Tuya Inc. [TUYA] Filings

Table of Contents

​

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 20-F

(Mark One)

OR

OR

OR

Commission file number: 001-40210

Tuya Inc.

(Exact name of Registrant as specified in its charter)

N/A

(Translation of Registrant’s name into English)

Cayman Islands

(Jurisdiction of incorporation or organization)

10/F, Building A, Huace Center

Xihu District, Hangzhou City

Zhejiang, 310012

People’s Republic of China

(Address of principal executive offices)

Yao (Jessie) Liu

Chief Financial Officer

Tel: +86 0571-86915981

E-mail: ir@tuya.com

10/F, Building A, Huace Center, Xihu District, Hangzhou City

Zhejiang, 310012, People’s Republic of China

(Name, Telephone, E-mail and/or Facsimile number and Address of Company Contact Person)

Securities registered or to be registered pursuant to Section 12(b) of the Act:

​

​

Securities registered or to be registered pursuant to Section 12(g) of the Act:

None

(Title of Class)

Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act:

None

(Title of Class)

Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report.

574,592,599 ordinary shares, comprising 504,387,299 Class A ordinary shares, par value US$0.00005 per share (including 5,433,895 Class A ordinary shares issued to the depositary bank for bulk issuance of ADSs reserved for future issuances upon the exercise or vesting of awards granted under our 2015 Plan, and a total of 11,361,436 Class A ordinary shares, including Class A ordinary shares represented by ADSs, that have been repurchased by us from the open market), and 70,205,300 Class B ordinary shares, par value US$0.00005 per share, as of December 31, 2023.

​

Table of Contents

​

If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934. Yes ☐     No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒     No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or an emerging growth company. See definition of “large accelerated filer,” “accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act. (Check one):

​

​

If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards † provided pursuant to Section 13(a) of the Exchange Act.  ☐

† The term “new or revised financial accounting standard” refers to any update issued by the Financial Accounting Standards Board to its Accounting Standards Codification after April 5, 2012.

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.  ☐

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark which basis of accounting the registrant has used to prepare the financial statements included in this filing:

​

​

If “Other” has been checked in response to the previous question, indicate by check mark which financial statement item the registrant has elected to follow. ☐ Item 17 ☐ Item 18

If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐ No ☒

(APPLICABLE ONLY TO ISSUERS INVOLVED IN BANKRUPTCY PROCEEDINGS DURING THE PAST FIVE YEARS)

​

​

​

​

Table of Contents

TABLE OF CONTENTS

​

​

​

​

i

Table of Contents

INTRODUCTION

Except where the context otherwise requires and for the purpose of this annual report only:

ii

Table of Contents

Unless otherwise noted, all translations from Renminbi to U.S. dollars and from U.S. dollars to Renminbi in this annual report are made at RMB7.0999 to US$1.00, the exchange rate set forth in the H.10 statistical release of the Federal Reserve Board on December 29, 2023. We make no representation that any Renminbi or U.S. dollar amounts could have been, or could be, converted into U.S. dollars or Renminbi, as the case may be, at any particular rate, or at all.

​

iii

Table of Contents

FORWARD-LOOKING INFORMATION

This annual report contains statements that constitute forward-looking statements. These statements are made under the “safe harbor” provision under Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) and as defined in the Private Securities Litigation Reform Act of 1995. Many of the forward-looking statements contained in this annual report can be identified by the use of forward-looking words such as “aim,” “anticipate,” “believe,” “could,” “estimate,” “expect,” “intend,” “likely to,” “may,” “plan,” “potential,” “should,” “will” or other similar expressions.

Forward-looking statements appear in a number of places in this annual report and include, but are not limited to, statements regarding our intent, belief or current expectations. Forward-looking statements are based on our management’s beliefs and assumptions and on information currently available to our management. Such statements are subject to risks and uncertainties, and actual results may differ materially from those expressed or implied in the forward-looking statements due to various factors, including, but not limited to, those identified under the section entitled “Item 3. Key Information—3.D. Risk Factors” in this annual report. These risks and uncertainties include factors relating to:

Forward-looking statements speak only as of the date they are made, and we do not undertake any obligation to update them in light of new information or future developments or to release publicly any revisions to these statements in order to reflect later events or circumstances or to reflect the occurrence of unanticipated events.

​

​

iv

Table of Contents

PART I

ITEM 1.     IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS

Not applicable.

ITEM 2.     OFFER STATISTICS AND EXPECTED TIMETABLE

Not applicable.

ITEM 3.     KEY INFORMATION

Holding Company Structure

Tuya Inc. is a Cayman Islands holding company, and the Group operates in China mainly through its PRC subsidiaries. The Group also conducts business internationally with local offices in the United States, Europe, Singapore, India, Japan and Colombia, among other locations. It is important to note that investors in our ADSs and Class A ordinary shares do not hold equity securities issued by our subsidiaries or the VIE in China, but instead hold equity securities of Tuya Inc. As used in this annual report, “we,” “us,” “our company,” “our” or “Tuya” refers to Tuya Inc. and its subsidiaries, and “the Group” refers to Tuya Inc., its subsidiaries and the VIE.

The operations of the VIE do not constitute a material aspect of the Group’s operations, based on the following:

In China, providing online transaction platform services fall within the categories of the value-added telecommunication service, which is subject to foreign investment restrictions and license requirements under the PRC laws and regulations. Therefore, Hangzhou Tuya Technology, or the VIE, was established to hold the requisite license and for the purpose of providing investors with exposure to foreign investment in China-based companies where direct foreign investments in operating entities are not viable.

As advised by Jia Yuan Law Offices, our PRC legal counsel, based on consultations with competent government authorities, the offering of IoT PaaS, Industry SaaS, cloud-based value-added services and other types of smart device distribution are not subject to foreign ownership restrictions under current PRC laws and regulations. In the event the VIE structure is disallowed, the Group does not expect to experience a material disruption in its operations.

1

Table of Contents

The following chart illustrates our corporate structure, including our significant subsidiaries as that term is defined under Section 1-02 of Regulation S-X under the Securities Act, the VIE and certain other subsidiaries, as of the date of this annual report.

​

Notes:

(1) The VIE is owned by certain nominee shareholders, not us. All of these nominee shareholders are also beneficial owners of our company. Shareholders of Hangzhou Tuya Technology are Xueji (Jerry) Wang (our director and CEO), Liaohan (Leo) Chen (our director), Yaona Lin (our employee), Ruixin Zhou (our employee) and Peihong Chen (our employee), each holding approximately 60.7%, 13.1%, 11.5%, 9.8% and 4.9%, respectively, of Hangzhou Tuya Technology’s equity interests.

(2) Contractual arrangements include exclusive business cooperation agreement, equity interest pledge agreement, exclusive option agreement, power of attorney and spousal consent. See “—Contractual Arrangements.”

For a detailed discussion of how funds and other assets are transferred through our organization, see “—Transfer of Funds and Other Assets through Our Organization.”

Our corporate structure involves unique risks to investors in our equity securities. Investors who are non-PRC residents may never directly hold equity interests in the VIE under current PRC laws and regulations. We do not have any equity interests in the VIE who is owned by certain nominee shareholders. Any of such nominee shareholders could breach their contractual arrangements with us by, among other things, failing to conduct their operations in an acceptable manner, or taking other actions that are detrimental to our interests. In the event that the shareholders of the VIE breach the terms of these contractual arrangements and voluntarily liquidate the VIE, or the VIE declares bankruptcy and all or part of its assets become subject to liens or rights of third-party creditors, or are otherwise disposed of without our consent, we may be unable to conduct the affected business operations or otherwise benefit from the assets held by the VIE and its shareholders. As a result, the contractual arrangements may be less effective than direct ownership, and we could face heightened challenges, risks and costs in enforcing these contractual arrangements due to legal uncertainties and jurisdictional limits.

2

Table of Contents

As of the date of this annual report, our contractual arrangements with the VIE have not been tested in a court of law in the PRC. If the PRC government deems that our contractual arrangements with the VIE do not comply with PRC regulatory restrictions on foreign investment in the relevant industries, or if these regulations or the interpretation of existing regulations change in the future, we could be subject to penalties or be forced to relinquish our interests in those operations or otherwise significantly change our corporate structure. We and our investors face significant uncertainty about potential future actions by the PRC government that could affect the legality and enforceability of the contractual arrangements with the VIE and, consequently, negatively affect our ability to consolidate the financial results of the VIE and the financial performance of our company as a whole. Our securities may decline in value or become worthless if we are unable to effectively enforce our contractual control rights over the assets and operations of the VIE. For a detailed discussion of the risks associated with the VIE structure, see “Item 3. Key Information—3.D. Risk Factor—Risks Related to Our Corporate Structure.”

We also face various legal and operational risks and uncertainties related to doing business in China. The PRC government has authority to regulate and exert influence on companies operating in the PRC, including their ability to conduct business, accept foreign investments or be listed on foreign stock exchanges. For example, we face risks associated with regulatory approvals of offshore offerings, anti-monopoly regulatory actions, cybersecurity and data privacy, as well as the uncertainty on whether the U.S. Public Company Accounting Oversight Board (the “PCAOB”) will continue to be able to satisfactorily inspect or investigate completely registered public accounting firms headquartered in mainland China and Hong Kong. The PRC government may also intervene with or influence our operations as the government deems appropriate to further regulatory political and societal goals, among other things, which could result in an adverse impact on our operations and/or value of our equity securities. In recent years, the PRC government has published policies that have significantly impacted our industry and we cannot rule out the possibility that it will in the future further release regulations or policies regarding our industry, including those that may have adverse impacts on our business, financial condition and results of operations. These actions may cause the value of such securities to significantly decline or in extreme cases, become worthless. For a more detailed discussion of these risks, see “Item 3. Key Information—3.D. Risk Factors—Risks Related to Doing Business in China” and “Item 3. Key Information—3.D. Risk Factors—Risks Related to Our Corporate Structure.”

Contractual Arrangements

A series of contractual arrangements were entered into between Tuya Information, on the one hand, and the VIE and its registered shareholders, on the other hand:

For details, see “Item 4. Information on the Company—Contractual Arrangements with the VIE and the VIE’s Registered Shareholders” below in this annual report. These contractual arrangements in totality provide Tuya Inc. with a controlling financial interest as the primary beneficiary under ASC 810 and the basis to consolidate the VIE under U.S. GAAP.

Transfer of Funds and Other Assets through Our Organization

We have established stringent cash management policies that dictate how funds are transferred between Tuya Inc., its subsidiaries and the VIE. Each transfer of cash among Tuya Inc., its subsidiaries and the VIE is subject to internal approval. To effect a cash transfer, a number of steps are typically needed, including but not limited to the submission of transfer application, the initial approval by certain manager, and final approval by the financial director. A designated personnel with fund management expertise will review transfer applications as well as underlying agreements and/or related documents on a monthly basis.

As of December 31, 2023, Tuya Inc., through its intermediate holding company, had made cumulative capital contributions of US$494.2 million to its PRC subsidiaries. These funds have been used by our PRC subsidiaries mainly for their business operations.

3

Table of Contents

The VIE may transfer cash to Tuya Information, our wholly owned subsidiary in the PRC, by paying service fees pursuant to the contractual arrangements through which we control and consolidate the financial results of the VIE. In each of 2021, 2022 and 2023, the VIE did not pay any service fees to Tuya Information pursuant to the contractual arrangements.

Because Tuya Inc. controls the VIE through contractual arrangements, it is not able to make direct capital contribution to the VIE. Nonetheless, Tuya Inc. and its subsidiaries may transfer cash to the VIE by loans or by making payment to the VIE for intergroup transactions, subject to satisfaction of applicable government registration and approval requirements. In 2021, 2022 and 2023, Tuya Inc. and its subsidiaries did not make any loans to the VIE. In addition, Tuya Information may, from time to time, lend cash to the VIE or settle the VIE’s payment obligations on behalf of VIE to provide temporary working capital support to the VIE. In 2021, 2022 and 2023, the net amounts of working capital support provided by Tuya Information to the VIE were RMB2.7 million, RMB2.5 million and RMB1.9 million (US$0.3 million), respectively. As of December 31, 2021, 2022 and 2023, the amounts owed by VIE to Tuya Information associated with the foregoing working capital support arrangements were RMB7.1 million, RMB9.6 million and RMB11.5 million (US$1.6 million), respectively. The VIE has historically funded its operations primarily using cash generated from its operating activities and the working capital support provided by Tuya Information. In 2021, 2022 and 2023, there were no assets transferred between the VIE and other entities.

In 2021, 2022 and 2023, no dividends or distributions were made to Tuya Inc. by its subsidiaries. Tuya Inc. has not previously declared or paid any cash dividend or dividend in kind, and has no plan to declare or pay any dividends in the near future on our shares or the ADSs representing our Class A ordinary shares. We currently intend to retain our available funds and any future earnings to operate and expand our business. We currently do not have any plan to require our PRC subsidiaries to distribute their retained earnings and intend to retain them to operate and expand our business in the PRC. See “Item 8.—Financial Information—8.A. Consolidated Statements and Other Financial Information—Dividend Policy.”

For the purpose of illustration, the below table reflects the hypothetical taxes that might be required to be paid within China, assuming that: (i) we have taxable earnings, and (ii) we determine to pay a dividend in the future:

​

Notes:

​

4

Table of Contents

​

The table above has been prepared under the assumption that all profits of the VIE will be distributed as fees to Tuya Information under tax neutral contractual arrangements. If in the future, the accumulated earnings of the VIE exceed the fees paid to Tuya Information, or if the current and contemplated fee structure between the intercompany entities is determined to be non-substantive and disallowed by Chinese tax authorities, we have other tax-planning strategies that can be deployed on a tax neutral basis. Should all tax planning strategies fail, the VIE could, as a matter of last resort, make a non-deductible transfer to our PRC subsidiary for the amounts of the stranded cash in the VIE. This would result in the double taxation of earnings: one at the VIE level (for non-deductible expenses) and one at Tuya Information level (for presumptive earnings on the transfer). Such a transfer and the related tax burdens would reduce our after-tax income to approximately 50.6% of the pre-tax income. Our management believes that there is only a remote possibility that this scenario would happen.

For PRC and United States federal income tax consideration of an investment in the ADSs, see “Item 10. Additional Information—10.E. Taxation.”

Restrictions on Foreign Exchange and the Ability to Transfer Cash between Entities, Across Borders and to U.S. Investors

To the extent cash or assets in the business are in the PRC, including Hong Kong, or a PRC (including Hong Kong) entity, the funds or assets may not be available to fund operations or for other use outside of the PRC, including Hong Kong, due to interventions in or the impositions of restrictions and limitations on the availability of Tuya Inc., its subsidiaries or the VIE by the PRC government to transfer cash or assets. There is no assurance that the PRC government will not intervene in or impose restrictions on the ability of Tuya Inc., its subsidiaries or the VIE to transfer cash or assets.

In the future, if and when we become profitable, Tuya Inc.’s ability to pay dividends, if any, to its shareholders and ADS holders and to service any debt it may incur will depend upon dividends paid by our PRC subsidiaries. Under PRC laws and regulations, our PRC subsidiaries are subject to certain restrictions with respect to paying dividends or otherwise transferring any of their net assets offshore to Tuya Inc. In particular, under the current effective PRC laws and regulations, dividends may be paid only out of distributable profits. Distributable profits are the net profit as determined under PRC GAAP, less any recovery of accumulated losses and appropriations to statutory and other reserves required to be made. Each of our PRC subsidiaries is required to set aside at least 10% of its after-tax profits each year, after making up previous years’ accumulated losses, if any, to fund certain statutory reserve funds, until the aggregate amount of such a fund reaches 50% of its registered capital. As a result, our PRC subsidiaries may not have sufficient distributable profits to pay dividends to us in the near future.

5

Table of Contents

Furthermore, if certain procedural requirements are satisfied, the payment of current account items, including profit distributions and trade- and service-related foreign exchange transactions, can be made in foreign currencies without prior approval from SAFE or its local branches. However, where RMB is to be converted into foreign currency and remitted out of China to pay capital expenses, such as the repayment of loans denominated in foreign currencies, approval from or registration with competent government authorities or their authorized banks is required. The PRC government may take measures at its discretion from time to time to restrict access to foreign currencies for current account or capital account transactions. If the foreign exchange control system prevents us from obtaining sufficient foreign currencies to satisfy our foreign currency demands, we may not be able to pay dividends in foreign currencies to our offshore intermediary holding companies or ultimate parent company, and therefore, our shareholders or investors in our ADSs. Further, we cannot assure you that new regulations or policies will not be promulgated in the future, which may further restrict the remittance of RMB into or out of the PRC. We cannot assure you, in light of the restrictions in place, or any amendment to be made from time to time, that our current or future PRC subsidiaries will be able to satisfy their respective payment obligations that are denominated in foreign currencies, including the remittance of dividends outside of the PRC. If any of our subsidiaries incurs debt on its own behalf in the future, the instruments governing such debt may restrict its ability to pay dividends to Tuya Inc. In addition, our PRC subsidiaries are required to make appropriations to certain statutory reserve funds, which are not distributable as cash dividends except in the event of a solvent liquidation of the companies.

Recent PRC Regulatory Developments

Cybersecurity Review

On December 28, 2021, the CAC and several other administrations jointly promulgated the Measures for Cybersecurity Review, or the Cybersecurity Review Measures, which became effective on February 15, 2022. The Cybersecurity Review Measures provide that (i) a “network platform operator” holding over one million users’ personal information shall apply for a cybersecurity review when listing their securities in a foreign country, (ii) a “critical information infrastructure operator” (the “CIIO”) that intends to purchase internet products and services that affect or may affect national security shall apply for a cybersecurity review and (iii) a “network platform operator” carrying out data processing activities that affect or may affect national security shall apply for a cybersecurity review. Since the Cybersecurity Review Measures are relatively new, significant uncertainties exist in relation to their interpretation and implementation. Additionally, the Cybersecurity Review Measures do not provide the exact scope of “network platform operator” or the circumstances that would “affect or may affect national security.”

As of the date of this annual report, we have not been required to go through a cybersecurity review by the CAC. However, there can be no assurance that we will not be required to apply for a cybersecurity review pursuant to the Cybersecurity Review Measures in the future. To the extent any cybersecurity review is required, we cannot assure you that we will be able to complete it in a timely manner, or at all. Any failure to complete the required cybersecurity review may result in administrative penalties, including fines, a shut-down of our business, revocation of requisite licenses, as well as reputational damage or legal proceedings or actions against us, which may have material adverse effects on our business, financial condition and results of operations. See “Item 3. Key Information—3.D. Risk Factors—Compliance with the rapidly evolving landscape of global data privacy and data security laws may be challenging, and any failure or perceived failure to comply with such laws, or other concerns about our practices or policies with respect to the processing of personal information, could damage our reputation and deter current and potential customers and end users from using our platform and products and services or subject us to significant compliance costs or penalties, which could materially and adversely affect our business, financial condition and results of operations.”

6

Table of Contents

CSRC Approval for Issuance and Listing of Securities Overseas

On February 17, 2023, the CSRC released the Trial Administrative Measures of Overseas Securities Offering and Listing by Domestic Companies, or the Trial Measures, and relevant supporting guidelines, collectively, the New Overseas Listing Rules, setting out new filing procedures for China-based companies seeking direct or indirect listings and offerings in overseas markets, which came into force since March 31, 2023. The New Overseas Listing Rules are applicable to PRC domestic companies that seek to offer and list securities in overseas markets, either through direct or indirect means. If an issuer meets both of the following criteria, the overseas securities offering and listing conducted by such issuer shall be deemed as an indirect overseas offering subject to the filing procedures set forth under the New Overseas Listing Rules: (i) 50% or more of the issuer’s operating revenue, total profit, total assets or net assets as documented in its audited consolidated financial statements for the most recent fiscal year are derived from PRC domestic companies; and (ii) the issuer’s business activities are substantially conducted in mainland China, or its principal place(s) of business are located in mainland China, or the senior managers in charge of its business operations and management are mostly Chinese citizens or domiciled in mainland China. Pursuant to the New Overseas Listing Rules, an issuer listed in an overseas market that intends to conduct any follow-on offering in the same overseas market where it has previously offered and listed securities should, through its major operating entity incorporated in the PRC, file required materials with the CSRC within three business days after the completion of such follow-on offering.

Furthermore, according to the New Overseas Listing Rules, after an issuer has completed its offering and listed its securities on an overseas stock exchange, it shall submit required reports to the CSRC within three business days after the occurrence and public disclosure of any material events, including (i) a change of control, (ii) investigations of or sanctions imposed on the issuer by overseas securities regulatory agencies or other relevant competent authorities, (iii) changes of listing status or transfers of the listing segment, (iv) a voluntary or mandatory delisting and (v) a material change in its main business operation, as a result of which that issuer is no longer subject to the filing requirements under the New Overseas Listing Rules.

The New Overseas Listing Rules provide that in the event of any breach, including any failure to fulfill the filing procedure, or any offering and listing of securities in an overseas market in violation of the measures, the CSRC will order such domestic company to rectify, issue warnings to such domestic company, and impose a fine between RMB1 million and RMB10 million. Fines and warnings will be imposed on the persons-in-charge and other persons who are directly liable. In addition, fines will also be imposed on the controlling shareholders and actual controllers of the domestic company who initiate or cause the aforesaid non-compliance activities.

See “Item 3. Key Information—3.D. Risk Factors—Risks Related to Doing Business in China—The filing, approval or other administration requirements of the CSRC, the CAC or other PRC government authorities may be required to maintain our listing status or conduct future offshore securities offerings.”

7

Table of Contents

PRC Licenses, Permissions and Approvals

In the view of Jia Yuan Law Offices, our PRC legal counsel, we had complied with the relevant applicable PRC laws relating to the required licenses, permissions and approvals to business operations in China in all material respects. Our PRC legal counsel has also advised us that, to the best of their knowledge, there should be no material legal impediment for us to renew these licenses, permissions and approvals as long as we comply with the relevant legal requirements and we take all necessary steps and submit the relevant applications in accordance with the requirements and schedules prescribed by the applicable PRC laws and regulations. For details of these licenses and permissions, see “Item 4. Information on the Company—4.B. Business Overview—Licenses, Permissions and Approvals.” For the consequences to us and investors if we do not receive or maintain requisite licenses, permissions and approvals necessary to conduct operations in China, or if applicable laws, regulations, or interpretations change and we are required to obtain additional permissions or approvals in the future, see “Item 3. Key Information—3.D. Risk Factors—Risk Related to Our Business and Industry—Any failure to maintain necessary permits and licenses to operate our business operations under applicable laws and regulations could materially and adversely affect our business and results of operations.”

As described above, the PRC government has recently tightened the regulation of cybersecurity, and indicated an intent to exert more oversight and control over securities offerings and other capital markets activities that are conducted overseas and foreign investment in China-based companies like us. As of the date of this annual report, we have not been required to go through a cybersecurity review by the CAC, or required to obtain any permission from, or complete any filing with, the CSRC in connection with our prior public offerings or maintaining the listing status on applicable stock exchanges. Nor have we received any formal inquiry, notice, warning, sanction, or any regulatory objection in relation to cybersecurity review from the CSRC, the CAC or any other PRC regulatory agencies that have jurisdiction over our operations. Since the legislative and regulatory actions in this regard, including the release of New Overseas Listing Rules, are relatively new, it is highly uncertain how soon legislative or administrative regulation-making bodies will respond and what existing or new laws or regulations or detailed implementations and interpretations will be modified or promulgated, if any, and the potential impact such modified or new laws and regulations will have on our business operations, our ability to accept foreign investments and conduct follow-on offerings, and listing or continuing listing on applicable stock exchanges. For details of related risks, see “Item 3. Key Information—3.D. Risk Factors—The filing, approval or other administration requirements of the CSRC, the CAC or other PRC government authorities may be required to maintain our listing status or conduct future offshore securities offerings.”

3.A.[Reserved]

3.B.Capitalization and Indebtedness

Not applicable.

3.C.Reason for the Offer and Use of Proceeds

Not applicable.

3.D.Risk Factors

Below please find a summary of the principal risks we face, organized under relevant headings.

Risks Related to Our Business and Industry

Risks and uncertainties related to our business and industry include, but are not limited to, the following:

8

Table of Contents

Risks Related to Our Corporate Structure

Having a corporate structure being based primarily in China poses risks to investors. Risks and uncertainties related to our corporate structure and the contractual arrangements include, but are not limited to, the following:

9

Table of Contents

Risks Related to Doing Business in China

Having the majority of our operations in China poses risks to investors:

Risks Related to Our ADSs and Class A Ordinary Shares

In addition to the risks described above, we are subject to risks related to our ADSs and Class A ordinary shares, including, but are not limited to, the following:

10

Table of Contents

Risks Related to Our Business and Industry

We operate in an emerging and evolving market, which may develop differently from or more slowly than we expect. If our market does not grow as we expect, or if we cannot expand our products and services to meet the demands of this market, our revenue may decline, or fail to grow, and we may continue to incur operating losses.

The IoT PaaS and IoT SaaS markets are at a relatively early stage of development and are constantly evolving. There is considerable uncertainty over the size and rate at which these markets will grow, as well as whether our products and services will be widely adopted. Moreover, the IoT cloud industry, including the IoT PaaS market and the IoT SaaS market, is subject to rapid technological change, evolving industry standards, changing regulations, as well as changing customer needs, requirements and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis. If we are unable to develop and launch new products and services or provide enhancements and new features to keep pace with rapid technological and industry changes, our business, results of operations and financial condition could be adversely affected. If new technologies emerge that are able to deliver competitive products and services at lower prices or more efficiently or securely, such technologies could adversely impact our ability to compete effectively.

11

Table of Contents

Our products, services and platform must also integrate with a variety of network, hardware, software and technologies, and we need to continuously modify and enhance our products, services and platform to adapt to changes and innovation. For example, if customers adopt new software, we may be required to develop new versions of our products and services to be compatible with such new software. This development effort may require significant resources, which would adversely affect our business, results of operations and financial condition. Any failure of our products and services to operate effectively with evolving or new software and technologies could reduce the demand for our products and services. If we are unable to respond to these changes in a cost-effective manner, our products and services may become less marketable and less competitive or obsolete, and our business, results of operations and financial condition could be adversely affected. Furthermore, as we embark on the implementation of innovative business models to remain competitive and meet the evolving needs of our market, we recognize the heightened management capabilities required across various dimensions of our operations. These areas include, but are not limited to, internal team collaboration, business processes optimization, agile product development and iteration, efficient manufacturing practices, and robust management of external supplier relationships, including contract manufacturers, logistics and delivery services, and maintaining high standards of product quality. While we are actively exploring and learning to adapt to these demands, we are faced with the risk of insufficient experience and expertise in these complex areas. These gaps may lead to suboptimal progress in product development or delays in delivery, slower product iteration speeds than our competitors, failure to achieve anticipated technological upgrades, or issues with product quality that could harm our reputation among end users, consumers and partners, any of which could negatively impact our business, results of operations and financial condition.

In the past, our business has scaled rapidly by leveraging our strong software and robust platform-based delivery capabilities. However, in the second half of 2021, the global consumer electronics sector started to experience a significant and growing supply-demand mismatch, a situation where the supply of the products available exceeds the demand, resulting in a high level of inventory of manufacturers and distributors. Several factors contributed to this mismatch, including rising shipping costs, supply chain disruptions and rising global inflation, among others, many of which are beyond our control. As a result, our customers, who are mostly consumer electronics brands and OEMs, were negatively impacted, as were our own business operations. Since 2022, the ongoing inflationary pressures and global events such as the Russia-Ukraine conflict and the energy shortage have further aggravated these issues. We, for the first time since our inception, experienced a decrease in our annual revenue in 2022. Amid the high global inflation, the entire industry has entered a destocking cycle. In 2023, we continued to observe a moderately declining yet persisting overall inflation, and we expect that it will continue affecting the discretionary consumer electronics spending. Due to industry-wide efforts, downstream inventory level has gradually returned to normal. As a result, downstream smart device manufacturers, brands, and retail channels have greater flexibility in their operations and procurement. However, it is uncertain whether they will increase their procurements from upstream suppliers like us, as this is subject to various factors beyond our control.

We have a limited operating history, making it difficult to forecast our future results of operations.

We commenced our operations in 2014. Our relatively limited operating history makes it difficult to evaluate our current business and prospects, and to plan for our anticipated future growth. As a result of our limited operating history, our ability to accurately forecast our future results of operations is limited and subject to a number of uncertainties, including our ability to plan for and model future growth. Our historical revenue growth should not be considered indicative of our future performance.

Further, in future periods, our revenue growth could slow down or our revenue could decline for a number of reasons, including slowing demand for our offerings, increased competition, changes to technology, a decrease in the growth of our overall market, or our failure, for any reason, to continue to take advantage of growth opportunities. We have also encountered, and will continue to encounter, risks and uncertainties frequently experienced by growing companies in rapidly changing industries. If our assumptions regarding these risks and uncertainties and our future revenue growth are incorrect, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations, and our business could suffer.

12

Table of Contents

Our recent growth may not be indicative of our future growth, and we may not be able to sustain our revenue growth rate in the future.

We have experienced rapid growth since the inception of our operations. However, you should not rely on the revenue growth of any prior quarterly or annual period as an indication of our future performance. We cannot assure you that we will be able to manage our growth at the same rate as we did in the past, or avoid any decline in the future. To sustain our growth, we must attract more customers, hire additional qualified R&D and other staff, expand our business, and enhance our technology infrastructure. Moreover, our current and planned staffing, systems, policies, procedures and controls may not be adequate to support our future operations. To manage our expected growth, we will also be required to improve our operational, financial and management controls and reporting systems and procedures. If we fail to efficiently manage the expansion of our business, our costs and expenses may increase faster than we planned and we may not successfully attract enough customers and end users affordably, respond quickly to competitive challenges, or otherwise execute our business strategies. Our growth requires significant financial resources and will continue to place significant demands on our management. There is no guarantee that we will be able to effectively manage any future growth in an efficient, cost-effective and timely manner, or at all. Our growth in a relatively short period of time is not necessarily indicative of results that we may achieve in the future. If we fail to effectively manage the growth of our business and operations, our reputation, results of operations and overall business and prospects could be negatively impacted.

The markets in which we operate are competitive, and if we do not compete effectively, our business, operating results and financial condition could be harmed.

The market of IoT PaaS, SaaS (including industry SaaS and other software value-added services), and smart devices are competitive and rapidly evolving. The principal competitive factors in these markets include the ability to support multiple use cases on a single platform, ease of deployment, implementation and use, platform performance, scalability and reliability, global reach, brand awareness and reputation, the strength of sales and marketing efforts, as well as the ability to ensure data security and privacy.

Some of our existing and potential competitors might have substantial competitive advantages, including larger scale, longer operating history, greater brand recognition, more established relationships with customers, suppliers, manufacturers and other business partners, and greater financial, research and development, marketing and other resources. As a result, our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards or customer requirements. Our existing and potential competitors may develop and market new products and services with comparable functionality to ours, and this could force us to offer our products and services at lower prices in order to remain competitive.

Some of our competitors are able to offer products and services at lower prices than ours, which may be attractive to certain customers even if those products and services offer different or fewer functionalities. If we are unable to maintain our current pricing due to the competitive pressures, our margins will be reduced and our business, results of operations and financial condition would be adversely affected. In addition, pricing pressures and increased competition could result in reduced revenue, reduced margins, increased losses or the failure of our products and services to achieve or maintain widespread market acceptance, any of which could harm our business, results of operations and financial condition. Moreover, we are continuously exploring and promoting innovative business models designed to meet the evolving development needs of our industry. While these efforts distinguish our offerings and drive value for our customers, they also expose us to the risk of imitation and intensified business competition. Competitors may adopt similar business models or emulate our strategies, potentially coupling their efforts with aggressive pricing tactics to attract our customer base. The introduction of comparable business models by competitors may significantly impact our market position, as well as our customer retention and acquisition cost. Should our competitors succeed in offering similar or superior solutions at lower prices, we may experience a decrease in customer loyalty and engagement.

With the introduction of new products and services and new market entrants, we expect competition to intensify in the future. In addition, some of our customers may choose to use our products and services and our competitors’ products and services at the same time, or choose to switch to other IoT platforms. As we expand the scope of our platform, products and services, we may face additional competition. If one or more of our competitors were to merge or partner with another of our competitors, the change in the competitive landscape could also adversely affect our ability to compete effectively.

13

Table of Contents

Failure to maintain, expand and optimize our customer base or strengthen customer engagement may adversely affect our business and results of operations.

Our revenue growth depends on our ability to maintain, expand and optimize our customer base. Over the past two years, the markets in which we operate have experienced various challenges and obstacles. In response, we strategically strengthen our focus on high-quality customers. This involves dedicating our sales and marketing efforts, as well as technology and customer service support to customers who have larger scale of operations, higher market share and greater resilience to economic downturns. As a result, the total number of our customers decreased from approximately 8,400 in 2021 to approximately 7,600 in 2022 and further decreased to approximately 6,100 in 2023. The total number of our IoT PaaS customers decreased from approximately 5,500 in 2021 to approximately 5,100 in 2022 and further decreased to approximately 4,000 in 2023.

In addition, it is crucial for us to strengthen customer engagement so that more of our customers will use our products and services more often and contribute more to our revenue growth. If our customers do not increase their use of our products and services, our revenue may not grow, and our results of operations may be harmed. However, it is difficult to predict the end users’ usage levels of smart devices accurately and the loss of customers or reductions in the end users’ usage levels may have a negative impact on our business, results of operations and financial condition. Our customers may cease, or reduce their usage of our products and services due to a variety of reasons or factors, such as progress in technology that makes our products and services obsolete, a decrease in the quality of our products and services, unfounded allegations and rumors relating to the health effect of technologies such as 5G, or national security or other concerns caused by our products and services, rising raw material prices and shortage of semiconductor components, which are outside our or our customers’ control. Additionally, our customers or partners, who distribute and sell their smart products using our offerings such as IoT PaaS and smart solutions for IoT devices through various sales channels, are often required to adhere to specific sales policies set by these channels covering a wide range of practices, including but not limited to marketing, pricing, and customer interaction. Failure to comply with these policies can result in penalties, including fines or, in severe cases, the termination of their ability to sell through these channels. If our customers or partners are penalized or face business shutdown due to non-compliance with these sales policies, it could result in a reduction in their purchases from us. This, in turn, could have a material adverse effect on our sales volume and revenue.

If a significant number of our customers cease using, or reduce their usage of, our products and services, or if the brands who place orders through our OEM customers cease to place orders from them, we may be required to spend significantly more on sales and marketing than we currently plan to spend in order to maintain or increase revenues. These additional expenditures could adversely affect our business, results of operations and financial condition.

If we fail to estimate customer demand properly, our financial results could be harmed.

Our business involves estimates of customers’ future demand. There may be a significant mismatch between supply and demand, giving rise to product shortages or excess inventory, and make our demand forecast more uncertain. Demand for our products and services is based on many factors, including our product introductions, competitor announcements, competing technologies, and power or raw material supply, among other things. These factors are often outside our and our customers’ control and their impact are difficult to predict. For example, the demand and use of the chips as part of the modules where the edge capabilities of IoT PaaS are embedded have fluctuated in the past and is likely to continue to fluctuate in the future. In periods with limited supply of chips or following a significant destocking cycle in the industry, when enterprises start restocking their inventory levels, our customers may place inventory orders significantly in advance of their normal order cycle, which could increase fluctuations in our sales and revenue between periods and make it more difficult for us to estimate future customer demands. These challenges may be more pronounced in the future if the demand, downstream inventory patterns and prices of chips continue to fluctuate. In addition, to the extent our customers experience material changes in the sale of their smart devices or a high level of backlogs in inventories, they may reduce or delay purchases of our products and services, causing our estimate of customer demand to be inaccurate. In estimating demand, we make multiple assumptions, any of which may prove to be incorrect. Furthermore, to the extent we build inventory anticipating growth in customer demand, our business, results of operations and financial condition may be negatively affected if such growth does not materialize as expected.

14

Table of Contents

Our use of third-party suppliers involves certain risks that may result in, among others, increased costs, disruption of supply or shortage of raw materials or inventories such as finished smart devices, quality or compliance issues, or failure by our suppliers to timely manufacture the modules and finished smart devices, any of which could materially harm our business.

We use third-party suppliers to manufacture the modules where edge capabilities of IoT PaaS are embedded, and in some circumstances (such as our smart device distribution business) finished smart devices. we are dependent on third-party suppliers to manufacture the modules and smart devices using their equipment and technology. Our use of such third-party suppliers who manufacture the modules and smart devices involves a number of risks, including:

If any of our suppliers is not able to perform its manufacturing obligations in the manner, timing and quality as agreed, we may not be able to, on a timely basis, find a suitable alternative on commercially acceptable terms. Disruptions of our relationships with such suppliers could negatively impact our business operations for an extended period of time. Any inability to acquire sufficient quantities of the modules and finished smart devices in a timely manner from these third-party suppliers could have a material negative impact on our business.

Components of IoT modules, smart devices and other raw materials used in our operations are periodically subject to supply shortages, and our business is subject to the risk of price increases and periodic delays in delivery. For example, the supply of chips that are essential components of IoT modules has been subject to a global shortage, due to geopolitical tensions. The chip industry has also experienced cyclical price fluctuations. While we believe that as of the date of this annual report, such chip shortage, or any increase in the price of chips, has not had a material negative impact on our business operations, there is no assurance that we will be able to continue to secure adequate chip supply at commercially reasonable cost for our operations. If we fail to secure sufficient chip supply, we may have to secure alternative suppliers or find alternative supplies or technologies, which could be costly, time consuming, and may not be successful. To the extent the chip shortage deteriorates or becomes longer-term in nature, we may experience significant delays in our delivery to customers and our business operations and prospects may be negatively impacted.

15

Table of Contents

If we are not able to introduce new features or products successfully or to make enhancements to our existing products and services, our business and results of operations could be adversely affected.

To attract new customers and end users and keep our existing ones engaged, we must introduce new products and services and upgrade our existing offerings to meet their evolving preferences. It is difficult to predict the preferences of a particular customer or a specific group of customers. Changes and upgrades to our existing products may not be well received by our customers and end users, and newly introduced products or services may not achieve success as expected. For example, we may introduce new SaaS products for new industry verticals such as the home energy management system and mini-programs for the energy-saving sector, with which we have little or no prior experience. Such efforts may require us to contribute a substantial amount of additional human capital and financial resources. We cannot assure you that any of such new products will achieve market acceptance or generate sufficient revenue to adequately compensate the costs and expenses incurred in relation to our development and promotion efforts. Enhancements and new products and services that we develop may not be introduced in a timely or cost-effective manner, may contain errors or defects, may have interoperability difficulties with our platform or other products and services or may not achieve the broad market acceptance necessary to generate significant revenue. If we fail to improve our existing products and introduce new ones in a timely or cost-effective manner, our ability to attract and retain customers and end users may be impaired, and our financial performance and prospects may be adversely affected.

We rely upon third-party providers of cloud-based infrastructure to host our platform. Any disruption in the operations of these third-party providers, limitations on capacity or interference with our use, due to geopolitical tensions or business competition could adversely affect our business, financial condition and results of operations.

We currently serve our customers and end users from data centers in China, the United States, Europe and India. We also use various third-party cloud-hosting providers such as AWS, Microsoft Azure and Tencent Cloud to provide cloud infrastructure for our platform. Our IoT PaaS and Industry SaaS products and value-added services rely on the operations of this infrastructure. We do not control, or in some cases have limited control over, the operation of the data center facilities we use. Customers expect to access our platform at any time, without interruption or degradation of performance, and we provide a few customers with service-level commitments with respect to uptime. Any limitation on the capacity of our data centers or cloud infrastructure could impede our ability to onboard new customers or expand the usage of our existing customers, host our products or serve our customers, which could adversely affect our business, financial condition and results of operations. In addition, any incident and technical failure affecting our data centers or cloud infrastructure that may be caused by cyberattacks, natural disasters, fire, flood, severe storm, earthquake, power loss, outbreaks of contagious diseases, telecommunications failures, terrorist or other attacks, or other events beyond our control could negatively affect the cloud-based portion of our platform. A prolonged service disruption affecting our data centers or cloud-based services for any of the foregoing reasons would negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. We may also incur significant costs for using alternative providers or taking other actions in preparation for, or in response to, events that damage the third-party hosting services we use.

The global landscape of cloud services is subject to the influence of geopolitical factors, including international trade disputes, sanctions, and national security concerns, which could impact the availability, reliability, and cost of cloud infrastructure services. Additionally, the competitive dynamics in the cloud services market and potential commercial conflicts of interest could lead to changes in service terms, pricing, availability or even termination of service agreements, particularly if our providers engage in business activities similar to ours and become direct competitors. Any limitation on the capacity of our cloud infrastructure, or any interruption caused by geopolitical events, trade restrictions, or competitive actions in the cloud market, could impede our ability to onboard new customers or expand the usage among existing customers, host our products, or serve our customers effectively.

In the event that our service agreements relating to our data centers or cloud infrastructure are terminated, or there is a lapse of service, elimination of services or features that we utilize, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our platform, as well as significant delays and additional expense in arranging or creating new facilities and services or rebuilding our platform for deployment on a different data center provider or cloud infrastructure service provider, which could adversely affect our business, financial condition and results of operations.

16

Table of Contents

We benefit from integration of our products and services with those of our business partners. If these business partners choose not to partner with us in the future, our business and results of operations may be harmed.

We benefit from integration of our products and services with those of our business partners, such as the providers of cloud services used to support our platform. If entities who serve as our business partners change their cooperation model with us, our business, results of operations and financial condition may be adversely affected. We may also face competition from our business partners in a number of areas, including innovations in our businesses. Such competition may adversely affect our competitive position, business prospects and our relationship with our business partners. It may be necessary in the future to renegotiate agreements relating to various aspects of these collaborations or business partnerships. In addition, if our business partners choose not to partner with us, or choose to form collaborations with our competitors’ platforms, our business, financial condition and results of operations could be harmed.

