon receipt. Contract assets include amounts related to the Company’s contractual right to consideration for both completed and partially completed performance obligations that have not been invoiced.
The following table summarizes the activity of the deferred contract acquisition costs:
Year Ended December 31,
202320222021
(in thousands)
Beginning balance$93,145 $70,320 $44,176 
Capitalization of contract acquisition costs
101,465 67,940 55,411 
Amortization of deferred contract acquisition costs
(61,374)(45,115)(29,267)
Ending balance$133,236 $93,145 $70,320 
111


The Company did not recognize any impairment losses of deferred contract acquisition costs during the periods presented.
Remaining Performance Obligations
As of December 31, 2023, the aggregate amount of the transaction price allocated to remaining performance obligations was $1,244.6 million. As of December 31, 2023, the Company expected to recognize 73% of its remaining performance obligations as revenue over the next 12 months with the remainder recognized thereafter.

Note 4. Fair Value Measurements
Fair value is defined as the exchange price that would be received from sale of an asset or paid to transfer a liability in the principal or most advantageous market for the asset or liability in an orderly transaction between market participants on the measurement date.
Assets and liabilities measured at fair value are classified into the following categories:
Level I: Observable inputs are unadjusted quoted prices in active markets for identical assets or liabilities;
Level II: Observable inputs are quoted prices for similar assets and liabilities in active markets or inputs other than quoted prices that are observable for the assets or liabilities, either directly or indirectly through market corroboration, for substantially the full term of the financial instruments; and
Level III: Unobservable inputs that are supported by little or no market activity and that are significant to the fair value of the assets or liabilities. These inputs are based on the Company’s own assumptions used to measure assets and liabilities at fair value and require significant management judgment or estimation.
The Company's cash equivalents and restricted cash are comprised of highly liquid money market funds. The Company classifies money market funds within Level I of the fair value hierarchy because they are valued based on quoted market prices in active markets. The Company classifies its investments, which are comprised of U.S. treasury securities, U.S. government agency securities, commercial paper, and corporate bonds, within Level II of the fair value hierarchy because the fair value of these securities is priced by using inputs based on non-binding market consensus prices that are primarily corroborated by observable market data or quoted market prices for similar instruments. The Company recognizes transfers between levels within the fair value hierarchy, if any, at the end of each period. There were no transfers between levels during the periods presented.
The following table summarizes the Company’s cash and available-for-sale securities’ amortized cost, unrealized gains (losses), and fair value by significant investment category reported as cash and cash equivalents, restricted cash short-term, restricted cash, or available-for-sale securities as of December 31, 2023 and 2022.
112

(in thousands)    Reported as:
December 31, 2023Amortized
Cost
Unrealized
Gain
Unrealized
(Loss)
Fair ValueCash & Cash EquivalentsAvailable-for-sale SecuritiesRestricted Cash (Current and Non-Current)
Cash$51,189 $ $ $51,189 $46,829 $ $4,360 
Level I:
Money market funds
40,035   40,035 40,035   
Level II:
Corporate bonds
312,510 718 (378)312,850  312,850  
U.S. treasury securities
1,020,167 2,344 (544)1,021,967  1,021,967  
U.S. government agency securities
84,154 14 (96)84,072  84,072  
Commercial paper
167,989 2  167,991  167,991  
Subtotal
1,584,820 3,078 (1,018)1,586,880  1,586,880  
Total assets measured at fair value on a recurring basis
$1,676,044 $3,078 $(1,018)$1,678,104 $86,864 $1,586,880 $4,360 
(in thousands)Reported as:
December 31, 2022Amortized
Cost
Unrealized
Gain
Unrealized
(Loss)
Fair ValueCash & Cash EquivalentsAvailable-for-sale SecuritiesRestricted Cash (Current and Non-Current)
Cash$87,719 $ $ $87,719 $77,164 $ $10,555 
Level I:
Money market funds
125,450   125,450 124,979  471 
Level II:
Corporate bonds
258,617 46 (2,621)256,042 2,035 254,007  
U.S. treasury securities
818,379 20 (9,233)809,166  809,166  
U.S. government agency securities
25,283  (31)25,252  25,252  
Commercial paper
357,334   357,334  357,334  
Subtotal
1,459,613 66 (11,885)1,447,794 2,035 1,445,759  
Total assets measured at fair value on a recurring basis
$1,672,782 $66 $(11,885)$1,660,963 $204,178 $1,445,759 $11,026 
Included in prepaid expenses and other current assets on the December 31, 2022 consolidated balance sheet was $37.5 million of proceeds receivable resulting from maturities of US government agency securities that were initiated on December 31, 2022 and settled on January 3, 2023.
As of December 31, 2023, the Company had $4.4 million in total restricted cash, mainly related to irrevocable standby letters of credit and bank guarantees that are required under lease agreements and indemnity holdback consideration associated with asset acquisitions.
As of December 31, 2022, the Company had $11.0 million in total restricted cash, mainly related to indemnity holdback consideration associated with business combinations. For further details on the indemnity holdback, refer to Note 13 to these consolidated financial statements.
The aggregate fair value of the Company’s money market funds approximated amortized cost and, as such, there were no unrealized gains or losses on money market funds as of December 31, 2023 and 2022. Realized gains and losses, net of tax, were not material for December 31, 2023, 2022 and 2021, respectively.
113

The amortized cost of available-for-sale investments with maturities less than one year was $1,185.1 million and $1,251.6 million as of December 31, 2023 and 2022, respectively. The amortized cost of available-for-sale investments with maturities greater than one year was $399.7 million and $205.9 million as of December 31, 2023 and 2022, respectively.
As of December 31, 2023, net unrealized gain on investments were $2.0 million and were included in accumulated other comprehensive income on the consolidated balance sheet. As of December 31, 2022, net unrealized loss on investments were $11.9 million net of tax and were included in accumulated other comprehensive income on the consolidated balance sheet. The unrealized gains and losses on available-for-sale investments are related to U.S. treasury securities, U.S. government agency securities, commercial paper, and corporate bonds. The Company determined any unrealized losses to be temporary. Factors considered in determining whether a loss is temporary include the financial condition and near-term prospects of the investee, the extent of the loss related to the credit of the issuer, the expected cash flows from the security, the Company’s intent to sell the security, and whether or not the Company will be required to sell the security before the recovery of its amortized cost. As of December 31, 2023, the Company's investment portfolio consisted of investment grade securities with an average credit rating of AA.
The Company carries the 2026 Notes issued in August 2021 at face value less the unamortized issuance costs on its consolidated balance sheets and presents that fair value for disclosure purposes only. As of December 31, 2023, the fair value of the 2026 Notes was $1,171.4 million. The fair value of the 2026 Notes, which are classified as Level II financial instruments, was determined based on the quoted bid prices of the 2026 Notes in an over-the-counter market on the last trading day of the reporting period.
The Company classifies financial instruments in Level III of the fair value hierarchy when there is reliance on at least one significant unobservable input to the valuation model. In addition to these unobservable inputs, the valuation models for Level III financial instruments typically also rely on a number of inputs that are readily observable, either directly or indirectly. The Company’s assessment of the significance of a particular input to the fair value measurement in its entirety requires management to make judgments and consider factors specific to the asset or liability. There were no financial instruments classified as Level III of the fair value hierarchy as of December 31, 2023 and December 31, 2022.
Note 5. Balance Sheet Components
Accounts Receivable, Net
Activity in the allowance for doubtful accounts was as follows:
Year Ended December 31,
202320222021
(in thousands)
Beginning balance$3,134 $2,644 $1,703 
Provision for bad debt13,641 4,836 3,735 
Write-off of uncollectible accounts receivable(10,779)(4,346)(2,794)
Ending balance$5,996 $3,134 $2,644 
Property and Equipment, Net
114

Property and equipment, net consisted of the following:
December 31,
20232022
(in thousands)
Property and equipment:
Servers—network infrastructure$330,295 $239,828 
Construction in progress45,557 72,827 
Capitalized internal-use software75,163 88,541 
Office and computer equipment32,043 30,577 
Office furniture9,003 6,547 
Software5,422 5,962 
Leasehold improvements42,984 20,392 
Asset retirement obligation826 827 
Gross property and equipment541,293 465,501 
Less accumulated depreciation and amortization(218,480)(178,901)
Total property and equipment, net$322,813 $286,600 
Depreciation and amortization expense on property and equipment for the years ended December 31, 2023, 2022, and 2021 was $113.4 million, $84.8 million, and $62.3 million, respectively. This includes amortization expense for capitalized internal-use software which totaled $21.5 million, $20.2 million, and $17.9 million for the years ended December 31, 2023, 2022, and 2021, respectively.
Goodwill
As of December 31, 2023 and 2022, the Company's goodwill was $148.0 million. During the year ended December 31, 2022, the Company recorded $5.0 million and $120.8 million of goodwill in connection with the acquisitions of Vectrix Security, Inc. (Vectrix) and Area 1 Security, Inc. (Area 1), respectively. The Company recorded immaterial purchase accounting adjustments to Vectrix and Area 1 to revise purchase consideration and goodwill during the year ended December 31, 2022. For further details on these acquisitions, refer to Note 13 to these consolidated financial statements. No goodwill impairments were recorded during the years ended December 31, 2023 and 2022.
Acquired Intangible Assets, Net
Acquired intangible assets, net consisted of the following:
December 31, 2023
Gross Carrying
Amount
Accumulated
Amortization
Net Book
Value
(in thousands)
Developed technology$47,183 $36,893 $10,290 
Trade name1,700 1,488 212 
Customer relationships11,600 2,538 9,062 
Total acquired intangible assets, net$60,483 $40,919 $19,564 
115

