UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
____________________________________________________________________________________________________
FORM
____________________________________________________________________________________________________
(Mark One)
| REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR 12(g) OF THE SECURITIES EXCHANGE ACT OF 1934 |
or
| ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the fiscal year ended
or
| TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
or
| SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15 (d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the transition period from _____________________ to _____________________.
Commission file number:
____________________________________________________________________________________________________
WISEKEY INTERNATIONAL HOLDING AG
(Exact name of Registrant as specified in its charter)
____________________________________________________________________________________________________
(Translation of Registrant's name into English)
____________________________________________________________________________________________________
|
|
| (Jurisdiction of incorporation or organization) |
CH-
(Address of principal executive offices) ____________________________________________________________________________________________________
Chief Financial Officer
WISeKey International Holding AG
CH-
Tel: +
Fax: +
(Name, Telephone, E-mail and/or Facsimile number and Address of Company Contact Person)
Copies to:
Herman H. Raspé, Esq.
Patterson Belknap Webb & Tyler LLP
1133 Avenue of the Americas
New York, New York 10036
Tel: (212) 336-2000
____________________________________________________________________________________________________
Securities registered or to be registered pursuant to Section 12(b) of the Act.
| Title of each class | Trading Symbols | Name of each exchange and on which registered | ||
|
Class B Shares, par value CHF 0.05 per share* |
____________________
* Not for trading, but only in connection with the registration of the American Depositary Shares.
Securities registered or to be registered pursuant to Section 12(g) of the Act: None
Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None
Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report: Class A Shares and Class B Shares.
Indicate by check mark if
the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐
If this report is an annual
or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or (15)(d) of the
Securities Exchange Act of 1934. Yes ☐
Indicate by check mark whether
the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the
preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such
filing requirements for the past 90 days.
Indicate by check mark whether
the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T
(§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit
such files).
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or an emerging growth company. See definition of "accelerated filer," "large accelerated filer" and "emerging growth company" in Rule 12b-2 of the Exchange Act. (Check one):
| Large Accelerated Filer ☐ | Accelerated Filer ☐ |
| ||
|
Emerging Growth Company |
If an emerging growth company
that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use
the extended transition period for complying with any new or revised financial accounting standards† provided pursuant to Section
13(a) of the Exchange Act.
† The term "new or revised financial accounting standard" refers to any update issued by the Financial Accounting Standards Board to its Accounting Standards Codification after April 5, 2012.
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐
Indicate by check mark which basis of accounting the registrant has used to prepare the financial statements included in this filing:
|
International Financial Reporting Standards as issued by the International Accounting Standards Board ☐ |
Other ☐ |
If "Other" has been checked in response to the previous question, indicate by check mark which financial statement item the registrant has elected to follow. Item 17 ☐ Item 18 ☐
If this is an annual
report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐
(APPLICABLE ONLY TO ISSUERS INVOLVED IN BANKRUPTCY PROCEEDINGS DURING THE PAST FIVE YEARS)
Indicate by check mark whether the registrant has filed all documents and reports required to be filed by Sections 12, 13 or 15(d) of the Securities Exchange Act of 1934 subsequent to the distribution of securities under a plan confirmed by a court. Yes ☐ No ☐
TABLE OF CONTENTS
i
| D. | American Depositary Shares | 129 | |
| Item 13. | Defaults, Dividend Arrearages and Delinquencies | 131 | |
| Item 14. | Material Modifications to The Rights of Security Holders and Use of Proceeds | 131 | |
| Item 15. | Controls and Procedures | 131 | |
| Item 16. | [RESERVED] | 131 | |
| Item 16A. | Audit Committee Financial Expert | 131 | |
| Item 16B. | Code of Ethics | 131 | |
| Item 16C. | Principal Accounting Fees and Services | 131 | |
| Item 16D. | Exemptions from the Listing Standards for Audit Committees | 132 | |
| Item 16E. | Purchases of Equity Securities by the Issuer and Affiliated Purchasers | 132 | |
| Item 16F. | Change in Registrant's Certifying Accountant | 132 | |
| Item 16G. | Corporate Governance | 132 | |
| Item 16H. | Mine Safety Disclosure | 132 | |
| Item 16I. | Disclosure Regarding Foreign Jurisdictions that Prevent Inspections | 133 | |
| Item 17. | Financial Statements | 133 | |
| Item 18. | Financial Statements | 133 | |
| Item 19. | Exhibits | 133 | |
| Index to Exhibits | 133 | ||
| SIGNATURES | 137 | ||
ii
INTRODUCTION AND USE OF CERTAIN TERMS
We were formed in 2015 as a holding company to incorporate, acquire, hold, and dispose of interests in national and international entities, in particular entities active in the area of security technology and related areas. Our Class B Shares, as defined below, have been listed on the Swiss Exchange (SIX) since 2016 and our American Depositary Shares ("ADSs") have been listed on the Nasdaq Stock Market LLC under the symbol "WKEY" since December 4, 2019. The Bank of New York Mellon, acting as depositary, registers and delivers our ADSs, each of which represents five of our Class B Shares.