Compliance with the rapidly evolving landscape of global data privacy and data security laws may be challenging, and any failure or perceived failure to comply with such laws, or other concerns about our practices or policies with respect to the processing of personal information, could damage our reputation and deter current and potential customers and end users from using our platform and products and services or subject us to significant compliance costs or penalties, which could materially and adversely affect our business, financial condition and results of operations.

Failure to comply with the increasing number of data protection laws in the jurisdictions in which we operate, as well as concerns about our practices with regard to the collection, use, storage, retention, transfer, disclosure and other processing of personal information, the security of personal information, the use of biometric information or other privacy-related matters, such as cybersecurity breaches, misuse of personal information and data sharing without necessary safeguards, including concerns from our customers, employees and third parties with whom we conduct business, even if unfounded, could damage our reputation and operating results. As we seek to expand our business, we are, and may increasingly become, subject to various laws, regulations and standards, as well as contractual obligations, relating to data privacy and security in the jurisdictions in which we operate. The regulatory and legal frameworks regarding data privacy and security issues in many jurisdictions are constantly evolving and developing and can be subject to significant changes from time to time, including in ways that may result in conflicting requirements among various jurisdictions. Interpretation and implementation standards and enforcement practices are similarly in a state of flux and are likely to remain uncertain for the foreseeable future. As a result, we may not be able to comprehensively assess the scope and extent of our compliance responsibility at a global level, and may fail to fully comply with the applicable data privacy and security laws, regulations and standards. Moreover, these laws, regulations and standards may be interpreted and applied differently over time and from jurisdiction to jurisdiction, and it is possible that they will be interpreted and applied in ways that may have a material and adverse impact on our business, financial condition and results of operations.

PRC

In recent years, the PRC government has increasingly tightened the regulation of cybersecurity and the storage, sharing, use, disclosure and protection of data and personal information. The Cybersecurity Law of the PRC, or the Cybersecurity Law, promulgated by the Standing Committee of the National People’s Congress (the “SCNPC”) has come into force on June 1, 2017. In addition, the Data Security Law of PRC, or the Data Security Law, was promulgated by the SCNPC on June 10, 2021 and took effect on September 1, 2021.

17

Table of Contents

Numerous laws, regulations, guidelines and other measures have been or are expected to be adopted pursuant to the guidelines of, or in addition to, the Cybersecurity Law and Data Security Law. These include, for example, the draft Measures on Security Assessment of Cross-Border Transfer of Personal Information and Important Data released in April 2017, the draft Measures on Security Assessment of Cross-Border Transfer of Personal Information released in June 2019, and the Personal Information Protection Law, or the Personal Information Protection Law, which was released on August 20, 2021 and became effective on November 1, 2021. Specifically, on July 7, 2022, the CAC released the Measures on Security Assessments for the Cross-border Transfer of Data, which is applicable to cross-border transfers of personal information and important data collected and generated in China under certain circumstances. While we do not believe our current business involves any transmission, use and exchange of information that comes under the definition of “cross-border transfers of personal information and important data” under the foregoing laws and regulations, we cannot assure you that the PRC regulatory authorities will not take a view contrary to ours, thus requiring us to comply with applicable data localization, security assessment and other requirements under these proposed laws and regulations. As our business continues to grow, there may arise circumstances where we engage in such cross-border transfers of personal information and important data, including in order to satisfy the legal and regulatory requirements, in which case we may need to comply with the foregoing requirements as well as any other limitations under PRC laws then applicable. Complying with these laws and requirements could cause us to incur substantial expenses or require us to alter or change our practices in ways that could harm our business. Additionally, to the extent we are found to be not in compliance with these laws and requirements, we may be subject to fines, regulatory orders to suspend our operations or other regulatory and disciplinary sanctions, which could materially and adversely affect our business, financial condition and results of operations.

On July 30, 2021, the State Council of the PRC promulgated the Provisions on Protection of Critical Information Infrastructure, or the CII Protection Regulations, which became effective on September 1, 2021. Pursuant to the CII Protection Regulations, “critical information infrastructures” (“CIIs”) refer to any important network facilities or information systems of the important industry or field such as public communication and information service, energy, communications, water conservation, finance, public services, e-government affairs and national defense science, which may endanger national security, people’s livelihood and public interest in case of damage, function loss or data leakage. In addition, relevant administration departments of each critical industry and sector shall be responsible for formulating eligibility criteria and identifying the CIIOs in the respective industry or sector, and the CIIOs shall be responsible for protecting the CIIs’ security by performing certain prescribed obligations. As of the date of this annual report, we have not been informed by CAC or any other PRC government authorities that we are identified or will be deemed as a CIIO. However, since the criteria for determining CIIOs remain uncertain, we cannot assure you that we will not be identified as a CIIO by any competent regulatory authority in the future.

On December 28, 2021, the CAC and several other administrations jointly promulgated the Measures for Cybersecurity Review, or the Cybersecurity Review Measures, which became effective on February 15, 2022. The Cybersecurity Review Measures provide that (i) a “network platform operator” holding over one million users’ personal information shall apply for a cybersecurity review when listing their securities in a foreign country, (ii) a CIIO that intends to purchase internet products and services that affect or may affect national security shall apply for a cybersecurity review and (iii) a “network platform operator” carrying out data processing activities that affect or may affect national security shall apply for a cybersecurity review. Since the Cybersecurity Review Measures are relatively new, significant uncertainties exist in relation to their interpretation and implementation. Additionally, the Cybersecurity Review Measures do not provide the exact scope of “network platform operator” or the circumstances that would “affect or may affect national security.” There can be no assurance that we will not be required to apply for a cybersecurity review pursuant to the Cybersecurity Review Measures. To the extent any cybersecurity review is required, we cannot assure you that we will be able to complete it in a timely manner, or at all. Any failure to complete the required cybersecurity review may result in regulatory sanctions including, among others, government enforcement actions and investigations, fines, penalties, and suspension of our non-compliant operations, as well as reputational damage or legal proceedings or actions against us, any of which may have material adverse effects on our business, financial condition and results of operations.

18

Table of Contents

In addition, on November 14, 2021, the CAC released the Regulations on the Administration of Cyber Data Security (Draft for Comments) (the “Draft Cyber Data Security Regulation”), which has not been officially enacted as of the date of this annual report. According to the Draft Cyber Data Security Regulation, data processors shall apply for a cybersecurity review when carrying out the following activities: (i) the merger, reorganization or division of internet platform operators that have acquired a large number of data resources related to national security, economic development or public interests, which affect or may affect national security; (ii) data processors that handle personal information of more than one million people contemplating to list its securities on a “foreign” stock exchange; (iii) data processors contemplating to list its securities on a stock exchange in Hong Kong, which affects or may affect national security; and (iv) other data processing activities that affect or may affect national security. According to the PRC National Security Law, “national security” refers to a status in which the regime, sovereignty, unity, territorial integrity, welfare of the people, sustainable economic and social development, and other vital interests of the state are relatively not in danger and not threatened internally or externally and the ability to maintain a sustained security status. However, as of the date of this annual report, the criteria for determining the circumstances that “affect or may affect national security” for the purpose of the Draft Cyber Data Security Regulation remain unclear and are subject to further clarification by the CAC. It also remains uncertain when the Draft Cyber Data Security Regulation will be adopted and become effective and whether it will be adopted in its current draft form. It remains uncertain whether future regulatory changes would impose additional restrictions on us. We cannot predict the impact of the Draft Cyber Data Security Regulation, if any, at this stage, and we will closely monitor and assess any development in the rulemaking process. If the enacted version of the Draft Cyber Data Security Regulation mandates clearance of a cybersecurity review and other specific actions to be completed by China-based companies listed on a foreign stock exchange like us, we face uncertainties as to whether such clearance can be timely obtained, or at all.

EU and U.K.

The General Data Protection Regulation (EU) 2016/679 (the “GDPR”), which applies to the collection, use, storage, retention, transfer, disclosure and other processing of personal data obtained from individuals located in the European Union (the “EU”) or by businesses operating within the EU, became effective on May 25, 2018 and has resulted, and will continue to result, in significantly greater compliance burdens and costs for companies with customers, end users, or operations in the EU. The GDPR places stringent obligations and operational requirements on us as both a processor and controller of personal data and could make it more difficult or more costly for us to use and share personal data. Under the GDPR, data protection supervisory authorities are given various enforcement powers, including levying fines of up to €20 million or up to 4% of an organization’s annual worldwide turnover, whichever is greater, for the preceding financial year, for non-compliance. Data subjects also have the right to be compensated for damages suffered as a result of a controller or processor’s non-compliance with the GDPR. While the GDPR provides a more harmonized approach to data protection regulation across the EU member states, it also gives EU member states certain areas of discretion and therefore laws and regulations in relation to certain data processing activities may differ on a member state by member state basis, which could further limit our ability to use and share personal data and could require localized changes to our operating model. In addition to the GDPR, the EU also has released a proposed Regulation on Privacy and Electronic Communications, or the ePrivacy Regulation, to replace the EU’s current Privacy and Electronic Communications Directive, or the ePrivacy Directive, to, among other things, better align EU member states and the rules governing online tracking technologies and electronic communications, such as unsolicited marketing and cookies, with the requirements of the GDPR. While the ePrivacy Regulation was originally intended to be adopted on May 25, 2018 (alongside the GDPR), it is currently going through the European legislative process and timing for adoption remains unclear. The current draft of the ePrivacy Regulation significantly increases fining powers to the same levels as GDPR and may require us to change our operational model and incur additional compliance expenses. The regulation is currently in the final stages of negotiation, and the details of this regulation remain in flux. Additional time and effort may need to be spent addressing the new requirements in the potential ePrivacy Regulation as compared to the GDPR.

Under the GDPR, restrictions are placed on transfers of personal data outside of the European Economic Area to countries which have not been deemed “adequate” by the European Commission (including the PRC). As a global business, with customers and end users worldwide, we are susceptible to any changes in legal requirements affecting international data flows. Due to recent regulatory changes and guidance, we may need to invest in additional technical, legal and organization safeguards in the future to avoid disruptions to data flows within our business and to and from our customers and service providers. Furthermore, this uncertainty, and its eventual resolution, may increase our costs of compliance, impede our ability to transfer data and conduct our business, and harm our business or results of operations.

19

Table of Contents

Additionally, the withdrawal of the United Kingdom (“U.K.”) from the EU (commonly known as “Brexit”) has created uncertainty with regard to the regulation of privacy and data protection in the U.K. Since January 1, 2021, when the transitional period following Brexit expired, the so-called U.K. GDPR (combining the GDPR and the U.K.’s Data Protection Act of 2018) has been in effect in the U.K. Although the U.K. GDPR currently imposes substantially the same obligations as the GDPR, and currently authorizes similar fines, the U.K. GDPR will not automatically incorporate changes to the GDPR going forward (which would need to be specifically incorporated by the U.K. government). Moreover, the U.K. government has publicly announced plans to reform the U.K. GDPR in ways that, if formalized, are likely to deviate from the GDPR. While the European Commission has issued an “adequacy” decision to the U.K., which facilitates the sharing of personal data between the EU and the U.K. for the time being, such adequacy decision will sunset in June 2025 unless extended and it may be revoked in the future by the European Commission if the U.K. data protection regime is reformed in ways that deviate substantially from the level of protection currently in place. Adding further complexity for international data flows, in March 2022, the U.K. adopted its own International Data Transfer Agreement for transfers of personal data out of the U.K. to so-called third countries, as well as an international data transfer addendum that can be used with GDPR’s standard contractual clauses for the same purpose. All of this creates a risk of divergent parallel regimes and related uncertainty, along with the potential for increased compliance costs and risks for affected businesses based on differing, interpretation and enforcement by regulators and authorities. For details of related regulations, see “Regulation—Regulation Relating to Cybersecurity, Data Security and Privacy Protection.”

United States

In the United States, various federal regulators, including governmental agencies like the Federal Trade Commission, and states and state regulators have adopted, or are considering adopting, laws and regulations concerning personal data and data security, such as the California Consumer Privacy Act, of 2018 (as modified by the California Privacy Rights Act, collectively “CCPA”). This patchwork of legislation and regulation may give rise to conflicts or differing views of personal privacy rights. For example, certain state laws may be more stringent or broader in scope, or offer greater individual rights, with respect to personal data than federal, international or other state laws, and such laws may differ from each other, all of which may complicate compliance efforts. One such comprehensive privacy law in the United States is the CCPA, which came into effect on January 1, 2020 and was significantly amended as of January 1, 2023. Among other things, the CCPA requires companies that process personal information of California residents to make detailed disclosures to consumers about such companies’ data collection, use and sharing practices, gives California residents expanded rights to access and delete their personal information and to opt out of certain personal information sharing with (and sales of personal information to) third parties. The CCPA provides for civil penalties for violations, as well as a private right of action for certain data breaches that result in the loss of personal data that may increase the likelihood of, and risks associated with, data breach litigation. Additionally, the CCPA expands consumers’ rights with respect to certain sensitive personal information, further restricts the use of cross-context behavioral advertising and creates a state agency, the California Privacy Protection Agency, to oversee implementation and enforcement efforts. Amendments have been made to the CCPA, and it is possible that further amendments will be enacted, but even in its current form it remains unclear how various provisions of the CCPA will be interpreted and enforced potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. Other state laws are changing rapidly and there have been ongoing discussions and proposals in the U.S. Congress with respect to new federal data privacy and security laws to which we would become subject if enacted. All of these evolving compliance and operational requirements impose significant costs that are likely to increase over time, may require us to modify our data processing practices and policies, divert resources from other initiatives and projects, and could restrict the way products and services involving data are offered, all of which may have a material and adverse impact on our business, financial condition and results of operations. For details of related regulations, see “Regulation—Regulation Relating to Cybersecurity, Data Security and Privacy Protection.”

20

Table of Contents

In addition to government regulation, privacy advocates and industry groups have and may in the future propose self-regulatory standards from time to time. These and other industry standards may legally or contractually apply to us, or we may elect to comply with such standards. We expect that there will continue to be new proposed laws and regulations concerning data privacy and security, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. New laws, amendments to or reinterpretations of existing laws, regulations, standards and other obligations may require us to incur additional costs and restrict our business operations. For example, there is an increasing trend of jurisdictions requiring data localization, which may prohibit companies from storing data relating to resident individuals in data centers outside the relevant jurisdiction or, at a minimum, require a complete set of the data to be stored in data centers within the relevant jurisdiction. Because the interpretation and application of laws, regulations, standards and other obligations relating to data privacy and security are still uncertain, it is possible that these laws, regulations, standards and other obligations may be interpreted and applied in a manner that is inconsistent with our data processing practices and policies or the features of our products and services. If so, in addition to the possibility of fines, lawsuits, complaints, inquiries, allegations, regulatory investigations, public censure, other claims and penalties, and significant costs for remediation and damage to our reputation, we could be materially and adversely affected if legislation or regulations are expanded to require changes in our data processing practices and policies or if governing jurisdictions interpret or implement their legislation or regulations in ways that negatively impact our business, financial condition and results of operations. Furthermore, the developing requirements relating to clear and prominent privacy notices (including in the context of obtaining informed and specific consents to the collection and processing of personal information, where applicable) may potentially deter end users from consenting to certain uses of their personal information.

In general, negative publicity of us or our industry regarding actual or perceived violations of our end users’ privacy-related rights, including fines and enforcement actions against us or other similarly placed businesses, also may impair users’ trust in our privacy practices and make them reluctant to give their consent to share their data with us. Any inability to adequately address data privacy or security-related concerns, complaints, inquiries or allegations when they arise, even if unfounded, or to comply with applicable laws, regulations, standards and other obligations relating to data privacy and security, could result in additional cost and liability to us, harm our reputation and brand, damage our relationships with consumers and have a material and adverse impact on our business, financial condition and results of operations. In addition, due to data privacy or data security concerns, our ability to retain or increase our user base and user engagement may be materially and adversely affected, we may not be able to maintain or grow our revenues as anticipated and our financial results could be materially and adversely affected.

With regard to our commercial arrangements, we and our counterparties, including business partners and external service providers, might be subject to contractual obligations regarding the processing of personal information. While we believe our and our counterparties’ conduct under these agreements is in material compliance with all applicable laws, regulations, standards, certifications and orders relating to data privacy or security, we or our counterparties may fail, or be alleged to have failed, to be in full compliance. In the event that our acts or omissions result in alleged or actual failure to comply with applicable laws, regulations, standards, certifications and orders relating to data privacy or security, we may incur liability. While we endeavor to include indemnification provisions or other protections in such agreements to mitigate liability and losses stemming from our counterparties’ acts or omissions, we may not always be able to negotiate for such protections and, even where we can, there is no guarantee that our counterparties will honor such provisions or that such protections will cover the full scope of our liabilities and losses.

While we strive to comply with our internal data privacy guidelines as well as all applicable data privacy and security laws and regulations and contractual obligations in respect of personal information, there is no assurance that we are able to comply with these laws, regulations and contractual obligations in all respects. Any failure or perceived failure by us, external service providers or business partners to comply may result in proceedings or actions against us, including fines and penalties or enforcement orders (including orders to cease processing activities) being levied on us by government agencies or proceedings or actions against us by our business partners, customers or end users, including class action privacy litigation in certain jurisdictions, and could damage our reputation and discourage current and future users from using our products and services, which could materially and adversely affect our business, financial condition and results of operations. In addition, compliance with applicable laws on data privacy requires substantial expenditure and resources, including to continually evaluate our policies and processes and adapt to new requirements that are or become applicable to us on a jurisdiction-by-jurisdiction basis, which would impose significant burdens and costs on our operations or may require us to alter our business practices. Concerns about the security of personal information also could lead to a decline in general internet usage, which could result in a decrease in demand for our products and services and have a material and adverse effect on our business, financial condition and results of operations. Furthermore, if the local government authorities in our target markets require real-name registration for users of our platform, the growth of our customer and end-user bases may slow down and our business, financial condition and results of operations may be adversely affected.

21

Table of Contents

The expansion of our international operations exposes us to significant regulatory, economic and political risks.

Expansion of our operations and customer base worldwide is essential to our growth strategy. We operate internationally with local offices in the United States, Europe, Singapore, India, China, Japan and Colombia among other locations.

We expect that our international activities will continue to grow over the foreseeable future as we continue to pursue opportunities in existing and new markets, which will require significant management attention and financial resources worldwide. In connection with such expansion, we may face difficulties including costs associated with varying seasonality patterns, potential adverse movement of currency exchange rates, longer payment cycle, difficulties in collecting accounts receivable in some countries, the imposition of new tariffs, or adjustments in existing tariffs or trade barriers, a variety of regulatory or contractual limitations on our ability to operate, adverse tax events, reduced protection of intellectual property rights in some countries, political risks and a geographically and culturally diverse workforce and customer base. Failure to overcome any of these difficulties could harm our business.

In addition, we will face risks in doing business internationally that could adversely affect our business, including:

22

Table of Contents

As we operate across various countries and regions, we are subject to a complex web of data security laws and regulatory requirements. These laws and regulations vary significantly from one jurisdiction to another, and often, there can be overlaps or direct conflicts between the data protection frameworks of different countries and regions. Managing compliance with these diverse regulatory landscapes poses a substantial challenge. Failure to navigate these jurisdictional overlaps or address regulatory conflicts could result in a range of adverse outcomes, including but not limited to business interruptions, the termination of critical services in certain regions, or the imposition of fines and penalties. Additionally, any perceived or actual non-compliance could harm our reputation, eroding trust among customers, users and partners, and potentially leading to decreased adoption of our platform.

Our failure to manage any of these risks successfully could harm our international operations, and adversely affect our business, operating results and financial condition. In some cases, compliance with the laws and regulations of one country could violate the laws and regulations of another country. As our global operations evolve, we cannot assure you that we are able to fully comply with the legal requirements of each jurisdiction and successfully adapt our business models to local market conditions. Due to the complexity involved in our international business expansion, we cannot assure you that we are or will be in compliance with all local laws.

The COVID-19 pandemic has disrupted our and our business partners’ operations and it, or any future health epidemic or other adverse public health developments, may continue to do so.

The COVID-19 pandemic has in the past caused temporary disruption to our operations and those of our customers, suppliers and other business partners. For example, the pandemic has caused significant logistical challenges to the global supply chains, resulting in disrupted shipping lanes, labor and material shortages and weakened consumer demand for smart devices, all of which have negatively impacted our business and results of operations. Travel restrictions and social distancing guidelines imposed by governments globally have also reduced international travels and in-person meetings, which in turn have limited our ability to engage in in-person marketing with brands, particularly those brands based in the United States and Europe. In addition, the economic downturn due to COVID-19 has adversely affected, and may continue to adversely affect our customers’ ability to pay and customer demand for and end user usage of our products and services, which would adversely affect our operating results and financial condition.

If we fail to manage the operation of our platform and infrastructure, our customers and end users may experience service outages and delays in the deployment of our products and services.

We seek to maintain sufficient excess capacity on our cloud platform to meet the needs of all of our customers and end users. We also seek to maintain excess capacity to facilitate the rapid provision of new customer deployments and the expansion of existing customer deployments. In addition, we need to properly manage our technological operations infrastructure and cloud platform, and to respond to security threats, cyberattacks and performance and reliability problems that may arise from time to time, in order to support version control, changes in hardware and software parameters and the evolution of our products and services. However, the provision of new hosting infrastructure requires adequate lead time. We have experienced, and may in the future experience, system disruptions, outages and other performance problems. These types of problems may be caused by a variety of factors, including infrastructure changes, human or software errors, viruses, security attacks, fraud, spikes in customer and end user usage and denial of service issues. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time.

23

Table of Contents

Further, if our contractual and other business relationships with our cloud infrastructure providers are terminated, suspended, or suffer a material change to which we are unable to adapt, such as the elimination of services or features on which we depend, we could be unable to provide our platform and could experience significant delays and incur additional expense in transitioning customers to a different cloud infrastructure provider. Any difficulties these providers face, including the potential of certain network traffic receiving priority over other traffic (i.e., lack of net neutrality), may adversely affect our business, and we exercise little control over these providers, which increases our vulnerability to problems with the services they provide. Any disruptions, outages, defects, and other performance and quality problems with our platform or with our products and services and internet infrastructure on which they rely, or any material change in our contractual and other business relationships with our cloud infrastructure providers, could result in reduced use of our platform, increased expenses, including service credit obligations, and harm to our brand and reputation, any of which could have a material adverse effect on our business, financial condition and results of operations.

Defects, errors or any other problems associated with our products and services could diminish demand for our products or services, harm our business and results of operations and subject us to liability.

Our customers may use our products and services for important aspects of their businesses or operations, and any errors, defects or disruptions to our products and services and any other performance problems with our products and services could damage our customers’ businesses and operations and, in turn, hurt our brand and reputation. We provide regular updates to our products and services, which have in the past contained, and may in the future contain, undetected errors, failures, vulnerabilities and bugs, especially when first introduced or released. Real or perceived errors, failures, bugs or security vulnerabilities in our products could result in negative publicity, loss of or delay in market acceptance of our platform, loss of competitive position, lower customer retention or claims by customers for losses sustained by them. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct the problem. As a result, our reputation and our brand could be harmed, and our business, operating results and financial condition may be adversely affected. Moreover, the edge capabilities of IoT PaaS are embedded in modules manufactured by certain third-party suppliers; we also use third-party suppliers to manufacture the finished smart devices for our smart device distribution customers. Such modules and finished smart devices may contain defects, errors or other product issues, which may negatively impact the performance of our platform, our products and services, and Tuya-powered smart devices, damage our reputation, harm our ability to attract new and existing customers, and incur significant support, repair or replacement costs even if we can be reimbursed from the third-party suppliers.

Moreover, the edge capabilities of IoT PaaS are embedded in modules manufactured by certain third-party suppliers. We also engage third-party suppliers to manufacture the finished smart devices for our smart device distribution customers, and our smart solutions for IoT devices are delivered to our customers in the form of finished smart devices that are manufactured by third-party suppliers. Such modules and finished smart devices may contain defects, errors or other product issues due to various factors such as design flaws, defects in software, raw materials, components or manufacturing difficulties, which can affect both the quality and the yield of the product, and since some of smart devices using our smart solution are electricity-related devices or to be used in a renewable energy-related scenarios, it is possible that these products could result in injury, whether by product malfunctions, defects, improper installation, or other causes. These events may negatively impact the performance of our platform, our products and services, and Tuya-powered smart devices, damage our reputation, harm our ability to attract new and existing customers, and incur significant support, repairment or replacement costs even if we can be reimbursed from the third-party suppliers.

We generate a significant portion of our revenue from a limited number of major customers and any loss of business from these customers could have a negative impact on our revenues and harm our business.

We derive a significant portion of our revenue from a limited number of major customers. Our five largest customers in the aggregate accounted for approximately 17.2%, 11.7% and 13.1% of our total revenue in 2021, 2022 and 2023, respectively. Our ability to maintain close relationships with major customers is essential to the success of our business.

However, the purchase orders placed by specific customers may vary from period to period, and we typically do not have long-term purchase commitments from customers not enrolled in our membership program. As a result, most of our customers could reduce or cease their use of our products and services at any time without any penalty or termination charges. A major customer may not contribute the same level of our revenue in one year as in any previous years. In addition, reliance on any individual customer that contributes a significant portion of our revenue may increase such customer’s pricing leverage when negotiating relevant terms or contracts of our products or services.

24

Table of Contents

Many factors not within our control could cause the loss of, or reduction in, business or revenue from any customer, and these factors are not predictable. These factors include, among others, pricing pressure from competitors, a change in a customer’s business strategy, rising raw material prices, or failure of a chip or module supplier to develop competitive products. Our customers may choose to pursue alternative technologies and develop alternative products in addition to, or in lieu of, our products, either on their own or in collaboration with others, including our competitors. The loss of any major customer, or a significant decrease in the volume of customer demand or the price at which we sell our products to customers, could materially adversely affect our financial condition and results of operations.

We have a history of net loss and net cash operating outflow and may not be able to achieve or sustain profitability in the future.

We have experienced net loss in each year since inception. We generated net losses of US$175.4 million, US$146.2 million and US$60.3 million in 2021, 2022 and 2023, respectively. We expect to continue to devote significant resources to research and development activities. We also expect to continue to incur substantial sales and marketing expenses in acquiring and retaining customers and enhancing our brand awareness, and incur substantial general and administrative expenses including those associated with operating as a public company. We may not be able to increase our revenue enough to offset the increase in operating expenses resulting from these investments. If we are unable to achieve and sustain profitability, or if we are unable to achieve the revenue growth that we expect from these investments, the value of our business and stock may decrease.

Additionally, we recorded net cash operating outflow of US$126.1 million and US$70.7 million in 2021 and 2022, respectively. Although, for the first time since our inception, we recorded an annual net cash operating inflow of US$36.4 million in 2023, we may still experience quarterly or yearly net cash operating outflow in the future if we fail to grow our business or properly manage our operating leverage.If so, our business, liquidity, financial condition and results of operations may be materially and adversely affected. There is no assurance that we will always generate sufficient net income or operating cash flows to meet our working capital requirements and repay our liabilities as they become due, due to a variety of factors. For actions we intend to take to finance our future working capital requirements and capital expenditures, see “Item 5. Operating and Financial Review and Prospects—5.B. Liquidity and Capital Resources.” There can be no assurance that we will be able to successfully take any of these actions in a timely manner, including prudently managing our working capital, or raising additional equity or debt financing on terms that are acceptable to us. Our failure to take these actions as and when necessary could materially adversely affect our liquidity, results of operations, financial condition and ability to operate.

We cannot guarantee that our future monetization strategies will be successfully implemented or generate sustainable revenues and profit.

We have developed a diversified revenue model and plan to explore additional opportunities to monetize our customer base and technology by, for example, promoting additional value-added services to end users to generate more subscription fees. If these efforts fail to achieve our anticipated results, we may not be able to increase or maintain our revenue growth. Specifically, in order to increase the number of our customers and end users and their levels of spending, we will need to address a number of challenges, including providing consistent quality products and services; continuing to innovate and stay ahead of our competitors; and improving the effectiveness and efficiency of our sales and marketing efforts. If we fail to address any of these challenges, we may not be successful in increasing the number of our customers and end users and their expenditures with us, which could have a material adverse impact on our business, financial condition and results of operations.

Our results may fluctuate from period to period, and if we fail to meet securities analysts’ and investors’ expectations, the trading price of our ADSs and Class A ordinary shares and the value of your investment could decline substantially.

Our operating results have fluctuated from period to period and may continue to fluctuate in the future as a result of a variety of factors, many of which are outside of our control and may be difficult to predict, correlate, or anticipate even when external indicators are present. For example, our business model is based in large part on our ability to accurately estimate customer demands, which may constrain our ability to forecast our revenue. If operating results for any particular period fall below securities analysts’ and investors’ expectations, then the trading price of our ADSs and Class A ordinary shares could decline substantially. Some factors that may cause our operating results to fluctuate from period to period include:

25

Table of Contents

The occurrence of one or more of the foregoing and other factors may cause our operating results to vary significantly. As such, we believe that period-to-period comparisons of our operating results may not be meaningful and should not be relied upon as an indication of future performance. If we fail to meet or exceed the expectations of investors or securities analysts, then the trading price of our ADSs and Class A ordinary shares could fall substantially, and we could face costly lawsuits, including securities class action suits.

26

Table of Contents

We are subject to potential misuse of our platform, tools, and services.

We provide an advanced platform and suite of software development tools, products, and services designed to enable developers to create innovative smart devices. While we strive to foster innovation and support the development of high-quality smart devices, there is a risk that developers might use our platform, tools, products, or services improperly. Such improper use could include, but is not limited to, the creation of devices or applications that are harmful, infringe upon intellectual property rights, violate privacy regulations, or are used for illicit purposes.

Despite implementing terms of service and usage policies, it is challenging to completely mitigate the risk of misuse by all users. Any failure to detect, prevent, or address misuse promptly could harm our reputation among customers, developers, and industry partners. Negative public perception, particularly if amplified by social media or traditional news outlets, could result in decreased user engagement, reluctance of developers to use our platform, and potential legal and regulatory challenges. Moreover, should any misuse of our platform lead to litigation, regulatory scrutiny, or government action, we could incur significant legal expenses and potential fines, further impacting our financial performance. Additionally, rectifying any issues arising from such misuse may require substantial resources and lead to service interruptions, undermining the trust of our user base and potentially causing long-term harm to our brand.

Any failure to effectively develop and expand our marketing and sales capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our products and services.

Historically, we have relied on the adoption of our products and services by developers through our self-service portal as well as more targeted sales efforts. Our ability to further increase our customer base and achieve broader market acceptance of our platform will significantly depend on our ability to expand our marketing and sales operations. We plan to maintain an appropriate number of sales people both domestically and internationally. We also plan to dedicate appropriate resources to sales and marketing programs. All of these efforts will require us to invest significant financial and other resources and if they fail to attract additional customers and end users our business will be harmed.

We believe that there is significant competition for sales personnel, including sales representatives, sales managers and sales engineers, with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of effective and qualified sales personnel to support our growth according to our business and product strategies. New hires require significant training and may take significant time before they achieve full productivity. Our new hires may not become productive as quickly as we expect, if at all, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, particularly if we continue to grow rapidly, new members of our sales force will have relatively little experience working with us, our products and platform, and our business model. If we are unable to hire and train sufficient numbers of effective and qualified sales personnel, our sales personnel do not reach significant levels of productivity in a timely manner, or our sales personnel are not successful in acquiring new customers and end users or expanding usage by existing customers and end users, our business will be harmed.

We believe that continued growth in our business is also dependent upon identifying, developing and maintaining strategic relationships with additional retail channels that can drive substantial revenue growth. If we fail to identify additional channel partners in a timely and cost-effective manner, or at all, or are unable to assist our current and future channel partners in independently selling and deploying our products and services, then our business, operating results and financial condition could be adversely affected.

27

Table of Contents

Any failure to offer high-quality developer and customer support may adversely affect our relationships with our developers and customers.

High quality, ongoing developer and customer support are critical to the successful marketing, sale and adoption of our products and services. Many of our customers depend on our customer support team to assist them in deploying our products and services effectively, help them resolve post-deployment issues quickly and provide ongoing support. As we grow our developer and customer base, we will need to further invest in and expand our developer and customer support teams, which could strain our resources and reduce profit margins. If we do not devote sufficient resources or otherwise do not help our developers and customers adopt our products and services, quickly resolve any post-implementation matters, and provide effective ongoing developer and customer support and training, our ability to expand sales to existing and future developers and customers and our reputation would be adversely affected. Our support teams will face additional challenges associated with our international operations, including those associated with delivering support and documentation in multiple languages. We might also face additional difficulties associated with providing customer support and warranties to our smart device distribution and smart solution customers as we may not be able to control customer service terms of third-party suppliers, such as outsourcing manufacturing suppliers or OEMs who manufacture smart devices for our smart solutions business. Increased demand for developer and customer support, without corresponding revenues, could increase costs and adversely affect our business, operating results and financial condition. Any failure to maintain high-quality developer and customer support, or a market perception that we do not maintain high-quality developer and customer support, could adversely affect our reputation, business, operating results and financial condition.

We may be sanctioned or otherwise restricted from engaging in certain businesses due to heightened regulatory and public scrutiny, including in connection with our data processing practices and policies.

The level of regulatory and political scrutiny on technology companies in general, and companies whose businesses involve the processing of personal information in particular, has increased significantly recently and may continue to increase globally. Legislators have enacted, and may continue to enact, new laws or regulatory agencies may promulgate new rules or regulations that are adverse to our business, or they may view matters or interpret or enforce laws and regulations differently than they have in the past or in a manner adverse to our business. Such legislative or regulatory scrutiny or action may create or enhance different or conflicting obligations on us from one jurisdiction to another. Additionally, we have been in the past and may in the future be the subject of scrutiny and press attention. Any related claims, allegations and investigations, even if without merit, may be very expensive to defend or respond to, involve negative publicity, and substantial diversion of management time and effort. These events could also result in reputational harm, significant judgments, fines and remedial actions against us, or require us to change our business practices, make product or operational changes, or delay or preclude planned transactions, product launches or improvements, any of which could harm our business, reputation, financial condition and operating results. For risks associated with our compliance with data privacy and data security laws in general, see “Item 3. Key Information—3.D. Risk Factors—Risks Related to Our Business and Industry—Compliance with the rapidly evolving landscape of global data privacy and data security laws may be challenging, and any failure or perceived failure to comply with such laws, or other concerns about our practices or policies with respect to the processing of personal information, could damage our reputation and deter current and potential customers and end users from using our platform and products and services or subject us to significant compliance costs or penalties, which could materially and adversely affect our business, financial condition and results of operations.”

28

Table of Contents

Our business depends on our strong reputation and the value of “Tuya” brand. If we are unable to maintain and enhance our Tuya brand and increase market awareness of Tuya and its products and services, our business, operating results and financial condition may be adversely affected.

We must maintain and enhance the “Tuya” brand identity and increase market awareness of Tuya-powered smart devices generally and our products and services. The successful promotion of our brand will depend on our efforts to achieve widespread acceptance of our platform and products and services, attract and retain customers and our ability to maintain our current market leadership and successfully differentiate our products and services from competitors. These efforts require substantial expenditures, and we anticipate that they will increase as our market becomes more competitive and as we expand into new markets. These investments in brand promotion and thought leadership may not yield increased revenue. To the extent they do, the resulting revenue still may not be enough to offset the increased expenses we incur. In addition, independent industry analysts often provide reviews of our products and competing products and services, which may significantly influence the perception of our products and services. If these reviews are negative or not as strong as reviews of our competitors’ products and services, our brand may be harmed. Adverse publicity (whether or not justified) relating to events or activities attributed to us, members of our workforce, agents, or third parties we rely on, may tarnish our reputation and reduce the value of our brand. Our brand value also depends on our ability to provide secure and trustworthy products and services as well as our ability to protect and use end users’ data in a manner that meets their expectations. In addition, any security incident, including one that results in unauthorized disclosure of sensitive data, could cause material reputational harm. Damage to our reputation and loss of brand equity may reduce demand for our products and services and thus have an adverse effect on our future financial results, as well as require additional resources to rebuild our reputation and restore the value of the brands and could also reduce the trading price of our ADSs and Class A ordinary shares.

We could incur substantial costs in protecting or defending our intellectual property rights, and any failure to protect our intellectual property could adversely affect our business, operating results and financial condition.

Our success depends, in part, on our ability to protect our brand, trade secrets, trademarks, patents, domain names, copyrights and proprietary methods and technologies, whether registered or not, that we develop under patent and other intellectual property laws of China, the United States and other jurisdictions, so that we can prevent others from using our inventions and proprietary information. We currently rely on patents, trademarks, copyrights and trade secret law to protect our intellectual property rights. However, we cannot assure you that any of our intellectual property rights will not be challenged, invalidated or circumvented, or that our intellectual property will be sufficient to provide us with competitive advantages. In addition, we may be subject to allegation of infringement of other parties’ proprietary rights, and other parties may misappropriate our intellectual property rights, which would cause us to suffer economic or reputational damages. Because of the rapid pace of technological change, we cannot assure you that all of our proprietary technologies and similar intellectual property rights can be patented in a timely or cost-effective manner, or at all.

We maintain and facilitate certain technical measures and access control mechanisms internally to ensure secure access to our proprietary information by our employees and consultants. We also maintain internal policies requiring our employees and consultants to enter into confidentiality agreements to control access to our proprietary information. However, if our employees and consultants do not fully comply with these internal policies, such policies may not effectively prevent disclosure of our confidential information, and it may be possible for unauthorized parties to copy our software or other proprietary technology or information, or to develop similar software independently without our having an adequate remedy for unauthorized use or disclosure of our confidential information.

In addition, the laws of some countries do not protect intellectual property and other proprietary rights to the same extent as the laws of the United States. Statutory laws and regulations are subject to judicial interpretation and enforcement and may not be applied consistently due to the lack of clear guidance on statutory interpretation. Confidentiality, invention assignment and non-compete agreements may be breached by counterparties, and there may not be adequate remedies available to us for any such breach. Accordingly, we may not be able to effectively protect our intellectual property rights or to enforce our contractual rights. To the extent we expand our international activities, our exposure to unauthorized copying, transfer and use of our proprietary technology or information may increase.

29

Table of Contents

Preventing any unauthorized use of our intellectual property is difficult and costly and the steps we take may be inadequate to prevent the misappropriation of our intellectual property. Litigation may be necessary in the future to enforce our intellectual property rights, determine the validity and scope of our proprietary rights or those of others, or defend against claims of infringement or invalidity. Such litigation could be costly, time-consuming and distracting to management, result in a diversion of significant resources, the narrowing or invalidation of portions of our intellectual property and have an adverse effect on our business, operating results and financial condition. Our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights or alleging that we infringe the counterclaimant’s own intellectual property. Any of our patents, trade secrets, copyrights, trademarks or other intellectual property rights could be challenged by others or invalidated through administrative process or litigation. We can provide no assurance that we will prevail in such litigation. In addition, our proprietary methods and technologies that are regarded as trade secrets may be leaked or otherwise become available to, or be independently discovered by, our competitors and in these cases we would not be able to assert any trade secret rights against those parties. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and failure to obtain or maintain trade secret protection could adversely affect our competitive business position. To the extent that our employees or consultants use intellectual property owned by others in their work for us, disputes may arise as to the rights in related know-how and inventions.

There can be no assurance that our particular ways and means of protecting our intellectual property and proprietary rights, including business decisions about when to file patent applications and trademark applications, will be adequate to protect our business or that our competitors will not independently develop similar technology. We could be required to spend significant resources to monitor and protect our intellectual property rights. If we fail to protect and enforce our intellectual property and proprietary rights adequately, our competitors might gain access to our technology and our business, operating results and financial condition could be adversely affected.

Unauthorized or improper disclosures of personal information, cyberattacks or other security incidents or data breaches that affect our networks or systems, or those of our cloud service providers or our customers, whether inadvertent or purposeful, could degrade our ability to conduct our business, compromise the integrity of our products and services, platform and data, result in significant data losses and the theft of our intellectual property, damage our reputation, expose us to liability to third parties and require us to incur significant additional costs to maintain the security of our networks and data which could adversely affect our business, financial condition and results of operations.

We depend significantly on our technology infrastructure, IT systems, data and other equipment and systems to conduct virtually all of our business operations, ranging from our internal operations and research and development activities to our marketing and sales efforts and communications with our customers, end users, suppliers and business partners. In addition, our products and services collect and store data of customers and end users, some of which may involve sensitive information, including personal information, trade secrets and other proprietary information. Internal or external individuals or entities may attempt to penetrate our network security, or that of our platform, and to disrupt or cause harm to our business operations, including by sabotaging or misappropriating our personal or proprietary information or that of our customers, end users, employees, suppliers and business partners or to cause interruptions of our products and services and platform. Because the vulnerabilities and techniques used by such individuals or entities to access, disrupt or sabotage devices, systems and networks change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques, and we may not become aware in a timely manner of such a security breach, which could exacerbate any damage we experience.

30

Table of Contents

While we take reasonable measures to protect the security of, and against unauthorized access to, our systems, as well as the security of personal information and proprietary information, it is possible that our security controls and other security practices we follow may not prevent the improper access to or disclosure of personal information or proprietary information. We also rely on systems provided by third parties, including our clients, which may also suffer security breaches or unauthorized access to or disclosure of personal information or proprietary information. Additionally, we depend on our employees and contractors to appropriately handle confidential and sensitive data, including customer data, and to deploy our IT resources in a safe and secure manner that does not expose our network systems to security breaches or the loss of data. Any data security incidents, including internal malfeasance by our employees, unauthorized access or usage, virus or similar breach or disruption of us or our service providers could result in loss of confidential or proprietary information or personal information, damage to our reputation, loss of customers and end users, litigation, regulatory investigations, fines, penalties and other liabilities. Accordingly, if our cybersecurity measures or those of our customers fail to protect against unauthorized access, attacks (which may include sophisticated cyberattacks), the compromise or mishandling of data, or other misconduct or malfeasance, including by computer hackers, employees, contractors, vendors, customers and business partners, as well as software bugs, human error or technical malfunctions, then our reputation, business, operating results and financial condition could be adversely affected. Cyberattacks and other security incidents aimed at our products could lead to third-party claims that our product failures have caused damages to our customers or end users.