December 31, 2022
Gross Carrying
Amount
Accumulated
Amortization
Net Book
Value
(in thousands)
Developed technology$40,100 $19,191 $20,909 
Trade name1,700 638 1,062 
Customer relationships11,600 1,088 10,512 
Total acquired intangible assets, net$53,400 $20,917 $32,483 
During the three months ended December 31, 2023, the Company acquired developed technology of $7.1 million for a combination of cash payments of $6.1 million and cash holdback of $1.0 million, which the Company is retaining for up to 12 months and will be payable to the seller, subject to offset by the Company for any of the seller’s indemnification obligations in connection with the asset acquisition.
Amortization of acquired intangible assets for the years ended December 31, 2023, 2022, and 2021 was $20.0 million, $15.2 million, and $2.9 million, respectively.
As of December 31, 2023, the estimated future amortization expense of acquired intangible assets was as follows:
Estimated
Amortization
(in thousands)
Year ending December 31,
2024$9,010 
2025
4,391 
2026
1,450 
2027
1,450 
2028
1,450 
Thereafter1,813 
Total$19,564 

Note 6. Leases
The Company's lease portfolio consists of real estate and co-location agreements in the United States and internationally. The real estate leases include leases for office space and have remaining lease terms of up to 7.6 years. Certain of these leases contain options that allow the Company to extend or terminate the lease agreement. The Company's co-location leases have remaining lease terms of up to 7.9 years. All of the Company's leases are classified as operating leases.
During the three months ended December 31, 2023, the Company entered a lease agreement (the Lisbon Lease) for 6,000 square meter of office space in Lisbon, Portugal. The Lisbon Lease has an accounting lease term of 84 months plus an option to renew for 12 months at 100% market rate. At lease commencement, it was not reasonably certain the renewal option will be exercised. The total fixed payments per the terms of the Lisbon Lease are approximately $15.7 million plus the Company's share of operating costs for the maturity of the lease.
On July 6, 2021, the Company entered a triple net lease (the Austin Lease) for 128,195 square feet of office space in Austin, Texas. The Austin Lease has an accounting lease term of 121 months plus two options to renew for five years each at 100% market rate. At lease commencement, it was not reasonably certain that these renewal options will be exercised. The total fixed payments per the terms of the Austin Lease are approximately $46.2 million plus the Company's share of operating costs for the maturity of the lease.
During the year ended December 31, 2021, the reasonably certain holding period for three real estate leases was modified as the Company became reasonably certain that the renewal options for these agreements would be exercised. The reasonably certain holding period for these leases increased by their respective renewal term
116

lengths, which amounted to an additional undiscounted cash payment of $53.8 million based on the terms of their existing agreements.
The Company subleased one of its leased office spaces. The lease term of the sublease terminated during the year ended December 31, 2021. Sublease income, which is recorded as a reduction of rent expense, was $1.1 million for the year ended December 31, 2021.
The components of lease cost related to the Company's operating leases included in the consolidated statements of operations were as follows:
Year Ended December 31,
202320222021
(in thousands)
Operating lease cost$44,792 $36,332 $25,091 
Sublease income  (1,096)
Total lease cost$44,792 $36,332 $23,995 
Variable lease cost and short-term lease cost for the years ended December 31, 2023, 2022, and 2021, were not material.
As of December 31, 2023, the Company had $35.9 million of total undiscounted future payments under operating leases that have not yet commenced, which were not included on the consolidated balance sheet. These operating leases will commence between January 2024 and July 2026 and have an average lease term of 3.7 years.
As of December 31, 2023 and 2022, the weighted-average remaining term of the Company’s operating leases was 4.9 years and 5.4 years, respectively, and the weighted-average discount rate used to measure the present value of the operating lease liabilities was 4.6% and 4.0%, respectively.

Maturities of the operating lease liabilities as of December 31, 2023 are as follows:
December 31, 2023
(in thousands)
2024$43,921 
202534,212 
202630,003 
202725,654 
202814,479 
Thereafter21,302 
Total lease payments$169,571 
Less: Imputed interest$(17,730)
Total operating lease liabilities$151,841 
117

Maturities of the operating lease liabilities as of December 31, 2022 were as follows:
December 31, 2022
(in thousands)
2023$33,902 
202432,525 
202525,340 
202622,242 
202719,172 
Thereafter24,864 
Total lease payments$158,045 
Less: Imputed interest$(17,146)
Total operating lease liabilities$140,899 

118

Note 7. Debt
2026 Convertible Senior Notes
In August 2021, the Company issued $1,293.8 million aggregate principal amount of 0% Convertible Senior Notes due 2026 (the 2026 Notes). The total proceeds from the issuance of the 2026 Notes, net of initial purchaser discounts and commissions and debt issuance costs, were $1,274.0 million.
The 2026 Notes are senior unsecured obligations of the Company and will mature on August 15, 2026, unless earlier redeemed, repurchased, or converted, and are governed by the terms of the Indenture dated August 13, 2021 (the 2026 Indenture). The 2026 Notes are 0% convertible senior notes and therefore do not bear regular cash interest.
The 2026 Notes are convertible at an initial conversion rate of 5.2263 shares of the Company's Class A common stock per $1,000 principal amount of the 2026 Notes, which is equivalent to an initial conversion price of approximately $191.34 per share, subject to adjustment upon the occurrence of specified events in accordance with the terms of the 2026 Indenture. The 2026 Notes may be converted at any time on or after May 15, 2026 until the close of business on the second scheduled trading day immediately preceding the maturity date.
Holders of the 2026 Notes may convert all or any portion of their 2026 Notes at their option at any time prior to the close of business on the business day immediately preceding May 15, 2026 only under the following circumstances:
(1) during any calendar quarter (and only during such calendar quarter), if the last reported sale price of the Company's Class A common stock for at least 20 trading days (whether or not consecutive) during a period of 30 consecutive trading days ending on, and including, the last trading day of the immediately preceding calendar quarter is greater than or equal to 130% of the conversion price on each applicable trading day;
(2) during the five business day period after any five consecutive trading day period in which the trading price per $1,000 principal amount of the 2026 Notes for each trading day of the measurement period was less than 98% of the product of the last reported sale price of the Company's Class A common stock and the conversion rate on each such trading day;
(3) if the Company calls such 2026 Notes for redemption, at any time prior to the close of business on the second scheduled trading day immediately preceding the redemption date; or
(4) upon the occurrence of specified corporate events.
None of the circumstances described in the paragraphs above were met during the quarter ended December 31, 2023.
In addition, if the 2026 Notes are converted prior to the maturity date following certain specified corporate events or because the Company issues a notice of redemption, the Company will increase the conversion rate for such 2026 Notes converted in connection with such a corporate event or during the related redemption period, as the case may be, in certain circumstances set forth in the 2026 Indenture.
Upon conversion, the Company will pay or deliver, as the case may be, cash, shares of the Company's Class A common stock, or a combination of cash and shares of the Company's Class A common stock, at the Company's election. It is the Company’s current intent to settle the principal amount of 2026 Notes in cash.
The Company may not redeem the 2026 Notes prior to August 20, 2024. The Company may redeem for cash all or any portion of the 2026 Notes (subject to the partial redemption limitation (as defined below)), at its option, on or after August 20, 2024, if the last reported sale price of the Company’s Class A common stock has been at least 130% of the conversion price then in effect for at least 20 trading days (whether or not consecutive) during any 30 consecutive trading day period (including the last trading day of such period) ending on, and including, the trading day preceding the date on which the Company provides notice of redemption at a redemption price equal to 100% of the principal amount of the 2026 Notes to be redeemed, plus any accrued and unpaid special interest to, but excluding, the redemption date. If the Company elects to redeem fewer than all of the outstanding 2026 Notes, at least $100.0 million aggregate principal amount of 2026 Notes must be outstanding and not subject to redemption as of the relevant redemption date. No sinking fund is provided for the 2026 Notes.
119