We have prepared this annual report using a number of conventions, which you should consider when reading the information contained herein. In this annual report, "we," "us," "our Company," "the Group," "WISeKey," "WISeKey International Holding Ltd" and "our" shall refer to WISeKey International Holding AG and its subsidiaries, affiliates, and predecessor entities. Additionally, this annual report uses the following conventions:
| · | "CHF" and "Swiss francs" refer to the legal currency of Switzerland |
| · | "Class A Shares" refers to our Class A Shares, par value CHF 0.01 per share |
| · | "Class B Shares" refers to our Class B Shares, par value CHF 0.05 per share |
| · | "NASDAQ" refers to the Nasdaq Stock Market LLC |
| · | "PKI" refers to Public Key Infrastructure |
| · | "$," "US $," "USD" and "U.S. dollars" refer to the legal currency of the United States |
| · | "SIX" refers to the Swiss Exchange (SIX) |
| · | "Switzerland" refers to the Swiss Confederation |
| · | "IoT" refers to Internet of Things |
| · | “SaaS” refers to Software as a Service |
1
SPECIAL NOTE REGARDING FORWARD LOOKING STATEMENTS
This annual report contains forward-looking statements. Some of these forward-looking statements can be identified by terms and phrases such as "anticipate," "should," "likely," "foresee," "believe," "estimate," "expect," "intend," "continue," "could," "may," "plan," "project," "predict," "will," and similar expressions. Forward-looking statements appear in a number of places in this annual report and include, but are not limited to, statements contained in the sections entitled "Item 3. Key Information," "Item 4. Information on the Company" and "Item 5. Operating and Financial Review and Prospects".
These forward-looking statements include, but are not limited to, statements relating to:
| · | Our anticipated goals, growth strategies and profitability; |
| · | Our ability to attract new customers and retain existing customer base; |
| · | Our ability to attract and retain qualified employees and key personnel; |
| · | Our ability to develop new products and enhancements to our existing products; |
| · | Our ability to anticipate market needs and opportunities; |
| · | Our ability to prevent security breaches and unauthorized access to confidential customer information; |
| · | Our ability to maintain, protect and enhance our intellectual property; |
| · | The sufficiency of our cash and cash equivalents to meet our liquidity needs; |
| · | Our ability to comply with modified or new laws and regulations relating to our industries; |
| · | The activities of our competitors and the introduction of competing products by our competitors; |
| · | How long we will qualify as an emerging growth company or a foreign private issuer; |
| · | The future growth of the information technology and cybersecurity industry; |
| · | Assumptions underlying or related to any of the foregoing; |
| · | Other risks and uncertainties, including those listed in this section of this Form 20-F titled "Item 3.D—Risk Factors". |
The preceding list is not intended to be an exhaustive list of all of our forward-looking statements. The forward-looking statements are based on our beliefs, assumptions and expectations of future performance, taking into account the information currently available to us and are only predictions based upon our current expectations and projections about future events. There are important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by these forward-looking statements which are set forth in "Item 3D. Risk Factors". Given these risks and uncertainties, you should not place undue reliance on forward-looking statements as a prediction of actual results.
Except as required by law, we undertake no obligation to publicly update or revise any forward-looking statements, whether as a result of new information, future events or otherwise. The foregoing factors that could cause our actual results to differ materially from those contemplated in any forward-looking statement included in this annual report should not be construed as exhaustive. You should read this annual report, and each of the documents filed as exhibits to the annual report, completely, with this cautionary note in mind, and with the understanding that our actual future results may be materially different from what we expect.