We experience cyberattacks of varying degrees and other attempts to gain unauthorized access to our systems from time to time, which may include by way of malware, phishing attacks, ransomware attacks, denial of service attacks, brute-force attacks or other means, any of which may result in disclosure of confidential information and intellectual property, defective products, production downtimes or compromised data, including personal information. Such cybersecurity threats and attacks that we may be subject to may take a variety of forms ranging from individuals or groups of hackers to sophisticated organizations, including state-sponsored actors and may even culminate in “mega breaches” targeted against cloud services and other hosted software. As the techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these attacks or to implement adequate preventative measures. We anticipate that increase in the frequency and sophistication of cyber and other security threats, particularly with respect to breaches of IoT devices, and our customers’ increasing demands for cyber and other security protections and standards in our products, may cause us to incur additional costs to comply with such demands.

Any unauthorized access, acquisition, use or destruction of information we collect, store, transmit or otherwise process, the unavailability of such information or other disruptions of our ability to provide solutions to our clients or end users, regardless of whether it originates or occurs on our systems or those of third party service providers or clients, could expose us to significant liability under our contracts, regulatory actions, litigation, investigations, remediation obligations, damage to our reputation and brand, theft of intellectual property, supplemental disclosure obligations, loss of customer, consumer and partner confidence in the security of our applications, destruction of information, indemnity obligations, impairment to our business, and resulting fees, costs, expenses, loss of revenues and other potential liabilities and harms to our business. In addition, if a high profile security breach occurs within our industry or even other related industries, our customers and potential customers may lose trust in the security of our systems and information even if we are not directly affected.

Many statutory requirements, in China, the United States and the EU, as well as in other jurisdictions in which we operate, include obligations for companies to notify data protection authorities and individuals of security breaches involving certain personal information, which could result from breaches experienced by us or our external service providers. These laws are not consistent, and compliance in the event of a widespread data breach is difficult and may be costly. In addition, such mandatory disclosures could lead to negative publicity and may cause our current and prospective customers or end users to lose confidence in the effectiveness of our data security measures. See “—Compliance with the rapidly evolving landscape of global data privacy and data security laws may be challenging, and any failure or perceived failure to comply with such laws, or other concerns about our practices or policies with respect to the processing of personal information, could damage our reputation and deter current and potential customers and end users from using our platform and products and services or subject us to significant compliance costs or penalties, which could materially and adversely affect our business, financial condition and results of operations.”

31

Table of Contents

Any failure to maintain necessary permits and licenses to operate our business operations under applicable laws and regulations could materially and adversely affect our business and results of operations.

In accordance with the laws and regulations in the jurisdictions in which we operate, we are required to maintain various approvals, licenses, permits and certifications in order to operate our business. Complying with such laws and regulations may require substantial expense, and any non-compliance may expose us to liability. We cannot guarantee that we will be able to obtain all requisite approvals, licenses, permits and certifications. Regulatory authorities who have extensive authority to supervise and regulate the industry we operate in may not interpret relevant laws and regulations the way we do. In addition, as the regulatory regime for the IoT and related industries in China and other jurisdictions in which we operate continues to evolve, new laws, regulations and regulatory requirements are promulgated and implemented from time to time, and the interpretation and application of existing laws, regulations and regulatory requirements are subject to changes. We may be required to obtain approvals, licenses, permits and certifications that we do not currently have for our existing business or new scope of business that we may expand into in the future. In the event of non-compliance, we may have to incur significant expenses and divert substantial management time to rectify the incidents. In the future, if we fail to obtain all the necessary approvals, licenses, permits and certifications required by relevant laws and regulations or if we are deemed to have conducted business operations requesting certain approvals, licenses, permits and certifications without having one, we may be subject to fines or the suspension of operations of the relevant business segments or facilities that do not have all the requisite approvals, licenses, permits and certifications, which could materially and adversely affect our business and results of operations. We may also experience adverse publicity arising from non-compliance with government regulations, which would negatively impact our reputation.

Furthermore, in the event that we are required to renew our existing licenses or permits or acquire new ones, whether as a result of the promulgation of new laws and regulations or otherwise, we cannot assure you that we will be able to meet the requisite conditions and requirements, or that the relevant government authorities will always, if ever, exercise their discretion in our favor. There may also be delays on the part of government authorities in reviewing our applications and granting approvals, whether due to the lack of human resources or the imposition of new rules, regulations, government policies or their implementation, interpretation and enforcement. If we are unable to obtain, or experience material delays in obtaining, necessary government approvals, our operations may be substantially disrupted, which could materially and adversely affect our business, financial condition and results of operations.

We may be involved in legal proceedings, litigations and disputes relating to alleged infringement of intellectual property rights, which could adversely affect our business, operating results and financial condition.

There is considerable patent and other intellectual property development activity in our industry. Our future success depends, in part, on not infringing the intellectual property rights of others. Our competitors or other third parties may in the future claim that our products and services or platform and underlying technology infringe on their intellectual property rights, and we may be found to be infringing on such rights. We may be unaware of the intellectual property rights of others that may cover some or all of our technology. Any claims or litigation could cause us to incur significant expenses and, if successfully asserted against us, could require that we pay substantial damages or ongoing royalty payments, prevent us from offering our products and services, require us to develop alternative non-infringing technology or require that we comply with other unfavorable terms, any of which could have a material adverse effect on our business and results of operations. We may also be obligated to indemnify our customers or business partners in connection with any such litigation and to obtain licenses or modify our products and services or platform, which could further exhaust our resources. Even if we were to prevail in the event of claims or litigation against us, any claim or litigation regarding intellectual property could be costly and time-consuming and divert the attention of our management and other employees from our business. Patent infringement, trademark infringement, trade secret misappropriation and other intellectual property claims and proceedings brought against us, whether successful or not, could harm our brand, business, operating results and financial condition. In addition, even if our products and services or platform and underlying technology do not infringe upon any intellectual property rights of others, we cannot avoid the harm of malicious or frivolous intellectual property litigations that any third party may bring against us, such as costs we may incur in defending ourselves in these litigations.

32

Table of Contents

If we are unable to hire, retain and motivate qualified personnel, our business will suffer.

Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. We believe that there is, and will continue to be, intense competition for highly skilled management, technical, sales and other personnel with experience in the industries in which we operate. We must provide competitive compensation packages and a high-quality work environment to hire, retain and motivate employees. If we are unable to retain and motivate our existing employees and attract qualified personnel to fill important positions, we may be unable to manage our business effectively, including the development, marketing and sale of our products and services, which could adversely affect our business, operating results and financial condition. To the extent we hire personnel from competitors, we also may be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential information.

We may acquire or invest in business, technologies, services, products and other assets, which may divert our management’s attention and result in the incurrence of debt or dilution to our shareholders. We may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions.

We may evaluate and consider potential strategic transactions, including acquisitions of, or investments in, businesses, technologies, services, products and other assets in the future. We also may enter into relationships with other businesses to expand our products and services, which could involve preferred or exclusive licenses, additional channels of distribution, discount pricing or investments in other companies.

Any acquisition, investment or business relationship may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products, personnel or operations of the acquired companies, particularly if the key personnel of the acquired company choose not to work for us, their products or services are not easily adapted to work with our platform, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management or otherwise. Acquisitions also may disrupt our business, divert our resources or require significant management attention that would otherwise be available for development of our existing business. Moreover, the anticipated benefits of any acquisition, investment or business relationship may not be realized or we may be exposed to unknown risks or liabilities.

Negotiating these transactions can be time consuming, difficult and expensive, and our ability to complete these transactions may often be subject to approvals that are beyond our control. Consequently, these transactions, even if announced, may not be completed. For one or more of those transactions, we may: (i) issue additional equity securities that would dilute our existing shareholders; (ii) use cash that we may need in the future to operate our business; (iii) incur large charges or substantial liabilities; (iv) incur debt on terms unfavorable to us or that we are unable to repay; (v) encounter difficulties retaining key employees of the acquired company or integrating diverse offerings or business cultures; or (vi) become subject to adverse tax consequences, substantial depreciation or deferred compensation charges. The occurrence of any of these foregoing could adversely affect our business, operating results and financial condition.

Negative publicity about us, our products and services, operations and our directors, management and business partners may adversely affect our reputation and business.

We may, from time to time, receive negative publicity, including negative internet and blog postings, ratings or comments on social media platforms or through traditional media about our company, our business, our directors and management, our brands, our products and services, our suppliers or other business partners. Negative publicity about us, such as alleged misconduct by our employees, unauthorized use, misuse or release of personal information or other sensitive information, unethical business practices, or rumors relating to our business, management, employees, or our shareholders and affiliates, or negative publicity about other companies that use similar brand names as ours, can harm our reputation, business and results of operations. Any such allegations, even if not supported by facts or based on isolated incidents, may lead to inquiries, regulatory investigations or legal actions against us. Such actions could substantially damage our reputation and cause us to incur significant costs to defend ourselves. Certain of such negative publicity may be the result of malicious harassment or unfair competition by third parties. We may even be subject to government or regulatory investigation as a result of such third-party conduct and may be required to spend significant time and incur substantial costs to defend ourselves against such third-party conduct, and we may not be able to conclusively refute each of the allegations within a reasonable period of time, or at all.

33

Table of Contents

We may receive complaints from our customers and end users on our products and services, pricing and customer support. If we do not handle customer complaints effectively, our brand and reputation may suffer, our customers and end users may lose confidence in us and they may reduce or cease their use of our products and services. Our success depends, in part, on our ability to generate positive customer feedback and minimize negative feedback on social media channels where existing and potential customers and end users seek and share information. If actions we take or changes we make to our products and services or platform upset these customers and end users, their online commentary could negatively affect our brand and reputation. Complaints or negative publicity about us, our products and services or platform could materially and adversely impact our ability to attract and retain customers and end users, our business, results of operations and financial condition.

Seasonality may cause fluctuations in our sales and operating results.

We have in the past experienced, and expect in the future to continue to experience, seasonal fluctuations in our revenues and sales from time to time as a result of the holiday season and customers’ buying patterns. We have experienced lower growth in revenues in the first quarter as a result the reduced capacity of OEM customers located in China due to the Lunar New Year. The rapid growth in our business has offset this seasonal trend to some extent; however, we expect the historical seasonality trends to continue to impact our results of operations and financial condition. As a result, our results of operations and the trading price of our ADSs and Class A ordinary shares may fluctuate from time to time due to seasonality.

We face certain risks relating to the real properties that we lease.

We lease office spaces from third parties for our operations in China, the United States, Europe, Australia, India, Japan and Colombia, among other locations. Any limitations on the leased properties, or lessors’ title to such properties, may impact our use of the offices, or in extreme cases, result in relocation, which may in turn adversely affect our business operations. In addition, certain lease agreements of our leased properties in China have not been registered with the relevant PRC government authorities as required by PRC law. Therefore, we may be exposed to potential fines if we fail to rectify within the prescribed time period after receiving notices from the relevant PRC government authorities. Furthermore, certain lessors of our leased properties have not provided us with valid property ownership certificates or any other documentation proving their right to lease those properties to us. As of December 31, 2023, with respect to six leased properties in China with a gross floor area of approximately 2,360.6 square meters, we have not registered the respective lease agreements with the relevant PRC government authorities. With respect to five leased properties in China with a gross floor area of approximately 1,976.2 square meters, the lessors have not provided us with valid property ownership certificates. The foregoing properties represent only a small portion of the total gross floor area of our leased properties. As of the date of this annual report, we are not aware of any material actions or claims raised by any third parties challenging our use of these properties we currently lease, nor have we received any notices from the PRC government authorities. If our lessors are not the owners of the properties or they have not obtained consents from the owners or their lessors or permits from the relevant government authorities, our leases could be invalidated. If leases are invalid, we may face the risk of moving out of the leased property.

Changes in laws and regulations related to the internet or changes in the internet infrastructure itself may diminish the demand for our products and services, and could adversely affect our business, operating results and financial condition.

The future success of our business depends on the continued use of the internet as well as continued demand for smart devices and our products and services. The PRC and foreign governments have in the past adopted, and may in the future adopt, laws or regulations affecting the use of the internet as a commercial medium.

Almost all access to the internet in China is maintained through state-owned telecommunication operators under the administrative control and regulatory supervision of the Ministry of Industry and Information Technology (the “MIIT”). In addition, the national networks in China are connected to the internet through state-owned international gateways, which are the only channels through which a domestic user can connect to the internet outside China. We may face similar or other limitations in other countries in which we operate. We may not have access to alternative networks in the event of disruptions, failures or other problems with the internet infrastructure in China or elsewhere. In addition, the internet infrastructure in the countries in which we operate may not support the demands associated with continued growth in internet usage.

34

Table of Contents

Changes in these laws or regulations could require us to modify our products and services in order to comply with these changes. In addition, government agencies or private organizations have imposed and may impose additional taxes, fees or other charges for accessing the internet or commerce conducted via the internet. These laws or charges could limit the growth of internet-related commerce or communications generally, or result in reductions in the demand for internet-based products and services such as our products and platform. In addition, the use of the internet as a business tool could be adversely affected due to delays in the development or adoption of new standards and protocols to handle increased demands of internet activity, security, reliability, cost, ease-of-use, accessibility and quality of service. The performance of the internet and its acceptance as a business tool has been adversely affected by “viruses,” “worms” and similar malicious programs. If the use of the internet is reduced as a result of these or other issues, then demand for our products and services could decline, which could adversely affect our business, operating results and financial condition.

We may have insufficient computing resources, transmission bandwidth and storage space, which could result in disruptions and our business, results of operations and financial condition could be adversely affected.

Our operations are dependent in part upon transmission bandwidth provided by third-party telecommunications network providers, access to data centers to house our servers and other computing resources. There can be no assurance that we are adequately prepared for unexpected increases in bandwidth and data center demands by our customers and end users. The bandwidth and data centers we use may become unavailable for a variety of reasons, including service outages, payment disputes, network providers going out of business, natural disasters, networks imposing traffic limits, or governments’ adopting regulations that impact network operations. These bandwidth providers may become unwilling to sell us adequate transmission bandwidth at fair market prices, if at all. This risk is heightened where market power is concentrated with one or a few major networks. We also may be unable to move quickly enough to augment capacity to reflect growing traffic or security demands. Failure to put in place the capacity we require could result in a reduction in, or disruption of, service to our customers and ultimately a loss of those customers. Such a failure could result in our inability to acquire new customers demanding capacity not available on our platform. See “ - We rely upon third-party providers of cloud-based infrastructure to host our platform. Any disruption in the operations of these third-party providers, limitations on capacity or interference with our use could adversely affect our business, financial condition and results of operations.”

Our products and services rely on the stable performance of servers, networks, IT infrastructure and data processing systems, and any disruption to such servers, networks, assets or systems due to internal or external factors could diminish demand for our products and services, harm our business, our reputation and results of operations and subject us to liability.

We rely in part upon the stable performance of our servers, networks, IT infrastructure and data processing systems for provision of our products and services. Disruptions to such servers, networks, assets or systems may occur due to internal or external factors, such as inappropriate maintenance, defects in the servers, cyberattacks or other malicious attacks or hacks targeted at us, occurrence of catastrophic events or human errors. Such disruptions could result in negative publicity, loss of or delay in market acceptance of our products and services, loss of competitive position, lower customer retention or claims by customers for losses sustained by them, or loss, destruction or unauthorized use of, or access to, data (including personal information for which we may incur liability under applicable data protection laws). In such an event, we may need to expend additional resources to bring the incident to an end, mitigate the liability associated with the fallout of such incident, make notifications to regulators and individuals affected, replace damaged systems or assets, defend ourselves in legal proceedings and compensate customers or end users. In addition, we may not carry insurance to compensate us for any losses that may result from claims arising from disruption in servers. As a result, our reputation and our brand could be harmed, and our business, results of operations and financial condition may be adversely affected.

​

35

Table of Contents

Our use and provision of AI could lead to operational or reputational damage, competitive harm, legal and regulatory risk and additional costs.

Our business involves the use and provision of artificial intelligence, including generative AI (collectively, “AI”). The use of generative AI, a relatively new and emerging technology in the early stages of commercial use, exposes us to additional risks, such as damage to our reputation, competitive position and business, legal and regulatory risks and additional costs. For example, if any of our employees, contractors, vendors or service providers use any third-party AI-powered software in connection with our business or the services they provide to us, it may lead to the inadvertent disclosure of our confidential information, including inadvertent disclosure of our confidential information into publicly available third-party training sets, which may impact our ability to realize the benefit of, or adequately maintain, protect and enforce our intellectual property or confidential information, harming our competitive position and business.

Additionally, any content created by us using generative AI tools may not be subject to copyright protection which may adversely affect our intellectual property rights in, or ability to commercialize or use, any such content. In the United States, a number of civil lawsuits have been initiated related to the foregoing and other concerns, the outcome of any one of which may, amongst other things, require us to limit the ways in which we use AI in our business and may affect our ability to develop related products, services, innovations and features. For example, the output produced by generative AI tools may include information subject to certain rights of publicity or privacy laws or constitute an unauthorized derivative work of the copyrighted material used in training the underlying AI model, any of which could also create a risk of liability for us, or adversely affect our business or operations. To the extent that we do not have sufficient rights to use the data or other material or content used in or produced by the generative AI tools used in our business, or if we experience cybersecurity breaches or incidents in connection with our use of AI, it could adversely affect our reputation and expose us to legal liability or regulatory risk, including with respect to third-party intellectual property, privacy, publicity, contractual or other rights. Further, our competitors or other third parties may incorporate AI into their products more quickly or more successfully than us, which could impair our ability to compete effectively.

As the utilization of AI becomes more prevalent, we anticipate that it will continue to present new or unanticipated ethical, reputational, technical, operational, legal, competitive and regulatory issues, among others. We expect that such utilization of AI will require additional resources, including the incurrence of additional costs, to develop and maintain our platform offerings, services and features to minimize potentially harmful or unintended consequences, to comply with applicable and emerging laws and regulations, to maintain or extend our competitive position and to address any ethical, reputational, technical, operational, legal, competitive or regulatory issues which may arise as a result of any of the foregoing. As a result, the challenges presented with our use of AI could adversely affect our business, financial condition and results of operations.

​

36

Table of Contents

Regulatory and legislative developments related to the use of AI could adversely affect our use and provision of AI in our products, services and business.

As the regulatory framework for machine learning technology, generative AI and automated decision making evolves, our business, financial condition and results of operations may be adversely affected. The regulatory framework for AI and similar technologies, and automated decision making, is changing rapidly. It is possible that new laws and regulations will be adopted in the United States and in non-U.S. jurisdictions, or that existing laws and regulations may be interpreted in ways that would affect our use and provision of AI in our products, services and business. We may not be able to adequately anticipate or respond to these evolving laws and regulations, and we may need to expend additional resources to adjust our offerings in certain jurisdictions if applicable legal frameworks are inconsistent across jurisdictions. In addition, because these technologies are themselves highly complex and rapidly developing, it is not possible to predict all of the legal or regulatory risks that may arise relating to our use of such technologies. Further, the cost to comply with such laws or regulations could be significant and would increase our operating expenses, which could adversely affect our business, financial condition and results of operations.

For example, in Europe, on March 13, 2024, the European Parliament formally adopted a draft of the EU’s Artificial Intelligence Act (the “AI Act”) which is currently expected to be enacted in mid-2024, pending formal endorsement by the Council of the European Union and publication in the Official Journal of the European Union. The current draft of the AI Act, if enacted, would establish, among other things, a risk-based governance framework for regulating AI systems operating in the EU. This framework would categorize AI systems, based on the risks associated with such AI systems’ intended purposes, as creating unacceptable or high risks, with all other AI systems being considered low risk. While the AI Act has not yet been enacted or enforced, there is a risk that our current or future AI-powered software or applications may obligate us to comply with the applicable requirements of the AI Act, which may impose additional costs on us, increase our risk of liability or adversely affect our business. For example, the AI Act would prohibit certain uses of AI systems and place numerous obligations on providers and deployers of permitted AI systems, with heightened requirements placed on AI systems that are considered high risk. If enacted in this form or a similar form, this regulatory framework is expected to have a material impact on the way AI is regulated in the EU, and together with developing regulatory guidance and judicial decisions in this area, may affect our use of AI and our ability to provide and to improve our services, require additional compliance measures and changes to our operations and processes, result in increased compliance costs and potential increases in civil claims against us and could adversely affect our business, financial condition and results of operations.

We may, from time to time, rely on intellectual properties that we license from third parties, including product designs that are integrated with our internally developed products.

We may, from time to time, rely on intellectual properties that we license from third parties, including third-party product design, which is used with certain of our products. We cannot be certain that our licensors are not infringing the intellectual property rights of third parties or that our licensors have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our products. Some of our agreements with our licensors may be terminated for convenience by them. If we are unable to continue to license any of these intellectual properties on commercially reasonable terms, we will face delays in releases of certain products or we will be required to redesign our products until equivalent, non-infringing design can be licensed or developed and integrated into our current products. This effort could take significant time (during which we would be unable to continue to offer our affected products) and expense and may ultimately not be successful. In addition, our inability to obtain certain licenses or other rights might require us to engage in litigation regarding these matters, which could have a material adverse effect on our business, results of operations, prospects and financial condition.

​

37

Table of Contents

We and certain of our current and former directors and officers have been named as defendants in a putative shareholder class action lawsuit, and may, from time to time, be the subject of shareholder class action lawsuits, which could have a material adverse impact on our business, financial condition, results of operations, cash flows and reputation.

As of the date of this annual report, we and certain of our current and former directors and officers have been named as defendants in a putative shareholder class action lawsuit, described in “Item 8. Financial Information—A. Consolidated Statements and Other Financial Information—Legal and Administrative Proceedings.” We will have to defend against such putative class action lawsuit, including any appeals should our initial defense be unsuccessful. We are currently unable to estimate the potential loss, if any, associated with the resolution of such lawsuit. There can be no assurance that we will be able to prevail in our defense or reverse any unfavorable judgment on appeal. Any adverse outcome of this case, including on any appeal of the judgment in this case, could result in payment of substantial monetary damages. Any settlement of the litigation could also be costly. Such outcomes may have a material adverse effect on our business, financial condition, results of operation, cash flows and reputation. Currently, we are subject to claims for indemnification related to this matter, and we cannot predict the impact that indemnification claims may have on our business or financial results.

In addition, we or certain of our directors or officers may, from time to time, be a target for lawsuits in the future, including putative class action lawsuits brought by shareholders and lawsuits against our directors and officers as a result of their position in other public companies. The existence of such cases and any adverse outcome of these cases, including any appeal of a judgment, could have a material adverse effect on our business, reputation, financial condition, results of operations, cash flows as well as the trading price of our securities. Resolution of these matters may utilize a significant portion of our cash resources and divert management’s attention from the day-to-day operations of our company, all of which could harm our business. We also may be subject to claims for indemnification related to these matters, and we cannot predict the impact that indemnification claims may have on our business or financial results.

We may be subject to legal proceedings in the ordinary course of our business. If the outcomes of these proceedings are adverse to us, they could have a material adverse effect on our business, results of operations and financial condition.

As of the date of this annual report, except for the putative shareholder class action lawsuit described in “Item 8. Financial Information—A. Consolidated Statements and Other Financial Information—Legal and Administrative Proceedings,” we are not a party to any other material legal or administrative proceedings. However, we or our directors, management, employees and shareholders have been, and may from time to time in the future be, subject to or involved in various claims, controversies, lawsuits, other legal and administrative proceedings and fines. Lawsuits and other administrative or legal proceedings can involve substantial costs, including the costs associated with investigation, litigation and possible settlement, judgment, penalty or fine. In addition, lawsuits and other legal and administrative proceedings may be costly and time consuming and may require a commitment of management and personnel resources that will be diverted from our normal business operations. There may also be negative publicity associated with litigation that could decrease customer acceptance of our product offerings, regardless of whether the allegations are valid or whether we are ultimately found liable.

​

38

Table of Contents

We have been, and may, from time to time, be involved in class action lawsuits in the United States in the future. Such lawsuits could divert a significant amount of our management’s attention and other resources from our business and operations, which could harm our results of operations and require us to incur significant expenses to defend the lawsuits. The threat of such claims and the costs associated with defending them could have a material adverse effect on business, results of operations and reputation. See “—We and certain of our current and former directors and officers have been named as defendants in a putative shareholder class action lawsuit, and may, from time to time, be the subject of shareholder class action lawsuits, which could have a material adverse impact on our business, financial condition, results of operations, cash flows and reputation.”

We face inventory obsolescence, shortage or excess risks. Our results of operations could be materially harmed if we are unable to optimally manage our inventories to meet our operational needs.

Our inventories consist mainly of (i) modules and chips relating to our IoT PaaS, and (ii) finished smart devices purchased from manufacturers as part of our smart device distribution or manufactured by outsourcing manufacturing suppliers or OEMs for our smart solution business. As of December 31, 2022 and 2023, we had inventories, net, of US$45.4 million and US$32.9 million respectively. Maintaining an optimal level of inventory is important for the success of our business. However, we are exposed to inventory obsolescence and inventory shortage risks as a result of a variety of factors beyond our control, including changes of customer needs and the inherent uncertainty of the success of product launches. The inventory write-downs, net, increased US$1.8 million thousand and US$4.1 million in 2021 and 2022, decreased US$0.01 million in 2023, as a result of the net impact of current year provision and sales or uses of inventories with reserve. We regularly track our inventory to keep it at a level sufficient to fulfill customers’ orders. We also proactively assess changes in market conditions and pre-store strategic raw materials in anticipation of potential supply shortage. However, we cannot assure you that we can accurately predict these trends and events and avoid under-stocking or overstocking inventory, or that our inventory management measures will be implemented effectively so that we will not have significant levels of inventory obsolescence, shortage or excess. As a result of unforeseen or sudden events, we may experience slow movement of our inventories, fail to utilize or sell our inventories swiftly, or face the risk of inventory obsolescence, and our business, results of operations, financial condition and prospects may be adversely affected.

We may require additional capital to support our business and response to business opportunities, and this capital might not be available on favorable terms, if at all.

We intend to continue to make investments to the long-term operating and development of our business and may require additional funds. In particular, we may seek additional funds to develop new products and enhance our platform and existing products, expand our operations, including our sales and marketing efforts and our presence outside China, improve our infrastructure or acquire complementary businesses, technologies, services, products and other assets. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our shareholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to holders of our ADSs and Class A ordinary shares. Any debt financing that we may secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth, scale our infrastructure, develop product enhancements and to respond to business challenges could be significantly impaired, and our business, operating results and financial condition may be adversely affected.

39

Table of Contents

We are subject to the uncertainties associated with the regulations on listing and securities offerings conducted overseas by China-based companies proposed and/or enacted in China and the United States.

The PRC government authorities have been exerting more oversight and control over listings and offerings conducted overseas by Chinese companies and investment in overseas-listed China-based companies. For example, on December 28, 2021, the CAC and several other administrations jointly promulgated the Cybersecurity Review Measures, which provide, among other things, that a “network platform operator” holding over one million users’ personal information shall apply for a cybersecurity review when listing its securities “in a foreign country.” In November 2021, the CAC promulgated the Draft Cyber Data Security Regulation, which states that a cybersecurity review will be required for a listing in foreign countries contemplated by a data processor who processes the personal information of at least one million users or the listing of a data processor in Hong Kong which affects or may affect the national security. Furthermore, on February 17, 2023, the CSRC released the Trial Administrative Measures of Overseas Securities Offering and Listing by Domestic Companies (the “Trial Measures,” and together with relevant supporting guidelines promulgated by the CSRC, the “New Overseas Listing Rules”). The New Overseas Listing Rules set out new filing procedures for China-based companies seeking direct or indirect listings and offerings in overseas markets and came into force since March 31, 2023. For details, see “Item 3. Key Information—Recent PRC Regulatory Developments—CSRC Approval for Issuance and Listing of Securities Overseas” and “Item 4. Information on the Company—4.B. Business Overview—Regulation—Regulation Relating to M&A and Overseas Listing.”

To the extent we are required to obtain any approvals, complete any filings and/or other administrative procedures or satisfy any other regulatory requirements under the above-mentioned proposed laws and regulations or any new regulatory requirements in the PRC in order to maintain the listing status of the ADSs or conduct listing or offering of our securities overseas, we cannot assure you that we will be able to meet these requirements in a timely manner, or at all. The PRC regulatory agencies may also take further actions requiring us, or making it advisable for us, not to proceed with such securities offering or maintain the listing status of the ADSs. If we proceed with any future listing or offering of our securities without obtaining the required approval, completing the necessary filings or other administrative procedures, or satisfying other regulatory requirements, we may face fines and other regulatory actions imposed by competent PRC regulatory agencies, and our ability to raise capital could be significantly limited or completely hindered, which could have a material adverse effect on our business, financial condition and results of operations or cause the value of our securities to significantly decline or be worthless. See also “—Risks Related to Doing Business in China—The filing, approval or other administration requirements of the CSRC, the CAC or other PRC government authorities may be required to maintain our listing status or conduct future offshore securities offerings under PRC law” and “—Risks Related to Doing Business in China—The uncertainties in the PRC legal system could materially and adversely affect us.”

In addition, as part of a continued regulatory focus in the United States on access to audit and other information currently protected by national law in some jurisdictions, such as those in China, the U.S. Holding Foreign Companies Accountable Act (the “HFCAA”) was enacted on December 18, 2020. Trading in our securities on U.S. markets, including the NYSE, will be prohibited under the HFCAA if the PCAOB determines that it is unable to inspect or investigate completely registered public accounting firms headquartered in mainland China and Hong Kong, including our auditor as an independent registered public accounting firm, for two consecutive years. If this is to happen, our liquidity and ability to raise additional capital will be materially and adversely affected. See “—Risks Related to Doing Business in China—Trading in our securities will be prohibited under the HFCAA if the PCAOB determines that it is unable to inspect or investigate completely registered public accounting firms headquartered in mainland China and Hong Kong, including our auditor as an independent registered public accounting firm, and as a result, U.S. national securities exchanges, such as the NYSE, may determine to delist our securities.”

We face exposure to foreign currency exchange rate fluctuations, U.S. federal funds rate changes and Federal Reserve interest rate adjustments and such fluctuations and changes could adversely affect our business, operating results and financial condition.

As we continue to expand our international operations, we will become increasingly exposed to the effects of fluctuations in currency exchange rates. The majority of our cash generated from revenue is denominated in Renminbi, and our expenses are generally denominated in the currencies of the jurisdictions in which we conduct our operations. Because we conduct business in currencies other than U.S. dollars but report our operating results in U.S. dollars, we also face translation exposure to fluctuations in currency exchange rates, which could hinder our ability to predict our future results and earnings and could impact our operating results. We recorded other comprehensive income from foreign currency translation of US$1.5 million in 2021, other comprehensive loss from foreign currency translation of US$14.9 million in 2022 and US$2.7 million in 2023.

40

Table of Contents

The value of the Renminbi against the U.S. dollar and other currencies has in the past fluctuated significantly, and may in the future continue to do so, affected by, among other things, changes in political and economic conditions and the foreign exchange policy adopted by the PRC government. With the development of the foreign exchange market and progress towards interest rate liberalization and Renminbi internationalization, the PRC government may in the future announce further changes to the exchange rate system, and we cannot assure you that the Renminbi will not appreciate or depreciate significantly in value against the U.S. dollar in the future. It is difficult to predict how market forces or PRC or U.S. government policy may impact the exchange rate between the Renminbi and the U.S. dollar in the future.

Tuya Inc. is a holding company and we rely on dividends paid by our wholly foreign-owned enterprise in China for our cash needs. Any significant fluctuation of Renminbi against the U.S. dollar could adversely affect our business, operating results and financial condition, and the value of any dividends payable in U.S. dollars. To the extent that we need to convert U.S. dollars into Renminbi for our operations, appreciation of the Renminbi against the U.S. dollar would have an adverse effect on the Renminbi amount we would receive. Conversely, if we decide to convert our Renminbi into U.S. dollars for the purpose of making payments for dividends on our ordinary shares and the ADSs or for other business purposes, appreciation of the U.S. dollar against the Renminbi would have a negative effect on the U.S. dollar amount.

We hold a substantial amount of our cash reserves in U.S. dollars, prioritizing the security of the principal above all. To manage our funds, we utilize various financial instruments such as demand deposits, U.S. Treasury bonds, and term deposits, with a focus on ensuring the safety of our principal amount. Since 2023, the Federal Reserve has maintained the federal funds rate within the target range of 4.5% to 5.50%, a level that is elevated compared to the average rates seen in the past decade. This environment has allowed us to benefit from relatively higher interest income on our U.S. dollar-denominated deposits. However, recent communications from the Federal Reserve indicate an adjustment in its expectations for future interest rates, with a tendency towards lowering rates in response to evolving economic conditions. Such a policy shift poses risks to our financial strategy, as a reduction in interest rates would directly impact the yield on our interest-sensitive assets. A significant decrease in interest income generated from our U.S. dollar deposits could adversely affect our financial performance.

The fair value measurements of certain financial assets and liabilities inherently involve a certain degree of uncertainty, and any adverse movements in their fair value may directly affect our results of operations.

Some of our financial assets and liabilities are measured at fair value, such as the short-term investments and long-term investments measured at fair value. As of December 31, 2022 and 2023, the fair value of short-term investments was US$821.1 million and US$291.0 million, and the fair value of long-term investments was US$18.0 million and US$10.1 million, respectively. In 2021, 2022 and 2023, our fair value change on short-term and long-term investments was in gain of US$0.8 million, in loss of US$7.4 million and in gain of US$0.1 million, respectively. For financial reporting purposes, fair value measurements of these financial assets and liabilities are categorized into level 1, 2 or 3, based on, among other things, the observability and significance of the inputs used in the valuation technique. The fair value of financial assets and liabilities classified in levels 1 and 2 is determined based on observable inputs, while the determination of the fair value of level 3 financial assets and liabilities is based on valuation techniques and various assumptions of inputs that are unobservable and which inherently involve a certain degree of uncertainty.

A range of factors, many of which are beyond our control, may influence and cause adverse changes to the estimates we use and thereby affect the fair value of these assets and liabilities. These factors include, but are not limited to, general economic conditions, changes in market interest rates and stability of the capital markets. Any of these factors, as well as others, could cause our estimates to vary from actual results and cause the fair value of our financial assets and liabilities to fluctuate substantially, which may in turn have a material adverse effect on our financial position and results of operations. The fair value of our short-term investments and long-term investments measured at fair value is subject to changes beyond our control, and any adverse movements in their fair value may directly affect our results of operations. If the fair value of our short-term investments and long-term investments measured at fair value were to fluctuate, our business, financial condition and results of operations could be materially adversely affected.

41

Table of Contents

We are subject to credit risk related to defaults of customers, and any significant default on our accounts receivable could materially and adversely affect our liquidity, financial condition and results of operations.

We are exposed to credit risk related to defaults of our various customers. As of December 31, 2022 and 2023, our accounts receivable, net were US$12.2 million and US$9.2 million, respectively. Our accounts receivable turnover days were 42 and 21 in 2022 and 2023, respectively. We may not be able to collect all such accounts receivable due to a variety of factors that are outside of our control. If the relationship between us and any of our customers is terminated or deteriorated, or if any of our customers experience financial difficulties to the extent it affects their ability to make timely payments, our corresponding accounts receivable might be adversely affected in terms of recoverability. Our accounts receivable balance may continue to grow alongside our business expansion, which may increase our risks for uncollectible receivable. If we are unable to timely collect our accounts receivable from our customers, our business, financial condition and results of operations may be materially and adversely affected.

If we fail to maintain proper and effective internal control over financial reporting, we may be unable to accurately or timely report our results of operations, meet our reporting obligations or prevent fraud, and investor confidence and the market price of our ADSs and Class A ordinary shares may be materially and adversely affected.

Section 404 of the Sarbanes-Oxley Act of 2002, or Section 404, requires that we maintain internal control over financial reporting and disclosure controls and procedures. An effective internal control environment is necessary to enable us to produce reliable financial reports and is an important component of our efforts to prevent and detect financial reporting errors and fraud. We are a public company subject to the Sarbanes-Oxley Act of 2002. Section 404 requires that we include a report from management on the effectiveness of our internal control over financial reporting in our annual report on Form 20-F beginning with the annual report for the fiscal year ended December 31, 2022. In addition, once we cease to be an “emerging growth company” as such term is defined in the JOBS Act, our independent registered public accounting firm must attest to and report on the effectiveness of our internal control over financial reporting.

In the course of preparing and auditing our consolidated financial statements for the year ended December 31, 2023, we and our independent registered public accounting firm did not identify a material weakness in our internal control over financial reporting. Our management has concluded that our internal control over financial reporting was effective as of December 31, 2023. See “Item 15. Controls and Procedures.”

In the future, however, if we fail to maintain an effective system of internal control over financial reporting, our management may not be able to conclude that we have effective internal control over financial reporting at a reasonable assurance level.

As a public company, our reporting obligations may place a significant strain on our management, operational and financial resources and systems for the foreseeable future. We may be unable to timely complete our evaluation testing and any required remediation. Furthermore, if we fail to maintain the adequacy of our internal control over financial reporting, as these standards are modified, supplemented or amended from time to time, we may not be able to conclude on an ongoing basis that we have effective internal control over financial reporting in accordance with Section 404.

Even if our management concludes that our internal control over financial reporting is effective, our independent registered public accounting firm, after conducting its own independent testing, may issue an adverse report if it is not satisfied with our internal controls or the level at which our controls are documented, designed, operated or reviewed, or if it interprets the relevant requirements differently from us.

42

Table of Contents

If we fail to achieve and maintain an effective internal control environment, we could suffer material misstatements in our financial statements and fail to meet our reporting obligations, which would likely cause investors to lose confidence in our reported financial information. This could in turn limit our access to capital markets, harm our results of operations, and lead to a decline in the trading price of our ADSs and Class A ordinary shares. Moreover, we may need to incur additional costs and use additional management and other resources as our business and operations further expand or in an effort to remediate any significant control deficiencies that may be identified in the future. Additionally, ineffective internal control over financial reporting could expose us to increased risk of fraud or misuse of corporate assets and subject us to potential delisting from the stock exchange on which we list, regulatory investigations and civil or criminal sanctions. We may also be required to restate our financial statements for prior periods.

Our business is subject to the risks of earthquakes, fire, floods, pandemics and other natural catastrophic events, and to interruption by man-made problems such as power disruptions or terrorism.

A significant natural disaster, such as an earthquake, fire, flood or pandemic, occurring at our headquarters, at one of our local offices and facilities or where a business partner is located could adversely affect our business, operating results and financial condition. Further, if a natural disaster or man-made problem were to affect our service providers, this could adversely affect the ability of our customers and end users to use our products and services. In addition, natural disasters and acts of terrorism could cause disruptions in our or our customers’ businesses, national economies or the world economy as a whole, as is the case due to the COVID-19 pandemic. We also rely on our network and third-party infrastructure and enterprise applications and internal technology systems for our engineering, sales and marketing, and operations activities. In the event of a major disruption caused by a natural disaster or man-made problem, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our development activities, lengthy interruptions in service, breaches of data security and loss of critical data, any of which could adversely affect our business, operating results and financial condition.

In addition, computer malware, viruses and computer hacking, fraudulent use attempts and phishing attacks have become more prevalent in our industry, have occurred on our platform and have impacted some of our customers in the past and may occur on our platform in the future. Any failure to maintain performance, reliability, security, integrity and availability of our products and services and technical infrastructure, including third-party infrastructure and services upon which we rely, may expose us to significant consequences, including legal and financial exposure and loss of customers and end users, and give rise to litigation, consumer protection actions, or harm to our reputation, and as a result, may hinder our ability to retain existing customers and end users and attract new customers and end users.

Our insurance coverage may not completely cover the risks related to our business and operations, which could expose us to significant costs and business interruptions.

Insurance products available in the PRC and many other markets in which we operate currently are not as extensive as those offered in more developed regions. Consistent with customary industry practice in the markets in which we operate, our business insurance is limited, and we do not carry key-man life insurance. Any uninsured damage to our facilities or technology infrastructures or disruption of our business operations could require us to incur substantial costs and divert our resources, which could have an adverse effect on our business, financial condition and results of operations. For more information, see “Item 4. Information on the Company—4.B. Business Overview—Insurance.” Furthermore, lack of any insurance coverage, or any failure of any insurance policy providing adequate coverage to cover any potential claims under such policy could leave us exposed to uninsured risk and could have a material adverse effect on our business or financial results.

43

Table of Contents

We have granted, and may continue to grant, share-based awards, which may increase our share-based compensation and may have an adverse effect on our results of operations.

In December 2014, we adopted the 2015 Equity Incentive Plan (the “2015 Plan”), which was amended in July 2020, February 2021 and June 2022. We account for compensation costs for all share-based awards using a fair-value-based method and recognize expenses in our consolidated statements of comprehensive loss in accordance with U.S. GAAP. For details of the 2015 Plan, see “Item 6. Directors, Senior Management and Employees—6.B. Compensation—Share Incentive Plan.” In 2021, 2022 and 2023, we recorded share-based compensation expenses of US$66.1 million, US$69.0 million and US$65.2 million respectively. As of December 31, 2023, there were US$66.0 million of unrecognized share-based compensation expenses related to share options granted by our company, which were expected to be recognized over a weighted-average vesting period of 0.56 years. As of December 31, 2023, there were US$20.6 million of unrecognized share-based compensation expenses related to RSUs granted by us, which were expected to be recognized over a weighted-average vesting period of 2.61 years. We believe that the granting of share-based awards is of significant importance to our ability to attract and retain key personnel and employees, and we will continue to grant share-based awards in the future. As a result, our expenses associated with share-based compensation may increase, which may have an adverse effect on our results of operations. In addition, any ordinary shares that we issue under our 2015 Plan would dilute the percentage ownership held by public investors.