If the Company undergoes a fundamental change (as defined in the 2026 Indenture), holders of the 2026 Notes may require the Company to repurchase for cash all or any portion of their notes at a repurchase price equal to 100% of the principal amount of the 2026 Notes to be repurchased, plus accrued and unpaid special interest to, but excluding, the fundamental change repurchase date.
2026 Capped Call Transactions
In connection with the offering of the 2026 Notes, the Company entered into privately-negotiated capped call option transactions (the 2026 Capped Calls) with certain financial institution counterparties. The 2026 Capped Calls each have an initial strike price of approximately $191.34 per share of the Company's Class A common stock, subject to certain adjustments, which corresponds to the initial conversion price of the 2026 Notes. The 2026 Capped Calls each have an initial cap price of approximately $250.94 per share, subject to certain adjustments. The 2026 Capped Calls initially cover, subject to anti-dilution adjustments, approximately 6.8 million shares of the Company's Class A common stock. The 2026 Capped Calls are intended to generally offset potential dilution to the Company's Class A common stock upon conversion of the 2026 Notes and/or offset the potential cash payments that the Company could be required to make in excess of the principal amount upon any conversion, subject to the cap price. The 2026 Capped Calls are subject to either adjustment or termination upon the occurrence of certain specified events affecting the Company, including a merger event, a tender offer, and a nationalization, insolvency, or delisting involving the Company. The 2026 Capped Calls expire in incremental components on each trading date between July 17, 2026 and August 13, 2026. As of December 31, 2023, the terms of the 2026 Capped Calls have not been adjusted.
The 2026 Capped Calls are recorded in stockholders' equity and are not accounted for as derivatives. The premium paid for the purchase of the 2026 Capped Calls of $86.3 million was recorded as a reduction to additional paid-in capital on the consolidated balance sheets.
2025 Convertible Senior Notes
In May 2020, the Company issued $575.0 million aggregate principal amount of 0.75% Convertible Senior Notes due 2025 (the 2025 Notes and together with the 2026 Notes, the Notes).The 2025 Notes were senior unsecured obligations of the Company, with interest payable semi-annually in arrears, at a rate of 0.75% per year.
The 2025 Notes were convertible at an initial conversion rate of 26.7187 shares of the Company's Class A common stock per $1,000 principal amount of the 2025 Notes, which was equivalent to an initial conversion price of approximately $37.43 per share, subject to adjustment upon the occurrence of specified events in accordance with the terms of the Indenture dated May 15, 2020 (the 2025 Indenture). After the closing of the transactions described below, no 2025 Notes were outstanding as of December 31, 2023.
During the fiscal year ended December 31, 2021, the Company exchanged approximately $400.0 million aggregate principal amount of the 2025 Notes (the 2025 Notes Exchange) for an aggregate of $400.7 million in cash (including accrued interest) and approximately 7.6 million shares of the Company’s Class A common stock (the Exchange Shares) for aggregate consideration of approximately $1,321.0 million. As a result, the Company recorded a debt extinguishment loss of $72.2 million, representing the difference between the fair value of the liability component of $355.3 million and the carrying value of the 2025 Notes Exchange of $283.1 million at the closing date. The fair value of the liability component was calculated by using an effective interest rate of 4.08%, which was determined by measuring the fair value of similar debt instruments that did not have an associated convertible feature and adjusted to reflect the term of the remaining 2025 Notes. The aggregate consideration of $1,321.0 million was allocated between the fair value of the liability component of $355.3 million and the reacquisition of the equity component of $965.7 million, which was recorded as a reduction to additional paid-in capital and offset by the additional paid-in capital for the Exchange Shares issued.
During the fiscal year ended December 31, 2022, the Company settled conversions of approximately $16.6 million aggregate principal amount of the 2025 Notes. The Company elected to settle the conversions in a combination of cash equal to the principal amount of the 2025 Notes converted and the issuance of approximately 0.3 million shares of the Company's Class A common stock for the remainder of the conversion value in excess of the aggregate principal amount converted. The difference between the settlement consideration and the carrying value of the 2025 Notes converted was recorded to additional paid-in-capital on the Company's consolidated balance sheets.
120

During the three months ended June 30, 2023, the Company repurchased $123.0 million principal amount of the 2025 Notes (the 2025 Notes Repurchases) for approximately $172.7 million in cash, including approximately $0.5 million of accrued interest. The 2025 Notes Repurchases resulted in a $50.3 million loss on extinguishment of debt, of which $1.1 million consisted of unamortized debt issuance costs.
During the three months ended September 30, 2023, the Company settled conversions of approximately $35.4 million aggregate principal amount of the 2025 Notes. These conversions were exercised by the holders of the 2025 Notes in connection with the Company's issuance of a redemption notice. Pursuant to the terms of the 2025 Indenture, the conversion rate then in effect was 28.5913 shares of the Company's Class A common stock per $1,000 principal amount of the 2025 Notes, inclusive of 1.8726 additional shares added to the initial conversion rate. The Company elected to settle the conversions in a combination of cash equal to the principal amount of the 2025 Notes converted and the issuance of approximately 0.5 million shares of the Company's Class A common stock for the remainder of the conversion value in excess of the aggregate principal amount converted. The difference between the settlement consideration and the carrying value of the 2025 Notes converted was recorded to additional paid-in-capital on the Company's consolidated balance sheets. As a result of this transaction, no 2025 Notes were outstanding as of December 31, 2023.
2025 Capped Call Transactions
In connection with the offering of the 2025 Notes, the Company entered into privately-negotiated capped call option transactions (the 2025 Capped Calls and, together with the 2026    Capped Calls, the capped call transactions) with certain financial institution counterparties. The 2025 Capped Calls each have an initial strike price of approximately $37.43 per share of the Company's Class A common stock, subject to certain adjustments, which corresponds to the initial conversion price of the 2025 Notes. The 2025 Capped Calls each have an initial cap price of $57.58 per share, subject to certain adjustments. The 2025 Capped Calls initially cover, subject to anti-dilution adjustments, approximately 15.4 million shares of the Company's Class A common stock. The 2025 Capped Calls are intended to generally offset potential dilution to the Company's Class A common stock upon conversion of the 2025 Notes and/or offset the potential cash payments that the Company could be required to make in excess of the principal amount upon any conversion, subject to the cap price. The 2025 Capped Calls are subject to either adjustment or termination upon the occurrence of certain specified events affecting the Company, including a merger event, a tender offer, and a nationalization, insolvency, or delisting involving the Company. The 2025 Capped Calls expire in incremental components on each trading date between March 18, 2025 and May 13, 2025. As of December 31, 2023, the terms of the 2025 Capped Calls have not been adjusted and no 2025 Capped Calls were exercised in connection with the 2025 Notes Exchange. As of February 21, 2024, no 2025 Capped Calls were exercised in connection with the 2025 Notes conversion requests.
The 2025 Capped Calls are recorded in stockholders' equity and are not accounted for as derivatives. The premium paid for the purchase of the 2025 Capped Calls of $67.3 million was recorded as a reduction to additional paid-in capital on the consolidated balance sheets.
The net carrying amounts of the Notes were as follows:
December 31, 2023December 31, 2022
2026 Notes2025 Notes2026 Notes2025 Notes
(in thousands)
Principal$1,293,750 $ $1,293,750 $158,429 
Unamortized debt issuance costs(10,388) (14,348)(1,639)
Carrying amount, net$1,283,362 $ $1,279,402 $156,790 
The following tables set forth total interest expense recognized related to the Notes:
121

Year Ended December 31,
202320222021
2026 Notes2025 Notes2026 Notes2025 Notes2026 Notes2025 Notes
(in thousands)
Coupon interest expense$ $477 $ $1,201 $ $3,162 
Amortization of debt discount(1)
    17,971 25,834 
Amortization of debt issuance costs3,960 559 3,958 701 1,184 1,185 
Total$3,960 $1,036 $3,958 $1,902 $19,155 $30,181 
(1)As a result of the adoption of ASU 2020-06 on January 1, 2022, there is no debt discount associated with either the 2025 Notes or the 2026 Notes. Refer to Note 2 to these consolidated financial statements.
Note 8. Commitments and Contingencies
Purchase Commitments
Open purchase commitments are for the purchase of goods and services under non-cancelable contracts. They are not recorded as liabilities on the consolidated balance sheet as of December 31, 2023 as the Company has not yet received the related goods and services. Refer to the table below for purchase commitments under non-cancelable contracts with various vendors as of December 31, 2023.
Bandwidth & Co-location Commitments
The Company enters into long-term non-cancelable agreements with providers in various countries to purchase capacity, such as bandwidth and co-location space, for the Company’s global network. Bandwidth and co-location costs for paying customers are recorded as cost of revenue in the consolidated statements of operations and as sales and marketing expense in the consolidated statements of operations for free customers. Such costs totaled $143.8 million, $119.0 million, and $77.1 million for the years ended December 31, 2023, 2022, and 2021, respectively. Refer to the table below for long-term bandwidth and co-location commitments under non-cancelable contracts with various networks and Internet service providers as of December 31, 2023. For the lease components of co-location agreements, refer to Note 6 to these consolidated financial statements.
Payments Due by Period as of December 31, 2023
Total20242025202620272028Thereafter
(in thousands)
Non-cancelable:
Open purchase agreements(1)
$85,540 $28,635 $44,786 $5,647 $2,495 $749 $3,228 
Bandwidth and other co-location related commitments(2)
113,284 46,380 28,325 17,965 13,443 5,406 1,765 
Other commitments(3)
1,000 1,000      
Total$199,824 $76,015 $73,111 $23,612 $15,938 $6,155 $4,993 
(1)Open purchase commitments are for the purchase of goods and services under non-cancelable contracts. They were not recorded as liabilities on the consolidated balance sheet as of December 31, 2023 as the Company had not yet received the related goods and services.
(2)Long-term commitments for bandwidth usage and other co-location related commitments with various networks and Internet service providers. The costs for services not yet received were not recorded as liabilities on the consolidated balance sheet as of December 31, 2023.
(3)Indemnity holdback consideration associated with asset acquisitions. See Note 5.
Legal Matters
122