2
| Item 1. | Identity of Directors, Senior Management and Advisers |
Not applicable.
| Item 2. | Offer Statistics and Expected Timetable |
Not applicable.
| Item 3. | Key Information |
| A. | RESERVED |
| B. | Capitalization and Indebtedness |
Not applicable.
| C. | Reasons for the Offer and Use of Proceeds |
Not applicable.
| D. | Risk Factors |
Risks Related to Our Business and Industry
COVID-19 and prolonged economic uncertainties or downturns have adversely affected our business and could materially adversely affect our business in the future.
Our business depends on our current and prospective customers' ability and willingness to spend money in security applications, and on our suppliers’ ability to source key components and material, which are both in turn dependent upon the overall economic health.
Global negative economic conditions due to the COVID-19 pandemic caused some of our customers to delay their orders, in the year 2020 in particular, and caused a global shortage in semiconductors’ material sourcing which will continue in the short-term future. Further economic uncertainties have been brought on by the current conflict between Russia and Ukraine, which may also further affect the sourcing of certain materials. Although we do not have any customer exposure in Eastern Europe, the overall economic impact of this conflict is still unknown. Many customers and prospects of WISeKey are manufacturers of electronic devices. Our business depends on their ability to produce their devices. If they encounter shortages in the supply of crucial components, they will slow down the production and thus also reduce their orders of WISeKey semiconductors to avoid idle stocks in their just in time provisioning.
As a result of the overall impact of COVID-19, political tensions, conflicts and other conditions resulting from financial and credit market fluctuations, there could be a decrease in corporate spending on information security software. Continuing economic challenges may cause our customers to re-evaluate decisions to purchase our solution or to delay their purchasing decisions, which could adversely impact our results of operations.
The future growth of the information technology and cybersecurity industry is uncertain.
Information (including cybersecurity) technology companies are generally subject to the following risks: rapidly changing technologies; short product life cycles; fierce competition; aggressive pricing and narrow profit margins; the loss of patent, copyright and trademark protections; cyclical market patterns; evolving industry standards; and frequent new product introductions. Technology companies may be smaller and less experienced companies, with limited product lines, markets or financial resources and fewer experienced management or marketing personnel. Information technology company stocks, especially those which are Internet related, have experienced extreme price and volume fluctuations that are often unrelated to their operating performance.
3
Technological Change
WISeKey needs to keep pace with changing technologies in order to provide effective identification and authentication solutions. In addition, we need to continue adjacent and inorganic growth in order to broaden and strengthen the portfolio of products and stay ahead of the technology changes and risks in order to be successful. WISeKey needs to anticipate, and quickly react to, rapid changes occurring in communications technologies and to the development of new and improved devices and services that result from these changes. WISeKey must also continue to move vertically up the value chain with its customers in order to secure future business and substantiate growth. If WISeKey is unable to respond quickly and cost-effectively to changing communications technologies and devices and evolving industry standards, the existing service offering could become non-competitive and WISeKey may lose market share. WISeKey's success will depend, in part, on its ability to effectively use leading technologies critical to the business, enhance its existing solutions, find appropriate technology partners, and continue to develop new solutions and technology that address the increasingly sophisticated and varied needs of its current and prospective clients and their customers and its ability to influence and respond to technological advances, emerging industry and regulatory standards and practices and competitive service offerings. WISeKey's ability to remain technologically competitive may require substantial expenditures and lead-time and the integration of newly acquired technologies will also take time. If WISeKey is unable to adapt and integrate in a timely manner to changing market conditions or customer requirements, its business, financial condition and results of operations could be seriously harmed.
WISeKey faces intense competition from companies that are larger and better known than we are, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The digital security market space in which we operate face intense competition, constant innovation and evolving security threats. There are several global security companies with strong presence in this market, including VeriSign, Inc., DigiCert Inc., Entrust Datacard, Let's Encrypt, Symantec Corporation, FireEye, Inc., Red Hat Software, VASCO Data Security International, Inc., Zix Corp, NXP Semiconductors, Infineon Technologies, STMicroelectronics and Samsung Electronics. As we integrate and move into the knowledge automation space there are also related data lake and automation companies with strong foundations including Palantir and Snowflake.