Risks Related to Our Corporate Structure

If the PRC government finds that the agreements that establish the structure for operating some of our operations in China do not comply with PRC regulations relating to the relevant industries, or if these regulations or the interpretation of existing regulations change in the future, we could be subject to severe penalties or be forced to relinquish our interests in the VIE.

Foreign ownership of telecommunication businesses is subject to restrictions under current PRC laws and regulations. For example, foreign investors are generally not allowed to own more than 50% of the equity interests in an information service provider or other value-added telecommunication service provider (other than operating e-commerce, domestic multiparty communication, storage and forwarding and call center) and the major foreign investor in a value-added telecommunication service provider in China must have experience in providing value-added telecommunication services overseas and maintain a good track record in accordance with the Encouraged Industries Catalog for Foreign Investment (2022 version), the Special Administrative Measures for Foreign Investment Access (Negative List (2021), or the Negative List (2021), and other applicable laws and regulations.

Tuya Inc. is a Cayman Islands company and we currently conduct substantially all of our business operations in the PRC through our PRC subsidiaries, including Tuya Information, our wholly owned subsidiary incorporated in the PRC. We are classified as a foreign enterprise under the PRC laws and regulations, and Tuya Information, our wholly owned subsidiary in the PRC, is a foreign-invested enterprise. In light of the restrictions described above, we have determined that it was not viable for us to hold Hangzhou Tuya Technology, or the VIE, directly through equity ownership. Therefore, we may only conduct the business operations currently conducted by the VIE through a series of contractual arrangements between our PRC subsidiary on one hand, and the VIE and its registered shareholders on the other hand, to comply with PRC laws and regulations. These contractual arrangements have enabled us to (i) exercise effective control over the VIE, (ii) receive substantially all of the economic benefits of the VIE, (iii) have the pledge right over the equity interests in the VIE as the pledgee and (iv) have an exclusive option to purchase all or part of the equity interests in the VIE when and to the extent permitted by PRC law. As a result of these contractual arrangements, we have control over and are the primary beneficiary of the VIE for accounting purposes and hence consolidate its financial results under U.S. GAAP.

44

Table of Contents

In the opinion of Jia Yuan Law Offices, our PRC legal counsel, (i) the ownership structures of our wholly foreign-owned enterprise and the VIE in China are not in violation of provisions of applicable PRC laws and regulations currently in effect; and (ii) the contractual arrangements between our wholly foreign-owned enterprise, the VIE and its shareholders governed by PRC law are not in violation of provisions of applicable PRC laws or regulations currently in effect, and valid and binding upon each party to such arrangements and, save as disclosed in “Item 4. Information on the Company—Contractual Arrangements with the VIE and the VIE’s Registered Shareholders,” enforceable against each party thereto in accordance with their terms and applicable PRC laws and regulations currently in effect. However, we have been further advised by our PRC legal counsel that there are substantial uncertainties regarding the interpretation and application of current and future PRC laws, regulations and rules. Thus, the PRC government authorities may take a view contrary to the opinion of our PRC legal counsel. It is uncertain whether any new PRC laws or regulations relating to variable interest entity structure will be adopted or if adopted, what they would provide. If we or the VIE is found to be in violation of any existing or future PRC laws or regulations, or fail to obtain or maintain any of the required permits or approvals to operate our business, the relevant PRC government authorities would have broad discretion to take action in dealing with such violations or failures, including:

Any of these events could cause significant disruption to our business operations and severely damage our reputation, which would in turn have a material adverse effect on our financial condition and results of operations. Furthermore, new PRC laws, rules and regulations may be introduced to impose additional requirements that may be applicable to our corporate structure and the VIE. For details, please see “—Risks Related to Our Corporate Structure—Substantial uncertainties exist with respect to the interpretation and implementation of the Foreign Investment Law and how it may impact the viability of our current corporate structure, corporate governance and operations.” If occurrences of any of these events result in our inability to direct the activities of the VIE in China that most significantly impact its economic performance and/or our failure to receive the economic benefits and residual returns from the VIE, and we are unable to restructure our ownership structure and operations in a satisfactory manner, we may not be able to consolidate the financial results of the VIE in our consolidated financial statements in accordance with U.S. GAAP.

We rely on contractual arrangements with the VIE and its registered shareholders to use, or otherwise benefit from, certain licenses and approvals we may need in the future, which may not be as effective as direct ownership in providing operational control and could adversely affect our business, operating results and financial condition.

We have relied and expect to continue to rely on contractual arrangements with the VIE and its registered shareholders to conduct a portion of our operations in China. These contractual arrangements, however, may not be as effective as direct ownership in providing us with control over the VIE. For example, the VIE and its shareholders could breach their contractual arrangements with us by, among other things, failing to conduct the operations of the VIE in an acceptable manner or taking other actions that are detrimental to our interests.

If we had direct ownership of the VIE in China, we would be able to exercise our rights as a shareholder to effect changes in the board of directors of the VIE, which in turn could implement changes, subject to any applicable fiduciary obligations, at the management and operational level. However, under the current contractual arrangements, we rely on the performance by the VIE and its registered shareholders of their obligations under the contracts to exercise control over the VIE. If any dispute relating to these contracts remains unresolved, we will have to enforce our rights under these contracts through the operations of PRC law and arbitration, litigation and other legal proceedings and therefore will be subject to uncertainties in the PRC legal system. See “—Any failure by the VIE or its shareholders to perform their obligations under our contractual arrangements with them would have an adverse effect on part of our business.”

45

Table of Contents

Any failure by the VIE or its shareholders to perform their obligations under our contractual arrangements with them would have an adverse effect on part of our business.

If the VIE or its shareholders fail to perform their respective obligations under the contractual arrangements, we may have to incur substantial costs and expend additional resources to enforce such arrangements. We may also have to rely on legal remedies under PRC law, including seeking specific performance or injunctive relief, and contractual remedies, which we cannot assure you will be sufficient or effective under PRC law. For example, if the registered shareholders were to refuse to transfer their equity interests in the VIE to us or our designee when we exercise the purchase option pursuant to these contractual arrangements, or if they were otherwise to act in bad faith toward us, then we may have to take legal actions to compel them to perform their contractual obligations.

All the agreements under our contractual arrangements are governed by PRC law and provide for the resolution of disputes through arbitration in China. Accordingly, these contracts would be interpreted in accordance with PRC law and any disputes would be resolved in accordance with PRC legal procedures. As a result, uncertainties in the PRC legal system could limit our ability to enforce these contractual arrangements. See “—Risks Related to Doing Business in China—The uncertainties in the PRC legal system could materially and adversely affect us.” Meanwhile, there are very few precedents and little formal guidance as to how contractual arrangements in the context of a VIE should be interpreted or enforced under PRC law. There remain significant uncertainties regarding the ultimate outcome of such arbitration if legal action becomes necessary. In addition, under PRC law, rulings by arbitrators are final, parties cannot appeal the arbitration results in courts, and if the losing parties fail to carry out the arbitration awards within a prescribed time limit, the prevailing parties may only enforce the arbitration awards in PRC courts through arbitration award recognition proceedings, which would require additional expenses and delay. In the event we are unable to enforce these contractual arrangements, or if we suffer significant delay or other obstacles in the process of enforcing these contractual arrangements, we may not be able to exert effective control over the VIE, and our business, financial condition and results of operations may be negatively affected.

The registered shareholders of the VIE may have potential conflicts of interest with us, which may materially and adversely affect part of our business.

The registered shareholders of the VIE may have potential conflicts of interest with us. These shareholders may breach, or cause the VIE to breach, or refuse to renew, the existing contractual arrangements we have with them and the VIE, which would have a material adverse effect on our ability to effectively receive economic benefits from the VIE. For example, the shareholders may be able to cause our agreements with the VIE to be performed in a manner adverse to us by, among other things, failing to remit payments due under the contractual arrangements to us on a timely basis. We cannot assure you that when conflicts of interest arise, any or all of these shareholders will act in the best interests of our company or such conflicts will be resolved in our favor.

For individuals who are also our directors and officers, we rely on them to abide by the laws of the Cayman Islands, which provide that directors and officers owe a fiduciary duty to the company that requires them to act in good faith and in what they believe to be the best interests of the company and not to use their position for personal gain. The registered shareholders of the VIE have executed powers of attorney to appoint our wholly foreign-owned enterprise or a person designated by our wholly foreign-owned enterprise to vote on their behalf and exercise voting rights as shareholders of the VIE. If we cannot resolve any conflict of interest or dispute between us and the shareholders of the VIE, we would have to rely on legal proceedings, which could result in disruption of part of our business and subject us to substantial uncertainty as to the outcome of any such legal proceedings.

The registered shareholders of the VIE may be involved in personal disputes with third parties or other incidents that may have an adverse effect on their respective equity interests in the VIE and the validity or enforceability of our contractual arrangements with the VIE and its registered shareholders. For example, in the event that any of the shareholders of the VIE divorces his or her spouse, the spouse may claim that the equity interest of the VIE held by such shareholder is part of their community property and should be divided between such shareholder and the spouse. If such claim is supported by the court, the relevant equity interest may be obtained by the shareholder’s spouse or another third party who is not subject to obligations under our contractual arrangements, which could result in a loss of the effective control over the VIE by us. Similarly, if any of the equity interests of the VIE is inherited by a third party with whom the current contractual arrangements are not binding, we could lose our control over the VIE or have to maintain such control by incurring unpredictable costs, which could cause significant disruption to part of our business and operations and harm our financial condition and results of operations.

46

Table of Contents

Contractual arrangements we have entered into with the VIE may be subject to scrutiny by the PRC tax authorities. A finding that we owe additional taxes could negatively affect our financial condition and the value of your investment.

Under applicable PRC laws and regulations, arrangements and transactions among related parties may be subject to audit or challenge by the PRC tax authorities. We could face material and adverse tax consequences if the PRC tax authorities determine that the contractual arrangements in relation to the VIE were not entered into on an arm’s-length basis in such a way as to result in an impermissible reduction in taxes under applicable PRC laws, rules and regulations, and adjust income of the VIE in the form of a transfer pricing adjustment. A transfer pricing adjustment could, among other things, result in a reduction of expense deductions recorded by the VIE for PRC tax purposes, which could in turn increase their tax liabilities without reducing our PRC subsidiaries’ tax expenses. In addition, the PRC tax authorities may impose late payment fees and other administrative sanctions on the VIE for the adjusted but unpaid taxes according to the applicable regulations. Our financial position could be materially and adversely affected if the VIE’s tax liabilities increase or if it is required to pay late payment fees and other penalties.

We may lose the ability to use and benefit from assets held by the VIE that are supplementary to the operation of our business if the VIE goes bankrupt or becomes subject to dissolution or liquidation proceeding.

As part of our contractual arrangements with the VIE, such entity may in the future hold certain assets that are supplementary to the operation of our business. If the VIE goes bankrupt and all or part of its assets become subject to liens or rights of creditors, we may be unable to continue some or all of our business activities we currently conduct through contractual arrangements, which could adversely affect our business, financial condition and results of operations. Under the contractual arrangements, the VIE may not, in any manner, sell, transfer, mortgage or dispose of its assets or legal or beneficial interests in the business without our prior consent. If the VIE undergoes voluntary or involuntary liquidation proceeding, third-party creditors may claim rights to some or all of these assets, thereby hindering our ability to operate part of our business, which could adversely affect our business, financial condition and results of operations.

Substantial uncertainties exist with respect to the interpretation and implementation of the Foreign Investment Law and the recently amended PRC Company Law and how they may impact the viability of our current corporate structure, corporate governance and operations.

The value-added telecommunication services that we conduct through the VIE are subject to foreign investment restrictions set forth in the Negative List (2021), which was issued by the Ministry of Commerce (“MOFCOM”) and the National Development and Reform Commission (the “NDRC”) and became effective on January 1, 2022.

On March 15, 2019, the National People’s Congress promulgated the Foreign Investment Law, which became effective on January 1, 2020, replaced the Sino-Foreign Equity Joint Venture Enterprise Law, the Sino-Foreign Cooperative Joint Venture Enterprise Law and the Wholly Foreign-Owned Enterprise Law and became the legal foundation for foreign investment in the PRC. As of the date of this annual report, there remain uncertainties in relation to its interpretation and implementation. For instance, under the Foreign Investment Law, “foreign investment” refers to the investment activities directly or indirectly conducted by foreign individuals, enterprises or other entities in China. Though it does not explicitly classify contractual arrangements as a form of foreign investment, there is no assurance that foreign investment via contractual arrangements would not be interpreted as a type of indirect foreign investment activities in the future. In addition, the definition of foreign investment contains a catchall provision that includes investments made by foreign investors through means stipulated in laws, administrative regulations or provisions of the State Council. Therefore, it still leaves leeway for future laws, administrative regulations or provisions promulgated by the State Council to provide for contractual arrangements as a form of foreign investment. In any of these cases, it will be uncertain whether our contractual arrangements will be deemed to be in violation of the market access requirements for foreign investment under the PRC laws and regulations. If further actions shall be taken under future laws, administrative regulations or provisions of the State Council, we may face substantial uncertainties as to whether we can complete such actions. Failure to do so could materially and adversely affect our current corporate structure, corporate governance and operations.

The PRC Company Law（the “Company Law”), promulgated by the Standing Committee of the National People’s Congress on December 29, 1993, was recently amended on December 29, 2023 and will become effective on July 1, 2024. The Company Law provides new requirements for the time limit for contribution of capital, the company’s organizational structure, corporate governance, and the rights and obligations of shareholders, which also apply to foreign investment enterprises in the PRC. Uncertainties exist with respect to the interpretation and implementation of the Company Law and how it may impact the viability of our current corporate structure, corporate governance and business operations.

47

Table of Contents

Risks Related to Doing Business in China

Changes in economic, political or social conditions or government policies of China and globally could have a material adverse effect on our business, financial condition and results of operations.

Substantially all of our assets and operations are located in China. Accordingly, our business, results of operations, financial condition and prospects are affected by economic, political and social conditions in China generally and by continued economic growth in China as a whole. China’s economy differs from the economies of other countries in many respects, and the Chinese government plays a significant role in regulating industry development and has extensive influence over China’s economic growth through allocating resources and setting monetary and fiscal policy.

In recent decades, the PRC regulatory authorities have implemented measures emphasizing market forces for economic reform, the reduction of state ownership of productive assets and the establishment of sound corporate governance in business enterprises. However, state-owned enterprises are still playing a key role in the economy of China. Furthermore, although China’s economy has grown significantly in the past decades, growth has been uneven, both geographically and among various sectors of the economy. Any adverse changes in economic conditions in China, in the policies of the Chinese government or in the laws and regulations in China could have a material adverse effect on the overall economic growth of China. Such developments could adversely affect our business and results of operations, lead to a reduction in demand for our services and adversely affect our competitive position. In addition, some of the government measures aim to benefit the overall Chinese economy, but may unexpectedly have a negative effect on us. For example, our financial condition and results of operations may be affected by government control over capital investments or changes in tax regulations.

Additionally, the global macroeconomic environment faces significant challenges in the near-term future. For example, following the COVID-19 outbreak, most countries have encountered rising inflation, resulting in weakened customers’ spending on smart devices. Furthermore, there is considerable uncertainty about the short and long-term economic impact of the monetary and fiscal policies adopted by the central banks and government authorities of some of the world’s leading economies, including the United States and China.

We are exposed to risks associated with international relations and geopolitical risks.

We are exposed to risks associated with international relations, in particular, the relationship between the United States and China. Any unfavorable government policies, including those on investment restrictions or international trade, such as capital and data controls, tariffs or international payment and settlement system, updated or expanded sanctions and export control regulations, or any new or escalation of geopolitical confrontation and conflicts, may affect the demand for our products, impact the competitive position of our products, or prevent us from selling products in certain countries, or even our participation in international capital markets or the international payment and settlement system, any of which would materially and adversely affect our international operations, results of operations and financial condition.

On February 28, 2024, President Biden signed Executive Order 14117, which seeks to restrict access to bulk sensitive personal data and U.S. government-related data by “countries of concern”. It creates uncertainties and complications in our efforts to stay compliant with such regulations when it becomes effective. For example, if third-party cloud-hosting providers of our data centers in the United States, such as AWS, or our U.S. subsidiaries or U.S. personnel, were to be restricted from providing access to the relevant U.S. data in accordance with such regulations, it may negatively affect our businesses. Such change, and any similar legislative or executive actions in the future, could have an adverse effect on our business, financial condition and results of operations.

On October 16, 2023, the Commerce Department’s Bureau of Industry and Security, or BIS, issued an interim final rule, “Implementation of Additional Export Controls: Certain Advanced Computing Items; Supercomputer and Semiconductor End Use; Updates and Corrections”. BIS sought comments in relation to “infrastructure as a service”, or IaaS, to address access by Chinese customers to IaaS to develop dual-use AI foundation models with potential capabilities of concern. Any future rulemaking in this area may restrict or limit our access to AI capabilities of our existing cloud service providers and negatively impact our business, financial condition and results of operations.

48

Table of Contents

Recently, there have been changes in international trade and investment policies due to rising geopolitical tensions, particularly between the U.S. and China, but also as a result of the war in Ukraine and sanctions on Russia. This could be further aggravated by instability of the Middle East. The cost of importing and/or exporting products, technology and/or software to or from any major markets in which our suppliers and/or customers operate will increase as a result of the implementation of any major tariffs, legislation and/or regulations or regional conflicts or instability, or if existing trade agreements are renegotiated or, in particular, if any foreign government takes retaliatory trade actions due to trade tension between such government and China. Moreover, any political or trade controversies between the United States or any other major global economy and China, or any proposed or new legislation, executive orders or administrative rule making affecting China, whether or not directly related to us or our business and whether or not materialized, could have a material adverse effect on our business operations, results of operations and growth prospects.

These uncertainties entail risks may materially and adversely affect our business and prospects, and/or your investments in our shares. In September 2021, three United States senators and other commentators expressed concern about our alleged failure to protect U.S. consumers’ data, and some have urged the U.S. government to take actions against us, including adding us to the Non-SDN Chinese Military-Industrial Complex Company List, or the NS-CMIC List. If we were to be added to the NS-CMIC List, U.S. persons would be prohibited from purchasing or otherwise dealing in our publicly traded securities. This could affect the liquidity of our securities and could result in the delisting of the ADSs from U.S. markets. Similarly, United States, the European Union and other jurisdictions maintain other similar lists for purposes of economic sanctions and export control, such as the Entity List administered by BIS. If we were to be added to any of the foregoing lists or targeted by similar programs, our business and prospects, and/or your investments in our shares, may be materially and adversely affected.

These various types of actions or government policies, and any further changes in export controls, sanctions or other international trade restrictions, even if merely proposed or threatened, may cause investors to be unwilling to hold or buy our ADSs and Class A ordinary shares and consequently lead to decrease of the liquidity of our shares and cause the trading price of our ADSs and Class A ordinary shares to decline, and any unfavorable changes could have a material adverse impact on us, our customers or suppliers, or the industries in which we operate.

There are uncertainties regarding the interpretation and enforcement of PRC laws, rules and regulations.

The PRC legal system is based on written statutes. Prior court decisions may be cited for reference but have limited precedential value. The past decades have seen the progressive legislation by the PRC government designed to enhance the protections afforded to various forms of foreign investments in China. However, because certain laws and regulations are relatively new, and because of the limited volume of published decisions and their nonbinding nature, the interpretation and enforcement of these laws and regulations involve uncertainties.

Furthermore, the PRC legal system is based in part on government policies and China is geographically large and divided into various provinces and municipalities. Therefore, different regulations and policies may have different and varying applications and interpretations in different parts of China, and it is possible that we may not be aware in a timely manner that we have been identified to be in violation of these policies and rules until sometime after the occurrence of the violation. In addition, certain administrative and court proceedings in China may result in substantial costs and diversion of resources and management attention.

PRC government has complex regulatory requirements on the conduct of our business and it has recently promulgated certain regulations and rules to exert more oversight over offerings that are conducted overseas and/ or foreign investment in China-based issuers. Such action could significantly limit or hinder our ability to offer or continue to offer securities to investors and cause the value of such securities to significantly decline.

You may experience difficulties in effecting service of legal process, enforcing foreign judgments or bringing actions in mainland China and Hong Kong against us or our management based on foreign laws.

Tuya Inc. is an exempted company limited by shares incorporated under the laws of the Cayman Islands. The Group conducts substantially all of its operations in mainland China, and substantially all of its assets are located outside the United States. In addition, we do not have any material operations in Hong Kong. Furthermore, some of our directors and executive officers reside within mainland China or Hong Kong for a significant portion of the time and are PRC nationals. As a result, it may not be possible to effect service of process within the United States or elsewhere outside China upon us, our directors and executive officers, including with respect to matters arising under U.S. federal securities laws or applicable state securities laws.

49

Table of Contents

Even if you obtain a judgment against us, our directors or executive officers or the expert named in this annual report in a U.S. court or other court outside China, you may not be able to enforce such judgment against us or them in mainland China or Hong Kong. Neither mainland China nor Hong Kong has treaties providing for the reciprocal recognition and enforcement of judgments of courts with the Cayman Islands and many other countries and regions, such as the United States. However, subject to certain conditions, including but not limited to when the judgment is for a liquidated amount in a civil matter and not in respect of taxes, fines, penalties or similar charges, the judgment is final and conclusive and has not been stayed or satisfied in full, the proceedings in which the judgment was obtained were not contrary to natural justice and the enforcement of the judgment is not contrary to public policy of Hong Kong, Hong Kong courts may accept such judgment obtained from a United States court as a debt due under the rules of common law enforcement. Nevertheless, a separate legal action for debt must be commenced in Hong Kong in order to recover such debt from the judgment debtor, and there can be no assurance that such legal action in Hong Kong would be resolved in favor of the judgment debtor. Therefore, recognition and enforcement in mainland China or Hong Kong of judgments of a court in any of foreign jurisdictions in relation to any matter not subject to a binding arbitration provision may be difficult or impossible.

On July 14, 2006, the Supreme People’s Court of the PRC and Hong Kong entered into the Arrangement on Reciprocal Recognition and Enforcement of Judgments in Civil and Commercial Matters by the Courts of the Mainland and of the Hong Kong Special Administrative Region Pursuant to Choice of Court Agreements between Parties Concerned (the “2006 Arrangement”). Under the 2006 Arrangement, where any designated PRC court or any designated Hong Kong court has made an enforceable final judgment requiring payment of money in a civil or commercial case under a choice of court agreement in writing, any party concerned may apply to the relevant PRC court or Hong Kong court for recognition and enforcement of the judgment. On January 18, 2019, the Supreme People’s Court and Hong Kong entered into the Arrangement on Reciprocal Recognition and Enforcement of Judgments in Civil and Commercial Matters by the Courts of the Mainland and of the Hong Kong Special Administrative Region (the “2019 Arrangement”), which seeks to establish a mechanism with greater clarity and certainty for recognition and enforcement of judgments in a wider range of civil and commercial matters between Hong Kong and the PRC. The 2019 Arrangement discontinued the requirement for a choice of court agreement for bilateral recognition and enforcement. The 2006 Arrangement was superseded upon the effectiveness of the 2019 Arrangement on January 29, 2024 but remains applicable to a choice of court agreement in writing entered into before the effective date of the 2019 Arrangement. However, we cannot assure you that all final judgments will be recognized and effectively enforced by the relevant PRC court.

Moreover, you may not be able to bring original actions in China based on the U.S. or other foreign laws against us, our directors or executive officers or the expert named in this annual report. In particular, shareholder claims that are common in the United States, including securities law class actions and fraud claims, generally are difficult to pursue as a matter of law or practicality in China. For example, in China, there are significant legal and other obstacles to obtaining information needed for shareholder investigations or litigation outside China or otherwise with respect to foreign entities. In the absence of a mutual and practical cooperation mechanism, there has not been efficient regulatory cooperation between the local authorities in China and the securities regulatory authorities in the United States to implement cross-border supervision and administration so far. Although the local authorities in China may establish a regulatory cooperation mechanism with the securities regulatory authorities of another country or region to implement cross-border supervision and administration, such regulatory cooperation with the securities regulatory authorities in the United States have not been efficient in the absence of a mutual and practical cooperation mechanism. According to Article 177 of the PRC Securities Law which became effective in March 2020, no overseas securities regulator is allowed to directly conduct investigation or evidence collection activities within the territory of the PRC. Accordingly, without the consent of the competent PRC securities regulators and relevant authorities, no organization or individual may provide the documents and materials relating to securities business activities to overseas parties. See also “—Risks Related to Our ADSs—You may face difficulties in protecting your interests, and your ability to protect your rights through U.S. or Hong Kong courts may be limited, because we are incorporated under Cayman Islands law.”

50

Table of Contents

We may rely on dividends and other distributions on equity paid by our subsidiaries in mainland China and Hong Kong to fund any cash and financing requirements we may have, and any limitation on the ability of these subsidiaries to make payments to us could have a material and adverse effect on our ability to conduct our business.

Tuya Inc. is a Cayman Islands holding company and we rely principally on dividends and other distributions on equity from our subsidiaries in mainland China and Hong Kong for our cash requirements, including for services of any debt we may incur. To the extent cash or assets in the business are in the PRC, including Hong Kong, or a PRC (including Hong Kong) entity, the funds or assets may not be available to fund operations or for other use outside of the PRC, including Hong Kong, due to interventions in or the impositions of restrictions and limitations on the availability of Tuya Inc., its subsidiaries or the VIE by the PRC government to transfer cash or assets. There is no assurance that the PRC government will not intervene in or impose restrictions on the ability of Tuya Inc., its subsidiaries or the VIE to transfer cash or assets.

Our PRC subsidiaries’ ability to distribute dividends is based upon their distributable earnings. Current PRC regulations permit our PRC subsidiaries to pay dividends to their respective shareholders only out of their accumulated profits, if any, determined in accordance with PRC accounting standards and regulations. In addition, each of our PRC subsidiaries is required to set aside at least 10% of its after-tax profits each year, if any, to fund a statutory reserve until such reserve reaches 50% of each of their registered capitals. These reserves are not distributable as cash dividends. If our PRC subsidiaries incur debt on their own behalf in the future, the instruments governing the debt may restrict their ability to pay dividends or make other payments to us.

To address the persistent capital outflow and the RMB’s depreciation against the U.S. dollar in the fourth quarter of 2016, the People’s Bank of China and the State Administration of Foreign Exchange (“SAFE”) implemented a series of capital control measures in the subsequent months, including stricter vetting procedures for China-based companies to remit foreign currency for overseas acquisitions, dividend payments and shareholder loan repayments. For instance, the Circular on Further Promoting the Reform of Foreign Exchange Management and Improving the Verification of Authenticity and Compliance Review (the “SAFE Circular 3”) issued on January 18, 2017 provides that the banks shall, when dealing with dividend remittance transactions from a domestic enterprise to its offshore shareholders of more than US$50,000, review the relevant board resolutions, original tax filing form and audited financial statements of such domestic enterprise based on the principal of genuine transaction. The PRC government may continue to strengthen its capital controls and our PRC subsidiaries’ dividends and other distributions may be subject to tightened scrutiny in the future. Any limitation on the ability of our PRC subsidiaries to pay dividends or make other distributions to us could materially and adversely limit our ability to grow, make investments or acquisitions that could be beneficial to our business, pay dividends, or otherwise fund and conduct our business.

In addition, the Enterprise Income Tax Law (the “EIT Law”) and its implementation rules provide that a withholding tax at a rate of 10% will be applicable to dividends payable by Chinese companies to non-PRC-resident enterprises unless reduced under treaties or arrangements between the PRC central government and governments of other countries or regions where the non-PRC resident enterprises are tax residents. Pursuant to the tax agreement between Mainland China and the Hong Kong Special Administrative Region, the withholding tax rate in respect to the payment of dividends by a PRC enterprise to a Hong Kong enterprise may be reduced to 5% from a standard rate of 10% if the Hong Kong enterprise (i) directly holds at least 25% of the PRC enterprise, (ii) is a tax resident in Hong Kong and (iii) could be recognized as a beneficial owner of the dividend from a PRC tax perspective. Under administrative guidance, a Hong Kong resident enterprise must meet the following conditions, among others, in order to apply the reduced withholding tax rate: (i) it must be a company; (ii) it must directly own the required percentage of equity interests and voting rights in the PRC resident enterprise; and (iii) it must have directly owned such required percentage in the PRC resident enterprise throughout the 12 months prior to receiving the dividends. Nonresident enterprises are not required to obtain pre-approval from the relevant tax authority in order to enjoy the reduced withholding tax. Instead, nonresident enterprises and their withholding agents may, by self-assessment and on confirmation that the prescribed criteria to enjoy the tax treaty benefits are met, directly apply the reduced withholding tax rate, and file necessary forms and supporting documents when performing tax filings, which will be subject to post-tax filing examinations by the relevant tax authorities. Accordingly, our Hong Kong subsidiary may be able to benefit from the 5% withholding tax rate for the dividends it receives from our PRC subsidiaries, if it satisfies the conditions prescribed under the State Administration of Taxation on the Issues Concerning the Application of the Dividend Clauses of Tax Agreements and other relevant tax rules and regulations. However, if the relevant tax authorities consider the transactions or arrangements we have to be for the primary purpose of enjoying a favorable tax treatment, the relevant tax authorities may adjust the favorable withholding tax in the future. Accordingly, there is no assurance that the reduced 5% withholding tax rate will apply to dividends received by our Hong Kong subsidiary from our PRC subsidiaries. This withholding tax will reduce the amount of dividends we may receive from our PRC subsidiaries.

51

Table of Contents

The custodians or authorized users of our controlling non-tangible assets, including chops and seals, may fail to fulfill their responsibilities, or misappropriate or misuse these assets.

Under the PRC law, legal documents for corporate transactions, including agreements and contracts, are executed using the chop or seal of the signing entity or with the signature of a legal representative whose designation is registered and filed with relevant PRC market regulation authorities.

In order to secure the use of our chops and seals, we have established internal control procedures and rules for using these chops and seals. In any event that the chops and seals are intended to be used, the responsible personnel will submit the application, which will then be verified and approved by authorized employees in accordance with our internal control procedures and rules. In addition, in order to maintain the physical security of our chops, we generally have them stored in secured locations accessible only to authorized employees. However, such internal control procedures may not be sufficient to prevent all instances of abuse or negligence. There is a risk that our employees could abuse their authority, for example, by entering into a contract not approved by us or seeking to gain control of one of our subsidiaries or the VIE. If any employee obtains, misuses or misappropriates our chops and seals or other controlling non-tangible assets for whatever reason, we could experience disruption to our normal business operations. We may have to take corporate or legal action, which could involve significant time and resources to resolve and divert management from our operations.

If the preferential tax treatments and government subsidies granted by the PRC government become unavailable, our results of operations and financial condition may be adversely affected.

Our PRC subsidiaries are subject to the PRC corporate income tax at a standard rate of 25% on their taxable income, while in 2021, 2022 and 2023, preferential tax treatment was available to Tuya Information, one of our PRC subsidiaries. Tuya Information was qualified as a “High-tech Enterprise” and was entitled to enjoy a 15% beneficial tax rate for the year ended December 31, 2023. We cannot assure you that the PRC policies on preferential tax treatments will not change or that the current preferential tax treatments we enjoy or will be entitled to enjoy will not be canceled. Moreover, we cannot assure you that our PRC subsidiaries will be able to renew the same preferential tax treatments upon expiration. If any such change, cancellation or discontinuation of preferential tax treatment occurs, the relevant PRC subsidiaries will be subject to the PRC enterprise income tax (the “EIT”) at a rate of 25% on taxable income. As a result, the increase in our tax charge could materially and adversely affect our results of operations.

PRC regulation of loans to and direct investment in PRC entities by offshore holding companies and governmental control of currency conversion may restrict or delay us from using the proceeds of our offshore securities offerings to make loans or additional capital contributions to our PRC subsidiaries and making loans to the VIE or its subsidiaries, which could adversely affect our liquidity and our ability to fund and expand our business.

Tuya Inc. is an offshore holding company and we conduct our operations in China through our PRC subsidiaries and the VIE. We may make loans to our PRC subsidiaries and the VIE, subject to the approval from government authorities and limitation of amount, or we may make additional capital contributions to our PRC subsidiaries in China.

Any loans to our PRC subsidiaries in China, which are treated as foreign-invested enterprises under PRC law, are subject to PRC regulations and foreign exchange loan registrations. For example, loans by us to our PRC subsidiaries in China to finance their activities cannot exceed statutory limits and must be registered with the local counterpart of SAFE. In addition, a foreign-invested enterprise shall use its capital pursuant to the principle of authenticity and for self-use within its business scope. The capital of a foreign invested enterprise shall not be used for the following purposes: (i) directly or indirectly used for payment beyond the business scope of the enterprises or the payment prohibited by relevant laws and regulations; (ii) directly or indirectly used for investment in securities investments other than banks’ principal-secured products unless otherwise provided by relevant laws and regulations; (iii) the granting of loans to non-affiliated enterprises, except where it is expressly permitted in the business license; and (iv) paying the expenses related to the purchase of real estate that is not for self-use (except for the foreign-invested real estate enterprises).

52

Table of Contents

SAFE promulgated the Notice of the State Administration of Foreign Exchange on Reforming the Administration of Foreign Exchange Settlement of Capital of Foreign Invested Enterprises (the “SAFE Circular 19”), effective in June 2015, in replacement of the Circular on the Relevant Operating Issues Concerning the Improvement of the Administration of the Payment and Settlement of Foreign Currency Capital of Foreign Invested Enterprises, the Notice from the State Administration of Foreign Exchange on Relevant Issues Concerning Strengthening the Administration of Foreign Exchange Businesses, and the Circular on Further Clarification and Regulation of the Issues Concerning the Administration of Certain Capital Account Foreign Exchange Businesses. Although SAFE Circular 19 allows RMB capital converted from foreign currency-denominated registered capital of a foreign-invested enterprise to be used for equity investments within China, it also reiterates the principle that RMB converted from the foreign currency-denominated capital of a foreign-invested company may not be directly or indirectly used for purposes beyond its business scope. Thus, it is unclear whether SAFE will permit such capital to be used for equity investments in China in actual practice. SAFE promulgated the Notice of the State Administration of Foreign Exchange on Reforming and Standardizing the Foreign Exchange Settlement Management Policy of Capital Account (the “SAFE Circular 16”), effective on June 9, 2016, which reiterates some of the rules set forth in SAFE Circular 19, but changes the prohibition against using RMB capital converted from foreign currency-denominated registered capital of a foreign-invested enterprise to issue RMB entrusted loans to a prohibition against using such capital to issue loans to non-associated enterprises. Violations of SAFE Circular 19 and SAFE Circular 16 could result in administrative penalties. SAFE Circular 19 and SAFE Circular 16 may significantly limit our ability to transfer any foreign currency we hold to our PRC subsidiaries, which may adversely affect our liquidity and our ability to fund and expand business in China.

Among others, SAFE Circular 28 relaxes prior restrictions and allows foreign-invested enterprises that do not have equity investments in their approved business scope to use their capital obtained from foreign exchange settlement to make domestic equity investments as long as the investments are real and in compliance with the foreign investment-related laws and regulations.

In light of the various requirements imposed by PRC regulations on loans to and direct investment in PRC entities by offshore holding companies, we cannot assure you that we will be able to complete the necessary government registrations or obtain the necessary government approvals on a timely basis, if at all, with respect to future loans to our PRC subsidiaries or the VIE or future capital contributions by us to our PRC subsidiaries in China. As a result, uncertainties exist as to our ability to provide prompt financial support to our PRC subsidiaries or the VIE when needed. If we fail to complete such registrations or obtain such approvals, our ability to use the proceeds we expect to receive from our future offshore securities offerings and to capitalize or otherwise fund our PRC operations may be negatively affected, which could materially and adversely affect our liquidity and our ability to fund and expand our business.

Governmental control of currency conversion may affect the value of your investment.

The PRC government imposes controls on the convertibility of the Renminbi into foreign currencies and, in certain cases, the remittance of currency out of China. We receive substantially all of our revenue in Renminbi. Under our current corporate structure, our Cayman Islands holding company primarily relies on dividend payments from our PRC subsidiaries to fund any cash and financing requirements it may have. Under existing PRC foreign exchange regulations, payments of current account items, including profit distributions, interest payments and trade and service-related foreign exchange transactions, can be made in foreign currencies without prior approval of SAFE by complying with certain procedural requirements. Specifically, under the existing exchange restrictions, without prior approval of SAFE, cash generated from the operations of our PRC subsidiaries in China may be used to pay dividends to our company. However, approval from or registration with appropriate government authorities is required where Renminbi is to be converted into foreign currency and remitted out of China to pay capital expenses such as the repayment of loans denominated in foreign currencies. As a result, we need to obtain SAFE approval to use cash generated from the operations of our PRC subsidiaries and the VIE to pay off their respective debt in a currency other than Renminbi owed to entities outside China, or to make other capital expenditure payments outside China in a currency other than Renminbi. The PRC government may at its discretion restrict access to foreign currencies for current account transactions in the future. If the foreign exchange control system prevents us from obtaining sufficient foreign currencies to satisfy our foreign currency demands, we may not be able to pay dividends in foreign currencies to our shareholders, including holders of our ADSs and Class A ordinary shares.

53

Table of Contents

The filing, approval or other administration requirements of the CSRC, the CAC or other PRC government authorities may be required to maintain our listing status or conduct future offshore securities offerings.

On August 8, 2006, six PRC regulatory agencies jointly adopted the Regulations on Mergers and Acquisitions of Domestic Enterprises by Foreign Investors, or the M&A Rules, which came into effect on September 8, 2006 and were amended on June 22, 2009. The M&A Rules include, among other things, provisions that purport to require that an offshore special purpose vehicle (the “SPV”) that is controlled by PRC domestic companies or individuals and that has been formed for the purpose of an overseas listing of securities through acquisitions of PRC domestic companies or assets to obtain the approval of the CSRC prior to the listing and trading of such SPV’s securities on an overseas stock exchange. On September 21, 2006, the CSRC published on its official website procedures regarding its approval of overseas listings by SPVs. However, substantial uncertainty remains regarding the scope and applicability of the M&A Rules to offshore SPVs.

While the application of the M&A Rules remains unclear, we believe, based on the advice of Jia Yuan Law Offices, our PRC legal counsel, that the CSRC approval mentioned above is not required in our context because (i) our wholly foreign-owned PRC subsidiary was not established through mergers or acquisitions of equity interest or assets of a PRC domestic company owned by PRC companies or individuals as defined under the M&A Rules that are the beneficial owners of our company; and (ii) no provision in the M&A Rules clearly classifies contractual arrangements as a type of transaction subject to the M&A Rules. However, there can be no assurance that the relevant PRC government agencies, including the CSRC, would reach the same conclusion as our PRC legal counsel.

54

Table of Contents

On July 6, 2021, the relevant PRC governments promulgated the Opinions on Strictly Cracking Down on Illegal Securities Activities (the “Opinions”), which among others provide that the administration and supervision of overseas-listed China-based companies will be strengthened, and the special provisions of the State Council on overseas issuance and listing of shares by such companies will be revised, clarifying the responsibilities of domestic industry competent authorities and regulatory authorities. As a follow-up, on February 17, 2023, the CSRC released the Trial Administrative Measures of Overseas Securities Offering and Listing by Domestic Companies (the “Trial Measures”) and relevant supporting guidelines, collectively, the New Overseas Listing Rules, setting out new filing procedures for China-based companies seeking direct or indirect listings and offerings in overseas markets, which came into force on March 31, 2023. The New Overseas Listing Rules are applicable to PRC domestic companies that seek to offer and list securities in overseas markets, either through direct or indirect means. If an issuer meets both of the following criteria, the overseas securities offering and listing conducted by such issuer shall be deemed as an indirect overseas offering subject to the filing procedures set forth under the New Overseas Listing Rules: (i) 50% or more of the issuer’s operating revenue, total profit, total assets or net assets as documented in its audited consolidated financial statements for the most recent fiscal year are derived from PRC domestic companies; and (ii) the issuer’s business activities are substantially conducted in mainland China, or its principal place(s) of business are located in mainland China, or the senior managers in charge of its business operations and management are mostly Chinese citizens or domiciled in mainland China. Pursuant to the New Overseas Listing Rules, an issuer listed in an overseas market that contemplates any follow-on offering in the same overseas market where it has previously offered and listed securities should, through its major operating entity incorporated in the PRC, file the required materials with the CSRC within three business days after the completion of such follow-on offering. Furthermore, according to the New Overseas Listing Rules, after an issuer has completed its offering and listed its securities on an overseas stock exchange, the issuer shall submit a report to the CSRC within three business days after the occurrence and public disclosure of certain material events, including (i) a change of control, (ii) investigations of or sanctions imposed on the issuer by overseas securities regulatory agencies or other relevant competent authorities, (iii) changes of listing status or transfers of the listing segment, (iv) a voluntary or mandatory delisting and (v) a material change in its main business operation, as a result of which that issuer is no longer subject to the filing requirements under the New Overseas Listing Rules. The New Overseas Listing Rules provide that in the event of any breach, including any failure to fulfill the filing procedure, or any offering and listing of securities in an overseas market in violation of the measures, the CSRC will order such domestic company to rectify, issue warnings to such domestic company, and impose a fine between RMB1 million and RMB10 million. Fines and warnings will be imposed on persons-in-charge and other persons who are directly liable. In addition, fines will also be imposed on controlling shareholders and actual controllers of the domestic company who initiate or cause the aforesaid non-compliance activities. As these measures and rules are relatively new, it remains uncertain as to their implementation. We may not be able to obtain approval or complete the required filing for any future offshore securities offering, and it is uncertain how long it will take us to obtain such approval or complete such filing, or if we can obtain any waiver of aforesaid requirements if and when procedures are established to obtain such waiver. Any failure to obtain or delay in obtaining such approval or completing such filing for any future offshore securities offering, or a rescission of any such approval obtained by us, could subject us to sanctions by the CSRC, the CAC or other PRC regulatory agencies for failure to seek approval or other governmental authorization or complete the necessary filing for any future offshore securities offering. In any such event, these regulatory authorities may also impose fines and penalties on our operations in China, limit our operating privileges in China, delay or restrict the repatriation of the proceeds from any future offshore securities offering into the PRC or take other actions that could adversely affect our business, operating results and financial condition, as well as our ability to complete any future offshore securities offering. The CSRC, the CAC or any other PRC government authorities may also take actions requiring us, or making it advisable for us, to halt any future offshore securities offering. Consequently, if you engage in market trading or other activities in anticipation of and prior to settlement and delivery, you do so at the risk that such settlement and delivery may not occur. Any uncertainties or negative publicity regarding such approval requirements could materially and adversely affect the trading price of our ADSs and Class A ordinary shares.