From time to time the Company is a party to various legal proceedings that arise in the ordinary course of business. In addition, third parties may from time to time assert claims against the Company in the form of letters and other communications. Management currently believes that there is no pending or threatened legal proceeding to which the Company is a party that is likely to have a material adverse effect on the Company’s consolidated financial statements. However, the results of legal proceedings are inherently unpredictable and if an unfavorable ruling were to occur in any of the legal proceedings there exists the possibility of a material adverse effect on the Company’s financial position, results of operations, and cash flows. The Company accrues for legal proceedings that it considers probable and for which the loss can be reasonably estimated. The Company also discloses material contingencies when it believes a loss is not probable but reasonably possible. Legal costs incurred and expected to be incurred related to litigation matters are expensed as incurred.
The Company’s network and associated products are subject to various restrictions under U.S. export control and sanctions laws and regulations, including the U.S. Department of Commerce’s Export Administration Regulations (EAR) and various economic and trade sanctions regulations administered by the U.S. Department of the Treasury’s Office of Foreign Assets Controls (OFAC). The U.S. export control laws and U.S. economic sanctions laws include restrictions or prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries, governments, persons and entities and also require authorization for the export of certain encryption items. In addition, various countries regulate the import of certain encryption technology, including through import permitting and licensing requirements and have enacted or could enact laws that could limit the Company’s ability to distribute its products through its network.
Although the Company takes precautions to prevent its network and associated products from being accessed or used in violation of such laws, the Company may have inadvertently allowed its network and associated products to be accessed or used by some customers in apparent violation of U.S. economic sanctions laws, including by users in embargoed or sanctioned countries, and the Company may have exported or allowed the download of certain software prior to making required filings with the U.S. Department of Commerce’s Bureau of Industry and Security. As a result, the Company has submitted to OFAC and to the Bureau of Industry and Security a voluntary self-disclosure concerning potential violations, and the Company has submitted a voluntary self-disclosure to the Census Bureau regarding potential violations of the Foreign Trade Regulations related to some incorrect electronic export information statements to the U.S. government for certain hardware exports, which were authorized. The voluntary self-disclosure to the Census Bureau was completed with no penalties in November 2019, and the voluntary self-disclosure to the Bureau of Industry and Security was completed with no penalties in June 2020. The voluntary self-disclosure to OFAC remains under review. If the Company is found to be in violation of U.S. economic sanctions or export control laws, it could result in substantial fines and penalties for the Company and for the individuals working for the Company. The Company may also be adversely affected through other penalties, reputational harm, loss of access to certain markets or otherwise. No loss has been recognized in the consolidated financial statements for this loss contingency as it is not probable a loss has been incurred and the range of a possible loss is not yet estimable.
Guarantees and Indemnifications
If the Company's services do not meet certain service level commitments, its contracted customers and certain of its pay-as-you-go customers are entitled to receive service credits, and in certain cases, refunds, each representing a form of variable consideration. To date, the Company has not incurred any material costs as a result of such commitments.
The Company’s arrangements generally include certain provisions for indemnifying customers against liabilities if its products or services infringe a third-party’s intellectual property rights. It is not possible to determine the maximum potential amount under these indemnification obligations due to the limited history of prior indemnification claims and the unique facts and circumstances involved in each particular agreement. To date, the Company has not incurred any material costs as a result of such obligations and has not accrued any liabilities related to such obligations in the consolidated financial statements.
The Company has also agreed to indemnify its directors, executive officers, and certain other employees for costs associated with any fees, expenses, judgments, fines, and settlement amounts incurred by them in any action or proceeding to which any of them are, or are threatened to be, made a party by reason of their service as a director or officer. The Company maintains director and officer insurance coverage that would generally enable it to recover a portion of any future amounts paid. The Company also may be subject to indemnification obligations by law with respect to the actions of its employees under certain circumstances and in certain jurisdictions.
123


Note 9. Common Stock
The Company’s amended and restated certificate of incorporation authorizes the issuance of Class A common stock and Class B common stock. The holder of each share of Class A common stock is entitled to one vote per share, while the holder of each share of Class B common stock is entitled to 10 votes per share. As of December 31, 2023 and 2022, the Company was authorized to issue 2,250,000,000 shares of Class A common stock and 315,000,000 shares of Class B common stock, each with a par value of $0.001 per share. There were 298,088,556 and 286,560,947 shares of Class A common stock issued and outstanding as of December 31, 2023 and 2022, respectively. The number of shares of Class B common stock issued and outstanding was 39,443,337 and 43,524,514, as of December 31, 2023 and 2022, respectively.
Holders of the Company’s Class A common stock and Class B common stock are entitled to dividends when, as and if, declared by the Company’s Board of Directors, subject to the rights of the holders of all classes of stock outstanding having priority rights to dividends. Any dividends paid to the holders of the Class A common stock and Class B common stock will be paid on a pro rata basis. As of December 31, 2023 and 2022, the Company had not declared any dividends. The rights of the holders of Class A and Class B common stock are identical, except with respect to voting and conversion. Shares of the Company's Class B common stock are convertible into an equivalent number of shares of the Company's Class A common stock and generally convert into shares of the Company's Class A common stock upon cessation of employment or transfer, except for certain transfers described in the Company's amended and restated certificate of incorporation. Class A common stock and Class B common stock are referred to, collectively, as common stock throughout the notes to these consolidated financial statements, unless otherwise indicated.
Common Stock Reserved for Future Issuance
Shares of common stock reserved for future issuance, on an as-if converted basis, are as follows:
December 31,
20232022
(in thousands)
2025 Notes 5,503 
2026 Notes10,311 10,311 
Stock options issued and outstanding12,523 15,886 
Remaining shares available for issuance under the 2019 Plan
56,442 44,693 
Outstanding and unsettled RSUs
10,894 10,196 
Shares available for issuance under the ESPP13,844 10,990 
Total shares of common stock reserved104,014 97,579 

Note 10. Stock-based Compensation
Equity Incentive Plans
In 2010, the Company's Board of Directors adopted and stockholders approved the 2010 Equity Incentive Plan (2010 Plan). The 2010 Plan is a broad-based retention program and is intended to attract and retain talented employees, directors, and non-employee consultants. The 2010 Plan provides for the granting of stock options, restricted stock, RSUs, and stock appreciation rights to employees, directors, and consultants. Incentive stock options may be granted only to employees. All other awards under the 2010 Plan, including non-qualified stock options, may be granted to employees, directors, and consultants. Except for qualifying assumptions and substitutions of options, the exercise price of an incentive stock option and non-qualified stock option shall not be less than 100% of the fair market value of such shares on the date of grant. Prior to the Company's initial public offering (IPO), stock-based awards forfeited, canceled, or repurchased generally were returned to the pool of shares of common stock available for issuance under the 2010 Plan. In connection with the IPO, the 2010 Plan was terminated effective immediately prior to the effectiveness of the 2019 Equity Incentive Plan (2019 Plan) and the Company ceased granting any additional awards under the 2010 Plan. All outstanding awards under the 2010 Plan
124

at the time of the termination of the 2010 Plan remain subject to the terms of the 2010 Plan, and any shares underlying stock options that expire or terminate or are forfeited or repurchased by the Company under the 2010 Plan will be automatically transferred to the 2019 Plan.
In 2019, the Company's Board of Directors adopted and stockholders approved the 2019 Plan, which became effective one business day prior to the effective date of the Company's registration statement on Form S-1 for the IPO. The 2019 Plan provides for the granting of stock options, restricted stock, RSUs, stock appreciation rights, performance shares, performance stock units, and performance awards for the Company's Class A common stock to the Company's employees, directors, and consultants. Except as otherwise indicated below, the maximum number of shares of Class A common stock that may be issued under the 2019 Plan will not exceed 66,661,953 shares of the Company's Class A common stock, which is the sum of (1) 29,335,000 new shares, plus (2) an additional number of shares of Class A common stock not to exceed 37,326,953, consisting of the total number of shares of Class A or Class B common stock subject to outstanding awards granted under the 2010 Plan that, on or after the 2019 Plan became effective, are canceled, expire, or otherwise terminate prior to exercise or settlement; are repurchased by the Company because of the failure to vest; or are forfeited, tendered to, or withheld by the Company (or not issued) to satisfy a tax withholding obligation or the payment of an exercise price, if any, as such shares become available from time to time. Stock-based awards under the 2019 Plan that expire or are forfeited, canceled, or repurchased generally are returned to the pool of shares of Class A common stock available for issuance under the 2019 Plan. In addition, the number of shares of the Company's Class A common stock reserved for issuance under the 2019 Plan will automatically increase on January 1 of each calendar year, starting on January 1, 2021 through January 1, 2029, in an amount equal to the least of (i) 29,335,000 shares, (ii) 5% of the total number of shares of Class A and Class B common stock outstanding on December 31 of the fiscal year before the date of each automatic increase, or (iii) a lesser number of shares determined by the compensation committee of the Company's Board of Directors prior to the applicable January 1.
Stock Options
Under the 2010 Plan and 2019 Plan, at exercise, stock option awards entitle the holder to receive one share of Class B or Class A common stock, in the case of the 2010 Plan, or one share of Class A common stock, in the case of the 2019 Plan. The stock options granted under the 2010 Plan and the 2019 Plan generally vest over a four-year period subject to remaining continuously employed and expire no more than 10 years from the date of grant. The following table summarizes the stock options activity under the 2010 Plan and 2019 Plan during the periods presented:
125