Some of our competitors are large companies that have the technical and financial resources and broad customer bases needed to bring competitive solutions to the market and already have existing relationships as a trusted vendor for other products. Such companies may use these advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely in consideration for maintenance and services fees. They may also develop different products to compete with our current security solutions and respond more quickly and effectively than we do to new or changing opportunities, technologies, standards or client requirements. Additionally, we may compete with smaller regional vendors that offer products with a more limited range of capabilities that purport to perform functions similar to our security solutions. Such companies may enjoy stronger sales and service capabilities in their particular regions.
WISeKey's competitors may have competitive advantages, such as:
| · | greater name recognition, a longer operating history and a larger customer base; |
| · | larger sales and marketing budgets and resources; |
| · | broader distribution and established relationships with distribution partners and customers; |
| · | greater customer care and support resources; |
| · | broader supply chains; |
| · | greater resources to make acquisitions; |
| · | larger intellectual property portfolios; and |
4
| · | greater financial, technical and other resources. |
Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. Current or potential competitors may be acquired by third parties with access to greater available resources. As a result of such acquisitions, our current or potential competitors may be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do. Larger competitors with more diverse product offerings may reduce the price of products that compete with ours in order to promote the sale of other products or may bundle them with other products, which would lead to increased pricing pressure on our products and could cause the average sales prices for our products to decline.
If WISeKey does not successfully anticipate market needs and enhance existing products or develop new products that meet those needs on a timely basis, WISeKey may not be able to compete effectively and WISeKey's ability to generate revenues will suffer.
Many of our customers operate in markets characterized by rapidly changing technologies and business plans, which require them to adapt to increasingly complex digital security infrastructures to protect internal and external corporate communications. As our customers' technologies and business plans grow more complex, we expect them to face new and increasingly sophisticated threats of security breach or counterfeiting. WISeKey faces significant challenges in ensuring that our security solutions effectively protect identities of individual customers, company information and their brands in addition to driving efficient operations through automated decision making. As a result, we must continually modify and improve our products in response to changes in our customers' technology infrastructures.
WISeKey may not be able to successfully anticipate or adapt to changing technology or customer requirements on a timely basis or at all. If we fail to keep up with technological changes or to convince our customers and potential customers of the value of our security and automation solutions even in light of new technologies and integration, our business, results of operations and financial condition could be materially and adversely affected.
WISeKey cannot guarantee that it will be able to anticipate future market needs and opportunities or be able to develop product enhancements or new products to meet such needs or opportunities in a timely manner, if at all. Even if we are able to anticipate, develop and commercially introduce enhancements and new products, there can be no assurance that enhancements or new products will achieve widespread market acceptance.
Our product enhancements or new products could fail to attain sufficient market acceptance for many reasons, including:
| · | delays in releasing product enhancements or new products; |
| · | failure to accurately predict market demand and to supply products that meet this demand in a timely fashion; |
| · | failure to accurately price products and solutions; |
| · | inability to interoperate effectively with the existing or newly introduced technologies, systems or applications of our existing and prospective customers; |
| · | defects in our products; |
| · | inability to integrate security and automation; |
| · | negative publicity about the performance or effectiveness of our products; |
| · | introduction or anticipated introduction of competing products by our competitors; and |
5
| · | installation, configuration or usage errors by our customers. |
If WISeKey fails to anticipate market requirements or fails to develop and introduce product enhancements or new products to meet those needs in a timely manner, that could cause us to lose existing customers and prevent us from gaining new customers, which would significantly harm our business, financial condition and results of operations.
Sometimes it will be necessary to make a product or product line obsolete and there may be negative impacts to sales or disruption to the customer base during the ramp down of that product.
All products have a natural lifecycle that includes the inevitable end-of-life (“EOL”) process. During the ramping down of a product, or product family, there are many ways that our business operations can be challenged. Last time buys are a typical way for customers to deal with the EOL of a product that is still critical to one of their end products. These kinds of orders show an increase in short term sales but result in the abrupt drop off of revenue from that customer, for that product, after the last time buy is delivered. Discontinuing a product also comes with the risk that we may lose that customer for good if we do not have a replacement for the product or if they decide to look at alternative suppliers because of the change in supply.