55

Table of Contents

Certain PRC regulations may affect our ability to pursue growth through acquisitions.

Among other things, the M&A Rules, adopted by six PRC regulatory agencies in 2006 and amended in 2009, established additional procedures and requirements that could make merger and acquisition activities by foreign investors more time-consuming and complex. Such regulation requires, among other things, that MOFCOM be notified in advance of any change of control transaction in which a foreign investor takes control of a PRC domestic enterprise, if (i) any important industry is concerned, (ii) such transaction involves factors that have or may have an impact on national economic security, or (iii) such transaction will lead to a change in control of a domestic enterprise which holds a famous trademark or PRC time-honored brand. Moreover, the PRC Anti-Monopoly Law promulgated by the Standing Committee of the NPC which became effective in 2008 and was amended in 2022 requires that transactions which are deemed concentrations and involve parties with specified turnover thresholds must be cleared by the relevant anti-monopoly authority before they can be completed. In addition, PRC national security review rules which became effective in September 2011 require acquisitions by foreign investors of PRC companies engaged in military-related or certain other industries that are crucial to national security be subject to security review before consummation of any such acquisition. We may pursue potential strategic acquisitions that are complementary to our business and operations.

Complying with the requirements of these regulations to complete such transactions could be time-consuming, and any required approval processes, including obtaining approval or clearance from the competent government authority, may delay or inhibit our ability to complete such transactions, which could affect our ability to expand our business or maintain our market share.

Failure to make adequate contributions to various employee benefit plans as required by PRC regulations may subject us to penalties.

We are required under PRC laws and regulations to participate in various government-sponsored employee benefit plans, including certain social insurance, housing funds and other welfare-oriented payment obligations, and contribute to the plans in amounts equal to certain percentages of salaries, including bonuses and allowances, of our employees up to a maximum amount specified by the local government from time to time at locations where we operate our businesses. The requirement of employee benefit plans has not been implemented consistently by the local governments in China given the different levels of economic development in different locations, and we cannot assure you that we are able to make adequate contribution for each employee in a timely and appropriate manner at all time. If we fail to make adequate employee benefit payments, we may be subject to fines, late fees and legal sanctions, and our business, financial condition and results of operations may be adversely affected.

PRC regulations relating to the establishment of offshore special purpose companies by PRC residents may subject our PRC resident beneficial owners or our PRC subsidiaries to liability or penalties, limit our ability to inject capital into our PRC subsidiaries, limit our PRC subsidiaries’ ability to increase their registered capital or distribute profits to us, or may otherwise adversely affect us.

In July 2014, SAFE promulgated the Circular on Relevant Issues Concerning Foreign Exchange Control on Domestic Residents’ Offshore Investment and Financing and Roundtrip Investment Through Special Purpose Vehicles (the “SAFE Circular No. 37”) to replace the Notice on Relevant Issues Concerning Foreign Exchange Administration for Domestic Residents’ Financing and Roundtrip Investment Through Offshore Special Purpose Vehicles (the “SAFE Circular 75”), which ceased to be effective upon the promulgation of SAFE Circular No. 37. SAFE Circular No. 37 requires PRC residents (including PRC individuals and PRC corporate entities) to register with SAFE or its local branches in connection with their direct or indirect offshore investment activities. SAFE Circular No. 37 is applicable to our shareholders who are PRC residents and may be applicable to any offshore acquisitions that we make in the future.

SAFE Circular No. 37 requires registration with, and approval from, Chinese government authorities in connection with direct or indirect control of an offshore entity by PRC residents. The term “control” under SAFE Circular No. 37 is broadly defined as the operation rights, beneficiary rights or decision-making rights acquired by PRC residents in the offshore SPVs, by means of acquisition, trust, proxy, voting rights, repurchase, convertible bonds or other arrangements. In addition, any PRC resident who is a direct or indirect shareholder of an SPV is required to update its filed registration with the local branch of SAFE with respect to that SPV, to reflect any material change. On February 13, 2015, SAFE promulgated a Notice on Further Simplifying and Improving Foreign Exchange Administration Policy on Direct Investment (the “SAFE Circular 13”), which became effective on June 1, 2015. Under SAFE Circular 13, applications for foreign exchange registration of inbound foreign direct investments and outbound overseas direct investments, including those required under SAFE Circular No. 37, will be filed with qualified banks instead of SAFE. The qualified banks will directly examine the applications and accept registrations under the supervision of SAFE.

56

Table of Contents

These regulations described above may have a significant impact on our present and future structuring and investment. We intend to structure and execute our future offshore acquisitions in a manner consistent with these regulations and any other relevant legislation. However, because it is presently uncertain how these SAFE regulations and any future legislation concerning offshore or cross-border transactions will be interpreted and implemented by the relevant government authorities in connection with our future offshore financings or acquisitions, we cannot provide any assurances that we will be able to comply with, qualify under or obtain any approvals required by the regulations or other legislation. Furthermore, we cannot assure you that any PRC shareholders of our company or any PRC company into which we invest will be able to comply with those requirements. Any failure or inability by such individuals or entities to comply with SAFE regulations may subject us to fines or legal sanctions, such as restrictions on our cross-border investment activities or our PRC subsidiaries’ ability to distribute dividends to, or obtain foreign exchange-denominated loans from, our company or prevent us from making distributions or paying dividends. As a result, our business operations and our ability to make distributions to you could be materially and adversely affected.

Furthermore, as these foreign exchange regulations are still relatively new and their interpretation and implementation has been constantly evolving, it is unclear how these regulations, and any future regulation concerning offshore or cross-border transactions, will be interpreted, amended and implemented by the relevant government authorities. For example, we may be subject to a more stringent review and approval process with respect to our foreign exchange activities, such as remittance of dividends and foreign currency-denominated borrowings, which may adversely affect our financial condition and results of operations. In addition, if we decide to acquire a PRC domestic company, we cannot assure you that we or the owners of such company, as the case may be, will be able to obtain the necessary approvals or complete the necessary filings and registrations required by the foreign exchange regulations. This may restrict our ability to implement our acquisition strategy and could adversely affect our business and prospects.

Any failure to comply with PRC regulations regarding the registration requirements for employee stock incentive plans may subject the PRC plan participants or us to fines and other legal or administrative sanctions.

In February 2012, SAFE promulgated the Notices on Issues Concerning the Foreign Exchange Administration for Domestic Individuals Participating in Stock Incentive Plan of Overseas Publicly Listed Company, replacing earlier rules promulgated in 2007. Pursuant to these rules, PRC citizens and non-PRC citizens who reside in China for a continuous period of not less than one year who participate in any stock incentive plan of an overseas publicly listed company, subject to a few exceptions, are required to register with SAFE through a domestic qualified agent, which could be the PRC subsidiaries of such overseas-listed company, and complete certain other procedures. In addition, an overseas-entrusted institution must be retained to handle matters in connection with the exercise or sale of stock options and the purchase or sale of shares and interests. In addition, SAFE Circular 37 stipulates that PRC residents who participate in a share incentive plan of an overseas non-publicly listed special purpose company may register with SAFE or its local branches before they obtain the incentive shares or exercise the share options. We and our executive officers and other employees who are PRC citizens or who reside in the PRC for a continuous period of not less than one year and who have been or will be granted incentive shares or options are or will be subject to these regulations. Failure to complete the SAFE registrations may subject them to fines and legal sanctions, and there may be additional restrictions on their ability to exercise their share options or remit proceeds gained from sale of their shares into the PRC. We also face regulatory uncertainties that could restrict our ability to adopt additional incentive plans for our directors, executive officers and employees under PRC law.

If we are classified as a PRC resident enterprise for PRC enterprise income tax purposes, such classification could result in unfavorable tax consequences to us and our non-PRC shareholders.

Under the EIT Law and its implementation rules, an enterprise established outside of the PRC with its “de facto management body” within the PRC is considered a “resident enterprise” and will be subject to the enterprise income tax on its global income at a rate of 25%. The implementation rules define the term “de facto management body” as the body that exercises full and substantial control and overall management over the business, productions, personnel, accounts and properties of an enterprise. In 2009, the State Administration of Taxation (the “SAT”) issued the Notice Regarding the Determination of Chinese-Controlled Offshore Incorporated Enterprises as People’s Republic of China Tax Resident Enterprises on the Basis of De Facto Management Bodies (the “SAT Circular 82”), which provides certain specific criteria for determining whether the “de facto management body” of a PRC-controlled enterprise that is incorporated offshore is located in China. Although this circular only applies to offshore enterprises controlled by PRC enterprises or PRC enterprise groups, not those controlled by PRC individuals or foreigners, the criteria set forth in the circular may reflect the SAT’s general position on how the “de facto management body” test should be applied in determining the tax resident status of all offshore enterprises.

57

Table of Contents

According to the SAT Circular 82, an offshore incorporated enterprise controlled by a PRC enterprise or a PRC enterprise group will be regarded as a PRC tax resident by virtue of having its “de facto management body” in China, and will be subject to PRC enterprise income tax on its global income only if all of the following conditions are met: (i) the primary location of the day-to-day operational management is in the PRC; (ii) decisions relating to the enterprise’s financial and human resource matters are made or are subject to approval by organizations or personnel in the PRC; (iii) the enterprise’s primary assets, accounting books and records, company seals, and board and shareholder resolutions are located or maintained in the PRC; and (iv) at least 50% of voting board members or senior executives habitually reside in the PRC.

We believe our company is not a PRC resident enterprise for PRC tax purposes. However, the tax resident status of an enterprise is subject to determination by the PRC tax authorities and uncertainties remain with respect to the interpretation of the term “de facto management body.” If the PRC tax authorities determine that our company or any of our offshore subsidiaries is a PRC resident enterprise for enterprise income tax purposes, our company or the relevant offshore subsidiaries will be subject to PRC enterprise income tax on its worldwide income at a rate of 25%. Furthermore, if we are treated as a PRC tax resident enterprise, we will be required to withhold a 10% tax from dividends we pay to our shareholders that are non-resident enterprises, including the holders of our ADSs and Class A ordinary shares. In addition, non-resident enterprise shareholders (including holders of our ADSs and Class A ordinary shares) may be subject to PRC tax at a rate of 10% on gains realized on the sale or other disposition of the ADSs/Class A ordinary shares, if such gain is treated as derived from a PRC source. Furthermore, if we are deemed a PRC resident enterprise, dividends paid to our non-PRC individual shareholders (including the holders of our ADSs and Class A ordinary shares) and any gain realized on the transfer of the ADSs and/or Class A ordinary shares by such shareholders may be subject to PRC tax at a rate of 20% (which, in the case of dividends, may be withheld at source by us). These rates may be reduced by an applicable tax treaty, but it is unclear whether our non-PRC shareholders would, in practice, be able to obtain the benefits of any tax treaties between their country of tax residence and the PRC in the event that we are treated as a PRC resident enterprise. Any such tax may reduce the returns on your investment in our ADSs or Class A ordinary shares.

We face uncertainty with respect to indirect transfers of equity interests in PRC resident enterprises by their non-PRC resident companies.

On February 3, 2015, the SAT issued the Public Notice Regarding Certain Corporate Income Tax Matters on Indirect Transfer of Properties by Non-Tax Resident Enterprises (the “SAT Bulletin 7”), which came into effect on the same day, but will also apply to cases where their PRC tax treatments are not yet concluded. The SAT Bulletin 7 extends its tax jurisdiction to transactions involving the transfer of taxable assets through offshore transfer of a foreign intermediate holding company. In addition, the SAT Bulletin 7 has introduced safe harbors for internal group restructurings and the purchase and sale of equity securities through a public securities market. The SAT Bulletin 7 also brings challenges to both foreign transferor and transferee (or other person who is obligated to pay for the transfer) of taxable assets.

On October 17, 2017, the SAT issued the Announcement of the State Administration of Taxation on Issues Concerning the Withholding of Non-resident Enterprise Income Tax at Source (the “SAT Bulletin 37”), which came into effect on December 1, 2017. The SAT Bulletin 37 further clarifies the practice and procedure of the withholding of non-resident enterprise income tax.

Where a non-resident enterprise transfers taxable assets in China indirectly by disposing of the equity interests of an overseas holding company, or an Indirect Transfer, the non-resident enterprise as either transferor or transferee, or the PRC entity whose equity is transferred, may report such Indirect Transfer to the relevant tax authority. Using a “substance over form” principle, the PRC tax authority may disregard the existence of the overseas holding company if it lacks a reasonable commercial purpose and was established for the purpose of reducing, avoiding or deferring PRC tax. As a result, gains derived from such Indirect Transfer may be subject to PRC enterprise income tax, and the transferee or other person who is obligated to pay for the transfer is obligated to withhold the applicable taxes, currently at a rate of 10% for the transfer of equity interests in a PRC resident enterprise. Both the transferor and the transferee may be subject to penalties under PRC tax laws if the transferee fails to withhold the taxes and the transferor fails to pay the taxes.

​

58

Table of Contents

We face uncertainties as to the reporting and other implications of certain past and future transactions where PRC taxable assets are involved, such as offshore restructuring, sale of the shares in our offshore subsidiaries and investments. Our company may be subject to filing obligations or taxed if our company is a transferor in such transactions, and may be subject to withholding obligations if our company is transferee in such transactions, under the SAT Bulletin 7 and/or SAT Bulletin 37. For transfer of shares in our company that do not qualify for the public securities market safe harbor by investors who are non-PRC resident enterprises, our PRC subsidiaries may be requested to assist in the filing under the SAT Bulletin 7 and/or SAT Bulletin 37. As a result, we may be required to expend valuable resources to comply with the SAT Bulletin 7 and/or SAT Bulletin 37 or to request the relevant transferors from whom we purchase taxable assets to comply with these circulars, or to establish that our company should not be taxed under these circulars, which may have a material adverse effect on our financial condition and results of operations.

Regulation and censorship of information disseminated over the internet in China may adversely affect our business and reputation and subject us to liability for information displayed on our website.

China has enacted laws and regulations governing internet access and the distribution of products, services, news, information, audio-video programs and other content through the internet. In the past, the PRC government has prohibited the distribution of information through the internet that it deems to be in violation of PRC laws and regulations. If any of the information offered on our platform were deemed by the PRC government to violate any content restrictions, we would not be able to continue to display such content and could become subject to penalties, including confiscation of income, fines, suspension of business and revocation of required licenses, which could materially and adversely affect our business, financial condition and results of operations.

Trading in our securities will be prohibited under the HFCAA if the PCAOB determines that it is unable to inspect or investigate completely registered public accounting firms headquartered in mainland China and Hong Kong, including our auditor as an independent registered public accounting firm, and as a result, U.S. national securities exchanges, such as the NYSE, may determine to delist our securities.

Our independent registered public accounting firm that issues the audit report included in this annual report, as an auditor of companies that are traded publicly in the United States and a firm registered with the PCAOB, is required by the laws of the United States to undergo regular inspections by the PCAOB to assess its compliance with the laws of the United States and professional standards. Our auditor is located in China, a jurisdiction where the PCAOB was historically unable to conduct inspections and investigations completely, without the approval of the Chinese authorities. The inability of the PCAOB to conduct inspections of auditors in China in the past has made it more difficult to evaluate the effectiveness of our independent registered public accounting firm’s audit procedures or quality control procedures as compared to auditors outside China that are subject to the PCAOB inspections. As a result, investors were deprived of the benefits of such PCAOB inspections.

In recent years, U.S. regulatory authorities have continued to express their concerns about challenges in their oversight of financial statement audits of U.S.-listed companies with significant operations in China. More recently, as part of a continued regulatory focus in the United States on access to audit and other information currently protected by national law, in particular China’s, the United States enacted the Holding Foreign Companies Accountable Act, or the HFCAA, in December 2020. Trading in our securities on U.S. markets, including the NYSE, will be prohibited under the HFCAA if the PCAOB determines that it is unable to inspect or investigate completely registered public accounting firms headquartered in mainland China and Hong Kong, including our auditor as an independent registered public accounting firm, for two consecutive years. On December 16, 2021, the PCAOB issued the HFCAA Determination Report to notify the SEC of its determinations that the PCAOB was unable to inspect or investigate completely registered public accounting firms headquartered in mainland China and Hong Kong (the “2021 Determinations”), including our auditor. On May 26, 2022, we were conclusively identified by the SEC under the HFCAA as having filed audit reports issued by a registered public accounting firm that cannot be inspected or investigated completely by the PCAOB in connection with the filing of our 2021 Form 20-F. The inability of the PCAOB to conduct inspections in the past also deprived our investors of the benefits of such inspections. On December 15, 2022, the PCAOB announced that it was able to conduct inspections and investigations completely of PCAOB-registered public accounting firms headquartered in mainland China and Hong Kong in 2022. The PCAOB vacated its previous 2021 Determinations accordingly. As a result, we do not expect to be identified as a “Commission-Identified Issuer” under the HFCAA for the fiscal year ended December 31, 2023 after we file this annual report.

​

59

Table of Contents

However, whether the PCAOB will continue to conduct inspections and investigations completely to its satisfaction of PCAOB-registered public accounting firms headquartered in mainland China and Hong Kong is subject to uncertainty and depends on a number of factors out of our, and our auditor’s, control, including positions taken by authorities of the PRC. The PCAOB is expected to continue to demand complete access to inspections and investigations against accounting firms headquartered in mainland China and Hong Kong in the future and states that it has already made plans to resume regular inspections. The PCAOB is required under the HFCAA to make its determination on an annual basis in regard to its ability to inspect and investigate completely accounting firms based in mainland China and Hong Kong. The possibility of being a “Commission-Identified Issuer” and risk of delisting could continue to adversely affect the trading price of our securities.

If the PCAOB determines in the future that it no longer has full access to inspect and investigate accounting firms headquartered in mainland China and Hong Kong and we continue to use such accounting firm to conduct audit work, we would be identified as a “Commission-Identified Issuer” under the HFCAA following the filing of the annual report for the relevant fiscal year. If the PCAOB determines in the future that it is unable to inspect or investigate completely registered public accounting firms headquartered in mainland China and Hong Kong, including our auditor as an independent registered public accounting firm, for two consecutive years, trading in our securities on U.S. markets will be prohibited. This will substantially impair your ability to sell or purchase the ADSs when you wish to do so. Furthermore, such trading prohibition will significantly affect our ability to raise capital on terms acceptable to us, or at all, which will have a material adverse impact on our business, financial condition and prospects.

Risks Related to Our ADSs and Class A Ordinary Shares

The price and trading volume of our ADSs and Class A ordinary shares may be volatile, which could lead to substantial losses to investors.

The trading price of the ADSs has been volatile since the ADSs started to trade on the NYSE on March 18, 2021. The trading price of the ADSs could continue to fluctuate widely due to factors beyond our control. The trading price of our Class A ordinary shares, likewise, can be volatile for similar or different reasons. In particular, the business and performance and the market price of the shares of other companies engaging in similar business to ours or those with operations located mainly in China that have listed their securities in the United States or Hong Kong may affect the price and trading volume of our ADSs and Class A ordinary shares. In addition to market and industry factors, the price and trading volume of our ADSs may be highly volatile for factors specific to our own operations, including the following:

60

Table of Contents

Any of these factors may result in large and sudden changes in the volume and price at which our ADSs or Class A ordinary shares will trade. Furthermore, the stock exchanges on which our ADSs and Class A ordinary shares are traded in general experience price and volume fluctuations that are often unrelated or disproportionate to the operating performance of companies like us. These broad market and industry fluctuations may adversely affect the market price of our ADSs or Class A ordinary shares.

In the past, shareholders of public companies have often brought securities class action suits against companies following periods of instability in the market price of their securities. If we were involved in a class action suit, it could divert a significant amount of our management’s attention and other resources from our business and operations and require us to incur significant expenses to defend the suit, which could harm our results of operations. Any such class action suit, whether successful or not, could harm our reputation and restrict our ability to raise capital in the future. In addition, if a claim is successfully made against us, we may be required to pay significant damages, which could have a material adverse effect on our financial condition and results of operations.

The concentration of our shares’ voting power limited our shareholders’ ability to influence corporate matters.

Our company is controlled through weighted voting rights. Each Class A ordinary share carries only one tenth (1/10) of the voting rights of each Class B ordinary share under our current memorandum and articles of association (except as required by applicable law, rules and regulations and in relation to certain reserved matters). As of April 10, 2024, there were 574,592,599 issued and outstanding ordinary shares, consisting of 504,387,299 Class A ordinary shares (including 5,433,895 Class A ordinary shares issued to the depositary bank for bulk issuance of ADSs reserved for future issuances upon the exercise or vesting of awards granted under our 2015 Plan and 9,578,811 Class A ordinary shares represented by ADSs that have been repurchased by us from the open market) and 70,205,300 Class B ordinary shares. Mr. Xueji Wang and Mr. Liaohan Chen beneficially owned 72,194,700 Class A ordinary shares and 70,205,300 Class B ordinary shares, representing approximately 65.0% of the voting rights in our company with respect to shareholder resolutions relating to matters other than certain reserved matters, on the basis that Class A ordinary shares entitle shareholders to one vote per share and Class B ordinary shares entitle shareholders to 10 votes per share. As a result, Mr. Wang and Mr. Chen have significant influence over management and affairs of our company and over all matters requiring shareholder approval, including the election of directors (excluding the appointment, election or removal of any independent non-executive director) and significant corporate transactions, such as a mergers, consolidations, liquidations and the sale of all or substantially all of our assets, and other significant corporate actions. In addition, the issuance of the Class A ordinary shares, including future stock-based acquisition transactions and employee equity incentive programs, could prolong the duration of the ownership of Mr. Wang and Mr. Chen of our voting power and their ability to determine the outcome of most matters submitted to a vote of our shareholders. This concentrated control limits or severely restricts our shareholders’ ability to influence corporate matters, and therefore we may take actions that our shareholders do not view as beneficial. As a result, the market price of our ADSs or Class A ordinary shares could be adversely affected. This concentrated control could discourage others from pursuing any potential merger, takeover or other change of control transactions that holders of Class A ordinary shares and ADSs may view as beneficial, and may also discourage, delay, or prevent a change of control of our company, which could have the effect of depriving our other shareholders of the opportunity to receive a premium for their shares as part of a sale of our company and may reduce the price of our ADSs or Class A ordinary shares.

​

61

Table of Contents

Holders of the ADSs may not have the same voting rights as the holders of our Class A ordinary shares and may not be able to exercise their right to direct how our Class A ordinary shares represented by the ADSs are voted.

Holders of the ADSs do not have the same rights as our registered shareholders. Holders of the ADSs will not have any direct right to attend general meetings of our shareholders or to cast any votes at such meetings and will only be able to exercise the voting rights that are carried by the underlying Class A ordinary shares represented by the ADSs indirectly by giving voting instructions to the depositary in accordance with the provisions of the deposit agreement. Under the deposit agreement, holders of the ADSs may vote only by giving voting instructions to the depositary. If we instruct the depositary to ask holders of the ADSs for their instructions, then upon receipt of voting instructions from holders of the ADSs, the depositary will try, as far as practicable, to vote the underlying Class A ordinary shares represented by the ADSs in accordance with the instructions. If we do not instruct the depositary to ask holders of the ADSs for their instructions, the depositary may still vote in accordance with instructions given, but it is not required to do so. Holders of the ADSs will not be able to directly exercise their right to vote with respect to the Class A ordinary shares represented by the ADSs unless holders of the ADSs withdraw the shares and become the registered holder of such shares prior to the record date for the general meeting. Under the Articles, the minimum notice period required to be given by our company to our registered shareholders for convening a general meeting is seven business days.

When a general meeting is convened, holders of the ADSs may not receive sufficient advance notice of the meeting to surrender their ADSs for the purpose of withdrawal of our Class A ordinary shares represented by such ADSs and become the registered holder of such shares to allow them to vote directly with respect to any specific matter or resolution to be considered and voted upon at the general meeting. In addition, under the Articles, for the purposes of determining those shareholders who are entitled to attend and vote at any general meeting, our directors may close our register of members and fix in advance a record date for such meeting, and such closure of our register of members or the setting of such a record date may prevent holders of the ADSs from surrendering ADSs for the purpose of withdrawing our Class A ordinary shares represented by such ADSs and becoming the registered holder of such shares prior to the record date, so that they would not be able to attend the general meeting or to vote directly. If we ask for instructions, the depositary will notify holders of the ADSs of the upcoming vote and will arrange to deliver our voting materials to them. We have agreed to give the depositary at least 40 days’ prior notice of shareholder meetings. Nevertheless, there is no guarantee that holders of the ADSs will receive the voting materials in time to ensure that holders of the ADSs can instruct the depositary to vote the Class A ordinary shares represented by their ADSs. In addition, the depositary and its agents are not responsible for failing to carry out voting instructions or for their manner of carrying out voting instructions from holders of the ADSs. This means that holders of the ADSs may not be able to exercise their right to direct how our Class A ordinary shares represented by their ADSs are voted and they may have no legal remedy if our Class A ordinary shares represented by their ADSs are not voted as they have requested.

Our dual-class voting structure may render our securities ineligible for inclusion in certain stock market indices, and thus adversely affect the trading price and liquidity of our ADSs or Class A ordinary shares.

We cannot predict whether our dual-class share structure with different voting rights will result in a lower or more volatile market price of our ADSs or Class A ordinary shares, in adverse publicity, or other adverse consequences. Certain index providers have announced restrictions on including companies with multi-class share structures in certain of their indices. For example, S&P Dow Jones and FTSE Russell have changed their eligibility criteria for inclusion of shares of public companies on certain indices, including the S&P 500, to exclude companies with multiple classes of shares and companies whose public shareholders hold no more than 5% of total voting power from being added to such indices. As a result, our dual-class voting structure may prevent the inclusion of our securities in such indices, which could adversely affect the trading price and liquidity of our securities. In addition, several shareholder advisory firms have announced their opposition to the use of the multiple class structure and our dual-class structure may cause shareholder advisory firms to publish negative commentary about our corporate governance, in which case the market price and liquidity of our ADSs and Class A ordinary shares could be adversely affected.

​

62

Table of Contents

If securities or industry analysts do not publish research or reports about our business, or if they adversely change their recommendations regarding our securities, the market price and trading volume for our ADSs and Class A ordinary shares could decline.

The trading market for our ADSs and Class A ordinary shares depends in part on the research and reports that securities or industry analysts publish about us or our business. If research analysts do not establish and maintain adequate research coverage or if one or more of the analysts who covers us downgrades our ADSs or Class A ordinary shares, or publishes inaccurate or unfavorable research about our business, the market price for our ADSs would likely decline. If one or more of these analysts cease coverage of our company or fail to publish reports on us regularly, we could lose visibility in the financial markets, which, in turn, could cause the market price or trading volume for our ADSs and Class A ordinary shares to decline.

Substantial future sales or perceived sales of our ADSs or Class A ordinary shares could materially and adversely affect their market price.

Sales of our ADSs and Class A ordinary shares in the public market, or the perception that these sales could occur, could cause the market price of our securities to decline. Shares held by our existing shareholders may be available for sale subject to the volume and other restrictions as applicable provided in Rules 144 and 701 under the U.S. Securities Act of 1933, as amended (the “Securities Act”), and the applicable lock-up agreements. We cannot predict what effect, if any, market sales of securities held by our significant shareholders or any other shareholder or the availability of these securities for future sale will have on the market price of our ADSs or Class A ordinary shares.

We have granted equity-based awards to certain management, employees and non-employees. In addition, we adopted a share incentive plan in 2015 (the “2015 Plan”), under which we may have the discretion to grant a range of equity-based awards to eligible participants. We intend to register all ordinary shares that we have issued or that we may issue in connection with any employee share-based awards. Once we register these ordinary shares, ADSs representing them can be freely sold in the public market upon issuance, subject to volume limitations applicable to affiliates and the applicable lock-up agreements. If ADSs representing a large number of our ordinary shares or securities convertible into our ordinary shares are sold in the public market after they become eligible for sale, the sales could reduce the trading price of the ADSs and impede our ability to raise future capital. In addition, any ordinary shares that we issue under our share incentive plan would dilute the percentage ownership held by investors who purchase the ADSs.

Techniques employed by short sellers may drive down the market price of our ADSs or Class A ordinary shares.

Short selling is the practice of selling securities that the seller does not own but rather has borrowed from a third party with the intention of buying identical securities back at a later date to return to the lender. Short sellers hope to profit from a decline in the price of the securities between the sale of the borrowed securities and the purchase of the replacement shares, as short sellers expect to pay less in that purchase than they received in the sale. As it is in the short sellers’ interest for the price of the security to decline, many short sellers publish, or arrange for the publication of, negative opinions regarding the relevant issuer and its business prospects in order to create negative market momentum and generate profits for themselves after selling a security short. These short attacks have, in the past, led to selling of shares in the public companies that have substantially all of their operations in China. Much of the scrutiny and negative publicity has centered on allegations of a lack of effective internal control over financial reporting resulting in financial and accounting irregularities and mistakes, inadequate corporate governance policies or a lack of adherence thereto and, in many cases, allegations of fraud. As a result, many of these companies are now conducting internal and external investigations into the allegations and, in the interim, are subject to shareholder lawsuits and/or enforcement actions by the SEC or other U.S. authorities.

It is not clear what effect such negative publicity could have on us. If we were to become the subject of any unfavorable allegations, whether such allegations are proven to be true or untrue, we could have to expend a significant amount of resources to investigate such allegations and/or defend ourselves. While we would strongly defend against any such short seller attacks, we may be constrained in the manner in which we can proceed against the relevant short seller by principles of freedom of speech, applicable state law or issues of commercial confidentiality. Such a situation could be costly and time-consuming, and could distract our management from growing our business. Even if such allegations are ultimately proven to be groundless, allegations against us could severely impact our business operations, and any investment in our ADSs or Class A ordinary shares could be greatly reduced or even rendered worthless.

63

Table of Contents

Because we do not expect to pay dividends in the foreseeable future, you must rely on a price appreciation of our ADSs or Class A ordinary shares for a return on your investment.

We do not expect to pay any cash dividends in the foreseeable future. Therefore, you should not rely on an investment in our ADSs or Class A ordinary shares as a source for any future dividend income. Our board of directors has complete discretion as to whether to distribute dividends. Even if our board of directors decides to declare and pay dividends, the timing, amount and form of future dividends, if any, will depend on our future results of operations and cash flow, our capital requirements and surplus, the amount of distributions (if any) received by us from our subsidiaries, our financial condition, contractual restrictions and other factors deemed relevant by our board of directors. Accordingly, the return on your investment in our ADSs or Class A ordinary shares will likely depend entirely upon any future price appreciation of such securities. There is no guarantee that our ADSs or Class A ordinary shares will appreciate in value or even maintain the price at which you purchased them. You may not realize a return on your investment in our ADSs or Class A ordinary shares and you may even lose your entire investment.

You may face difficulties in protecting your interests, and your ability to protect your rights through U.S. or Hong Kong courts may be limited, because we are incorporated under Cayman Islands law.

We are an exempted company incorporated under the laws of the Cayman Islands. Our corporate affairs are governed by the Articles, the Companies Act of the Cayman Islands and the common law of the Cayman Islands. The rights of shareholders to take action against our directors, actions by our minority shareholders and the fiduciary duties of our directors to us under Cayman Islands law are to a large extent governed by the common law of the Cayman Islands. The common law of the Cayman Islands is derived in part from comparatively limited judicial precedent in the Cayman Islands as well as from the common law of England and Wales, the decisions of whose courts are of persuasive authority, but are not binding, on a court in the Cayman Islands. The rights of our shareholders and the fiduciary duties of our directors under Cayman Islands law are not as clearly established as they would be under statutes or judicial precedent in the United States or Hong Kong. In particular, the Cayman Islands have a less developed body of securities laws than the United States. Some U.S. states, such as Delaware, have more fully developed and judicially interpreted bodies of corporate law than the Cayman Islands. In addition, Cayman Islands companies may not have standing to initiate a shareholder derivative action in a federal court of the United States. Moreover, while under Delaware law, controlling shareholders owe fiduciary duties to the companies they control and their minority shareholders, under Cayman Islands law, our controlling shareholders do not owe any such fiduciary duties to our company or to our minority shareholders. Accordingly, our controlling shareholders may exercise their powers as shareholders, including the exercise of voting rights in respect of their shares, in such manner as they think fit.

Shareholders of Cayman Islands exempted companies like us have no general rights under Cayman Islands law to inspect corporate records (other than the Articles, the register of mortgages and charges and any special resolutions passed by shareholders) or to obtain copies of lists of shareholders of these companies. To the extent permissible under the Articles and that shall be in compliance with applicable stock exchange rules, our directors have discretion under our Articles to determine the closure of the register of members. This may make it more difficult for you to obtain the information needed to establish any facts necessary for a shareholder motion or to solicit proxies from other shareholders in connection with a proxy contest.

As a result of all of the above, our public shareholders may have more difficulty in protecting their interests in the face of actions taken by our management, members of the board of directors or controlling shareholders than they would as public shareholders of a company incorporated in the United States.

It may be difficult for overseas regulators to conduct investigations or collect evidence within China.

Shareholder claims or regulatory investigation that are common in the United States generally are difficult to pursue as a matter of law or practicality in China. For example, in China, there are significant legal and other obstacles to providing information needed for regulatory investigations or litigation initiated outside China. In the absence of a mutual and practical cooperation mechanism, there has not been efficient regulatory cooperation between the local authorities in China and the securities regulatory authorities in the United States to implement cross-border supervision and administration so far.

​

64

Table of Contents

Furthermore, according to Article 177 of the PRC Securities Law (the “Article 177”), which became effective in March 2020, no overseas securities regulator is allowed to directly conduct investigation or evidence collection activities within the territory of the PRC. While detailed interpretation of or implementation rules under Article 177 have yet to be promulgated, the inability for an overseas securities regulator to directly conduct investigation or evidence collection activities within China may further increase difficulties faced by you in protecting your interests.

Holders of the ADSs may not receive cash dividends if the depositary decides it is impractical to make them available to such holders.

The depositary will pay cash dividends on the ADSs only to the extent that we decide to distribute dividends on our ordinary shares or other deposited securities, and we do not have any present plan to pay any cash dividends on our ordinary shares in the foreseeable future. To the extent that there is a distribution, the depositary of the ADSs has agreed to pay to holders of the ADSs the cash dividends or other distributions it or the custodian receives on our ordinary shares or other deposited securities after deducting its fees and expenses. Holders of the ADSs will receive these distributions in proportion to the number of ordinary shares the ADSs represent. However, the depositary may, at its discretion, decide that it is inequitable or impractical to make a distribution available to any holders of the ADSs. For example, the depositary may determine that it is not practicable to distribute certain property through the mail, or that the value of certain distributions may be less than the cost of mailing them. In these cases, the depositary may decide not to distribute such property to holders of the ADSs.

Holders of the ADSs may not be entitled to a jury trial with respect to claims arising under the deposit agreement, which could result in less favorable outcomes to the plaintiff(s) in any such action.

The deposit agreement governing the ADSs representing our Class A ordinary shares provides that, to the fullest extent permitted by law, holders of the ADSs waive the right to a jury trial for any claim they may have against us or the depositary arising out of or relating to our shares, the ADSs or the deposit agreement, including any claim under the U.S. federal securities laws.

If we or the depositary were to oppose a jury trial based on this waiver, the court would have to determine whether the waiver was enforceable based on the facts and circumstances of the case in accordance with applicable state and federal law. To our knowledge, the enforceability of a contractual pre-dispute jury trial waiver in connection with claims arising under the federal securities laws has not been finally adjudicated by the United States Supreme Court. However, we believe that a contractual pre-dispute jury trial waiver provision is generally enforceable, including under the laws of the State of New York, which govern the deposit agreement, or by a federal or state court in the City of New York, which has non-exclusive jurisdiction over matters arising under the deposit agreement. In determining whether to enforce a contractual pre-dispute jury trial waiver, courts will generally consider whether a party knowingly, intelligently and voluntarily waived the right to a jury trial. We believe that this would be the case with respect to the deposit agreement and the ADSs. It is advisable that you consult legal counsel regarding the jury waiver provision before investing in the ADSs.

If owners or holders of the ADSs bring a claim against us or the depositary in connection with matters arising under the deposit agreement or the ADSs, including claims under federal securities laws, owners or holders of the ADSs may not be entitled to a jury trial with respect to such claims, which may have the effect of limiting and discouraging lawsuits against us or the depositary. If a lawsuit is brought against us or the depositary under the deposit agreement, it may be heard only by a judge or justice of the applicable trial court, which would be conducted according to different civil procedures and may result in different outcomes than a trial by jury would have, including outcomes that could be less favorable to the plaintiff(s) in any such action.

Nevertheless, if this jury trial waiver is not permitted by applicable law, an action could proceed under the terms of the deposit agreement with a jury trial. No condition, stipulation or provision of the deposit agreement or the ADSs serves as a waiver by any owners or holders of the ADSs or by us or the depositary of compliance with any substantive provision of the U.S. federal securities laws and the rules and regulations promulgated thereunder.

​

65

Table of Contents

Holders of the ADSs may experience dilution of their holdings due to the inability to participate in rights offerings.

We may, from time to time, distribute rights to our shareholders, including rights to acquire securities. However, we cannot make such rights available to holders of the ADSs in the United States unless we register both the rights and the securities to which the rights relate under the Securities Act or an exemption from the registration requirements is available. Under the deposit agreement, the depositary will not distribute rights to holders of the ADSs unless the distribution and sale of rights and the securities to which these rights relate are either exempt from registration under the Securities Act with respect to all holders of the ADSs, or are registered under the provisions of the Securities Act. The depositary may, but is not required to, attempt to sell these undistributed rights to third parties, and may allow the rights to lapse. We may be unable to establish an exemption from registration under the Securities Act, and we are under no obligation to file a registration statement with respect to these rights or underlying securities or to endeavor to have a registration statement declared effective. Accordingly, holders of the ADSs may be unable to participate in our rights offerings and may experience dilution of their holdings as a result.

Holders of the ADSs may be subject to limitations on the transfer of the ADSs.

The ADSs are transferable on the books of the depositary. However, the depositary may close its books at any time or from time to time when it deems it expedient in connection with the performance of its duties. The depositary may also close its books in emergencies, and on weekends and public holidays. The depositary may refuse to deliver, transfer or register transfers of the ADSs generally when our share register or the books of the depositary are closed, or at any time if we or the depositary thinks it is advisable to do so because of any requirement of law or of any government or governmental body, or under any provision of the deposit agreement, or for any other reason.

We are an emerging growth company within the meaning of the Securities Act and may take advantage of certain reduced reporting requirements.

We are an “emerging growth company,” as defined in the JOBS Act, and we may take advantage of certain exemptions from requirements applicable to other public companies that are not emerging growth companies, including, most significantly, not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act of 2002 for so long as we remain an emerging growth company. As a result, if we elect not to comply with such auditor attestation requirements, our investors may not have access to certain information they may deem important.

Our Articles give us power to take certain actions that could discourage a third party from acquiring us, which could limit your opportunity to sell your shares, including ADSs, at a premium.

Our Articles give us power to take certain actions that could have the effect of depriving our shareholders of an opportunity to sell their shares at a premium over prevailing market prices by discouraging third parties from seeking to obtain control of our company in a tender offer or similar transaction. Subject to the Articles, compliance with the Hong Kong Listing Rules (and only to such extent permitted thereby), the Codes on Takeovers and Mergers and any applicable rules and regulations of authorities of places where the securities of our company are listed, and on the conditions that (i) no new class of shares with voting rights superior to those of Class A ordinary shares will be created and (ii) any variation in the relative rights as between the different classes will not result in creating a new class of shares with voting rights superior to those of Class A ordinary shares, our board of directors has the authority, without further action by our shareholders, to issue preferred shares in one or more series and to fix their designations, powers, preferences, privileges and relative participating, optional or special rights and the qualifications, limitations or restrictions, including dividend rights, conversion rights, voting rights, terms of redemption and liquidation preferences. Preferred shares could be issued quickly with terms calculated to delay or prevent a change in control of our Company or make removal of management more difficult. If our Board decides to issue preferred shares, the price of our ADSs or Class A ordinary shares may fall and the voting and other rights of the holders of our ADSs or Class A ordinary shares may be materially and adversely affected. However, our exercise of any such power that may limit the ability of others to acquire control of our company or cause us to engage in change-of-control transactions under the Articles is subject to our overriding obligations to comply with all applicable Hong Kong laws and regulations, the Hong Kong Listing Rules, and the Codes on Takeovers and Mergers and Share Buy-backs.

66

Table of Contents

We are a foreign private issuer within the meaning of the rules under the Exchange Act, and as such we are exempt from certain provisions applicable to U.S. domestic public companies.

Because we qualify as a foreign private issuer under the Exchange Act, we are exempt from certain provisions of the securities rules and regulations in the United States that are applicable to U.S. domestic issuers, including:

We are required to file an annual report on Form 20-F within four months of the end of each fiscal year. In addition, we intend to publish our results on a quarterly basis as press releases, distributed pursuant to the rules and regulations of the NYSE. Press releases relating to financial results and material events will also be furnished to the SEC on Form 6-K. However, the information we are required to file with or furnish to the SEC will be less extensive and less timely compared to that required to be filed with the SEC by U.S. domestic issuers. As a result, you may not be afforded the same protections or information that would be made available to you were you investing in a U.S. domestic issuer, which may be difficult for overseas regulators to conduct investigation or collect evidence within China.