Stock Options Outstanding
(in thousands, except year and per share data)
Shares Subject
to Options
Outstanding
Weighted-
Average
Exercise Price
per Option
Weighted-
Average
Remaining
Contractual
Terms (in years)
Aggregate
Intrinsic Value
Balances as of December 31, 202018,186 $3.92 7.0$1,310,650 
Options granted100 $137.17 
Options exercised(4,455)$4.83 $503,243 
Options canceled/forfeited/expired(228)$2.67 
Balances as of December 31, 202113,603 $12.47 6.0$1,726,440 
Options granted5,733 $97.71 
Options exercised(2,484)$4.08 $180,990 
Options canceled/forfeited/expired(966)$74.88 
Balances as of December 31, 202215,886 $34.21 6.3$451,782 
Options granted 1,290 $51.21 
Options exercised (2,989)$4.96 $171,225 
Options canceled/forfeited/expired (1,664)$62.62 
Balances as of December 31, 202312,523 $21.03 5.7$787,633 
Vested and expected to vest as of December 31, 202312,521 $21.03 5.7$787,469 
Exercisable as of December 31, 20237,534 $4.15 3.8$601,503 
The aggregate intrinsic value is the difference between the exercise price of the option and the estimated fair value of the underlying common stock. Options exercisable include 401,212 and 2,728,545 options that were unvested as of December 31, 2023 and 2022, respectively.
The total grant date fair value for vested options in the years ended December 31, 2023, 2022, and 2021 was $15.5 million, $12.5 million, and $14.0 million, respectively.
As of December 31, 2023, there was $195.8 million of unrecognized stock-based compensation expense related to unvested stock options that is expected to be recognized over a weighted-average period of 4.3 years.
During the year ended December 31, 2022, the Company granted to certain executive officers and other key employees 10-year stock options with market conditions that vest and become exercisable only if the Company achieves certain stock price milestones and the employee continues to provide service to the Company through the applicable vesting dates (the Performance Options). The Performance Options were granted under the 2019 Plan and consist of 10-year options to purchase an aggregate of 5,575,000 shares of the Company’s Class A common stock.
In April 2023, the Company's Compensation Committee and Board of Directors approved amendments to the Performance Options, effective as of May 1, 2023. These amendments reduced the exercise price per share of the Performance Options to the fair market value per share of the Company's Class A common stock on the effective date of the amendment, and modified the structure of the Performance Options to contain a total of nine separate tranches with added stock price milestones. These amendments resulted in an additional stock-based compensation expense of approximately $25.8 million to be recognized over a weighted-average requisite service period.
During the year ended December 31, 2023, the Company granted Performance Options to purchase an aggregate of 1,290,000 shares of the Company’s Class A common stock to newly-hired, key employees.
In January 2024, the Company achieved the stock price milestone for the first tranche of 224,250 Performance Options. Following the achievement of the milestone, the first tranche shares are subject to six quarterly vesting on a ratable basis. Approximately 37,000 tranche shares vested in February 2024.
126

The weighted-average assumptions used to determine the fair value of the Performance Options during the years ended December 31, 2023 and December 31, 2022 were as follows:
Year ended December 31,
20232022
Expected term (in years)10.009.83
Expected volatility63.7 %59.5 %
Risk-free interest rate3.9 %3.0 %
Dividend yield  
The weighted-average grant date fair value of the Performance Options was $52.13 and $55.80 per share for the years ended December 31, 2023 and December 31, 2022, respectively.
The Company recognizes stock-based compensation expense for the Performance Options based on the grant date fair value and using a graded attribution method over the weighted-average requisite service period. The total stock-based compensation expense for the Performance Options for the years ended December 31, 2023 and December 31, 2022 were $33.5 million and $39.5 million, respectively. As of December 31, 2023, there was $187.9 million of unrecognized stock-based compensation expense related to the Performance Options that is expected to be recognized over a weighted-average period of 4.4 years.
In connection with the acquisition of Area 1 Security, Inc. (Area 1), each unvested option to purchase shares of Area 1’s common stock held by Area 1 employees who have joined the Company were assumed and converted into stock option awards to purchase the Company's Class A common stock (the Assumed Area 1 Stock Options). The Assumed Area 1 Stock Options are subject to the terms and conditions set forth in the Area 1 stock incentive plan and consist of options to purchase an aggregate of 156,770 shares of the Company’s Class A common stock. The Assumed Area 1 Stock Options are generally subject to annual vesting on a ratable basis over the three years from the Area 1 acquisition date, in each case subject to remaining continuously employed by the Company or any of its subsidiaries.
The weighted-average assumptions used to determine the fair value of the Assumed Area 1 Stock Options during the year ended December 31, 2022 were as follows:
Year ended December 31,
2022
Expected term (in years)2.3
Expected volatility66.7 %
Risk-free interest rate2.5 %
Dividend yield 
The total stock-based compensation expense for the Assumed Area 1 Stock Options for the year ended December 31, 2023 was not material.
As of December 31, 2023, there was $5.0 million of unrecognized stock-based compensation expense related to the Assumed Area 1 Stock Options that is expected to be recognized over a weighted-average period of 1.6 years.
For further details on the Area 1 acquisition, refer to Note 13 to these consolidated financial statements.
127

The weighted-average assumptions used to determine the fair value of stock options granted during the year ended December 31, 2021, were as follows:
Year ended December 31,
2021
Expected term (in years)6.0
Expected volatility59.6
Risk-free interest rate1.3
Dividend yield 
The weighted-average grant date fair value of options granted during the year ended December 31, 2021, was $90.50 per share.
Restricted Stock Units
RSUs granted under the 2010 Plan generally vest upon the satisfaction of both a service-based vesting condition and a performance vesting condition, as defined below, occurring before these RSUs expire. RSUs granted under the 2019 Plan generally vest upon the satisfaction of a service-based vesting condition. The service-based vesting condition for employees under both the 2010 Plan and the 2019 Plan is typically satisfied over a four-year period, subject to remaining continuously employed. The performance vesting condition under the 2010 Plan was deemed satisfied upon the effective date of the Company's registration statement on Form S-1 filed with the SEC in connection with the IPO.
128

RSU activity under the 2019 Plan and the 2010 Plan for the year ended December 31, 2023 was as follows:
Restricted Stock and RSUs*
Weighted-Average
Grant
Date Fair Value
(in thousands, except per share data)
Unvested and outstanding as of December 31, 20208,650 $21.41 
Granted - RSUs2,203 $108.87 
Granted - Restricted stock48 $167.69 
Vested - RSUs(2,734)$21.17 
Vested - Restricted stock(9)$ 
Forfeited(681)$29.78 
Unvested as of December 31, 20217,456 $47.36 
Vested and not yet released $ 
Outstanding as of December 31, 20217,456 $47.36 
Granted - RSUs6,367 $67.13 
Granted - Restricted stock52 $100.29 
Vested - RSUs(2,848)$38.49 
Vested - Restricted stock(668)$19.96 
Forfeited (779)$64.83 
Unvested as of December 31, 20229,580 $61.64 
Vested and not yet released $ 
Outstanding as of December 31, 20229,580 $61.14 
Granted - RSUs6,428 $62.24 
Vested - RSUs(3,689)$56.75 
Forfeited - RSUs(1,161)$65.87 
Unvested as of December 31, 2023*
10,894 $65.93 
Vested and not yet released*
 $ 
Outstanding as of December 31, 2023*
10,894 $65.93 
*Restricted stock did not have a material impact on the Company’s consolidated financial statements for the fiscal years ended December 31, 2023 or 2022. Effective January 1, 2023, this table discloses RSU activity only.
The total grant date fair value for vested RSUs were $209.4 million, $109.6 million, and $57.9 million for the years ended December 31, 2023, 2022 and 2021, respectively. The total stock-based compensation expense for RSUs were $219.6 million, $137.4 million, and $71.7 million for the years ended December 31, 2023, 2022 and 2021, respectively. As of December 31, 2023, the total unrecognized stock-based compensation expense related to RSUs was $635.7 million that is expected to be recognized over a weighted-average period of 2.9 years.
2019 Employee Stock Purchase Plan
In September 2019, the Company's Board of Directors adopted and stockholders approved the ESPP, which became effective one business day prior to the effective date of the Company's registration statement on Form S-1 filed with the SEC in connection with the IPO. A total of 5,870,000 shares of Class A common stock were initially reserved for sale under the ESPP. The number of shares of Class A common stock reserved for issuance includes an annual increase on the first day of each fiscal year, beginning on January 1, 2021, by the least of (1) 5,870,000 shares of Class A common stock, (2) 1% of the total number of shares of Class A and Class B common stock outstanding on December 31 of the fiscal year before the date of each automatic increase; or (3) such lesser amount as the compensation committee of the Company's Board of Directors may determine prior to the applicable January 1.
Generally, all regular employees, including executive officers, employed by the Company or by any of its designated subsidiaries, except for those holding 5% or more of the total combined voting power or value of all classes of
129

common stock, may participate in the ESPP and may contribute, normally through payroll deductions, up to 10% of their eligible compensation for the purchase of Class A common stock under the ESPP. Unless otherwise determined by the compensation committee of the Board of Directors, Class A common stock will be purchased for the accounts of employees participating in the ESPP at a price per share that is the lesser of (1) 85% of the fair market value of a share of the Company's Class A common stock on the first date of an offering period, or (2) 85% of the fair market value of a share of the Company's Class A common stock on the date of purchase.
The ESPP generally provides for six-month offering periods beginning in November and May of each year with identical purchase periods. Current employees cannot sell the shares of Class A common stock purchased under the ESPP until the day after the one-year anniversary of the purchase date of such shares, except for the withholding or sale of shares by the Company to meet any applicable tax withholding obligations. No employee may purchase (i) during each purchase period more than 1,500 shares of Class A common stock and (ii) shares under the ESPP at a rate in excess of $25,000 worth of the Company's Class A common stock based on the fair market value per share of the Company's Class A common stock at the beginning of an offering for each calendar year such purchase right is outstanding.
During the years ended December 31, 2023 and 2022, respectively, 447,042 and 302,795 shares of Class A common stock were purchased under the ESPP. As of December 31, 2023, the total unrecognized stock-based compensation expense related to the ESPP was $3.2 million and is expected to be recognized over a weighted-average period of 0.4 years.
The weighted-average assumptions used to determine the fair value of the ESPP during the periods presented were as follows:    
Year ended December 31,
202320222021
Expected term (in years)0.50.50.5
Risk-free interest rate5.2 %3.3 %0.1 %
Expected volatility68.9 %100.6 %58.9 %
Dividend yield   
Stock-based Compensation Expense
The following table sets forth the total stock-based compensation expense included in the Company’s consolidated statements of operations:
Year Ended December 31,
202320222021
(in thousands)
Cost of revenue$7,967 $6,251 $2,583 
Sales and marketing73,682 50,317 27,277 
Research and development132,417 103,276 44,196 
General and administrative59,923 42,933 16,081 
Total stock-based compensation expense$273,989 $202,777 $90,137 