WISeKey is subject to a number of risks associated with global sales and operations.
Business practices in the global markets that we serve may differ and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties or performance obligations, our results of operations may be adversely impacted.
Additionally, our global sales and operations are subject to a number of risks, including the following:
| · | difficulty in enforcing contracts and managing collections, as well as long collection periods; |
| · | costs of doing business globally, including costs incurred in maintaining office space, securing adequate staffing and localizing our contracts; |
| · | management communication and integration problems resulting from cultural and geographic dispersion; |
| · | risks associated with trade restrictions and foreign legal requirements; |
| · | risk of unexpected changes in regulatory practices, tariffs, tax laws and treaties; |
| · | compliance with anti-bribery laws; |
| · | heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements; |
| · | social, economic and political instability, terrorist attacks and security concerns in general; |
| · | reduced or uncertain protection of intellectual property rights in some countries; and |
| · | potentially adverse tax consequences. |
These factors could harm our ability to generate future global revenues and, consequently, materially impact our business, results of operations and financial condition.
6
Some of our larger opportunities depend on our customers’ ability to be awarded significant regional or national contracts in order to fulfil the volume predictions that were used in the pricing negotiations and forecasts.
The design of many industrial device comes with the risk that the product may not see the demand that was expected in that market, or the high-volume contracts may be awarded to competing suppliers. Our customers may be bidding against several other suppliers to win a government contract and if they lose the bid, we will not see the results that were originally expected during the forecasting of the opportunity size and profitability.
The shift into knowledge automation and artificial intelligence is unknown and unproven on a global scale.
The automation market has been moving forward with Robotic Process Automation (“RPA”) for years and the demand in the market for the next evolution of such technology remains unknown. Our potential customers need to be accepting to move forward from their current business process automation and RPA implementations in order for WISeKey to be successful. The ability for WISeKey to predict the market and conditions is yet to be proven and the customer reaction remains unknown. In addition, the complex implementation in this sphere requires focused delivery resources and clear plans with the customer. Customer input and knowledge is critical to the success of knowledge automation and therefore some of WISeKey’s potential success will be reliant on its customers belief in the value proposition but their ability to support the implementation.
Our research and development efforts may not produce successful products or enhancements to our security solutions that result in significant revenue or other benefits in the near future, if at all.
Investing in research and development personnel, developing new products and enhancing existing products is expensive and time consuming, and there is no assurance that such activities will result in significant new marketable products or enhancements to our products, design improvements, cost savings, revenues or other expected benefits. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be adversely affected. This is expected to be exacerbated in the coming year with the required integration of newly acquired knowledge automation assets which is expected to result in a more complex research and development program.
If WISeKey is unable to attract new customers, our future revenues and operating results will be harmed.
Our success depends in large part on our ability to attract new customers. The number of customers that WISeKey adds in a given period impacts both our short-term and long-term revenues. If WISeKey is unable to successfully attract a sufficient number of new customers, we may be unable to generate revenue growth.
A large amount of investment in sales and marketing and support personnel is required to attract new customers. If we are unable to convince these potential new customers of a need for our products or if we are unable to persuade them of our products' efficacy, we may be unable to achieve growth and there may be a meaningful negative impact on future revenues and operating results.
If we experience software errors and non-compliance, this may affect our reputation and our financial results.
WISeKey's software applications are complex, the addition of newly acquired assets increases this complexity and there is a risk that defects or errors could arise, particularly where new versions or enhancements are released. Similarly, regulatory and industry requirements are continuously evolving and we may not be able to keep up with them. This could result in adverse consequences for us, such as lost revenue, a delay in market acceptance or customer claims.
If we experience security breaches, we could be exposed to liability and our reputation and business could suffer.
We operate sensitive public key infrastructure ("PKI") platforms, retain certain confidential customer information in our secure data centers and registration systems, and our digital certificates and electronic signatures may be used by customers in mission critical applications. It is critical to our business strategy that our facilities and infrastructure remain secure and are perceived by the marketplace to be secure. We may have to expend significant time and money to maintain or increase the security of our facilities and infrastructure. Despite our security measures, our infrastructure may be vulnerable to physical break-ins, computer viruses, attacks by hackers or similar disruptive problems. It is possible that we may have to expend additional financial and other resources to address such problems. In the event of a security breach, we could face significant liability, customers could be reluctant to use our services and we could be at risk for loss of various compliance certifications needed for the operation of our businesses.