We will incur increased costs as a public company, particularly after we cease to qualify as an “emerging growth company” as such term is defined under the JOBS Act of the United States.

As a public company, we incur significant legal, accounting and other expenses that we did not incur as a private company. The Sarbanes-Oxley Act of 2002, as well as rules subsequently implemented by the SEC and NYSE, impose various requirements on the corporate governance practices of public companies. We expect these rules and regulations to increase our legal and financial compliance costs and to make some corporate activities more time-consuming and costly. For example, as a public company, we have increased the number of independent directors and adopted policies regarding internal controls and disclosure controls and procedures. We also expect that operating as a public company will make it more difficult and more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. In addition, we have incurred, and will continue to incur, additional costs associated with our public company reporting requirements. It may also be more difficult for us to find qualified persons to serve on our board of directors or as executive officers. We are currently evaluating and monitoring developments with respect to these rules and regulations, and we cannot predict or estimate with any degree of certainty the amount of additional costs we may incur or the timing of such costs.

As a company with less than US$1.235 billion in revenues for our last fiscal year, we qualify as an “emerging growth company” pursuant to the JOBS Act. An emerging growth company may take advantage of specified reduced reporting and other requirements that are otherwise applicable generally to public companies. These provisions include exemption from the auditor attestation requirement under Section 404 of the Sarbanes-Oxley Act of 2002 in the assessment of the emerging growth company’s internal control over financial reporting and permission to delay adopting new or revised accounting standards until such time as those standards apply to private companies. After we are no longer an “emerging growth company,” we expect to incur significant expenses and devote substantial management effort toward ensuring compliance with the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 and the other rules and regulations of the SEC.

In the past, shareholders of a public company often brought securities class action suits against the company following periods of instability in the market price of that company’s securities. Any such class action suit could divert a significant amount of our management’s attention and other resources from our business and operations, which could harm our results of operations and require us to incur significant expenses to defend the suit. In addition, any such class action suit, whether or not successful, could harm our reputation and restrict our ability to raise capital in the future. Furthermore, if a claim is successfully made against us, we may be required to pay significant damages, which could have a material adverse effect on our financial condition and results of operations.

67

Table of Contents

As an exempted company incorporated in the Cayman Islands, we are permitted to adopt certain home country practices in relation to corporate governance matters that differ significantly from the NYSE corporate governance listing standards. These practices may afford less protection to shareholders than they would enjoy if we complied fully with the NYSE corporate governance listing standards.

As a Cayman Islands exempted company listed on the NYSE, we are subject to corporate governance listing standards of the NYSE. However, NYSE rules permit a foreign private issuer like us to follow the corporate governance practices of its home country. Certain corporate governance practices in the Cayman Islands, which is our home country, may differ significantly from the NYSE corporate governance listing standards.

We have followed Cayman Islands corporate governance practices in lieu of certain corporate governance requirements of the NYSE that listed companies must have (i) a nominating / corporate governance committee composed entirely of independent directors; and (ii) a compensation committee composed entirely of independent directors. As we have chosen, and may from time to time choose, to follow home country practice, our shareholders may be afforded less protection than they otherwise would enjoy under NYSE corporate governance listing standards applicable to U.S. domestic issuers.

If we were deemed to be an “investment company” under the Investment Company Act of 1940, as amended (the “Investment Company Act”), applicable restrictions could make it impractical for us to continue our business as contemplated and could have a material adverse effect on our business, results of operations and financial condition.

We intend to conduct our operations so that we will not be deemed to be an investment company under the Investment Company Act. Under Section 3(a)(1) of the Investment Company Act, an entity generally will be deemed to be an “investment company” for purposes of the Investment Company Act if, absent an applicable exemption: (a) it is or holds itself out as being engaged primarily, or proposes to engage primarily, in the business of investing, reinvesting or trading in securities or (b) it is engaged or proposes to engage in the business of investing, reinvesting, owning, holding or trading in securities, and owns or proposes to acquire securities (other than U.S. government securities, securities issued by employees’ securities companies and securities issued by qualifying majority-owned subsidiaries of such entity) having a value exceeding 40% of the value of its total assets (exclusive of U.S. government securities and cash items) on an unconsolidated basis.

We believe that we are, and hold ourselves out as being, engaged primarily in the business of IoT related product and service offerings, including PaaS and SaaS (such as Industry SaaS, Cloud-based software Value-added Services), based on a purpose-built cloud development platform, as well as smart solutions for IoT devices and not in the business of investing, reinvesting or trading in securities. Accordingly, we do not believe that the Company is what is frequently referred to as an “orthodox” investment company as defined in the Investment Company Act and described in clause (a) in the preceding paragraph. Furthermore, on an unconsolidated basis, at least 60% of the value of the Company’s total assets (exclusive of U.S. government securities and cash items) consists of direct equity interests in and/or loans to its direct or indirect qualifying majority-owned subsidiaries. We believe these subsidiaries are each qualifying majority-owned subsidiaries for purposes of the test described in clause (a) in the preceding paragraph, because such subsidiaries are primarily engaged in the business of providing internet-of-things products and services, and are either (i) not investment companies under the 40% test described in clause (b) in the preceding paragraph, because each such subsidiary does not hold securities (other than U.S. government securities, securities issued by employees’ securities companies and securities issued by qualifying majority owned subsidiaries of such entity) having a value exceeding 40% of the value of its total assets (exclusive of U.S. government securities and cash items) on an unconsolidated basis or (ii) not investment companies under exemptions under the Investment Company Act, such as for companies that are not primarily engaged in investing in securities.

The need to comply with Section 3(a)(1), or exemptions, under the Investment Company Act may cause us to restrict our business and subsidiaries with respect to how we invest excess cash pending use in our business. In addition, if we no longer meet the requirements of Section 3(a)(1), and no other exemption is available to us, we may take other actions in order to conduct our business in a manner that does not subject us to the registration and other requirements of the Investment Company Act. This may include adjusting our cash management assets, which may result in lower rates of returns, and/or liquidating all or a portion of our investment securities (including potentially short- and/or long-term bank time deposits), including on unfavorable terms, and holding such amounts in cash, and/or acquiring assets or businesses that could change the nature of our business or potentially taking other actions that may be viewed as adverse to the holders of our ADS or ordinary shares, in order to conduct our business in a manner that does not subject us to the registration and other requirements of the Investment Company Act.

68

Table of Contents

If anything were to happen which would cause the Company to be deemed to be an investment company under the Investment Company Act, we may lose our ability to raise money in the U.S. capital markets and from U.S. lenders, and additional restrictions under the Investment Company Act could apply to us, all of which could make it impractical for us to continue our business as currently conducted. This would materially and adversely affect the value of our ADS or ordinary shares and our ability to pay dividends in respect of our ADS or ordinary shares.

We were likely a passive foreign investment company (a “PFIC”) for 2023 and there is a significant risk that we will be a PFIC for 2024 and possibly subsequent taxable years, in which case U.S. investors will generally be subject to adverse U.S. federal income tax consequences.

In general, a non-U.S. corporation is a PFIC for any taxable year in which (i) 75% or more of its gross income consists of passive income or (ii) 50% or more of the average value of its assets (generally determined on a quarterly basis) consists of assets that produce, or are held for the production of, passive income. For purposes of the above calculations, a non-U.S. corporation that owns (or is treated as owning for U.S. federal income tax purposes), directly or indirectly, at least 25% by value of the shares of another corporation is treated as if it held its proportionate share of the assets of the other corporation and received directly its proportionate share of the income of the other corporation. Passive income generally includes dividends, interest, rents, royalties and certain gains. Cash is generally a passive asset for these purposes. Goodwill and other intangible assets are active under the PFIC rules to the extent attributable to activities that produce active income.

We hold a substantial amount of cash and financial investments, and while that continues to be the case our PFIC status for any taxable year may depend on the average value of our goodwill and other intangible assets. We have not obtained any valuation of our goodwill or other assets. However, the value of our goodwilland other intangible assets for any taxable year may be determined, in large part, by reference to our average market capitalization, which has declined substantially since our initial public offering. If the value of our goodwill for 2023 is determined by reference to our average market capitalization for 2023, then we were likely a PFIC for our 2023 taxable year. In light of our declined market capitalization, there is a significant risk that we will also be a PFIC for 2024, and possibly future taxable years, if the value of our assets were to be determined by reference to our market capitalization. Moreover, it is not entirely clear how the contractual arrangements between us and the VIE will be treated for purposes of the PFIC rules, and we may be a PFIC for any taxable year if the VIE is not treated as owned by us for these purposes. Our PFIC status for any taxable year is an annual factual determination that can be made only after the end of that year and will depend on the composition of our income and assets and the value of our assets from time to time. For these reasons, we cannot express an expectation as to our PFIC status for 2024 or any future taxable year. U.S. holders of our ADSs or Class A ordinary shares should consult their tax advisers regarding our PFIC status for 2023 and any other taxable year.

If we are a PFIC for any taxable year during which a U.S. taxpayer holds ADSs or Class A ordinary shares, the U.S. taxpayer generally will be subject to adverse U.S. federal income tax consequences, including increased tax liability on disposition gains and “excess distributions,” and certain reporting requirements. This will generally continue to be the case even if we ceased to be a PFIC in a later taxable year, unless certain elections are made. See “Item 10. Additional Information—10.E. Taxation—Material U.S. Federal Income Tax Considerations—Passive Foreign Investment Company Rules.”

​

69

Table of Contents

Your investment in our ADSs or Class A ordinary shares may be impacted if we are encouraged to issue CDRs in the future.

PRC government authorities have issued new rules that allow PRC technology companies listed outside China to list on the mainland stock market through the creation of Chinese Depositary Receipts (“CDRs”). However, as the CDR mechanism is newly established, there are substantial uncertainties in the interpretation and implementation of these rules. We might consider and be encouraged by the evolving PRC governmental policies to issue CDRs and allow investors to trade our CDRs on PRC stock exchanges in the future. However, there are uncertainties as to whether a pursuit of CDRs in China would bring positive or negative impact on your investment in our ADSs or Class A ordinary shares.

ITEM 4.     INFORMATION ON THE COMPANY

4.A.History and Development of the Company

We commenced our operations in June 2014 through Hangzhou Tuya Technology Co., Ltd., or Hangzhou Tuya Technology.

In August 2014, Tuya, Inc., our current ultimate holding company, was incorporated under the laws of the Cayman Islands.

In September 2014, Tuya (HK) Limited, currently a wholly owned subsidiary of Tuya Inc., was incorporated under the laws of Hong Kong.

In December 2014, Hangzhou Tuya Information Technology Co., Ltd. (formerly known as Hangzhou Aixiangji Technology Co., Ltd.) (“Tuya Information”) was incorporated in the PRC. Tuya Information is currently a wholly owned subsidiary of Tuya (HK) Limited.

In June 2018, we effected a 10-for-1 share subdivision, following which each of our issued and unissued ordinary shares and preferred shares was subdivided into 10 ordinary shares and preferred shares, respectively.

In March 2021, our ADSs commenced trading on the NYSE under the symbol “TUYA.” We raised, from our initial public offering and from the underwriters’ exercise of option to purchase additional ADSs, approximately US$904.7 million in net proceeds after deducting underwriting commissions and the offering expenses paid by us.

On July 5, 2022, Hong Kong time, our Class A ordinary shares commenced trading on the Main Board of the Hong Kong Stock Exchange under the stock code “2391.” We raised from our global offering in connection with the listing in Hong Kong approximately HK$70.0 million in net proceeds after deducting underwriting commissions, fees and the offering expenses.

4.B.Business Overview

A REVIEW OF 2023

2023 marked a key year for Tuya with significant strategic adjustments and transformations. We confirmed the success of our strategies focused on key customers and product enhancement. The close integration of these strategies significantly improved our business and operational performance.

After a severe industry downturn, our revenue grew by 10.5% year-over-year to US$230 million, with a remarkable increase of approximately 35.7% and 42.2% in the third and fourth quarters, respectively. In the meantime, the competitive landscape has shifted, with many competitors exiting after two years of macroeconomic and industry downturns, particularly some major companies’ IoT businesses were disconnected due to low competitiveness and efficiency. More leading brands are now willing to use third-party IoT platforms to enhance efficiency, profitability, and cost-effectiveness. This shift presents us with an opportunity, as we now have stronger global influence and competitiveness than two years ago, leading to new collaborations with top-tier customers. Additionally, our overall gross margin steadily improved, reaching a historic quarterly high of 47.3% in the fourth quarter of 2023.

This year, we achieved our first annual non-GAAP breakeven, with profits of approximately US$20.4 million and operational net cash flow of about $36.4 million. The turnaround in non-GAAP net profit and the increase in net operating cash flow indicate stronger daily operations and improved operational efficiency due to our strategies.

70

Table of Contents

Recognizing the need to deliver greater value to our customers, we implemented a product enhancement strategy, offering more valuable and competitive software and smart device products.

For selected smart device categories with complex and high-value potential, we have developed capabilities beyond the scope of IoT, such as advanced algorithms related to navigation, streaming capabilities, and gateway software protocols, integrating them into smart devices as comprehensive products. Our complete smart solutions help enterprise customers quickly deploy tailored devices to competitively expand their market share. For example, cross-sector international conglomerates, SaaS services providers or system integrators use these smart solutions for easier and faster market entry, which drives ongoing software revenue growth. Consequently, our smart device distribution segment’s gross margin effectively grew from 11.6% in 2022 to 25.5% in 2023, thanks to contributions from smart solutions.

Our Cube smart private cloud product has gained strong acceptance among global giants, helping them build their own intelligent business. In 2023, we completed several benchmark projects that were well-received by customers, generating substantial software revenue. Starting in the Southeast Asia region, Cube has helped large conglomerates establish their own smart businesses, solidifying our customer base and influence among influential local groups, such as large integrated conglomerates, telecommunications operators, and leading real estate groups. Cube has also started to make progress in Europe and Latin America, fostering further cooperation in smart business between these major groups, professional giants, and Tuya, and enhancing our public cloud-based IoT developer business ecosystem.

These achievements are the result of our resolute and effective adjustments in business and operational strategies over the past two years, coupled with our team’s hard work. Throughout our development journey, from device intelligence in the early stages, to spatial intelligence around 2020, and now providing complete smart business solutions to global giants, we have refined our offerings, as evidenced by our successful 2023 financial results. Moving forward, we remain committed to our mission of “building an IoT developer ecosystem and enabling everything to be smart.”

OVERVIEW

We have pioneered a purpose-built IoT cloud development platform that delivers a full suite of offerings, including Platform-as-a-Service (“PaaS”), Software-as-a-Service (“Saas”) and smart solutions for IoT devices. Through our IoT cloud development platform, we deliver a variety of offerings. Our IoT PaaS offering enables businesses, including original equipment manufacturers (“OEMs”) and brands, and developers to develop, launch, manage and monetize software-enabled smart devices and services. Our SaaS offering includes Industry SaaS that enables businesses to deploy, connect, and manage large numbers and different types of smart devices in different vertical scenarios, Cloud-based Software Value-added Services that provide end users with additional smart scenario features such as cloud storage, and Cube Smart Private Cloud Solution that enables large-scale conglomerates to build their own autonomous and controllable IoT platforms. We also offer businesses, developers and end users a diverse range of other cloud-based value-added services to improve their ability to develop and manage IoT experiences. Additionally, we offer smart solutions for IoT devices in which we provide customers with smart devices that integrated intelligent software capabilities beyond IoT. Through our IoT cloud development platform, we have enabled developers to activate a vibrant IoT ecosystem of brands, OEMs, partners and end users to engage and communicate through a broad range of smart devices.

71

Table of Contents

Our platform benefits from network effects driven by our ecosystem of developers, businesses, partners and end users. End users of smart devices demand a single interface to interact with various types of devices from different brands—an experience similar to using different apps on one smartphone. Our platform provides an open architecture to connect any device from any brand, while enabling users to manage all devices across brands through a single portal. As a result, we believe that as our platform continues to grow, more brands and OEMs want to join our platform to integrate their devices onto the single user interface through which devices from other brands are connected. These self-reinforcing network effects further increase our brand awareness and generate word-of-mouth referrals, helping us build an extensive, vibrant and increasingly interconnected IoT ecosystem.

Our offerings enable customers across a broad range of industry verticals, such as smart home, smart business, renewable energy, education, agriculture, outdoors and sport, and entertainment. We have cultivated a large and diversified customer base, primarily including brands, OEMs, industry operators and system integrators. Starting from the end of 2021, we have been strategically optimizing our customer base to focus more on key account enterprises. In 2023, we served approximately 6,100 customers and our IoT platform empowered approximately 3,800 brands to develop their smart devices, including leading brands and enterprises such as Calex, Philips, Schneider Electric, Sharp, ABB, SCG and Haier NAHUI. Our IoT PaaS currently enables businesses and developers across over 200 countries and regions globally to develop smart devices in approximately 2,900 categories. We have established a large and active community of approximately 993,000 registered IoT device and software developers as of December 31, 2023.

In the past, our business has scaled rapidly by leveraging our strong software and robust platform-based delivery capabilities. However, in the second half of 2021, the global consumer electronics sector started to experience a significant and growing supply-demand mismatch, a situation where the supply of the products available exceeds the demand, resulting in a high level of inventory of manufacturers and distributors. As a result, our customers, who are mostly consumer electronics brands and OEMs, were negatively impacted, as were our own business operations. Since 2022, the ongoing inflationary pressures and global events such as the Russia-Ukraine conflict and the energy shortage have further aggravated these issues. We, for the first time since our inception, experienced a decrease in our annual revenue in 2022. Amid the high global inflation, the entire industry has entered a destocking cycle. In 2023, we continued to observe a moderately declining yet persisting overall inflation, and we expect that it will continue affecting the discretionary consumer electronics spending. In addition, we have seen industry-wide efforts to normalize downstream inventory, and implemented strategic initiatives that align with these efforts. As a result, we restored annual revenue growth in 2023. See “Item 5. Operating and Financial Review and Prospects—5.A. Operating Results—Discussion of Results of Operations. Looking ahead, on the supply chain front, we expect downstream inventory levels to be normalizing ongoingly, providing downstream smart device manufacturers, brands, and retail channels with greater flexibility and resilience to adapt their operational and procurement plans as necessary. This, in turn, will revitalize their investment in smart business. Overall, discretionary consumer electronic spending alongside enterprise procurement is expected to prioritize cost-effectiveness, reflecting a balanced approach widely adopted in the current economic climate.

Challenges in the IoT Era

By transforming the way people interact with the physical world, IoT is also changing how brands and OEMs develop products. With favorable technology drivers, consumers are increasingly demanding a software-like experience—in addition to the traditional physical interfaces—when interacting with devices. As a result, brands and OEMs are seeking to build software capabilities in order to offer IoT-enabled smart devices.

However, for brands and OEMs, building software capabilities from scratch is both costly and time-consuming, causing many of their IoT ventures to be unsuccessful. While a limited number of leading brands have built their own IoT solutions, these solutions often are restricted to their own products, or products of their selected business partners, and the vast majority of brands and OEMs globally simply do not have the capital and technology expertise necessary to develop and deploy software across millions of devices, according to CIC. Brands, OEMs and developers face a number of challenges in delivering software-enabled IoT offerings, such as (i) lack of development talent and capabilities, (ii) high cost and complexity to develop platforms, tools and applications, (iii) long development cycles, (iv) lack of standardized, easy-to-use software infrastructure and tools for developers and (v) inconsistent user experience caused by the fragmented market due to the variety of IoT device categories and products across the brands and regions. These significant challenges can affect the end user experience and create the need for a third-party IoT platform that takes care of the complexities of developing, launching, supporting and growing IoT software and unifying the IoT standards among fragmentation, so businesses and developers can leverage full-stack infrastructure and tools to develop devices and software applications with ease.

​

72

Table of Contents

Tuya Solution—an IoT Cloud Development Platform

Tuya was founded to solve exactly these challenges. We offer what we call an “IoT cloud development platform”—a platform that is open to all types of brands, OEMs and developers from across the world where they can access a common infrastructure and all the ready-to-use software, development tools and services needed to develop and manage smart devices. According to CIC, we offered the world’s first IoT cloud development platform, giving us significant first-mover advantages in attracting and building long-term relationships with brands and OEMs globally.

Our IoT cloud development platform is one-stop and cloud-agnostic and allows our brands and OEMs to digitalize their businesses and transform the experience of their end users across a diverse range of use cases.

We use “IoT cloud development platform” as a collective term to refer to a combination of the various IoT capabilities, products and services that we offer to brands, OEMs, developers, partners and end users. As illustrated in the diagram below, our IoT cloud development platform encompasses the various IoT developer kits and cloud infrastructure capabilities and our products and services built upon such capabilities. Our “IoT cloud infrastructure capabilities” refer to various core capabilities offered by our critical technologies, i.e., Things Technology Platform (TTP), Application Enabling Platform (AEP) and Business Technology Platform (BTP). For more information, see “—Our Technologies.” Through our platform we have established an ecosystem of brands, OEMs, developers, partners and end users.

​

The foundation of our solution is Tuya IoT Cloud infrastructure, our unified underlying cloud infrastructure that provides a suite of infrastructure capabilities and developer kits.

Based upon our Tuya IoT cloud infrastructure capabilities, we offer the following major products and services:

73

Table of Contents

OUR PRODUCTS AND SERVICES

We offer our products and services to all key IoT stakeholders. We set out to offer IoT PaaS to customers developing smart devices, including brands and their contracted OEMs. Over time, we have extended our offerings to those who use smart devices. We offer SaaS including Industry SaaS that enables businesses to deploy, connect, and manage large numbers and different types of smart devices in different vertical scenarios, Cloud-based Software Value-added Services that provide end users with additional smart scenario features, such as cloud storage, and Cube Smart Private Cloud Solution that enables large-scale enterprise customers to build their own autonomous and controllable IoT platforms. We also offer businesses, developers and end users a diverse range of other cloud-based value-added services to improve their ability to develop and manage IoT experiences. Additionally, we offer smart solutions for IoT devices in which we provide customers with smart devices that integrated intelligent software capabilities beyond IoT.

For Business Customers Developing Smart Devices

IoT PaaS

Our IoT PaaS is an integrated, all-in-one product for brands and OEMs to build and manage smart devices.

Our IoT PaaS combines cloud-based connectivity and basic IoT services, edge capabilities, app development, and device optimization solutions which we believe are the most fundamental elements of IoT capabilities. Customers can also leverage our developer toolkits, including SDKs and open APIs, to customize for desired use cases and functionalities.

Digital twin and the cloud-based connectivity it enables offer many features hard to imagine in the pre-IoT era, such as using a smartphone to control multiple devices remotely and predicting failure based on patterns learned from vast amounts of IoT data. It also brings convenience and safety to end users. For example, when smoke is detected while nobody is at home, it automatically turns off the gas and sends alerts. End users also benefit from basic IoT services such as automatic device scene switches based on real-time weather data obtained by the cloud through the internet. Digital twin also makes troubleshooting easier and less costly by providing developers with a virtual test environment to troubleshoot problems without making any changes to the physical device.

74

Table of Contents

Our IoT PaaS offers developers, many of whom work for brands and OEMs, a portal through which they can access a variety of software and development tools, as illustrated in the screenshots below.

​

​

​

75

Table of Contents

The below screenshot illustrates the interface through which developers can leverage IoT PaaS to embed edge capabilities.

​

​

The edge capabilities we offer are all pre-coded and ready-to-use, giving customers shorter time-to-market than writing the codes from scratch.

​

​

The below screenshot showcases our “one-app-for-all” approach that enables end users to manage various functions and different categories of devices using a single app, as well as our “Smart Scene” functions, which allow users to configure and manage present scenes and recommend smart scenes according to connected devices and user behaviors.

​

​

76

Table of Contents

Our IoT PaaS also includes the following ancillary cloud-based value-added services:

Our IoT PaaS offers a cloud-agnostic development environment, allowing customers to simultaneously work with multiple public or private cloud infrastructure, with the flexibility to switch among them if needed. This flexibility is valued by customers because it enables them to scale up their product portfolios as well as to cater to the broadest user bases across global markets, as different brands may have different preferences over cloud infrastructures, from commercial or compliance perspectives. According to CIC, we are the world’s first IoT cloud development platform at scale that is cloud-agnostic. The following flow chart illustrates how we connect and empower key stakeholders surrounding our IoT PaaS, i.e., brands (including retailers offering private-label smart devices) and their contracted OEMs, as well as end users. For more information about the value-added services we provide directly to end users, see “—For End Users Using Smart Devices.”

​

Cube – The Smart Private Cloud Solution

We officially released Cube Smart Private Cloud (“Cube”) in early 2022, which complements our existing IoT PaaS product system and enables us to address the need for large-scale conglomerates, such as our Fortune 500 customers, for building their autonomous and controllable IoT platforms. Cube also allows customers to access the full range of capabilities of our IoT cloud development platform to build out their own IoT businesses faster with improved sustainability and value creation.

77

Table of Contents

As one of our core long-term strategies, we continued our innovation of Cube in 2023. We expanded and refined our product matrix, improved delivery efficiency, reduced operational costs for our clients and expanded AI capabilities while fostering deeper collaborations with global conglomerates. The introduction of the Cube, Cube Lite and Cube Edge product matrices in 2023 further diversified the applicability of Cube across different scenarios. These launches provided our customers with a wider range of choices, tailored to the specific requirements of vertical industries and enterprises of different sizes. By optimizing the overall efficiency of product delivery and operational costs, we were able to reduce costs for our clients. In addition, by enhancing our AI capabilities, we provided our clients with more intelligent and efficient vertical solutions, enabling them to address increasingly complex business challenges. In 2023, our efforts were validated by winning orders from several globally renowned clients, including a leading telecom group in Malaysia, a top-tier telecom operator in Thailand and a century-old shipbuilding company in Germany, as well as conglomerates in Vietnam, South Korea and India. We will continue to use Cube to win long-term collaboration opportunities with large global key accounts.

Smart Device Distribution

We believe that the efficient distribution of Tuya-powered smart devices to target audiences benefits our long-term competitive edge and sustainability. To this end, we strategically offer some of our customers, mainly brands and system integrators, who prefer not to deal with a multiple OEMs option to purchase directly from us finished smart devices deployed with IoT PaaS sourced from qualified OEMs. These customers typically place purchase orders directly with us by specifying the type of smart devices. We then source devices for these customers from qualified OEMs selected based on the type of products, hardware specifications and other metrics. We earn the difference between the prices at which the products are sourced and sold. Common types of smart devices that we distribute include centralized control panel, gateway, air purifier, floor sweeper, air fryer, gas detector, and door and window sensor.

In addition to our traditional smart device distribution, we implemented a product enhancement strategy in 2023, aiming to deliver products equipped with advanced hardware and software and offer enhanced value propositions to our customers. Under this strategy, we offer smart solutions for IoT devices, which target selected sophisticated and high-value potential smart device categories, to our customers such as brands and telecom operators. Our smart solutions enable these customers to benefit from smart devices with more self-developed, integrated smart software capabilities beyond IoT. These include advanced algorithms for mapping, streaming media, and software protocols for gateways, among others. Leveraging refined software and hardware, we empower our customers to expand their market share while amplifying our revenue streams with improved gross margins. As a result, the gross margin for our smart device distribution business increased from 11.6% in 2022 to 25.5% in 2023.

In addition, we provide customers with the access to Tuya Expo, a dedicated business-to-business (B2B) platform connecting brands globally with an extensive network of OEMs. Currently, only a de minimis portion of our revenue is derived from Tuya Expo. Furthermore, we have selected smart devices that we think are best functionally compatible with various smart business scenes from our smart device ecosystem and combined them into a series of smart device catalogs to better match our Industry SaaS. We provide these smart device lists to our Industry SaaS customers, including system integrators, industry operators and service providers, to help them land their projects more quickly, easily and efficiently.

For Business Customers Using Smart Devices

Industry SaaS

We offer Industry SaaS, vertical-focused software solutions that enable businesses to deploy, connect, and manage large numbers and different types of smart devices. Just like how billions of people use apps to enjoy mobile technology, we design Industry SaaS as plug-and-play everyday tools for people to interact with and harness the power of IoT. Industry SaaS makes life easier, healthier and more enjoyable, and drives efficiency, cost saving and productivity for businesses of all sizes across industries.

78

Table of Contents

Our Industry SaaS is built to be brand-agnostic and is compatible with Tuya-powered devices across brands and categories. We believe this is the key reason our customers choose us over other IoT SaaS providers, especially those that only support certain brands exclusively, because our brand-agnostic Industry SaaS enables customers to manage their diverse business needs and smart device products across different brands and categories. Industry SaaS customers have the flexibility in sourcing smart devices by themselves, from OEMs recommended by us or via other channels based on their own preferences.

We offer Industry SaaS to select verticals with the potential of monetizing our IoT capabilities. We are also able to deliver the infrastructure and core capabilities of Industry SaaS as a vertical-agnostic solution that they can use to create industry-specific applications and use cases.

Set out below are a few examples of our Industry SaaS and the use cases they enable:

We primarily market our Industry SaaS to system integrators. We also sell directly to individual industry operators, such as hotel or property managers. We mainly target large, established organizations with leading positions in their respective verticals and geographies, so that we can leverage their industry expertise and existing customer bases to quickly gain market shares and build brand awareness.

For End Users Using Smart Devices

Since inception, we have allowed end users to connect to our IoT cloud platform to access a variety of basic cloud-based services, such as receiving app updates, for free. We also give end users the option to pay a fee to access a curated suite of Cloud-based Software Value-added Services:

79

Table of Contents

As we gain more insights about customer demands through their feedback, we will continue to roll out additional value-added services for end users, aiming to provide an engaging and continuously improved customer experience.

OUR TECHNOLOGIES

Our IoT platform and product offerings are supported by Tuya IoT Cloud infrastructure, our unified underlying infrastructure, as illustrated below.

​

​

Our IoT technologies consist mainly of a Things Technology Platform (“TTP”) and an Application Enabling Platform (“AEP”). TTP and AEP together serve as the bedrock of our IoT cloud development platform and product offerings. We also have Business Technology Platform (“BTP”), which is the competency center that provides the technology foundation to the upper layer of our Tuya IoT Cloud infrastructure. With these technologies, developers can develop, manage, and upgrade smart devices and customize IoT capabilities for their specific user cases. We believe that these technological features enable us to build a growing and dynamic network of developers and partners, and drive our long-term revenue growth.

Our TTP consists of the following components:

80

Table of Contents

AEP includes Tuya Platform Applications and Developer Kits that allow us to deliver IoT PaaS, Industry SaaS and other value-added services.

We have deployed six data centers hosted worldwide, including in China, the United States, Europe and India.

RESEARCH & DEVELOPMENT

Our leadership is built by our teams who are passionate about IoT. As of December 31, 2023, we had 1,047 research and development employees, representing approximately 71.5% of total employees. Our research and development team primarily consists of technology and platform development engineers responsible for (i) developing and iterating proprietary IoT technologies (e.g., TTP and AEP) and implementing enhancements and upgrades to our IoT cloud development platform; (ii) developing and upgrading our products, including IoT PaaS, Cube and Industry SaaS software solutions; and (iii) optimizing our internal operational systems and technologies. Our research and development team members have on average 9.8 years of experience across a significant number of different subject areas such as IoT, industry design, cloud computing, AI and machine learning.

In 2023, our research and development initiatives yielded advancements in following technological innovation and product development:

81

Table of Contents

Our IoT cloud development platform and proprietary cutting-edge IoT technologies have been developed in-house. We have invested substantially in research and development and we expect to continue to devote significant resources to research and development activities and incur a substantial amount of research and development expenses to enhance our competitive edge. In 2021, 2022 and 2023, we incurred research and development expenses of US$174.3 million, US$144.9 million and US$102.3 million, representing 57.7%, 69.6% and 44.5% of our total revenue for the same years, respectively. These investments have continued to result in the launch of innovative products that have helped us attract new customers and increase sales our existing customers.

BRANDS WE SERVE

Our growth strategies are tailored around the brands we serve and their contracted OEMs. For leading brands and their OEMs in target categories and those with large demands in our products, we are focused on providing bespoke support and services by, for example, offering free trials of product enhancements and new features and functionality. In 2023, our IoT PaaS empowered a total of approximately 3,800 brands to develop smart devices.

Substantially all of the brands we serve relate to our IoT PaaS business. We typically do not enter into agreements in relation to IoT PaaS business directly with the brands and instead enter into agreements with their contracted OEMs. In these circumstances, we consider such OEMs to be our customers. In limited circumstances, we also enter into agreements directly with brands in relation to certain value-added services, in which case we also consider such brands to be our customers.

OUR CUSTOMERS

We define our customers as entities from whom we generate revenues for the products and services we provide. We had approximately 6,100 customers in 2023, primarily including brands, OEMs, industry operators and system integrators. Starting from the end of 2021, we have been strategically optimizing our customer base, to focus on key account enterprises. In 2023, our IoT PaaS empowered approximately 3,800 brands to develop their smart devices, including leading brands and enterprises such as Calex, Philips, Schneider Electric, Sharp, ABB, SCG and Haier NAHUI. As we have cultivated a large and diversified customer base across different industry verticals, we believe that none of our customers is material to our total revenue. We provide online customer support services and tools for our customers to submit customer complaints and service requests anytime and anywhere.

82

Table of Contents

We use the dollar-based net expansion rate for IoT PaaS as a useful indicator of our customers’ loyalty and tendency to expand their usage of our platform over time. For the trailing 12-month period ended December 31, 2021, the dollar-based net expansion rate for IoT PaaS was 153%, demonstrating the strong value proposition provided to our customers and the thriving ecosystem with network effects of our powerful IoT development platform. However, the dollar-based expansion rate for IoT PaaS experienced a decline in 2022 due to significant events that had adversely affected the global economy, including (i) shipping disruptions in late 2021 that delayed product deliveries and affected holiday sales; (ii) persistent inflation that dampened consumer sentiment; and (iii) supply-demand mismatch that led to an excess of inventory for downstream enterprises. As a result, our revenue declined for the first time in 2022 despite our stable relationship with our core customers. The dollar-based net expansion rate of IoT PaaS declined from 122% as of March 31, 2022, to 84% as of June 30, 2022, then to 63% as of September 30, 2022 and further to 51% as of December 31, 2022. During the first half of 2023, downstream enterprises remained cautious in their purchasing decisions, primarily due to continued inventory backlog pressure in downstream supply chain. Additionally, persistent global inflation continued to impact consumer sentiment, resulting in subdued discretionary spending on consumer electronics in many regions. As a result, the dollar-based net expansion rate for IoT PaaS further declined to 49% as of March 31, 2023 then improved to 58% as of June 30, 2023. In the second half of 2023, with the easing of the downstream inventory backlog and the gradual recovery of the global economy, coupled with the effective customer-focus and product enhancement strategies we adopted to navigate through the macroeconomic headwinds, the dollar-based net expansion rate for IoT PaaS improved to 78% as of September 30, 2023 and further improved to 103% as of December 31, 2023.

For more information about the mismatch between supply and demand in the global consumer electronics sector and the risks that it poses to us and our customers, see “Item 3. Key Information—3.D.Risk Factors—Risks Related to Our Business and Industry—We operate in an emerging and evolving market, which may develop differently from or more slowly than we expect. If our market does not grow as we expect, or if we cannot expand our products and services to meet the demands of this market, our revenue may decline, or fail to grow, and we may continue to incur operating losses.” For a detailed discussion of the dollar-based net expansion rate for IoT PaaS and certain other key operating metrics, see “Item 5. Operating and Financial Review and Prospects—5.A. Operating Results—Key Operating Metrics.”

QUALITY CONTROL

We are committed to providing customers with our products and services of consistently high quality. We emphasize quality control in all aspects of our business, including, for example, design, research, production, sales and after-sales services. We strictly control the quality of our business and operations. In order to monitor the quality and ensure that our products and services meet all our internal benchmarks and specifications, we have implemented various quality-control checks into our business process. In addition, we provide after-sales services and support to our customers.

We have devoted significant resources to the quality control of our products and services. Our quality control is a cross-departmental responsibility shared by multiple teams across business functions, including supply chain management, quality assurance, safety and compliance, and after-sales and customer service. In particular, these teams are responsible for establishing quality control standards, procedures for inspection of our raw materials and products and review standards of our suppliers. They are also responsible for handling customer complaints and compliance with applicable laws and international and national standards.

SALES, MARKETING AND BRANDING

We generate sales primarily through our direct marketing efforts targeting brands and OEMs, with a focus on attracting new customers as well as expanding usage within our existing customer base. We also generate customer leads indirectly through offline retail channels and e-commerce platforms. We currently operate dedicated regional sales forces covering a number of our key overseas markets, such as the United States, Europe, India, Latin America and Asia Pacific. We also market our products and services through media, word of mouth, advertising and promotion to further enhance awareness of our brand as well as to increase our brand exposure across various customer bases.

As we expand our footprint globally, we have invested substantially in developing localized marketing strategies and employing sales and support staff. In particular, we focus on educating customers about the “Powered by Tuya” smart ecosystem.

83

Table of Contents

We utilize a multitude of sales and marketing channels, including:

We are committed to nurturing our developer community and have taken initiatives to boost developer engagement. By the fourth quarter of 2023, our registered developer base had grown to nearly 993,000. Our TuyaOS low-code development framework currently supports over 280 types, covering all protocols and categories within the Tuya platform. Additionally, we have created nearly 1,000 development documents, and our developer forum has amassed more than 8,500 technical support posts. Our development tools have also evolved to support more self-service operations, further solidifying the foundation for expanding the developer community.

INTELLECTUAL PROPERTY

We rely on a combination of patent, copyright, trade secret and trademark laws as well as contractual restrictions such as confidentiality agreements, licenses and intellectual property assignment agreements. We also maintain a policy requiring our employees, contractors, consultants and other third parties to enter into confidentiality and proprietary rights agreements to control access to our proprietary information. As of April 10, 2024, we had registered 616 patents, 1,259 trademarks, 159 copyrights and 124 domain names in China and overseas. We have registered “Tuya” and “Powered by Tuya” as trademarks.

Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy or otherwise obtain and use our technology. Monitoring unauthorized use of our technology is difficult and costly, and we cannot be certain that the steps we have taken will prevent misappropriation of our technology. From time to time, we may have to resort to litigation to enforce our intellectual property rights, which could result in substantial costs and diversion of our resources. In addition, third parties may initiate lawsuits against us alleging infringement of their proprietary rights or declaring their non-infringement of our intellectual property rights. In the event of a successful claim of infringement and our failure or inability to develop non-infringing technology or license the infringed or similar technology on a timely basis, our business could be harmed. Even if we are able to license the infringed or similar technology, license fees could be substantial and may adversely affect our results of operations.

DATA SECURITY AND PRIVACY

When providing our products and services, we may have access to certain data of our customers and the end users, primarily certain machine-generated data produced by the smart devices powered by us. Such data consist primarily of the following types of device- and app-level information:

84

Table of Contents

Collection of such data is based on users’ proactive consent to the in-App privacy policy prior to their use of the App. Such data will be collected, based on the type of data, either by the user’s active submission or our automatic collection, both of which are accomplished through the execution of predefined program logics embedded in the code of the App or the device’s firmware. The data are then transmitted to our cloud platform from the App or the device for processing. The data collected will be stored on specific data services as part of our cloud platform. Based on the user’s request, our cloud platform, also through the execution of predefined codes, will process the data and send feedback back to the App or the device. The primary purpose of the processing of the data is to facilitate the provision of our products and services to the users so that the devices may function properly.

As described above, the collection, processing and storage of the data that we may have access to are predominantly accomplished through the execution of predefined codes at the App or device level or embedded in our cloud platform. While we have the right to access and process such data to the extent proactively consented to by our customers or users, we do not have control over such data, except in very limited circumstances where we are by contract explicitly authorized by the users to do so. In any event, it is the users who retain the ownership of the personal information contained in the data.

We have designed strict data protection policies to ensure that the collection, use, storage, transmission and dissemination of such data are in compliance with applicable laws and with prevalent industry practice. Specifically, our policies cover three main areas: data security, cloud service security and access control management.

85

Table of Contents

We have established an all-round information system in reference to data security requirements and best practices and intend to continually invest heavily in data security and privacy protection. Our information system applies multiple layers of safeguards, including internal and external firewalls, enterprise-standard web application firewalls, risk management platform, and runtime application self-protection, or RASP, a security technology that detects and blocks computer attacks using information from inside the running software. We encrypt data throughout its life cycle to safeguard privacy and enhance data security. We implement a robust internal authentication and authorization system to ensure confidential and important data can only be accessed through computers for authorized use and only authorized staff can access those computers. We have clear and strict authorization and authentication procedures and policies in place. Our employees only have access to data which is directly relevant and necessary for their responsibilities and for limited purposes and are required to verify authorization upon every access attempt. We have also implemented robust internal rules and procedures, including security assessment in the design and implementation of R&D projects and code auditing, to ensure that the designed security requirements are met in our R&D activities and code quality and security. Furthermore, we have established an incident response team that consists of a Chief Information Security Officer (CISO), a Data Protection Officer (DPO) and a Chief Privacy Officer (CPO) to provide a quick, effective and orderly response to servers and personal information related to potential or actual incidents such as virus infections, hacker attempts and break-ins, improper disclosure of confidential information, system service interruptions, breach of personal information, and other events with serious information security implications.

We have completed information security, privacy and compliance certifications/validations with the consultation of various global agencies, and now serve as a reliable IoT platform with comprehensive certificates. We have obtained the ISO 27001 Information Security Management System Certificate, ISO 27017 Certificate for Information Security of Cloud Services and ISO 27701 Certificate for Protection of Personally Identifiable Information and are fully committed to complying with the GDPR and CCPA. We have also worked with top privacy compliance and cybersecurity firms, such as TrustArc, ioXt Alliance and Palo Alto Networks, for privacy management and penetration testing.