130

Note 11. Net Loss per Share Attributable to Common Stockholders
The following table sets forth the computation of basic and diluted net loss per share attributable to common stockholders:

Year Ended December 31,

202320222021
Class AClass BClass AClass BClass AClass B
(in thousands, except per share data)
Net loss attributable to common stockholders
$(161,296)$(22,653)$(167,770)$(25,611)$(219,939)$(40,370)
Weighted-average shares used in computing net loss per share attributable to common stockholders, basic and diluted
292,568 41,088 283,114 43,218 263,884 48,437 
Net loss per share attributable to common stockholders, basic and diluted
$(0.55)$(0.55)$(0.59)$(0.59)$(0.83)$(0.83)
Since the Company was in a loss position for all periods presented, basic net loss per share is the same as diluted net loss per share as the inclusion of all potential common shares outstanding would have been antidilutive. The potential shares of common stock that were excluded from the computation of diluted net loss per share attributable to common stockholders for the periods presented because including them would have been antidilutive are as follows:
December 31,
202320222021
(in thousands)
2025 Notes
 4,233 4,676 
2026 Notes6,762 6,761 6,762 
Shares subject to repurchase
38 900 2,129 
Unexercised stock options
12,523 15,886 13,603 
Unvested restricted stock and RSUs
10,932 10,273 7,417 
Shares issuable pursuant to the ESPP189 248 62 
Total
30,444 38,301 34,649 
131

Note 12. Income Taxes
The components of the Company's loss before income taxes for the years ended December 31, 2023, 2022, and 2021 were as follows:
Year Ended December 31,
202320222021
(in thousands)
Domestic$(210,547)$(219,586)$(272,995)
Foreign32,685 28,853 25,019 
Total loss before income taxes$(177,862)$(190,733)$(247,976)
The components of the Company's provision for (benefit from) income taxes for the years ended December 31, 2023, 2022, and 2021 were as follows:
Year Ended December 31,
202320222021
(in thousands)
Current expense:
Federal$513 $332 $722 
State324 1 143 
Foreign2,986 2,455 2,730 
Total current provision for income taxes$3,823 $2,788 $3,595 
Deferred expense (benefit):
Federal (1,124) 
State (573) 
Foreign2,264 1,557 8,738 
Total deferred provision for (benefit from) income taxes$2,264 $(140)$8,738 
Total provision for income taxes
$6,087 $2,648 $12,333 
A reconciliation of the U.S. federal statutory rate to the Company's effective tax rate is as follows:
Year Ended December 31,
202320222021
Expected benefit at U.S. federal statutory rate21.0 %21.0 %21.0 %
State income taxes, net of federal tax benefits(0.1)0.2  
Foreign income or losses taxed at different rates1.0 1.1 (2.5)
Stock-based compensation12.4 18.7 43.6 
Change in valuation allowance(30.6)(41.2)(66.4)
Withholding taxes(0.3)(0.2)(0.3)
Gain/loss on convertible senior notes
(5.1) (0.4)
Miscellaneous permanent items(1.7)(1.0) 
Total provision for income taxes
(3.4)%(1.4)%(5.0)%

In 2023, the difference in the Company's effective tax rate and the U.S. federal statutory tax rate was primarily due to the recording of a full valuation allowance on the Company's U.S. and U.K. deferred tax assets and income tax expense from profitable foreign jurisdictions.

In 2022, the difference in the Company's effective tax rate and the U.S. federal statutory tax rate was primarily due to the recording of a full valuation allowance on the Company's U.S. and U.K. deferred tax assets and income tax
132

expense from profitable foreign jurisdictions, offset by a partial release of the U.S. valuation allowance related to acquisitions.

In 2021, the difference in the Company's effective tax rate and the U.S. federal statutory tax rate was primarily due to the recording of a full valuation allowance on the Company's U.S. and U.K. deferred tax assets, income tax expense from profitable foreign jurisdictions, and income tax expense related to an acquisition.
The components of the Company's deferred tax assets and liabilities as of December 31, 2023 and 2022 were as follows:
Year Ended December 31,
20232022
(in thousands)
Deferred tax assets:
Net operating loss carryforwards$390,405 $373,655 
Tax credit carryforwards65,390 51,925 
Capitalized research and development expenditures71,617 36,886 
Operating lease liabilities36,609 33,790 
Business interest carryforwards1,244 15,762 
Stock-based compensation35,786 27,766 
Accrued expenses and reserves4,650 2,770 
Capitalized contract expenditures32,425  
Depreciation and amortization129 3 
Other2,106 919 
Gross deferred tax assets640,361 543,476 
Valuation allowance(552,165)(477,638)
Total deferred tax assets$88,196 $65,838 
Deferred tax liabilities:
Right-of-use assets(33,337)(31,586)
Deferred commissions(32,807)(23,039)
Capitalized internal-use software(3,909)(4,638)
Depreciation and amortization(25,045)(11,197)
Other(57)(73)
Total deferred tax liabilities$(95,155)$(70,533)
Net deferred tax liabilities
$(6,959)$(4,695)
In determining the need for a valuation allowance, the Company weighs both positive and negative evidence in the various jurisdictions in which it operates to determine whether it is more likely than not that its deferred tax assets are realizable. A full valuation allowance has been established in the United States and United Kingdom and no deferred tax assets and related tax benefits have been recognized in the consolidated financial statements. There is no valuation allowance associated with any other jurisdiction as of December 31, 2023.

The worldwide valuation allowance as of December 31, 2023 and 2022 was $552.2 million and $477.6 million, respectively. The net change in the worldwide valuation allowance for the years ended December 31, 2023, 2022, and 2021 was an increase of $74.6 million, an increase of $208.1 million and an increase of $194.4 million, respectively. The increase in the Company’s valuation allowance compared to the prior year was primarily due to an increase in taxable losses generated in the United States and United Kingdom, the capitalization and amortization of research and development expenses, and the capitalization of certain customer contract expenses.
As of December 31, 2023 and 2022, the Company had net operating loss carryforwards for federal income tax purposes of $1,385.1 million and $1,338.5 million, respectively, that will begin to expire in 2029. The Company had federal research and development tax credit carryforwards as of December 31, 2023 and 2022 of $63.6 million and $49.7 million, respectively, that will begin to expire in 2029.
133

In addition, as of December 31, 2023 and 2022, the Company had net operating loss carryforwards for state income tax purposes of $756.1 million and $757.4 million, respectively, that will begin to expire in 2030. The Company had state research and development tax credit carryforwards as of December 31, 2023 and 2022 of $29.8 million and $25.9 million, respectively, that will begin to expire in 2039.

As of December 31, 2023 and 2022, the Company had net operating loss carryforwards for U.K. income tax purposes of $207.2 million and $178.5 million, respectively, that can be carried forward indefinitely.

As of December 31, 2023 and 2022, the Company had foreign tax credit carryforwards for federal income tax purposes of $1.8 million. The federal foreign tax credit carryforwards will expire, if not utilized, beginning in the year 2024.
Utilization of net operating losses and tax credit carryforwards may be subject to substantial annual limitations due to the ownership change limitations provided by Section 382 of the Internal Revenue Code and similar state provisions. Such a limitation could result in the expiration of the net operating loss carryforwards and tax credits before utilization.
A reconciliation of the beginning and ending amount of the Company's total gross unrecognized tax benefits was as follows:
Year Ended December 31,
202320222021
(in thousands)
Balance as of the beginning of the period$23,940 $12,590 $5,682 
Increases for tax positions related to the prior year590 5,753 1,784 
Decreases for tax positions related to the prior year(243)  
Additions for tax positions related to the current year4,752 5,597 5,124 
Balance as of the end of the period$29,039 $23,940 $12,590 
The Company classifies uncertain tax positions as non-current income tax liabilities unless expected to be paid within one year or otherwise directly related to an existing deferred tax asset, in which case the asset is recorded net of the uncertain tax position on the consolidated balance sheet. As of December 31, 2023, $0.3 million of the Company’s gross unrecognized tax benefits, if recognized, would affect the effective tax rate and $28.7 million would result in an adjustment to deferred tax assets with corresponding adjustments to valuation allowance. The Company does not expect significant changes to its uncertain tax positions within the next 12 months.
The Company’s policy is to recognize interest and penalties accrued on any unrecognized tax benefits as a component of income tax expense. The Company did not recognize any income tax expense related to interest and penalties in the years ended December 31, 2023, 2022, and 2021, respectively.
The Company’s significant tax jurisdictions include the United States, Australia, Canada, France, Germany, Netherlands, Portugal, Singapore, and the United Kingdom. Because of the net operating loss carryforwards, substantially all of the Company’s tax years remain open to U.S. federal and state tax examination. The Company’s foreign tax returns are open to audit under the statutes of limitations of the respective foreign countries in which the subsidiaries are located.
The Company generally does not provide deferred income taxes for the undistributed earnings of its foreign subsidiaries where the Company intends to reinvest such earnings indefinitely. Should circumstances change and it becomes apparent that some or all of the undistributed earnings will no longer be indefinitely reinvested, the Company will accrue for income taxes not previously recognized, where applicable.
134

Note 13. Business Combinations
Area 1

On April 1, 2022, the Company acquired all of the outstanding shares of Area 1, a company that has developed cloud-native email security technology, for a total purchase consideration of $156.6 million. The total purchase consideration included (i) acquisition-date cash payments of $82.6 million, net of $2.5 million of cash acquired, (ii) $63.5 million in shares of the Company’s Class A common stock, (iii) a cash holdback of $9.3 million, which the Company retained for up to 12 months and was then payable to the previous owners of Area 1, subject to offset by the Company for any of the previous owners’ indemnification obligations in connection with the acquisition, and (iv) a separate cash holdback of $1.1 million. The cash holdback of $9.3 million and $1.1 million were subsequently paid to the previous owners of Area 1 as of the year ended December 31, 2023. Concurrent with the closing of the acquisition, the Company made a cash payment of $4.1 million to repay Area 1’s debt, which was part of the acquisition-date cash payments included in the purchase consideration.