7
WISeKey's reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our security solutions or the failure of our security solutions to meet customers' expectations.
Organizations are facing increasingly sophisticated digital security threats and threats of counterfeiting. If WISeKey fails to identify and respond to new and increasingly complex methods of counterfeiting products or hacking personal and corporate digital accounts, our business and reputation will suffer. In particular, WISeKey may suffer significant adverse publicity and reputational harm if any of our products fail to perform as advertised. An actual or perceived breach of our customers' sensitive business data, regardless of whether the breach is attributable to the failure of our products, could adversely affect the market's perception of the efficacy of our security solutions and current or potential customers may look to our competitors for alternatives to our security solutions. Similarly, an actual or perceived failure of our product to prevent counterfeit products from being detected, regardless of whether such failure is attributable to our products, could adversely affect the market's perception of the efficacy of our authentication solutions and could encourage current or potential customers to look to our competitors for an alternative to our products. The failure of our products may also subject us to product liability lawsuits and financial losses stemming from indemnification of our partners and other third parties, as well as the expenditure of significant financial resources to analyze, correct or eliminate any vulnerability. It could also cause us to suffer reputational harm, lose existing customers or deter them from purchasing additional products and services and prevent new customers from purchasing our security solutions.
International Expansion
WISeKey's strategy includes the international expansion of its business. The expansion into international markets may cause difficulties because of distance, as well as language and cultural differences. Other risks related to international operations include fluctuations in currency exchange rates, difficulties arising from staffing and managing foreign operations, legal and regulatory requirements of different countries, potential political and economic instability, and overlapping or differing tax laws. Management cannot assure that it will be able to market and operate WISeKey's services successfully in foreign markets, select appropriate markets to enter, open new offices efficiently or manage new offices profitably. If WISeKey is not successful in accessing new markets, its results of operations and financial condition could be materially and adversely affected.
If WISeKey is unable to hire, retain and motivate qualified personnel, our business will suffer.
Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. Any of our employees may terminate their employment at any time. The tight global labor market has created an incredibly intense hiring environment, resulting in us experiencing increased difficulty in attracting and retaining qualified personnel. Since we require a highly skilled workforce in order to successfully compete in an increasingly competitive cybersecurity market, we have experienced and may continue to experience difficulty in hiring, high employee turnover, and considerable costs and productivity as well as time to market losses. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited or have divulged proprietary or other confidential information. Further, the training and integration of new employees requires allocation of a significant amount of internal resources and, even if we make this investment, there is no guarantee that existing or new personnel will remain or become productive members of our team. Our inability to attract or retain qualified personnel, or delays in hiring required personnel, particularly in sales & marketing and research & development, may seriously harm our business, financial condition and results of operations.
Furthermore, WISeKey's performance depends on favorable labor relations with our employees and compliance with labor laws in the countries where we have employees and plans to hire new employees. Any deterioration of current relations or increase in labor costs due to our compliance with labor laws could adversely affect our business.
8
Dependence on key personnel and loss of such key personnel may have a negative impact on the operations and profitability of WISeKey.
Our future success depends in part on the continued service of our key personnel, particularly, the members of our senior management. We have employment agreements with our key personnel, but these do not prevent such personnel from choosing to leave the Company.
One of the cryptographic rootkeys used by WISeKey is owned by the Organisation Internationale pour la Sécurité des Transactions Electroniques OISTE. The Organisation Internationale pour la Sécurité des Transactions Electroniques OISTE has granted us a perpetual license to exclusively use the cryptographic rootkey. A termination of the license agreement would present a threat to WISeKey's existing business model.
The cryptographic rootkey used by WISeKey is owned by the Organisation Internationale pour la Sécurité des Transactions Electroniques OISTE ("OISTE") acting as a trusted third party and not-for-profit entity in charge of ensuring that the Root of Trust (the "RoT") remains neutral and trusted. The name of the RoT is OISTE/WISeKey, as shown in all major current browsers that embed the rootkey. Three members of the three-member foundation board of OISTE are WISeKey board members. Members of the foundation board of OISTE are appointed by a policy authorizing authority (the "Policy Authorizing Authority" or "PAA"), whose members are international organizations, governments and large corporations that use the OISTE/WISeKey RoT. OISTE has granted us a perpetual license to exclusively use the cryptographic rootkey and develop technologies and processes based on OISTE's trust model. The perpetual license agreement can only be terminated under limited circumstances, including if WISeKey were to move from the trust model developed by OISTE and/or changing the location of the RoT from Switzerland to another country. A termination of the license agreement would present a threat to WISeKey's current trust model.