As of the date of this annual report, we have not received any material claim from any third party against us on the ground of infringement of such party’s right to data protection as provided by the Civil Code of the PRC or any applicable laws and regulations in other jurisdictions, and we have not experienced any material data loss or breach incidents.

ENVIRONMENTAL, SOCIAL AND GOVERNANCE

We are committed to promoting corporate social responsibility and sustainable development and integrating it into all major aspects of our business operations. Corporate social responsibility is viewed as part of our core growth philosophy that will be pivotal to our ability to create sustainable value for our shareholders, partners, customers and employees by embracing diversity and public interests.

Our board of directors has adopted a comprehensive policy on environmental, social and corporate governance responsibilities, or the ESG Policy, which sets forth our corporate social responsibility objectives and provides guidance on practicing corporate social responsibility in our daily operations. Under our ESG Policy, one of our main ESG objectives is to reduce any negative impacts on the environment through our commitment to energy savings and sustainable development. In addition, we endeavor to support and have a lasting positive impact on the local community through various initiatives, including corporate philanthropy, establishing community partnerships and mobilizing our employees to participate in volunteer work. Under our ESG Policy, we will also focus on embracing diversity within our organization and equal and respectful treatment of all of our employees in their hiring, training, wellness and professional and personal development.

Our board of directors has the collective and overall responsibility for establishing, adopting and reviewing the ESG vision, policy and target, and evaluating, determining and addressing our ESG-related risks. We have continued to improve the oversight by our board of directors of ESG matters through a series of measures, including taking into account ESG matters in board room discussions and strategic planning, conducting and regularly refreshing a materiality assessment to identify and assess all material ESG issues, developing and regularly reviewing ESG policies, and regularly monitoring ESG performance against our goals.

86

Table of Contents

Commitment to Sustainable Development through Products and Services

As a global company deeply committed to environment and social responsibility, we always strive to make society a better place with our IoT technologies and products. We target to achieve sustainability which constitutes a fundamental strategy for us as we expand and diversify our offerings. In particular, we endeavor to incorporate environmental and ESG-related considerations into our product development process and have been actively exploring ways to achieve environmental protection and realize carbon neutrality. Many of our offerings of key products and services, such as our energy-efficient algorithms that aim to decrease energy usage of smart devices as much as possible, help customers optimize their business processes, reduce costs and improve operational efficiency.

In the mid-term, we will continue to monitor our carbon emissions, which we expect to mainly come from office premises, and continue to implement sustainable and environmentally friendly practices to reduce our carbon emissions. We also intend to leverage our IoT technologies and products to help customers further achieve energy savings while optimizing device functionalities, and explore new, innovative designs for smart device energy storage and usage. In the long term, we intend to use our technological capabilities to enable greater sustainability across different industry verticals, enhance energy usage efficiency and optimize environmental and waste management through the implementation of various carbon neutral practices.

Embracing Diversity and Building a Healthy Workplace

We will continue to prioritize achieving diversity within our organization and equal and respectful treatment of all of our employees in their hiring, training, wellness and professional and personal development. In particular, we recognize and embrace the benefits of having a gender-diverse board as an essential element in maintaining our company’s competitive advantage and enhancing our ability to attract, retain and motivate employees from the widest possible pool of available talent. We are committed to taking a proactive approach in recruiting female directors and aligning directors’ diverse competencies and perspectives with the company’s strategy. While maximizing equal career opportunity for everyone, we will also continue to promote work-life balance and create a happy culture in our workplace for all of our employees.

As we do not operate any production facilities, we are not subject to material health, work safety, social or environmental risks. To ensure compliance with applicable laws and regulations, our human resources department will, if necessary and after consultation with our legal advisors, adjust our human resources policies to accommodate material changes to relevant labor and safety laws and regulations. In 2023 and up to the date of this annual report, we have not been subject to any fines or other penalties due to non-compliance in relation to health, workplace safety or environmental regulations, and have not had any accident or claim for personal or property damage made by our employees which had materially and adversely affected our financial condition or business operations.

Supporting the Community

As a company with a strong sense of and commitment to social responsibility, we have in recent years launched a series of non-profit events and campaigns as part of our corporate social responsibility efforts.

87

Table of Contents

Integrating Sustainable and Environmentally Friendly Practices into Our Business Operations

Although our business operations do not directly produce pollutants that directly affect the environment, we endeavor to implement sustainable and economically friendly practices in our own operations to reduce our carbon footprint such as reducing the energy consumption through, for example:

We believe that our policies can help us meet our environmental sustainability goals by reducing energy consumption in our operations.

Managing ESG Risks

We are committed to a thorough analysis and assessment process that will enable us to identify any material ESG risks and take actions to address these risks timely and effectively. We identify, assess, manage and mitigate environmental, social and climate-related risks by having dedicated teams to take care of the life-cycle management of the corresponding project. For example, personnel from our human resources and government-related affairs departments are responsible for overseeing the management and monitoring of our waste management system and our energy savings and consumption control program to ensure that we achieve the goals of energy savings and consumption reduction. Our management also actively oversees the identification and monitoring of the actual and potential environmental, social and climate-related risks on our business, strategy and financial performance, and take these issues into account during the course of our business, strategic and financial planning. Our management will assess the likelihood of such risks occurring and the estimated magnitude of any potential impact. We may also engage independent third parties to evaluate the ESG risks and review our existing strategy, target and internal controls. Necessary improvement will then be implemented to mitigate any major ESG risks identified.

As a technology company, we do not currently have any material liabilities relating to health, work safety and environment, and do not expect that we will incur any material liabilities in this regard which could have any material adverse impact on our business and operating results. However, potential risks associated with climate change or other climate-related issues may have financial implications for us. For instance, extreme weather conditions may cause suspension or disruption to our business operations and have an impact on our financial condition. Extreme weather may also cause disruptions for our suppliers, which may in turn adversely impact our ability to serve our customers and end users. In 2023 and up to the date of this annual report, our business, results of operations and financial condition have not been materially and adversely impacted by any climate-related incidents.

88

Table of Contents

SEASONALITY

We have in the past experienced, and expect in the future to continue to experience, seasonal fluctuations in our revenue and sales from time to time, as a result of the holiday season and customers’ buying patterns. We typically experience lower growth in revenues in the first quarter as a result the reduced production capacities of OEMs located in China due to the annual Lunar New Year holidays. We expect the historical seasonality trends to continue to have a material impact on our results of operations and financial condition. However, certain unique events may cause the historical seasonal trends and patterns to temporarily no longer apply, such as high global inflation weakening consumption sentiment and dampening enterprises’ confidence in doing business, downstream inventory backlog disrupting enterprises’ business and operating plans, and supply chain disruption interfering with delivery of goods. See “Item 3. Key Information—3.D.Risk Factors—Risks Related to Our Business and Industry—Seasonality may cause fluctuations in our sales and operating results.”

COMPETITION

The global IoT platform market is rapidly evolving. We compete in the ordinary course of business with technology companies providing IoT services and solutions, internet-related services and products for IoT, and IoT-enabling platforms, and e-commerce companies offering IoT-related cloud products and services.

We may, from time to time, face competition from both large, well-established IoT service providers, and less-established IoT companies or companies that offer capabilities that compete with some of our offerings. However, the global IoT platform market has also been facing headwind since 2022, with certain players in the IoT field who are engaged in business similar to our IoT PaaS business announcing the termination of their IoT platform services in 2023.

We believe that none of our competitors currently competes directly with us across all of our offerings, and we compete favorably on the basis of the factors below:

89

Table of Contents

INSURANCE

We maintain the statutory social insurance as required by the relevant local laws and regulations. In addition, we maintain a supplemental employee commercial healthcare insurance program aiming to promote the work safety, health and well-being of our employees. We maintain liability insurance policies to cover potential product liability claims, cybersecurity insurance policies to cover the costs associated with a breach of third-party data in the event that the data is lost or stolen, and technical errors and omissions policies for liabilities in connection with failures of a service or software. Consistent with customary industry practice in the PRC and the other markets in which we operate, we do not maintain key-man life insurance.

LICENSES, PERMISSIONS AND APPROVALS

As of the date of this annual report, all requisite licenses, permissions and approvals have been obtained from relevant regulatory authorities that are material to our operations. None of such licenses, permissions or approvals have been denied or rescinded.

The following table sets forth details of licenses, permissions and approvals held by our PRC subsidiaries that are material to current business operations in China, and the VIE currently does not hold any such material licenses, permissions or approvals.

​

​

In the view of Jia Yuan Law Offices, our PRC legal counsel, we had complied with the relevant applicable PRC laws relating to the required licenses, permissions and approvals to business operations in China in all material respects in 2023 and up to the date of this annual report. Based on the understanding of the relevant PRC laws and regulations, our PRC legal counsel has also advised us that, to the best of their knowledge, there should be no material legal impediment for us to renew these licenses, permissions and approvals as long as we comply with the relevant legal requirements and we take all necessary steps and submit the relevant applications in accordance with the requirements and schedules prescribed by the applicable PRC laws and regulations.

For the consequences to us and investors if we do not receive or maintain requisite licenses, permissions and approvals necessary to conduct operations in China, or if applicable laws, regulations or interpretations change and we are required to obtain additional permissions or approvals in the future, see Item 3. Key Information—3.D. Risk Factors—Risk Related to Our Business and Industry—Any failure to maintain necessary permits and licenses to operate our business operations under applicable laws and regulations could materially and adversely affect our business and results of operations.”

90

Table of Contents

In recent years, the PRC government has increasingly tightened the regulation of cybersecurity, and indicated an intent to exert more oversight and control over securities offerings and other capital markets activities that are conducted overseas and foreign investment in China-based companies like us. See “Item 3. Key Information—Recent PRC Regulatory Developments.” As of the date of this annual report, we have not been required to go through a cybersecurity review by the CAC, or required to obtain any permission from, or complete any filing with, the CSRC in connection with our prior public offerings or maintaining the listing status on applicable stock exchanges. Nor have we received any formal inquiry, notice, warning, sanction, or any regulatory objection in relation to cybersecurity review from the CSRC, the CAC or any other PRC regulatory agencies that have jurisdiction over our operations. Since the legislative and regulatory actions in this regard are relatively new, it is highly uncertain how soon legislative or administrative regulation-making bodies will respond and what existing or new laws or regulations or detailed implementations and interpretations will be modified or promulgated, if any, and the potential impact such modified or new laws and regulations will have on our business operations, our ability to accept foreign investments and conduct follow-on offerings, and listing or continuing listing on applicable stock exchanges. For details of related risks, see “Item 3. Key Information—3.D. Risk Factors—Risks Related to Doing Business in China—The filing, approval or other administration requirements of the CSRC, the CAC or other PRC government authorities may be required to maintain our listing status or conduct future offshore securities offerings.”

REGULATION

Regulation Relating to Foreign Investment

Investments activities in China by foreign investors are principally governed by the Encouraged Industries Catalog for Foreign Investment (2022 version) (the “Catalog”), which was promulgated by the Ministry of Commerce (“MOFCOM”) and the National Development and Reform Commission (the “NDRC”) on October 26, 2022 and became effective on January 1, 2023 and the Special Administrative Measures for Foreign Investment Access (Negative List 2021) (the “Negative List (2021)”), which was promulgated by the MOFCOM and the NDRC on December 27, 2021 and became effective on January 1, 2022. The Catalog and the Negative List (2021) set forth the industries in which foreign investments are encouraged, restricted and prohibited. Industries that are not listed in any of these three categories are generally open to foreign investment unless otherwise specifically restricted by other PRC rules and regulations. Article 6 of the Interpretation Note of the Negative List (2021) provides that, where a domestic enterprise engaged in the business in the prohibited areas of the Negative List (2021) seeks to issue and list its shares overseas, it shall complete the examination process and obtain approval of the relevant competent authorities of the State, the foreign investor shall not participate in the operation and management of the enterprise, and its shareholding percentage shall be subject to the relevant provisions on the administration of domestic securities investment by foreign investors. On January 18, 2022, the NDRC held a press conference to further clarify the position of Article 6, during which the spokesman made it clear that Article 6 shall only be applicable to the situations where domestic enterprises were seeking a direct overseas issuance and listing (i.e., H-shares listing).

According to the Negative List (2021), the foreign equity interest ownership of entities that engage in value-added telecommunications business (except for e-commerce, domestic multiparty communication, storage and forwarding and call center) must not exceed 50%.

91

Table of Contents

On March 15, 2019, the National People’s Congress approved the Foreign Investment Law of the PRC (the “Foreign Investment Law”), which took effect on January 1, 2020 and replaced the Sino-Foreign Equity Joint Venture Enterprise Law of the PRC, the Sino-Foreign Cooperative Joint Venture Enterprise Law of the PRC and the Wholly Foreign-Invested Enterprise Law of the PRC and became the legal foundation for foreign investment in the PRC. On December 26, 2019, the State Council issued the Regulations on Implementing the Foreign Investment Law of the PRC, or the Implementation Rules, which took effect on January 1, 2020 and replaced the Regulations on Implementing the Sino-Foreign Equity Joint Venture Enterprise Law of the PRC, Provisional Regulations on the Duration of Sino-Foreign Equity Joint Venture Enterprise Law, the Regulations on Implementing the Wholly Foreign-Invested Enterprise Law of the PRC and the Regulations on Implementing the Sino-Foreign Cooperative Joint Venture Enterprise Law of the PRC. Pursuant to the Foreign Investment Law and the Implementation Rules, the existing foreign-invested enterprises established prior to the effective date of the Foreign Investment Law are allowed to keep their corporate organization forms for five years from the effectiveness of the Foreign Investment Law before such existing foreign-invested enterprises change their organization forms and organization structures in accordance with the Company Law of the PRC, which was last amended in December 2023 and will come into effect on July 1, 2024, the Partnership Enterprise Law of the PRC and other applicable laws. Pursuant to the Company Law, as amended, shareholders of a limited liability company must pay in their subscribed registered capital in full within five years from the date of establishment of the company or the date of its capital increase, and companies established before July 1, 2024 should gradually adjust their capital contributions to meet this new requirement. The latest amendment also involve aspects of the company’s organizational structure, corporate governance, and the rights and obligations of shareholders, which also apply to foreign investment enterprises in the PRC.

Pursuant to the Foreign Investment Law, foreign investment means the investment activities within the PRC directly or indirectly conducted by foreign natural persons, enterprises and other organizations (the “foreign investor”), including the following circumstances: (i) a foreign investor, individually or collectively with other investors, establishes a foreign-invested enterprise within the PRC; (ii) a foreign investor acquires any shares, equities, portion of property or other similar interest in an enterprise within the PRC; (iii) a foreign investor, individually or collectively with other investors, invests in a new project within the PRC; and (iv) foreign investors invest in the PRC through any other methods under laws, administrative regulations or provisions prescribed by the State Council of the PRC. The PRC applies the administrative system of pre-establishment national treatment plus negative list to foreign investment.

On December 30, 2019, MOFCOM and the State Administration for Market Regulation (the “SAMR”) issued the Measures for the Reporting of Foreign Investment Information, which took effect on January 1, 2020 and replaced the Interim Measures for the Recordation Administration of the Formation and Modification of Foreign-Funded Enterprises, and thus foreign investors carrying out investment activities directly or indirectly in China, instead of filing formalities, must report their foreign investment information to the commerce authorities.

Regulation Relating to Value-Added Telecommunication Services

The Telecommunications Regulations of the People’s Republic of China (the “Telecommunications Regulations”) promulgated by the State Council on September 25, 2000 and last amended on February 6, 2016, provide a regulatory framework for telecommunication services providers in mainland China. The Telecommunications Regulations require telecommunication services providers to obtain an operating license prior to the commencement of their operations. The Telecommunications Regulations categorize telecommunications businesses into basic telecommunications businesses and value-added telecommunications businesses, according to the Catalog of Telecommunications Business, attached to the Telecommunications Regulations and last amended by the Ministry of Industry and Information Technology (the “MIIT”) on June 6, 2019.

92

Table of Contents

Regulation Relating to Cybersecurity, Data Security and Privacy Protection

PRC

Cybersecurity

On December 28, 2000, the SCNPC enacted the Decision on the Protection of Internet Security, as amended on August 27, 2009, which provides that the following activities conducted through the internet are subject to criminal liabilities: (i) gaining improper entry into any of the computer information networks relating to state affairs, national defensive affairs, or cutting-edge science and technology; (ii) violation of relevant provisions of the state in the form of unauthorized interruption of any computer network or communication service, as a result of which the computer network or communication system cannot function normally; (iii) spreading rumor, slander or other harmful information via the internet for the purpose of inciting subversion of the state political power; (iv) stealing or divulging state secrets, intelligence or military secrets via internet; (v) spreading false or inappropriate commercial information; or (vi) infringing on the intellectual property.

On December 13, 2005, the Ministry of Public Security issued the Provisions on the Technical Measures for Internet Security Protection, which took effect on March 1, 2006. These regulations require internet service providers to take proper measures including anti-virus, data backup, keeping records of certain information such as the log-in and exit time of users, and other related measures, and to keep records of certain information about their users for at least 60 days. On June 22, 2007, the Ministry of Public Security, the State Secrecy Bureau, the State Cryptography Administration and the Information Office of the State Council jointly promulgated the Administrative Measures for the Multi-level Protection of Information Security, under which the security protection grade of an information system may be classified into five grades. Companies operating and using information systems shall protect the information systems and any system equal to or above Level II as determined in accordance with these measures, a record-filing with the competent authority is required.

The Cybersecurity Law of the PRC, or the Cybersecurity Law, was adopted by the SCNPC on November 7, 2016, and came into effect on June 1, 2017. Regarded as the fundamental law in the area of cybersecurity in China, the Cybersecurity Law regulates network operators and others from the following perspectives: the principle of cyberspace sovereignty, security obligations of network operators and providers of network products and services, protection of personal information, protection of critical information infrastructure, data use and cross-border transfer, network interoperability and standardization. Network operators shall, according to the requirements of the rules for graded protection of cybersecurity, fulfill security protection obligations, so as to ensure that the network is free from interference, damage or unauthorized access, and prevent network data from being divulged, stolen or falsified. In addition, network operators that collect personal information shall follow the principles of legitimacy, rationality and necessity and shall not collect or use any personal information without due authorization of the person whose personal information is collected. Each individual is entitled to require a network operator to delete his or her personal information if he or she finds that collection and use of such information by such operator violate the laws, administrative regulations or the agreement by and between such network operator and such individual, and is entitled to require any network operator to make corrections if he or she finds errors in such information collected and stored by such network operator. Such network operator shall take measures to delete the information or correct the error.

On December 28, 2021, the CAC and certain other PRC regulatory authorities promulgated the Measures for Cybersecurity Review (the “Cybersecurity Review Measures”), which provide that (i) network platform operators holding over one million users’ personal information shall apply with the Cybersecurity Review Office for a cybersecurity review when listing in a foreign country, and (ii) operators of “critical information infrastructure” that intend to purchase network products and services that will or may affect national security shall apply for a cybersecurity review and (iii) network platform operators carrying out data processing that will affect or may affect national security shall apply for a cybersecurity review. The Cybersecurity Review Measures took effect on February 15, 2022 and replaced the Measures for Cybersecurity Review promulgated in April 2020. For a detailed discussion of the risks and uncertainties related to our compliance with regulations on cyber security, please see “Item 3. Key Information—3.D.Risk Factors—Risks Related to our Business and Industry—Compliance with the rapidly evolving landscape of global data privacy and data security laws may be challenging, and any failure or perceived failure to comply with such laws, or other concerns about our practices or policies with respect to the processing of personal information, could damage our reputation and deter current and potential customers and end users from using our platform and products and services or subject us to significant compliance costs or penalties, which could materially and adversely affect our business, financial condition and results of operations.”

93

Table of Contents

Data Security

On June 10, 2021, the SCNPC promulgated the Data Security Law of the PRC, or the Data Security Law, which took effect on September 1, 2021. According to the Data Security Law, the enterprises conducting data processing activities shall establish and improve their data security management systems, organize data security trainings and adopt corresponding technical measures and other necessary measures, with a view to guaranteeing the data security. Chapter 4 of the Data Security Law provides for the obligations of general data processing and data security protection, including (i) establishing and improving the whole-process data security management system; (ii) strengthening risk monitoring and properly handling data security incidents; and (iii) legally and properly collecting and using data. Our company has established a relatively complete data security management system, organized and carried out data security education and training, adopted corresponding technical measures and organizations to protect data security, formulated a data security incident management system, carried out risk monitoring and assessment, handled information security level protection filing and assessment for call center service platforms, and performed corresponding network security level protection obligations. In addition, pursuant to the Data Security Law, a data security system should be established to administer data at different levels and by different categories, and impose specific compliance obligations on processors of important data, including (i) specifying the person and institution responsible for data security and implementing data security protection responsibilities; (ii) conducting regular risk assessment of its data processing activities; and (iii) fulfilling the regulatory requirements for transmitting important data overseas. Further, remedial measures shall be taken immediately upon discovery of any data security defects or bugs, and users shall be timely notified and competent authorities shall be informed in accordance with relevant provisions if any data security incident occurs. If an enterprise conducting data processing activities fails to meet such requirements, it would be subject to regulatory penalties, including fine, suspension of the relevant business, close of business for rectification and revocation of the relevant business permit or business license.

On July 7, 2022, the CAC published Measures on Security Assessments for the Cross-border Transfer of Data which took effect on September 1, 2022. It is applicable to cross-border transfers of personal information and important data collected and generated in China under certain circumstances. Apart from that, the measures provides detailed requirements for contracts concluded between data processors and overseas recipients, including but not limited to the purpose of cross-border data transfer, the overseas storage site, the restrictions concerning the transfer of cross-border data from overseas recipients to other organizations and individuals, the security measures to be taken by the overseas recipients when there is a material change in the actual control or scope of business, liability for breach of data security obligations and binding and enforceable dispute resolution provisions and the proper emergency disposal to be taken in the event of risks such as data breaches.

On November 14, 2021, the CAC released the Regulations on the Administration of Cyber Data Security (Draft for Comments) (the “Draft Cyber Data Security Regulation”), which has not been officially enacted as of the date of this annual report. According to the Draft Cyber Data Security Regulation, data processors shall apply for a cybersecurity review when carrying out the following activities: (i) the merger, reorganization or division of internet platform operators that have acquired a large number of data resources related to national security, economic development or public interests, which affect or may affect national security; (ii) data processors that handle personal information of more than one million people contemplating to list their securities “in a foreign country”; (iii) data processors contemplating to list its securities on a stock exchange in Hong Kong, which affects or may affect national security; and (iv) other data processing activities that affect or may affect national security. According to the PRC National Security Law, “national security” refers to a status in which the regime, sovereignty, unity, territorial integrity, welfare of the people, sustainable economic and social development, and other vital interests of the state are relatively not in danger and not threatened internally or externally and the ability to maintain a sustained security status. However, the criteria for determining the circumstances that “affect or may affect national security” for the purpose of the Draft Cyber Data Security Regulation remain unclear and are subject to further clarification by the CAC.

94

Table of Contents

Privacy Protection

The PRC Constitution states that PRC law protects the freedom and privacy of communications of citizens and prohibits infringement of such rights. In recent years, PRC government authorities have enacted legislation on internet use to protect personal information from any unauthorized disclosure. On May 28, 2020, the National People’s Congress of the PRC approved the Civil Code of the PRC, which took effect on January 1, 2021. Pursuant to the Civil Code of the PRC, the personal information of a natural person shall be protected by the laws. Any organization or individual shall legally obtain such personal information of others when necessary and ensure the safety of such information, and shall not illegally collect, use, process or transmit personal information of others, or illegally purchase or sell, provide or make public personal information of others. The Administrative Measures on Internet Information Services, issued by the State Council on September 25, 2000 and amended on January 8, 2011, prohibit ICP service operators from insulting or slandering a third party or infringing the lawful rights and interests of a third-party.

On December 29, 2011, the MIIT promulgated the Several Provisions on Regulating the Market Order of Internet Information Services, which became effective on March 15, 2012. On December 28, 2012, the SCNPC promulgated the Decision on Strengthening Network Information Protection to enhance the legal protection of information security and privacy on the internet. The Provisions on Protection of Personal Information of Telecommunications and Internet Users promulgated by the MIIT on July 16, 2013 contains detailed requirements on the use and collection of personal information as well as the security measures to be taken by internet service providers. Specifically, (i) the users’ personal information shall not be collected without prior consent; (ii) the personal information shall not be collected other than those necessary for internet service providers to provide services; (iii) the personal information shall be kept strictly confidential; and (iv) a series of detailed measures shall be taken to prevent any divulgence, damage, tampering or loss of personal information of users.

The Administrative Provisions on Security Vulnerability of Network Products, or Provisions, were jointly promulgated by the MIIT, the CAC and the MPS on July 12, 2021 and took effect on September 1, 2021. Network product providers, network operators as well as organisations or individuals engaging in the discovery, collection, release and other activities of network product security vulnerability are subject to the Provisions and shall establish channels to receive information of security vulnerability of their respective network products and shall examine and fix such security vulnerability in a timely manner. Network product providers are required to report relevant information of security vulnerability of network products with the MIIT within two days and to provide technical support for network product users. Network operators shall take measures to examine and fix security vulnerability after discovering or acknowledging that their networks, information systems or equipment have security loopholes. According to the Provisions, the breaching parties may be subject to administrative penalty as regulated in accordance with the Cybersecurity Law. Since the Provisions are relatively new, uncertainties still exist in relation to its interpretation and implementation.

Pursuant to the Notice of the Supreme People’s Court, the Supreme People’s Procuratorate and the Ministry of Public Security on Legally Punishing Criminal Activities Infringing upon the Personal Information of Citizens, issued in April 23, 2013, and the Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues regarding Legal Application in Criminal Cases Infringing upon the Personal Information of Citizens, which was issued on May 8, 2017 and took effect on June 1, 2017, the following activities may constitute the crime of infringing upon a citizen’s personal information: (i) providing a citizen’s personal information to specified persons or releasing a citizen’s personal information online or through other methods in violation of relevant national provisions; (ii) providing legitimately collected information relating to a citizen to others without such citizen’s consent (unless the information is processed, not traceable to a specific person and not recoverable); (iii) collecting a citizen’s personal information in violation of applicable rules and regulations when performing a duty or providing services; or (iv) collecting a citizen’s personal information by purchasing, accepting or exchanging such information in violation of applicable rules and regulations. Pursuant to the Civil Code of the PRC, the collection, storage, use, process, transmission, provision and disclosure of personal information shall follow the principles of legitimacy, properness and necessity.

The Cybersecurity Law provides that network operators shall obtain the individual’s prior consent before collecting the personal information of such individual and take necessary technical measures or other appropriate measures to protect the personal information, and shall not provide the personal information to any third party without the individual’s prior consent unless such personal information has been processed in a proper way that a specific person will not be identified. For the operators of crucial information infrastructure, the personal information and crucial data must be stored within the territory of the People’s Republic of China. Where such data need to be provided to overseas parties due to business requirements, a security assessment shall be conducted before the transmission of the data.

95

Table of Contents

On August 20, 2021, the SCNPC promulgated the Personal Information Protection Law of the PRC (the “Personal Information Protection Law”), which took effect on November 1, 2021. The law aims to protect the rights and interests of personal information and regulate the processing of personal information. The Personal Information Protection Law stipulates certain important concepts with respect to personal information processing: (i) “personal information” refers to all kinds of information related to identified or identifiable natural persons recorded by electronic or other means, excluding the information processed anonymously; (ii) “processing of personal information” includes the collection, storage, use, processing, transmission, provision, disclosure and deletion of personal information, among others; and (iii) “personal information processor” refers to an organization or individual that independently determines the purpose and method of the processing in the processing of personal information.

The Personal Information Protection Law also stipulates the obligations in the circumstance of entrusted processing. Where a personal information processor entrusts others with the processing of personal information, (i) the personal information processor shall agree with the agent on substantial matters like purpose, term, method of entrusted processing, type of information and protection measures, as well as supervise the processing activities of the agent; and (ii) the agent shall process personal information strictly within the scope as agreed, and ensure the security of the personal information processed and assist the personal information processor to perform his legal obligations.

On August 22, 2019, the CAC issued the Regulation on Cyber Protection of Children’s Personal Information, effective on October 1, 2019. Network operators are required to establish special policies and user agreements to protect children’s personal information, and to appoint special personnel in charge of protecting children’s personal information. Network operators who collect, use, transfer or disclose personal information of children are required to, in a prominent and clear way, notify and obtain consent from children’s guardians.

On November 28, 2019, the Secretary Bureau of the CAC, the General Office of the MIIT, the General Office of the Ministry of Public Security and the General Office of the SAMR promulgated the Method for Identifying the Illegal Collection and Use of Personal Information by Apps, which took effect on November 28, 2019 (the “Method”). The Method provides guidance for the regulatory authorities to identify the illegal collection and use of personal information through mobile apps, and for the app operators to conduct self-examination and self-correction and for other participants to voluntarily monitor compliance. The Method lists six types of illegal collection and usage of personal information, including “failure to publish rules on the collection and usage of personal information,” “failure to expressly state the purpose, manner and scope of the collection and usage of personal information,” “collecting and using personal information without obtaining consents from users,” “collecting personal information irrelevant to the services provided,” “providing personal information to other parties without obtaining consent” and “failure to provide the function of deleting or correcting personal information as required by law or failure to publish the methods for complaints and reports or other information”. For a detailed discussion of the risks and uncertainties related to our compliance with regulations on privacy protection, please see “Item 3. Key Information—3.D.Risk Factors—Risks Related to our Business and Industry—Compliance with the rapidly evolving landscape of global data privacy and data security laws may be challenging, and any failure or perceived failure to comply with such laws, or other concerns about our practices or policies with respect to the processing of personal information, could damage our reputation and deter current and potential customers and end users from using our platform and products and services or subject us to significant compliance costs or penalties, which could materially and adversely affect our business, financial condition and results of operations.”

EU, U.K.

The following is a summary of selected data security and privacy laws of the EU and the U.S. We believe that these laws and regulations are relevant to our business operations because certain of our data centers, as well as many of the brands we serve, are located in the EU or the U.S. We believe many of these laws and regulations, such as the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), represent leading standards of data security and privacy in the world, and we have adopted internal controls, policies and procedures that we believe are consistent with the applicable standards under such laws and regulations. We have also completed information security, privacy and compliance certifications and validations from top privacy compliance and cybersecurity firms, such as TrustArc. For more information, see “Item 4. Information on the Company—4.B. Business Overview—Data Security and Privacy.”

96

Table of Contents

The GDPR, which applies to the collection, use, storage, retention, transfer, disclosure and other processing of personal data obtained from individuals located in the EU or by businesses operating within the EU, became effective on May 25, 2018 and has resulted, and will continue to result, in significantly greater compliance burdens and costs for companies with customers, end users, or operations in the EU. The GDPR places stringent obligations and operational requirements on us as both a processor and controller of personal data and could make it more difficult or more costly for us to use and share personal data. For example, requirements placed on data controllers include, among other things, transparent and expanded disclosure to data subjects about how their personal data is to be used, limitations on retention of information, mandatory data breach notification requirements, record keeping and documentation requirements, and higher standards for data controllers to demonstrate that they have obtained valid consent for certain data processing activities. Under the GDPR, data protection supervisory authorities are given various enforcement powers, including levying fines of up to 20 million Euros or up to 4% of an organization’s annual worldwide turnover, whichever is greater, for the preceding financial year, for non-compliance. Data subjects also have the right to be compensated for damages suffered as a result of a controller or processor’s non-compliance with the GDPR. While the GDPR provides a more harmonized approach to data protection regulation across the EU member states, it also gives EU member states certain areas of discretion; and therefore, laws and regulations in relation to certain data processing activities may differ on a member state by member state basis, which could further limit our ability to use and share personal data and could require localized changes to our operating model. In addition to the GDPR, the EU also has released a proposed Regulation on Privacy and Electronic Communications, or the ePrivacy Regulation, to replace the EU’s current Privacy and Electronic Communications Directive, or the ePrivacy Directive, to, among other things, better align EU member states and the rules governing online tracking technologies and electronic communications, such as unsolicited marketing and cookies, with the requirements of the GDPR. While the ePrivacy Regulation was originally intended to be adopted on May 25, 2018 (alongside the GDPR), it is currently going through the European legislative process, and the timing for adoption remains unclear.

Under the GDPR, restrictions are placed on transfers of personal data outside of the European Economic Area to countries which have not been deemed “adequate” by the European Commission (including the PRC). The Court of Justice of the European Union (the “CJEU”) issued a decision on July 16, 2020, invaliding the EU-US Privacy Shield Framework, which provided one mechanism for lawful cross-border transfers of personal data between the EU and the United States. While the decision did not invalidate the use of the European Commission’s approved standard contractual clauses, another mechanism for making lawful cross-border transfers, the decision has called the validity of standard contractual clauses into question under certain circumstances, and has made the legality of transferring personal data from the EU to the U.S. or various other jurisdictions outside of the EU more uncertain. Specifically, the CJEU stated that companies must now assess the validity of standard contractual clauses on a case-by-case basis, taking into consideration whether the standard contractual clauses provide sufficient protection in light of any access by the public authorities of the third country to where the personal data is transferred, and the relevant aspects of the legal system of such third country. Additionally, in October 2022, President Biden signed an executive order to implement the EU-U.S. Data privacy Framework, which serves as a replacement to the EU-US Privacy Shield. Moreover, on July 10, 2023 the European Commission adopted an adequacy decision concluding that the United States ensures an adequate level of protection for personal data transferred from the EEA to the United States under the EU-U.S. Data Privacy Framework (followed on October 12, 2023 with the adoption of an adequacy decision in the U.K. for the U.K.-US Data Bridge). However, the adequacy decision does not foreclose, and is likely to face, future legal challenges and the ongoing legal uncertainty may increase our costs and our ability to efficiently process personal data from the EEA. While the European Commission published new standard contractual clauses for transferring personal data from the EU to third countries, and the European Data Protection Board issued certain recommendations relating to measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, the CJEU’s decision has increased uncertainty surrounding data transfers from the EU to third countries that may not offer the same level of protection for data subjects’ rights as the EU. Due to these recent regulatory changes and guidance, we may need to invest in additional technical, legal and organization safeguards in the future to avoid disruptions to data flows within our business and to and from our customers and service providers. Furthermore, this uncertainty, and its eventual resolution, may increase our costs of compliance, impede our ability to transfer data and conduct our business, and harm our business or results of operations.

97

Table of Contents

Additionally, the withdrawal of the United Kingdom (“U.K.”) from the EU (commonly known as “Brexit”) has created uncertainty with regard to the regulation of privacy and data protection in the U.K. Since January 1, 2021, when the transitional period following Brexit expired, the so-called U.K. GDPR (combining the GDPR and the U.K.’s Data Protection Act of 2018) has been in effect in the U.K. Although the U.K. GDPR currently imposes substantially the same obligations as the GDPR, and currently authorizes similar fines, the U.K. GDPR will not automatically incorporate changes to the GDPR going forward (which would need to be specifically incorporated by the U.K. government). Moreover, the U.K. government has publicly announced plans to reform the U.K. GDPR in ways that, if formalized, are likely to deviate from the GDPR. While the European Commission has issued an “adequacy” decision to the U.K., which facilitates the sharing of personal data between the EU and the U.K. for the time being, such adequacy decision will sunset in June 2025 unless extended and it may be revoked in the future by the European Commission if the U.K. data protection regime is reformed in ways that deviate substantially from the level of protection currently in place. Adding further complexity for international data flows, in March 2022, the U.K. adopted its own International Data Transfer Agreement for transfers of personal data out of the U.K. to so-called third countries, as well as an international data transfer addendum that can be used with GDPR’s standard contractual clauses for the same purpose. All of this creates a risk of divergent parallel regimes and related uncertainty, along with the potential for increased compliance costs and risks for affected businesses based on differing interpretation and enforcement by regulators and authorities.

United States

In the United States, various federal regulators, including governmental agencies like the Federal Trade Commission, and states and state regulators have adopted, or are considering adopting, laws and regulations concerning personal data and data security, such as the California Consumer Privacy Act, of 2018 (as modifed by the California Privacy Rights Act, collectively “CCPA”). This patchwork of legislation and regulation may give rise to conflicts or differing views of personal privacy rights. For example, certain state laws may be more stringent or broader in scope, or offer greater individual rights, with respect to personal data than federal, international or other state laws, and such laws may differ from each other, all of which may complicate compliance efforts. One such comprehensive privacy law in the United States is the CCPA, which came into effect on January 1, 2020 and was significantly amended as of January 1, 2023. Among other things, the CCPA requires companies that process personal information of California residents to make detailed disclosures to consumers about such companies’ data collection, use and sharing practices, gives California residents expanded rights to access and delete their personal information and to opt out of certain personal information sharing with (and sales of personal information to) third parties. The CCPA provides for civil penalties for violations, as well as a private right of action for certain data breaches that result in the loss of personal data that may increase the likelihood of, and risks associated with, data breach litigation. Additionally, the CCPA expands consumers’ rights with respect to certain sensitive personal information, further restricts the use of cross-context behavioral advertising and creates a state agency, the California Privacy Protection Agency, to oversee implementation and enforcement efforts. Amendments have been made to the CCPA, and it is possible that further amendments will be enacted, but even in its current form it remains unclear how various provisions of the CCPA will be interpreted and enforced, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. In addition, all 50 states have laws that require the provision of notification for security breaches of personal information to affected individuals, state officers or others. Possible consequences for non-compliance with these various state laws include enforcement actions in response to rules and regulations promulgated under the authority of federal agencies and state attorneys general and legislatures and consumer protection agencies. State laws are changing rapidly and there have been ongoing discussions and proposals in the U.S. Congress with respect to new federal data privacy and security laws to which we would become subject if enacted. All of these evolving compliance and operational requirements impose significant costs that are likely to increase over time, may require us to modify our data processing practices and policies, divert resources from other initiatives and projects, and could restrict the way products and services involving data are offered, all of which may have a material and adverse impact on our business, financial condition and results of operations.

Registration for Import and Export Goods

Pursuant to the Customs Law of the People’s Republic of China promulgated by the SCNPC on January 22, 1987 and last amended on April 29, 2021, unless otherwise stipulated, the declaration of import and export goods may be made by consignees and consignors themselves, and such formalities may also be completed by their entrusted customs brokers that have filed with the Customs. The consignees and consignors for import or export of goods and the customs brokers engaged in customs declaration shall file with the Customs in accordance with the laws.

98

Table of Contents

Pursuant to the Administrative Provisions of the Customs of the People’s Republic of China on the Record Filings of Customs Declaration Entities promulgated by the General Administration of Customs on November 19, 2021, where the consignee or consignor of imported or exported goods or a customs declaration enterprise applies for recordation, it shall obtain the qualification of market entities; particularly where the consignee or consignor of imported or exported goods applies for recordation, it shall be filed as a foreign trade business. Where the consignee or consignor of imported or exported goods or a customs declaration enterprise has undergone the formalities of recordation for customs declaration entities, branches that meet the requirements of the preceding paragraph may also apply for recordation for customs declaration entities.

In addition, the Foreign Trade Law of the PRC which was promulgated by the SCNPC on May 12, 1994 and amended on November 7, 2016, and the Measures for the Record Filing and Registration of Foreign Trade Business Operators, which was promulgated by MOFCOM on June 25, 2004 and last amended on May 10, 2021, require any foreign trade business operator that is engaged in the import and export of goods or technology shall be registered for archival purposes with the administrative department of foreign trade of the State Council or the institution entrusted thereby, unless it is otherwise provided for by any law, administrative regulation or the foreign trade department of the State Council. The specific measures for archival registration shall be formulated by the foreign trade department of the State Council. Where any foreign trade business operator that fails to file for record and registration according to relevant provisions, the customs may not handle the procedures of customs declarations and release of the import or export goods. On December 30, 2022, the SCNPC promulgated the Decision on Amending the Foreign Trade Law of the PRC, and accordingly foreign trade operators engaged in the import and export of goods or technologies are not required to go through the filing and registration procedures from December 30, 2022.

Regulations Relating to Product Quality

Products made in mainland China are subject to the Product Quality Law of the People’s Republic of China, which was promulgated on February 22, 1993, last amended on December 29, 2018. According to the Product Quality Law, a manufacturer of a product is responsible to compensate for the damages to any person or property caused by the defect of such a product, unless the manufacturer is able to prove that (i) it has not circulated the product; (ii) the defect did not exist at the time when the product was circulated; or (iii) scientific or technological knowledge at the time when the product was circulated was not such that it allowed the defect to be discovered.

The Consumer Rights and Interests Protection Law of the People’s Republic of China (the “Consumers Protection Law”) was promulgated on October 31, 1993 and became effective on January 1, 1994. The Consumers Protection Law has been further revised on August 27, 2009 and October 25, 2013. According to the Consumers Protection Law, unless otherwise provided by this law, an operator that provides products or services may bear civil liability in accordance with the Product Quality Law and other relevant laws and regulations.

According to the Administrative Regulations for Compulsory Product Certification, which was promulgated by the General Administration of Quality Supervision, Inspection and Quarantine P.R.C. (the “AQSIQ”) (which has merged into the State Administration for Market Regulation) on July 3, 2009 and last amended on September 29, 2022, products specified by the state shall not be delivered, sold, imported or used in other business activities until they are certified, or the Compulsory Product Certification, and labeled with China Compulsory Certification mark. For products that are subject to Compulsory Product Certification, the state implements unified product catalogs, or the 3C Catalog, unified compulsory requirements, standards and compliance assessment procedures in technical specification, unified certification marks and unified charging standards.