In connection with the acquisition, the Company entered into compensation arrangements for stock-based and cash awards with a value totaling $15.9 million. Of the total stock-based and cash awards, $1.4 million cash awards were recognized as compensation expense on the acquisition date. Refer to Note 10 to these consolidated financial statements for further details on the share-based awards.

The transaction-related costs for the acquisition were not material and were included in general and administrative expenses during the year ended December 31, 2022.

The fair values of assets acquired and liabilities assumed on the acquisition date are summarized as follows (in thousands):

Accounts receivable, net$1,634 
Prepaids and other current assets953 
Acquired Intangible Assets43,300 
Goodwill119,743 
Total assets acquired165,630 
Accounts Payable(254)
Accrued expense and other current liabilities(595)
Deferred revenue(5,736)
Deferred revenue, noncurrent(1,213)
Other noncurrent liabilities(1,267)
Total purchase price$156,565 

The acquired assets and assumed liabilities were recorded at their estimated fair values, except for deferred revenue which was recorded under ASC 606 in accordance with the early adoption of ASU 2021-08 Business Combinations (Topic 805), Accounting for Contract Assets and Contract Liabilities from Contracts with Customers effective January 1, 2022. The excess of the purchase price over the fair value of the net assets acquired was allocated to goodwill, none of which is expected to be deductible for tax purposes. Goodwill is primarily attributable to the assembled workforce as well as the anticipated synergies from the integration of Area 1’s technology with the Company's technology. An immaterial purchase accounting adjustment to revise purchase consideration and goodwill was made during the fiscal year ended December 31, 2022.

This acquisition did not have a material impact on the Company’s reported revenue or net loss amounts for any period presented; therefore, historical and pro forma disclosures have not been presented.

Vectrix

On January 14, 2022, the Company acquired all of the outstanding shares of Vectrix, a company that has developed an online security technology that gives users the ability to scan and monitor SaaS applications for security issues, for a total purchase consideration of $7.6 million. The total purchase consideration included (i) acquisition-date cash payments of $4.3 million, net of $0.8 million of cash acquired, (ii) $2.0 million in shares of the Company’s Class A
135

common stock, and (iii) a cash holdback of $1.3 million, which the Company retained for up to 18 months and was then payable to the previous owners of Vectrix, subject to offset by the Company for any of the previous owners’ indemnification obligations in connection with the acquisition. The cash holdback of $1.3 million was subsequently paid to the previous owners of Vectrix during the year ended December 31, 2023. Concurrent with the closing of the acquisition, the Company made a cash payment of $2.0 million to cancel and settle Vectrix’s other existing equity-related agreements, which was part of the acquisition-date cash payments included in the purchase consideration.

In connection with the acquisition, the Company entered into compensation arrangements for stock-based and cash awards with a value totaling $8.0 million, of which $2.6 million was recognized as compensation expense on the acquisition date. Additional compensation expense during the year ended December 31, 2023 and December 31, 2022 were not material. The remaining compensation amount is not material and will be recognized through the year ended December 31, 2026.

The transaction-related costs for the acquisition were not material and are included in general and administrative expenses in the consolidated statement of operations for the year ended December 31, 2022.

The fair values of assets acquired and liabilities assumed on the acquisition date are summarized as follows (in thousands):

Developed technology$3,100 
Goodwill4,962 
Total assets acquired8,062 
Accounts Payable(20)
Other noncurrent liabilities(430)
Total purchase price$7,612 

The acquired assets and assumed liabilities were recorded at their estimated fair values. The estimated useful life for the acquired developed technology is two years. The excess of the purchase price over the fair value of the net assets acquired was allocated to goodwill, none of which is expected to be deductible for tax purposes. Goodwill is primarily attributable to the assembled workforce as well as the anticipated synergies from the integration of Vectrix's technology with the Company's technology. An immaterial purchase accounting adjustment to revise purchase consideration and goodwill was made during the fiscal year ended December 31, 2022.

This acquisition did not have a material impact on the Company’s consolidated financial statements; therefore, historical and pro forma disclosures have not been presented.

Zaraz
On October 15, 2021, the Company acquired all of the outstanding shares of Zaraz Inc. (Zaraz), a remote-first company, that has developed a server-side rendering technology, for a total purchase consideration of $7.2 million. The total purchase consideration included (i) acquisition-date cash payments of $5.6 million, net of $0.8 million of cash acquired, and (ii) $1.6 million in shares of the Company’s Class A common stock. Concurrent with the closing of the acquisition, the Company made a cash payment of $1.1 million to cancel and settle Zaraz’s existing equity arrangements, which was part of the acquisition-date cash payments included in the purchase consideration.
In connection with the acquisition, the Company entered into compensation arrangements for stock-based and cash awards with a value totaling $6.5 million, of which $0.5 million was recorded as compensation expense during the fiscal year ended December 31, 2021. Additional compensation expense during the year ended December 31, 2023 and December 31, 2022 were not material. The remaining compensation amount is not material and will be recognized through the year ended December 31, 2024.
The fair values of assets acquired and liabilities assumed on the acquisition date are summarized as follows (in thousands):
136

Developed technology$1,400 
Goodwill6,176 
Total assets acquired7,576 
Accrued compensation(82)
Other noncurrent liabilities(322)
Total purchase price$7,172 
The acquired assets and assumed liabilities were recorded at their estimated fair values. The estimated useful life for the acquired developed technology is two years. The excess of the purchase price over the fair value of the net assets acquired was allocated to goodwill, none of which is expected to be deductible for tax purposes. Goodwill is primarily attributable to the assembled workforce as well as the anticipated synergies from the integration of Zaraz's technology with the Company's technology. An immaterial purchase accounting adjustment to revise purchase consideration and goodwill was made during the fiscal year ended December 31, 2022.
This acquisition did not have a material impact on the Company’s consolidated financial statements; therefore, historical and pro forma disclosures have not been presented.
Note 14. Segment and Geographic Information
The Company’s chief operating decision maker (CODM) is its CEO, President and COO, and CFO. Collectively, the CODM reviews financial information presented on a consolidated basis for purposes of allocating resources and evaluating financial performance. The Company has no segment managers who are held accountable by the CODM for operations, operating results, and planning for levels or components below the consolidated unit level. Accordingly, the Company has determined it has a single operating segment.
Refer to Note 3 to these consolidated financial statements for revenue by geography.
The Company’s property and equipment, net, by geographic area were as follows:
December 31,
20232022
(in thousands)
United States$191,853 $184,753 
Rest of the world130,960 101,847 
Total property and equipment, net$322,813 $286,600 
No single country other than the United States accounted for more than 10% of total property and equipment, net as of December 31, 2023 and 2022.

Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure
None.
Item 9A. Controls and Procedures
Evaluation of Disclosure Controls and Procedures
Our disclosure controls and procedures are designed to ensure that information we are required to disclose in reports that we file or submit under the Securities Exchange Act of 1934, as amended (the Exchange Act) is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms, and that such information is accumulated and communicated to our management, including our Chief Executive Officer and Chief Financial Officer, as appropriate, to allow timely decisions regarding required disclosure.
137

Our management, with the participation and supervision of our Chief Executive Officer and our Chief Financial Officer, have evaluated the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act) as of the end of the period covered by this Annual Report on Form 10-K. Based on such evaluation, our Chief Executive Officer and Chief Financial Officer have concluded that as of such date, our disclosure controls and procedures were, in design and operation, effective at a reasonable assurance level.
Management's Report on Internal Control over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal control over financial reporting (as defined in Rule 13a-15(f) and Rule 15d-15(f) under the Exchange Act). Our management conducted an evaluation of the effectiveness of our internal control over financial reporting as of December 31, 2023 based on the criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.