Services offered by our PKI business rely on the continued integrity of public key cryptography technology and algorithms that may be compromised or proven obsolete over time.
Services offered by our PKI business are based on public key cryptography technology. With public key cryptography technology, a user possesses a public key and a private key, both of which are required to perform encryption and decryption operations. The security afforded by this technology depends on the integrity of a user's private key and ensuring that it is not lost, stolen or otherwise compromised. Advances in attacks on cryptographic algorithms and technology may weaken their effectiveness, and significant new technology requirements may be imposed by root distribution programs that require us to make significant modifications to our systems or to reissue digital certificates to some or all of our customers, which could damage our reputation or otherwise harm our business. Severe attacks on public key cryptography could render PKI services in general obsolete or unmarketable.
We are dependent on the timely supply of equipment and materials from various sub-contractors and if any one of these suppliers fail to meet, or delays, their committed delivery schedules, we can suffer with lower or lost revenues.
We use various suppliers for silicon manufacturing and testing our parts. Any one of these suppliers could not meet their commitments for on-time delivery of our products. The market supply of such products has seen and continues to see difficulties in meeting demand and these kinds of supply disruptions can happen due to global shortages of silicon wafers or chemicals used in the processing of the silicon packaging or shortages in the labor force due to unrest or sicknesses. Our business and operating conditions can be at risk if we cannot deliver on our product demand as committed in our customer contracts.
Failure of our third-party suppliers to handle increased volume for their services could impact our ability to take advantage of upside business opportunities.
We outsource several critical functions in our supply chain to third-party suppliers such as the manufacture of our semiconductors. They all have a number of risks that are present in their businesses that could limit their ability to meet increased demands if we see increased orders from our customers. If our suppliers cannot satisfy our demand, we may not be able to meet our customer demands. Also, if our suppliers add higher costs to cover their increased volume, we may see drops in our gross profit margins. Many of these costs are not fixed, even though there may be contracts in place, and may be at the discretion of the third-party vendor.
9
If WISeKey does not include post-quantum crypto libraries in its semiconductors, WISeKey may fail to offer its customers sufficient protection against attacks executed with quantum computers.
Quantum computing may threaten the resilience of current cryptography against attacks during the current lifespan of hardware. Certainly, in case our secure modules are embedded in larger systems and/or deployed on remote locations. This is certainly the case for smart meter and satellite deployments. WISeKey cannot guarantee that its secure modules will still offer sufficient protection against attacks executed with quantum computers. To mitigate this risk, WISeKey has launched an R&D program for assessing the portability and resistance of 2 of the algorithms shortlisted by the NIST as part of its Post Quantum algorithms selection contest. This program is carried in partnership with l’Ecole des Mines (one of the most prestigious French Engineering University)
If WISeKey does not respond to the trend of embedding secure modules on central processing units, WISeKey may lose the market of separate secure module chips.
The processor industry is rapidly changing with ARM-based processors that extend central processing units with ancillary functions such as graphics processing, neural processing and secure modules. WISeKey cannot guarantee that its secure modules will still be needed as separate tamper-proof chip. To mitigate this risk, WISeKey has launched an R&D program for building a “secure enclave”, which will complement its secure modules offer.
Financial Risks
WISeKey has entered, and expects to continue to enter, into joint venture agreements and these activities involve risks and uncertainties.
WISeKey has entered, and expects to continue to enter, into joint venture agreements in order to effectively grow its revenue and penetrate certain geographic regions. Entering into joint venture agreements or other similar forms of partnership involves risks and uncertainties, including the risk that the partners that we enter into joint ventures with will not have the market connections that we expect them to bring to the joint venture. Additionally, there is a risk that a given joint venture could fail to satisfy its obligations, which may result in certain liabilities to us for guarantees and other commitments. Further, since we may not exercise control over our current or future joint ventures, we may not be able to require our joint ventures to take the actions that we believe are necessary to implement our business strategy. Additionally, differences in views among joint venture participants may result in delayed decisions or failures to agree on major issues. If any of these difficulties cause any of our joint ventures to deviate from our business strategy, or if this leads any of our joint ventures to fail to attract the customer base that we project it to attract, our results of operations could be materially adversely affected.