Regulation Relating to Intellectual Property Rights

Regulation on Patents

The SCNPC adopted the Patent Law of the PRC in 1984 and amended it in 1992, 2000, 2008 and 2020, respectively. A patentable invention or utility model must meet three conditions: novelty, inventiveness and practical applicability. Patents cannot be granted for scientific discoveries, rules and methods for intellectual activities, methods used to diagnose or treat diseases, animal and plant breeding methods of nuclear transformation or substances obtained by means of nuclear transformation. The Patent Office under the State Intellectual Property Office is responsible for receiving, examining and approving patent applications. A patent is valid for a 20-year term for an invention and a 10-year term for a utility model and a 15-year term for a design, starting from the application date. Except under certain specific circumstances provided by law, any third-party user must obtain consent or a proper license from the patent owner to use the patent, or else the use will constitute an infringement of the rights of the patent holder.

99

Table of Contents

Regulation on Copyright

In accordance with the Copyright Law of the PRC which was promulgated by the SCNPC on September 7, 1990 and last amended on November 11, 2020, and took effect on June 1, 2021. Chinese citizens, legal persons or other entities own the copyright in their works whether published or not, including written works; oral works; music, comedy arts of talking and singing, dance and acrobatics; work of art and architecture work; photographic works; cinematographic work and work created by the method similar to the film production method; engineering design drawing, product design drawing, map, sketch and other graphic works and model works; computer software and other works specified by laws and administrative regulations. The rights a copyright owner has include but are not limited to the following rights of the person and property rights: the right of publication, right of authorship, right of modification, right of integrity, right of reproduction, distribution right, rental right, right of network communication, translation right and right of compilation.

In accordance with the Regulations on the Protection of Computer Software promulgated by the State Council on June 4, 1991 and last amended on January 30, 2013, Chinese citizens, legal persons or other entities own the copyright, including the right of publication, right of authorship, right of modification, right of reproduction, distribution right, rental right, right of network communication, translation right and other right software copyright owners shall have in software developed by them, regard less of whether it has been published. In accordance with the Measures for the Registration of Computer Software Copyright promulgated by the National Copyright Administration on February 20, 2002, software copyrights, exclusive licensing contracts for software copyrights and software copyright transfer contracts shall be registered, and the National Copyright Administration shall be the competent authority for the administration of software copyright registration and designates the Copyright Protection Center of China as a software registration authority. The Copyright Protection Center of China shall grant a registration certificate to a computer software copyright applicant who complies with regulations.

Regulation on Trademark

Trademarks are protected by the Trademark Law of the PRC (Revised in 2019), or the Trademark Law, which was promulgated on August 23, 1982 and last amended on April 23, 2019 and come into effect on November 1, 2019, respectively, as well as the Implementation Regulation of Trademark Law of the PRC adopted by the State Council on August 3, 2002 (Revised in 2014). In China, registered trademarks include commodity trademarks, service trademarks, collective marks and certification marks.

The Trademark Office of China National Intellectual Property Administration handles trademark registrations and grants a term of 10 years to registered trademarks. Trademarks are renewable every ten years where a registered trademark needs to be used after the expiration of its validity term. A registration renewal application shall be filed within six months prior to the expiration of the term. A trademark registrant may license its registered trademark to another party by entering into a trademark license contract. Trademark license agreements must be filed with the Trademark Office to be recorded. The licensor shall supervise the quality of the commodities on which the trademark is used, and the licensee shall guarantee the quality of such commodities. The Trademark Law has adopted a “first come, first file” principle with respect to trademark registration. Where a trademark for which a registration application has been made is identical or similar to another trademark which has already been registered or been subject to a preliminary examination and approval for use on the same kind of or similar commodities or services, the application for registration of such trademark may be rejected. Any person applying for the registration of a trademark may not prejudice the existing right first obtained by others, nor may any person register in advance a trademark that has already been used by another party and has already gained a “sufficient degree of reputation” through such party’s use. Trademarks are granted for a term of 10 years. Twelve months prior to the expiration of the ten-year term, the trademark registrant shall apply for the renewal of registration; if the trademark registrant does not make the renewal during the foregoing period, another six-month extension can be granted.

Regulation on Domain Name

In accordance with the Measures for the Administration of Internet Domain Names, which was promulgated by the MIIT on August 24, 2017 and took effect on November 1, 2017, whoever engages in internet domain name services and its operation and maintenance, supervision and administration and other related activities within the territory of the People’s Republic of China shall abide by these Measures.

100

Table of Contents

In accordance with the Notice of the MIIT on Regulating the Use of Domain Names in Internet Information Services) which was promulgated by the MIIT of the PRC on November 27, 2017 and took effect on January 1, 2018, internet access service providers shall verify the identity of each internet information service provider, and shall not provide services to any internet information service provider who fails to provide real identity information.

Regulation Relating to Employment and Social Welfare

Regulation on Labor

Pursuant to the Labor Contract Law of the PRC, which was issued on June 29, 2007, amended on December 28, 2012 and became effective on July 1, 2013, labor contracts shall be concluded in writing if labor relationships are to be or have been established between enterprises or institutions and the laborers. Enterprises and institutions are forbidden to force laborers to work beyond the time limit and employers shall pay laborers for overtime work in accordance with national regulations. In addition, labor wages shall not be lower than local standards on minimum wages and shall be paid to laborers in a timely manner.

According to the Labor Law of the PRC, which was promulgated on July 5, 1994, last amended and became effective on December 29, 2018, enterprises and institutions shall establish and improve their system of work place safety and sanitation, strictly abide by state rules and standards on workplace safety, educate laborers in labor safety and sanitation in the PRC. Labor safety and sanitation facilities shall comply with state-fixed standards.

Enterprises and institutions shall provide laborers with a safe workplace and sanitary conditions that comply with state stipulations and the relevant articles of labor protection.

Regulation on Social Insurance and Housing Fund

In accordance with the Regulation of Insurance for Labor Injury, implemented on January 1, 2004, amended on December 20, 2010 and effective on January 1, 2011, the Provisional Measures for Maternity Insurance of Employees of Corporation, implemented on January 1, 1995, the Decisions on the Establishment of a Unified Program for Basic Old-Aged Pension Insurance of the State Council, issued on July 16, 1997, the Decisions on the Establishment of the Medical Insurance Program for Urban Workers of the State Council promulgated on December 14, 1998, the Unemployment Insurance Measures, promulgated on January 22, 1999, the Social Insurance Law of the PRC, implemented on July 1, 2011 and amended on December 29, 2018, and the Interim Regulations on the Collection and Payment of Social Insurance Premiums, promulgated on January 22, 1999 and amended on March 24, 2019, enterprises are obliged to provide their employees in the PRC with welfare schemes covering pension insurance, unemployment insurance, maternity insurance, labor injury insurance and medical insurance. These payments are made to local administrative authorities and any employer that fails to contribute may be fined and ordered to make up within a prescribed time limit.

In accordance with the Regulations on the Management of Housing Funds, which was promulgated by the State Council on April 3, 1999 and last amended on March 24, 2019, enterprises must register at the competent managing center for housing funds and upon the examination by such managing center of housing funds, these enterprises shall complete procedures for opening an account at the relevant bank for the deposit of employees’ housing funds. Enterprises are also required to pay and deposit housing funds on behalf of their employees in full and in a timely manner.

​

101

Table of Contents

Regulation Relating to Tax

Enterprise Income Tax

According to the Enterprise Income Tax Law of the PRC, or the EIT Law, and its relevant implementation regulations, taxpayers consist of resident enterprises and non-resident enterprises.

Resident enterprises are defined as enterprises that are established in China in accordance with PRC laws, or that are established in accordance with the laws of foreign countries but whose actual or de facto control is administered from within the PRC. Non-resident enterprises are defined as enterprises that are set up in accordance with the laws of foreign countries and whose actual administration is conducted outside the PRC, but have established institutions or premises in the PRC, or have no such established institutions or premises but have income generated from inside the PRC. Under the EIT Law and relevant implementing regulations, a uniform enterprise income tax rate of 25% is applicable. However, if non-resident enterprises have not formed permanent establishments or premises in the PRC, or if they have formed permanent establishment institutions or premises in the PRC but there is no actual relationship between the relevant income derived in the PRC and the established institutions or premises set up by them, the enterprise income tax is, in that case, set at a rate of 10% for their income sourced from inside the PRC.

According to the EIT Law and relevant implementation regulations, the EIT tax rate of a high and new technology enterprise is 15%. Pursuant to the Administrative Measures for the Recognition of High and New Technology Enterprises, which became effective on January 1, 2008 and amended on January 29, 2016, the certificate of a high and new technology enterprise is valid for three years. An enterprise shall, after being accredited as a high-tech enterprise, fill out and submit the statements on annual conditions concerning the intellectual property rights, scientific and technical personnel, expenses on research and development and operating income for the previous year on the “website for the administration of accreditation of high-tech enterprises.”

The Notice on Taxation Policies for Further Encouraging the Development of the Software and Integrated Circuit Industries, which was promulgated by the Ministry of Finance (the “MOF”) and the State Administration of Taxation (the “SAT”) on April 20, 2012 and became effective on January 1, 2011, and the Notice on Issues Relating to the Preferential Policies for Enterprise Income Tax in Software and Integrated Circuits Industry promulgated by MOF, the SAT, the NDRC and the MIIT on May 4, 2016, provide that, upon certification, newly established integrated circuit design enterprises and eligible software enterprises shall be exempt from the enterprise income tax for the first two years of the preferential period, and shall be levied thereon at half of the statutory rate of 25% for the next three years until the expiration of the preferential period.

Value-Added Tax

The Provisional Regulations of the PRC on Value-added Tax were promulgated by the State Council on December 13, 1993 and came into effect on January 1, 1994, which were subsequently amended on November 10, 2008, February 6, 2016 and November 19, 2017. The Detailed Rules for the Implementation of the Provisional Regulations of the PRC on Value-added Tax (Revised in 2011) was promulgated by the MOF on December 25, 1993 and subsequently amended on December 15, 2008 and October 28, 2011. These rules and regulations are collectively referred to as the VAT Law. On November 19, 2017, the State Council promulgated the Decisions on Abolishing the Provisional Regulations of the PRC on Business Tax and Amending the Provisional Regulations of the PRC on Value-added Tax, or the Order 691. According to the VAT Law and Order 691, all enterprises and individuals engaged in the sale of goods, the provision of processing, repair and replacement services, sales of services, intangible assets, real property and the importation of goods within the territory of the PRC are the taxpayers of VAT. The VAT tax rates generally applicable are simplified as 17%, 11%, 6% and 0%, and the VAT tax rate applicable to the small-scale taxpayers is 3%. The Notice of the MOF and the SAT on the Adjustment to VAT Rates, or the Notice, was promulgated on April 4, 2018 and became effective as of May 1, 2018. The Notice adjusted the VAT tax rates of 17% and 11% to 16% and 10%, respectively. According to the Announcement on Relevant Policies for Deepening Value-Added Tax Reform, which came into effect from April 1, 2019, the VAT tax rates of 16% and 10% were further changed into 13% and 9%, respectively.

​

102

Table of Contents

Dividend Withholding Tax

Furthermore, pursuant to the Notice of the SAT on the Issues Concerning the Application of the Dividend Clauses of Tax Agreements, which was promulgated and effective on February 20, 2009, all of the following requirements should be satisfied where a fiscal resident of the other party to the tax agreement needs to be entitled to such tax agreement treatment as being taxed at a tax rate specified in the tax agreement for the dividends paid to it by a PRC resident company: (i) such a fiscal resident who obtains dividends should be a company as provided in the tax agreement; (ii) owner’s equity interests and voting shares of the PRC resident company directly owned by such a fiscal resident reaches a specified percentage; and (iii) the equity interests of the PRC resident company directly owned by such a fiscal resident, at any time during the 12 months prior to the acquisition of the dividends, reaches a percentage specified in the tax agreement.

In addition, according to the Announcement of the State Taxation Administration on Issuing the Measures for Non-resident Taxpayers’ Enjoyment of Treaty Benefits, promulgated by the SAT on October 14, 2019 and became effective on January 1, 2020, where a non-resident enterprise that receives dividends from a PRC resident enterprise wishes to enjoy the favorable tax benefits under the convention treatment, it may be entitled to the convention treatment itself when filing a tax return or making a withholding declaration through a withholding agent, subject to the subsequent administration by the tax authorities.

Regulation Relating to Foreign Exchange

Pursuant to the Foreign Exchange Administration Regulations of the PRC, as amended in August 5, 2008, RMB is freely convertible for current account items, including the distribution of dividends, interest payments, trade and service-related foreign exchange transactions, but not for capital account items, such as direct investments, loans, repatriation of investments and investments in securities outside China, unless the prior approval of SAFE is obtained and prior registration with SAFE is made. On May 10, 2013, SAFE promulgated the Notice of the SAFE on Issuing the Provisions on the Foreign Exchange Administration of Domestic Direct Investment of Foreign Investors and the Supporting Documents, or the SAFE Circular No. 21, which was amended on October 10, 2018 and December 30, 2019. SAFE Circular No. 21 provided and simplified the operational steps and regulations on foreign exchange matters related to direct investment by foreign investors, including foreign exchange registration, account opening and use, receipt and payment of funds, and settlement and sales of foreign exchange.

Pursuant to the Notice of the SAFE on Further Improving and Adjusting Foreign Exchange Administration Policies for Direct Investment, or the SAFE Circular No. 59, which was promulgated by SAFE on November 19, 2012, became effective on December 17, 2012 and was further amended on May 4, 2015, October 10, 2018 and December 30, 2019, approval is not required for the opening of an account entry in foreign exchange accounts under direct investment. SAFE Notice No. 59 also simplified the capital verification and confirmation formalities for foreign invested entities, the foreign capital and foreign exchange registration formalities required for the foreign investors to acquire equities from a Chinese party, and further improved the administration on exchange settlement of foreign exchange capital of foreign invested entities.

Pursuant to the Notice of the SAFE on Issues concerning Foreign Exchange Administration of the Overseas Investment and Financing and the Round-tripping Investment Made by Domestic Residents through Special-Purpose Companies, or the SAFE Circular No. 37, which was promulgated by SAFE and became effective on July 4, 2014, (i) a PRC resident shall register with the local SAFE branch before he or she contributes assets or equity interests in an overseas SPV that is directly established or controlled by such PRC resident for the purpose of conducting investment or financing; and (ii) following the initial registration, such PRC resident is also required to register with the local SAFE branch for any major change, in respect of the overseas SPV, including, among other things, a change of the overseas SPV’s PRC resident shareholder(s), name of the overseas SPV, term of operation, or any increase or reduction of the overseas SPV’s registered capital, share transfer or swap, and merger or division. Pursuant to SAFE Circular No.37, failure to comply with these registration procedures may result in penalties.

Pursuant to the Notice of the SAFE on Further Simplifying and Improving Policies for the Foreign Exchange Administration of Direct Investment, or the SAFE Circular 13, which was promulgated on February 13, 2015, became effective on June 1, 2015 and was further amended on December 30, 2019, the foreign exchange registration under domestic direct investment and the foreign exchange registration under overseas direct investment is directly reviewed and handled by banks in accordance with the SAFE Circular 13, and the SAFE and its branches shall perform indirect regulation over the foreign exchange registration via banks.

103

Table of Contents

Regulation Relating to Dividend Distribution

The Company Law is the principal law that governs the dividends distribution by companies in the PRC and it applies to both PRC domestic companies and foreign-invested companies. Foreign-invested companies are also subject to the relevant requirements under the Foreign Investment Law and its implementing rules. Under these laws, regulations and rules, both domestic companies and foreign-invested companies in the PRC are required to set aside as general reserves at least 10% of their after-tax profit, until the cumulative amount of their reserves reaches 50% of their registered capital. PRC companies are not permitted to distribute any profits until any losses from prior fiscal years have been offset. Profits retained from prior fiscal years may be distributed together with distributable profits from the current fiscal year.

Regulations Relating to Employee Equity Incentive Plan

Pursuant to the SAFE Circular 37, PRC residents who participate in equity incentive plan in overseas non-publicly listed companies may submit applications to SAFE or its local branches for the foreign exchange registration with respect to offshore special purpose companies. In addition, pursuant to the Notice of Issues Related to the Foreign Exchange Administration for Domestic Individuals Participating in Stock Incentive Plan of Overseas Listed Company, or the SAFE Circular 7, which was issued by the SAFE on February 15, 2012, employees, directors, supervisors, and other senior management participating in any equity incentive plan of an overseas publicly listed company who are PRC citizens or who are non-PRC citizens residing in China for a continuous period of not less than one year, subject to a few exceptions, are required to register with SAFE through a domestic agency as regulated in SAFE Circular 7.

In addition, the SAT has issued certain circulars concerning employee stock options and restricted shares, including the Circular on Issues Concerning the Individual Income Tax on Share-option Incentives, or the SAT Circular 461, which was promulgated and took effect on August 24, 2009, and the Notice on Measures Enhancing the Reform in Taxation and Stimulating the Vitality of Market Players which was promulgated and took effect on October 12, 2021. Under the SAT Circular 461 and other relevant laws and regulations, employees working in the PRC who exercise stock options or are granted restricted shares will be subject to PRC individual income tax. The PRC subsidiaries of an overseas listed company are required to file documents related to employee stock options and restricted shares with relevant tax authorities and to withhold individual income taxes of employees who exercise their stock option or purchase restricted shares. If the employees fail to pay or the PRC subsidiaries fail to withhold income tax in accordance with relevant laws and regulations, the PRC subsidiary may face sanctions imposed by the tax authorities or other PRC government authorities.

Regulation Relating to M&A and Overseas Listing

The Regulations on Mergers and Acquisitions of Domestic Enterprises by Foreign Investors (the “M&A Rules”) was promulgated by six PRC ministries, including MOFCOM, the State-owned Assets Supervision and Administration Commission of the State Council, the SAT, the SAMR, the CSRC, and the SAFE, on August 8, 2006, and was amended and became effective on June 22, 2009. The M&A Rules stipulate that a foreign investor is required to obtain necessary approvals when it (i) acquires the equity of a domestic enterprise so as to convert the domestic enterprise into a foreign-invested enterprise; (ii) subscribes for the increased capital of a domestic enterprise so as to convert the domestic enterprise into a foreign-invested enterprise; (iii) establishes a foreign-invested enterprise through which it purchases the assets of any domestic enterprise and operates these assets; or (iv) purchases the assets of a domestic enterprise, and then invests such assets to establish a foreign-invested enterprise. The M&A Rules, among other things, further prescribed that a special purpose vehicle, formed for overseas listing purposes and controlled directly or indirectly by PRC companies or individuals, shall be approved by MOFCOM prior to its establishment and obtain the approval of the CSRC prior to the listing and trading of such special purpose vehicle’s securities on an overseas stock exchange.

Pursuant to the Notice of the Foreign Investment Administration of the MOFCOM on Distributing the Manual of Guidance on Administration for Foreign Investment Access, which was issued and became effective on December 18, 2008 by MOFCOM, notwithstanding the fact that (i) the domestic shareholder is connected with the foreign investor or not, or (ii) the foreign investor is the existing shareholder or the new investor, the M&A Rules shall not apply to the transfer of an equity interest in an incorporated foreign-invested enterprise from the domestic shareholder to the foreign investor.

​

104

Table of Contents

On February 17, 2023, the CSRC released the Trial Administrative Measures of Overseas Securities Offering and Listing by Domestic Companies, or the Trial Measures, and relevant supporting guidelines, collectively, the New Overseas Listing Rules, setting out new filing procedures for China-based companies seeking direct or indirect listings and offerings in overseas markets, which came into force since March 31, 2023. The New Overseas Listing Rules are applicable to PRC domestic companies that seek to offer and list securities in overseas markets, either through direct or indirect means. If an issuer meets both of the following criteria, the overseas securities offering and listing conducted by such issuer shall be deemed to be an indirect overseas offering subject to the filing procedures set forth under the New Overseas Listing Rules: (i) 50% or more of the issuer’s operating revenue, total profit, total assets or net assets as documented in its audited consolidated financial statements for the most recent fiscal year are derived from PRC domestic companies; and (ii) the issuer’s business activities are substantially conducted in mainland China, or its principal place(s) of business are located in mainland China, or the senior managers in charge of its business operations and management are mostly Chinese citizens or domiciled in mainland China. Pursuant to the New Overseas Listing Rules, an issuer listed in an overseas market that intends to effect any follow-on offering in the same overseas market where it has previously offered and listed securities should, through its major operating entity incorporated in the PRC, file relevant materials with the CSRC within three business days after the completion of any such follow-on offering.

Furthermore, according to New Overseas Listing Rules, after an issuer has completed its offering and listed its securities on an overseas stock exchange, the issuer shall submit a report to the CSRC within three business days after the occurrence and public disclosure of any material events, including: (i) a change of control; (ii) investigations of or sanctions imposed on the issuer by overseas securities regulatory agencies or other relevant competent authorities; (iii) changes of listing status or transfers of the listing segment; and (iv) a voluntary or mandatory delisting.

The New Overseas Listing Rules provide that in the event of any breach, including any failure to fulfill the filing procedure, or any offering and listing of securities in an overseas market in violation of the measures, the CSRC will order such domestic company to rectify, issue warnings to such domestic company, and impose a fine between RMB1 million and RMB10 million. Fines and warnings will be imposed on persons-in-charge and other persons who are directly liable. In addition, fines will also be imposed on controlling shareholders and actual controllers of the domestic company who initiate or cause the noncompliance activities described above.

​

105

Table of Contents

4.C.Organizational Structure

The following chart illustrates our corporate structure, including our significant subsidiaries as that term is defined under Section 1-02 of Regulation S-X under the Securities Act, the VIE and certain other subsidiaries, as of the date of this annual report.

​

Notes:

(1) The VIE is owned by certain nominee shareholders, not us. All of these nominee shareholders are also beneficial owners of our company. Shareholders of Hangzhou Tuya Technology are Xueji (Jerry) Wang (our director and CEO), Liaohan (Leo) Chen (our director), Yaona Lin (our employee), Ruixin Zhou (our employee) and Peihong Chen (our employee), each holding approximately 60.7%, 13.1%, 11.5%, 9.8% and 4.9%, respectively, of Hangzhou Tuya Technology’s equity interests.

(2) Contractual arrangements include exclusive business cooperation agreement, equity interest pledge agreement, exclusive option agreement, power of attorney and spousal consent. See “—Contractual Arrangements with the VIE and the VIE’s Registered Shareholders” below in this annual report.

Contractual Arrangements with the VIE and the VIE’s Registered Shareholders

Tuya Inc. is a Cayman Islands holding company and conducts its operations in China mainly through its PRC subsidiaries.

Investment in certain areas of the industries in which we currently operate and may operate are subject to restrictions under current PRC laws and regulations. After consultation with Jia Yuan Law Offices, our PRC legal counsel, we determined that it was not viable for us to hold Hangzhou Tuya Technology, the VIE, directly through equity ownership. Instead, we decided that, in line with common practice in the PRC for industries subject to foreign investment restrictions, we would gain effective control over, and receive all the economic benefits generated by the businesses currently operated by the VIE through the contractual arrangements between Tuya Information, on the one hand, and the VIE and the registered shareholders, on the other hand. As a result of these contractual arrangements, we exert effective control over the VIE, and are considered the primary beneficiary of the VIE for accounting purposes and consolidate its operating results in our financial statements under the U.S. GAAP.

​

106

Table of Contents

The revenue contribution from the VIE was nil in 2021, 2022 and 2023. As of December 31, 2022 and 2023 the assets of the VIE, excluding amounts due from other companies in our group, represented less than 0.01% and less than 0.01% of our consolidated total assets, respectively. We expect the contribution of revenue and assets to our group from the VIE to remain immaterial in the foreseeable future. Additionally, the VIE does not hold any licenses or permits that are material to our current business operations.

The contractual arrangements between Tuya Information, on the one hand, and the VIE and its registered shareholders, on the other hand, were initially entered into in December 2014 and were amended and restated in January 2022. The following is a summary of these contractual arrangements. For the complete text of these contractual arrangements, please see the copies filed as exhibits to this annual report.

In the opinion of Jia Yuan Law Offices, our PRC legal counsel, the execution and performance of the contractual arrangements do not violate the provisions of the Civil Code of the PRC which may lead to their invalidity, and are binding on the parties thereto. The contractual arrangements can be enforced in accordance with PRC laws, except that the following arrangement may not be enforceable under PRC laws: (i) the contractual arrangements provide that the arbitrator may impose restrictions on and/or dispose of the VIE’s equity interests or land and other assets (such as for award of remedies), grant injunction (such as for the conduct of business or compelling the transfer of assets), or grant other interim relief, or order winding up of our consolidated affiliated entity through arbitration, and that the courts with jurisdiction (including the courts in Hong Kong, the place of incorporation of the Company, the place of incorporation of the VIE, and the place where the principal assets of our company or the VIE is located) shall have the right to grant interim relief in support of the arbitration, while under PRC laws, an arbitral body has no power to grant injunctive relief and may not directly issue a provisional or final liquidation order for the purpose of protecting assets of or equity interests in the VIE in case of disputes. In addition, interim remedies or enforcement orders granted by overseas courts such as Hong Kong and the Cayman Islands may not be recognizable or enforceable in China, and (ii) the contractual arrangements provide that when the VIE is liquidated or dissolved, persons recommended by Tuya Information shall be appointed as permitted by the PRC laws to establish a liquidation team to manage the assets of the VIE.

However, these contractual arrangements may not be as effective in providing control as direct equity ownership. There are substantial uncertainties regarding the interpretation and application of current or future PRC laws and regulations. We have been further advised by our PRC legal counsel that if the PRC government finds that the agreements that establish the VIE structure do not comply with applicable PRC laws and regulations, we could be subject to penalties, including being required to cease the operations carried out through the VIE. For a detailed discussion of the risks and uncertainties related to these contractual arrangements and our corporate structure, please see “Item 3. Key Information – 3.D. Risk Factors—Risks Related to Our Corporate Structure.”

Exclusive Business Cooperation Agreement

Under this exclusive business cooperation agreement, Tuya Information has agreed to provide the following services to Hangzhou Tuya Technology:

107

Table of Contents

Hangzhou Tuya Technology has agreed to pay services fees to Tuya Information on a regular basis in discretion of Hangzhou Tuya Technology after considering certain factors as specified in the exclusive business cooperation agreement. The service fee shall be equivalent to the total income of Hangzhou Tuya Technology of each financial year, deducting the costs, expenses, taxes (excluding corporate income tax) and other statutory fees reserved or withdrawn. Hangzhou Tuya Technology shall pay the service fee to the bank account designated by Tuya Information within 10 days after receiving notice and bill from Tuya Information. This agreement was effective from December 23, 2014 and will continue to be effective unless it is terminated by written notice of Tuya Information or according to the provisions in the agreement. Unless otherwise required by applicable laws, Hangzhou Tuya Technology shall not have any right to terminate this exclusive business cooperation agreement in any event.

Equity Interest Pledge Agreement

Xueji (Jerry) Wang, one of the shareholders of Hangzhou Tuya Technology, entered into an equity pledge agreement with Tuya Information and Hangzhou Tuya Technology, originally dated December 23, 2014 and amended and restated on August 23, 2019 and January 19, 2022, respectively. Each of Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen, the shareholders of Hangzhou Tuya Technology, entered into an equity pledge agreement with Tuya Information and Hangzhou Tuya Technology, each originally dated December 23, 2014, amended on August 23, 2019 and amended and restated on January 19, 2022. Under such equity interest pledge agreements, each of Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen pledged his or her respective equity interest in Hangzhou Tuya Technology to Tuya Information to secure his or her obligations under the applicable exclusive business cooperation agreement, exclusive option agreement, and powers of attorney. Each of Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen further agreed to not transfer or pledge his or her respective equity interest in Hangzhou Tuya Technology without the prior written consent of Tuya Information. Each of the equity pledge agreement will remain binding until the respective pledger, Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen, as the case may be, discharges all his or her obligations and pays all his or her indebtedness under the above-mentioned agreements. Once Tuya Information is permitted to directly hold the equity interest of Hangzhou Tuya Technology, and Hangzhou Tuya Technology is able to operate its business legally pursuant to the PRC laws and regulations, Tuya Information will exercise the equity purchase option under the Exclusive Option Agreement as soon as possible, so that it will directly operate the business of Hangzhou Tuya Technology or directly hold its equity interest. As the date of this annual report, the equity pledges under the equity interest pledge agreement have been registered with competent PRC regulatory authority.

Exclusive Option Agreement

Under the exclusive option agreement entered into by Tuya Information, Hangzhou Tuya Technology and Xueji (Jerry) Wang, originally dated December 23, 2014 and amended and restated on August 23, 2019 and January 19, 2022, respectively, and the exclusive option agreements entered into by Tuya Information, Hangzhou Tuya Technology and each of Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen, each originally dated December 23, 2014 and amended and restated on January 19, 2022, each of Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen granted Tuya Information an option to purchase all or a portion of his or her respective equity interest in Hangzhou Tuya Technology at a price equal to the higher of RMB1.0 and the minimum amount of consideration permitted by PRC law. In addition, under each exclusive purchase option agreement, Hangzhou Tuya Technology has granted Tuya Information an option to purchase all or a portion of the assets held by Hangzhou Tuya Technology or its subsidiaries for the minimum amount of consideration permitted by PRC law. Each of Hangzhou Tuya Technology, Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen agrees that, in the event that Tuya Information exercises the equity interest purchase option or the asset purchase option, all the consideration received by them for this purpose will be fully returned to Tuya Information upon the request of Tuya Information, as long as in compliance with the PRC laws and regulations. Each of Hangzhou Tuya Technology, Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen agreed not to transfer, mortgage or permit any security interest to be created on any equity interest in or material assets of Hangzhou Tuya Technology without the prior written consent of Tuya Information. Each exclusive purchase option agreement shall remain in effect until all of the equity interests in Hangzhou Tuya Technology have been acquired by Tuya Information.

108

Table of Contents

Power of Attorney

Pursuant to a series of powers of attorney issued by each of Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen and accepted by Tuya Information on January 19, 2022, each of Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen irrevocably appointed Tuya Information or any designated person as their exclusive agent and attorney to act on their behalf on all shareholder matters of Hangzhou Tuya Technology and exercise all rights as shareholders of Hangzhou Tuya Technology. Each of Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen will provide full assistance to Tuya Information with respect to the exercise of such rights. Each of Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen has undertaken that he or she will refrain from any action or omission that may cause any conflict of interest between himself and Tuya Information. These powers of attorney shall remain valid during the period that each of them is a shareholder of Hangzhou Tuya Technology.

Spousal Consent

Each spouse of Xueji (Jerry) Wang, Liaohan (Leo) Chen, Yaona Lin, Ruixin Zhou and Peihong Chen has signed a spousal consent. Under each spousal consent, the signing spouse agreed that the equity interests of Hangzhou Tuya Technology held and to be held by his/her spouse are his/her spouse’s personal property and do not constitute the communal estate marital assets of the signing spouse. The signing spouse unconditionally and irrevocably undertook to waive any rights or interests in such assets and not to make any assertions in connection with the equity interests in Hangzhou Tuya Technology held by his/her spouse. Moreover, each spouse agreed that the disposition of the equity interest in Hangzhou Tuya Technology which is held by and registered under the name of his/her spouse shall be made pursuant to the above-mentioned exclusive business cooperation agreement, exclusive option agreement and powers of attorney, as amended from time to time. In addition, in the event that any of them obtains any equity interest in Hangzhou Tuya Technology held by their respective spouses for any reason, such spouse agreed to be bound by similar obligations and agreed to enter into similar contractual arrangements. Each signing spouse undertook that in the event of death, bankruptcy, incapacity, divorce of his/her spouse, or any circumstance that may affect the exercise of his shareholder rights in Hangzhou Tuya Technology, the signing spouse will not, under any circumstances and in any way, take any action that may affect or hinder the obligations of her spouse under the above contractual arrangements.

4.D.Property, Plant and Equipment

Our principal executive office is located in Hangzhou, China under a lease that will expire in 2026. In addition, we operate internationally with local headquarters in the United States, Europe, Singapore, India, Japan and Colombia, among other locations. As of December 31, 2023, we leased 15 properties with a gross floor area of approximately 25,199.82 square meters in China. These offices are leased, and we do not own any real property. We believe that our current facilities are adequate to meet our current needs.

ITEM 4A.     UNRESOLVED STAFF COMMENTS

We received comment letters from the staff of the SEC’s Division of Corporation Finance, dated July 15, 2023, August 15, 2023, October 16, 2023 and December 15, 2023, with respect to our annual report on Form 20-F for the fiscal year ended December 31, 2022 filed with the SEC on April 26, 2023 (the “2022 Annual Report”), requesting us to provide a detailed legal analysis regarding whether Tuya, Inc. and each of its subsidiaries meet the definition of an “investment company” under the Investment Company Act of 1940 (“Investment Company Act”).

We believe we are not an investment company (see “Item 3. Key Information—3.D.Risk Factors —Risks Related to Our ADSs and Class A Ordinary Shares —If we were deemed to be an “investment company” under the Investment Company Act of 1940, as amended (the “Investment Company Act”), applicable restrictions could make it impractical for us to continue our business as contemplated and could have a material adverse effect on our business, results of operations and financial condition”) and we filed responses, dated August 4, 2023, September 29, 2023, November 22, 2023 and January 19, 2024, via EDGAR, and continue to submit other materials, to the SEC staff for review. As of the date of this annual report, we have not received confirmation from the staff of the Division of Corporation Finance of the SEC that its review process relating to our 2022 Annual Report has been completed. If we receive additional comments from the staff, we intend to work with the SEC staff to resolve such additional comments promptly.

​

109

Table of Contents

ITEM 5.     OPERATING AND FINANCIAL REVIEW AND PROSPECTS

You should read the following discussion together with our consolidated financial statements and the related notes included elsewhere in this annual report. This discussion contains forward-looking statements about our business and operations. Our actual results may differ materially from those we currently anticipate as a result of many factors, including those we describe under “Item 3. Key Information—3.D. Risk Factors” and elsewhere in this annual report.

5.A.Operating Results

KEY FACTORS AFFECTING OUR RESULTS OF OPERATIONS

Our results of operations and financial condition are affected by the general factors driving the global IoT industry, including, among others, economic growth of major economies, the increase in per capita disposable income, consumer demand for smart devices, stability of the global supply chain, any global epidemics, new and innovative technologies, competition, and government regulations. Unfavorable changes in any of these general industry conditions could negatively affect demand for our products and services and materially and adversely affect our results of operations. In addition, we believe our results of operations are primarily and more directly affected by the following specific factors.

Market Adoption of IoT Cloud Development Platform

Our future success depends in large part on the market adoption of IoT cloud development platforms which, in turn, is driven by the proliferation of smart devices. As technologies advance, businesses and end users increasingly demand superior software experience, driving IoT adoption to an inflection point. However, brands and developers still face certain challenges, such as cost and complexity associated with developing an integrated IoT cloud development platform. We see growing demand for our platform because we are in a unique position to deliver a one-stop, developer-first, cloud-agnostic IoT platform with broad use cases that allows our customers to digitalize their businesses and transform the experience of their end users. We believe that the benefits offered by our platform put us in a strong position to capture significant market opportunities ahead.

Since 2022, the global IoT platform market has also been facing headwind. Certain players in the IoT field who are engaged in business similar to our IoT PaaS business announced the termination of their IoT platform services, creating additional business opportunities for us. In 2023, we further enhance our impact on B2B customers and end users around the world, solidifying our market share.

Expanding Usage by Existing Customers

We have amassed a large and diversified customer base covering a wide spectrum of verticals. We believe that there are significant growth opportunities within our existing customers. As our platform is built to be product- and brand-agnostic, many customers using our IoT cloud development platform for one product category expand to more brands, categories and use cases in order to maximize the benefits of our platform and ensure consistent, high quality IoT experience for their end users. Through the increase in usage, we grow more brands and OEMs on our platform into larger customers, such as premium customers who contribute more than US$100,000 of revenue during the immediately preceding 12-month period. As this trend continues, our brand awareness also increases, generating word-of-mouth referrals that not only attract more brands, developers and partners, but also lead to growing end user demand, better user insights and a more vibrant IoT ecosystem. We expect to expand into additional product categories and use cases to expand cross- and up-selling opportunities and continue to invest in sales and marketing and customer success activities to achieve additional revenue growth from existing customers. We believe that these efforts will have a long-term, positive impact on our business and results of operations.

110

Table of Contents

New Customer Acquisition

Our operating results and growth prospects will also depend on our ability to attract new customers. We are intensely focused on growing our customer base. We continue to invest in our sales and marketing efforts and developer community outreach, which are critical to driving customer acquisition. We have built a developer and partner network through effective marketing efforts which continuously raise awareness of our IoT cloud development platform. For example, through our self-service developer portal, a developer can use our platform to develop a smart device within minutes. This has allowed us to acquire customers rapidly and cost-effectively. Furthermore, we seek to improve the breadth and quality of our platform and products, and to enhance our brand recognition, which will allow us to capture additional market share, better optimize the pricing of our products and services, and reach customers in a broader range of verticals and use cases. Additionally, a cornerstone of our approach is the key customer focus strategy, which has increased our personnel efficiency and enabled us to dedicate sufficient resources to securing and better serving large and strategically important customers with significant long - term potential.

Investment for Growth

We are committed to delivering industry-leading products to continue building and maintaining credibility with the global IoT community. We believe that the comprehensive product offerings and our continued efforts to introduce new features and capabilities on our platform provide us with a significant competitive advantage.

We consistently focus on software and hardware product enhancement and offer the dual option of IoT PaaS model or the smart solutions model, giving our customers a broad spectrum of choices. For example, key account customers can leverage the IoT PaaS model, which incorporates the operating system, cloud, and app SDK, in accordance with their business needs, facilitating a more autonomous business development environment. Cross-sector multinational corporations, SaaS service providers, and integrators may choose the smart solutions model to achieve a streamlined and expedited market entry.

We also steadfastly adhere to the developer model to address the challenges of fragmentation within the IoT industry, aiming to establish a robust foundation for the broad adoption of smart devices and the growth of the IoT ecosystem. As market penetration deepens, we expect that the developer community will become the backbone of the future IoT ecosystem.

We will continue to enhance our platform by expanding functions of existing products, developing new products, and delving into more verticals and use cases to support the growth of our business, and to invest heavily in our technological capabilities and marketing activities to maintain our strong position in the developer community.

Seasonality and macroeconomic environment

We have in the past experienced, and expect in the future to continue to experience, seasonal fluctuations in our revenue from time to time, with the fourth quarter historically being our strongest quarter for sales to new and existing customers, as a result of the holiday season and customers’ buying patterns. We have experienced lower growth in revenue in the first quarter as a result the reduced output of OEM customers located in China due to the Lunar New Year holidays. We expect the historical seasonality trends to continue to impact our results of operations and financial condition. However, certain unique events may cause the historical seasonal trends and patterns to temporarily no longer apply, such as high global inflation weakening consumption sentiment and dampening enterprises’ confidence in doing business, downstream inventory backlog disrupting enterprises’ business and operating plans, and supply chain disruption interfering with the delivery of goods.

Revenue Mix

Our products and services primarily consist of IoT PaaS, smart device distribution, including smart solution for IoT devices, and SaaS including Industry SaaS and Cloud-based Software Value-added Services. Our results of operations are affected by our product mix, as different products have a range of different margins and profitability profiles. For example, an increase in the revenue contribution from SaaS, which typically has a higher margin than IoT PaaS or smart device distribution, generally leads to an increase in our overall profit margin. Our product mix may shift over time due to a variety of factors, including customer demands and preferences, competition, our ability to maintain and expand customer relationships, our ability to forecast market and technology trends, and our sales and marketing efforts. We continuously monitor our revenue mix and seek to increase revenue contribution from products and use cases with attractive margin profiles.

111

Table of Contents

Effective Cost and Expense Control

Our results of operations are affected by our ability to control our costs and operating expenses. Since a significant portion of our costs relates to the modules and cloud infrastructure services from third parties, our cost control depends significantly on our ability to estimate customer demand properly in order to inform our procurement decisions. With respect of product development, we have strategically streamlined our research and development team and operations. We intend to optimize our costs and operating expenses by achieving increasing economies of scale and improved cost-efficiency as we continue to invest in R&D. With respect to sales and marketing expenses, we have proactively adjusted our market spending and undergone strategic refinement of the sales and marketing team. We expect to continue to improve our sales and marketing efficiency and benefit increasingly from the network effect of our enhanced brand awareness. We also intend to optimize our administrative expenses by enhancing our level of management, strengthening efforts in controlling professional expenditure, streamlining our internal workflows, and leveraging technology to drive convenience, cost-efficiency and productivity. By well implementing a series of initiatives on efficiency improvement, we reduced our operating expenses, excluding share-based compensation expenses and credit-related impairment of long-term investments, by 30.2% to US$131.7 million in 2023 from US$188.6 million in 2022, and reduced our loss from operations by 74.7% to US$25.1 million in 2023 from US$99.2 million in 2022.

Effect of Currency Translation

We currently derive the majority of our revenue from IoT PaaS generated primarily through our contracts with OEMs located in the PRC. Such revenue is predominantly denominated in RMB. We operate internationally with local offices in the United States, Europe, Singapore, India, Japan and Colombia, among other locations, and expect that our international activities will continue to grow over the foreseeable future as we pursue opportunities in existing and new markets. Our reporting and functional currency is the U.S. dollar. The financial statements of our subsidiaries and the VIE using functional currencies other than the U.S. dollar, such as RMB, are translated to the U.S. dollar. As a result, as RMB or other currencies in which we generate revenue depreciate or appreciate against the U.S. dollar, our revenue presented in U.S. dollars will be negatively or positively affected. See “Item 11. Quantitative and Qualitative Disclosure about Market Risk—Foreign exchange risk.”

KEY OPERATING METRICS

We manage our business using the following key operating metrics. We use these metrics to assess the progress of our business, make decisions on how to allocate capital, time and technology investments.

Number of IoT PaaS Customers

Our ability to grow the number of IoT PaaS customers is a key indicator of our business and future growth opportunities. We define an IoT PaaS customer for a given period as a customer who has directly placed at least one order for IoT PaaS with us during that period. While we serve both brands and OEMs, it is typically the OEMs, instead of brands, who directly place orders with us for IoT PaaS.

​