Based on the results of its evaluation, management concluded that our internal control over financial reporting was effective as of December 31, 2023. The effectiveness of our internal control over financial reporting as of December 31, 2023 has been audited by KPMG LLP, an independent registered public accounting firm, as stated in its report which is included in Item 8 of this Annual Report on Form 10-K.
Changes in Internal Controls Over Financial Reporting
There were no changes in our internal control over financial reporting identified in connection with the evaluation required by Rule 13a-15(d) and 15d-15(d) of the Exchange Act that occurred during the quarter ended December 31, 2023 that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
Inherent Limitations on the Effectiveness of Controls
The effectiveness of any system of internal control over financial reporting, including ours, is subject to inherent limitations, including the exercise of judgment in designing, implementing, operating, and evaluating the controls and procedures, and the inability to eliminate misconduct completely. Accordingly, in designing and evaluating the disclosure controls and procedures, management recognizes that any system of internal control over financial reporting, including ours, no matter how well designed and operated, can only provide reasonable, not absolute assurance of achieving the desired control objectives. In addition, the design of disclosure controls and procedures must reflect the fact that there are resource constraints and that management is required to apply its judgment in evaluating the benefits of possible controls and procedures relative to their costs. Moreover, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. We intend to continue to monitor and upgrade our internal controls as necessary or appropriate for our business but cannot assure you that such improvements will be sufficient to provide us with effective internal control over financial reporting.
Item 9B. Other Information
Securities Trading Plans of Directors and Executive Officers
During the three months ended December 31, 2023, the following directors and officers, as defined in Rule 16a-1(f), adopted a “Rule 10b5-1 trading arrangement” as defined in Regulation S-K Item 408:

On November 20, 2023, Matthew Prince, our Chief Executive Officer, adopted a Rule 10b5-1 trading arrangement providing for the sale from time to time of up to 2,042,976 shares of our Class A common stock. The trading arrangement is intended to satisfy the affirmative defense in Rule 10b5-1(c). The duration of the trading arrangement is until May 15, 2025, or earlier if all transactions under the trading arrangement are completed.

On November 27, 2023, Michelle Zatlyn, our President and Chief Operating Officer, adopted a Rule 10b5-1 trading arrangement providing for the sale from time to time of up to 1,144,373 shares of our Class A common stock including the amount of shares of Class A common stock settled, net of taxes, following the vesting and settlement of RSUs. The number of shares to be withheld, and therefore the exact number of shares to be sold pursuant to Ms. Zatlyn’s trading arrangement can only be determined upon the occurrence of the future vesting events. The trading
138

arrangement is intended to satisfy the affirmative defense in Rule 10b5-1(c). The duration of the trading arrangement is until May 22, 2025, or earlier if all transactions under the trading arrangement are completed.

On November 27, 2023, Thomas Seifert, our Chief Financial Officer, adopted a Rule 10b5-1 trading arrangement providing for the sale from time to time of 505,000 shares of our Class A common stock plus an amount of shares of Class A common stock settled, net of taxes, following the vesting and settlement of RSUs. The number of shares to be withheld, and therefore the exact number of shares to be sold pursuant to Mr. Seifert’s trading arrangement can only be determined upon the occurrence of the future vesting events. The trading arrangement is intended to satisfy the affirmative defense in Rule 10b5-1(c). The duration of the trading arrangement is until March 15, 2025, or earlier if all transactions under the trading arrangement are completed.

On November 29, 2023, Douglas Kramer, our Chief Legal Officer, adopted a Rule 10b5-1 trading arrangement providing for the sale from time to time of up to 60,000 shares of our Class A common stock. The trading arrangement is intended to satisfy the affirmative defense in Rule 10b5-1(c). The duration of the trading arrangement is until March 4, 2025, or earlier if all transactions under the trading arrangement are completed.

On November 30, 2023, Katrin Suder, a member of our Board of Directors, adopted a Rule 10b5-1 trading arrangement providing for the sale from time to time of up to 2,871 shares of our Class A common stock. The trading arrangement is intended to satisfy the affirmative defense in Rule 10b5-1(c). The duration of the trading arrangement is until June 4, 2025, or earlier if all transactions under the trading arrangement are completed.

On November 30, 2023, Maria Eitel, a member of our Board of Directors, adopted a Rule 10b5-1 trading arrangement providing for the sale from time to time of up to 27,500 shares of our Class A common stock. The trading arrangement is intended to satisfy the affirmative defense in Rule 10b5-1(c). The duration of the trading arrangement is until March 1, 2025, or earlier if all transactions under the trading arrangement are completed.

No other officers or directors, as defined in Rule 16a-1(f), adopted and/or terminated a “Rule 10b5-1 trading arrangement” as defined in Regulation S-K Item 408, during the last fiscal quarter.

Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections
None.

PART III
Item 10. Directors, Executive Officers and Corporate Governance
The information required by this item will be set forth in our definitive proxy statement to be filed with the Securities and Exchange Commission not later than 120 days after the end of our fiscal year ended December 31, 2023 in connection with our 2024 annual meeting of stockholders (the Proxy Statement), and is incorporated herein by reference.
Code of Conduct
Our Board of Directors has adopted a Code of Business Conduct and Ethics that applies to all officers, directors, and employees, which is available on our website at https://cloudflare.NET under "Governance." We intend to satisfy the disclosure requirement under Item 5.05 of Form 8-K regarding amendments to, or waiver from, a provision of our Code of Business Conduct and Ethics by posting such information on the website address and location specified above.
Item 11. Executive Compensation
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
139

Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
Item 13. Certain Relationships and Related Transactions, and Director Independence
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
Item 14. Principal Accounting Fees and Services
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.

PART IV


Item 15. Exhibits and Financial Statement Schedules

(a) The following documents are filed as part of this report:

1.Financial Statements

See Index to Consolidated Financial Statements in Item 8 herein.

2.     Financial Statement Schedules

Schedules not listed above have been omitted because they are not required, not applicable, or the required information is otherwise included.

3.    Exhibits

The exhibits listed below are filed as part of this Annual Report on Form 10-K or are incorporated herein by reference, in each case as indicated below.

140



EXHIBIT INDEX
Incorporated by Reference
Exhibit
Number
DescriptionFormFile No.ExhibitFiling Date
3.110-Q001-390393.1November 12, 2019
3.28-K001-390393.1October 31, 2022
4.1S-1333-2332964.1August 15, 2019
4.2S-1333-2332964.2August 15, 2019
4.3
10-K
001-39039
4.3February 24, 2023
4.4
10-Q001-390394.2November 5, 2021
4.5
10-Q001-390394.3November 5, 2021
10.1+S-1/A333-23329610.1September 3, 2019
10.2+*



10.3+
10-Q
001-3903910.2November 2, 2023
10.4+S-1/A333-23329610.4September 3, 2019
10.5+S-8333-2641584.2April 6, 2022
10.5+10-Q001-3903910.1August 6, 2021
10.6+S-1/A333-23329610.6September 3, 2019
10.7+S-1/A333-23329610.7September 3, 2019
10.8+S-1/A333-23329610.8September 3, 2019
10.9+S-1/A333-23329610.9September 3, 2019
10.1010-Q001-3903910.3August 4, 2022
10.11S-1333-23329610.11August 15, 2019
10.1210-Q001-3903910.4August 4, 2022
10.13+S-1333-23329610.5August 15, 2019
10.148-K001-3903910.1May 15, 2020
10.158-K001-3903910.1August 13, 2021
10.16+*




21.1S-1333-23329621.1August 15, 2019
23.1*
24.1*Power of Attorney (included in signature pages hereto).
31.1*
31.2*
32.1†
97.1+*
141

101
The following financial statements from the Company's Annual Report on Form 10-K for the year ended December 31, 2023, formatted in Inline XBRL: (i) Consolidated Balance Sheets, (ii) Consolidated Statements of Operations, (iii) Consolidated Statements of Comprehensive Loss, (iv) Consolidated Statements of Redeemable Convertible Preferred Stock and Stockholders’ Equity (Deficit), (v) Consolidated Statements of Cash Flows, and (vi) Notes to Consolidated Financial Statements.
104Cover Page
Interactive Data File (formatted as inline XBRL and contained
in Exhibit 101)
_______________
*    Filed herewith.
+    Indicates management contract or compensatory plan or arrangement.
†    The certifications attached as Exhibit 32.1 that accompany this Annual Report on Form 10-K are not deemed filed with the Securities and Exchange Commission and are not to be incorporated by reference into any filing of the Registrant under the Securities Act of 1933, as amended, or the Securities Exchange Act of 1934, as amended, whether made before or after the date of this Annual Report on Form 10-K, irrespective of any general incorporation language contained in such filing.
Item 16. Form 10-K Summary
None.
142

SIGNATURES
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.
CLOUDFLARE, INC.
Date: February 21, 2024
By:/s/ Matthew Prince
 Matthew Prince
Chief Executive Officer
(Principal Executive Officer)
POWER OF ATTORNEY

KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints Matthew Prince, Michelle Zatlyn, Thomas Seifert, and Douglas Kramer, and each one of them, as his or her true and lawful attorneys-in-fact and agents, with full power of substitution and resubstitution, for him or her and in their name, place and stead, in any and all capacities, to sign any amendments to this Annual Report on Form 10-K and to file the same, with Exhibits thereto and other documents in connection therewith with the Securities and Exchange Commission, hereby ratifying and confirming all that each of said attorneys-in-fact, or substitute or substitutes may do or cause to be done by virtue hereof.

Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed by the following persons on behalf of the registrant and in the capacities and on the dates indicated.

143

SignatureTitleDate
/s/ Matthew PrinceChief Executive Officer and Chair
February 21, 2024
Matthew Prince(Principal Executive Officer)
/s/ Thomas SeifertChief Financial Officer
February 21, 2024
Thomas Seifert(Principal Financial Officer)
/s/ Janel Riley
Chief Accounting Officer
February 21, 2024
Janel Riley
(Principal Accounting Officer)
/s/ Michelle ZatlynDirector
February 21, 2024
Michelle Zatlyn
/s/ Mark AndersonDirector
February 21, 2024
Mark Anderson
/s/ Maria EitelDirector
February 21, 2024
Maria Eitel
/s/ Mark HawkinsDirector
February 21, 2024
Mark Hawkins
/s/ Carl LedbetterDirector
February 21, 2024
Carl Ledbetter
/s/ Scott SandellDirector
February 21, 2024
Scott Sandell
/s/ Katrin SuderDirector
February 21, 2024
Katrin Suder

144