WISeKey is exposed to risks associated with acquisitions and investments.
We may in the future make acquisitions of, or investments in, existing companies or existing or new businesses. Acquisitions and investments involve numerous risks that vary depending on their scale and nature, including, but not limited to:
| · | diversion of management's attention from other operational matters; |
| · | inability to complete proposed transactions as anticipated or at all (and any ensuing obligation to pay a termination fee or other costs and expenses); |
10
| · | the possibility that the acquired business will not be successfully integrated or that anticipated cost savings, synergies or other benefits will not be realized; |
| · | the acquired business or strategic partnership may lose market acceptance or profitability; |
| · | a decrease in our cash or an increase in our indebtedness, including security interests that may have to be constituted as part of the acquisition indebtedness, may limit our ability to access additional capital when needed; |
| · | failure to commercialize purchased technologies, intellectual property rights or partnered solutions; |
| · | initial dependence on unfamiliar supply chains or relatively small supply partners; |
| · | inability to obtain and protect intellectual property rights in key technologies; |
| · | incurrence of unexpected liabilities; and |
| · | loss of key personnel and clients or customers of acquired businesses. |
In addition, if WISeKey is unsuccessful at integrating such acquisitions or the technologies associated with such acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require significant time and resources, and WISeKey may not be able to manage the process successfully. WISeKey may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. WISeKey may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition. The sale of equity or incurrence of debt to finance any such acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.
WISeKey has a history of losses and may not achieve profitability in the future.
WISeKey has invested substantial amounts of financial resources so far on its acquisitions, brand technology and market position. As at December 31, 2021, WISeKey had, on a consolidated level, an accumulated cumulative deficit of USD 238,159,600, compared to USD 217,819,809 as at December 31, 2020 and USD 189,161,455 as at December 31, 2019. In the past, we made significant investments in our operations which have not resulted in corresponding revenue growth and, as a result, increased our losses. WISeKey expects to make significant future investments to support the further development and expansion of our business and these investments may not result in increased revenue or growth on a timely basis or at all.
WISeKey may also incur significant losses in the future for a number of reasons, including slowing demand for our products and services, increasing competition, weakness in the software and security industries generally, as well as other risks described herein, and we may encounter unforeseen expenses, difficulties, complications and delays, and other unknown factors. If WISeKey incurs losses in the future, we may not be able to reduce costs effectively because many of our costs are fixed. In addition, to the extent that we reduce variable costs to respond to losses, this may affect our ability to attract customers and grow our revenues. Accordingly, WISeKey may not be able to achieve or maintain profitability and we may continue to incur significant losses in the future.
Certain of the Company's large shareholders, including if acting in concert, may be able to exert significant influence on the Company and their interests may conflict with the interests of its other shareholders.
Our founder, Carlos Moreira, holds more than 30% of the Company's voting rights as at December 31, 2021. Further, all holders of the Class A Shares represent approximately 31% of the Company's voting rights as at December 31, 2021. Our founder, or if the holders of Class A Shares were to act in concert with each other, the holders of the Class A Shares, would be able to exert significant influence over certain matters, including matters that must be resolved by the general meeting of shareholders, such as the election of members to the board of directors or the declaration of dividends or other distributions. To the extent that the interests of these shareholders may differ from the interests of the Company's other shareholders, the Company's other shareholders may be disadvantaged by any actions that these shareholders may seek to pursue.
11
The market for and price of Class B Shares and our ADSs may be highly volatile.
There has not been a public market in the United States for our Class B Shares, and the market for the ADS listed on NASDAQ is limited. You may not be able to sell your ADSs quickly or at the market price if trading in the ADSs is limited.
The market price of Class B Shares and our ADSs may be highly volatile and may be affected negatively by events involving us, our competitors, the software and security industry, or the financial markets in general. Furthermore, investors might not be able to resell their Class B Shares and our ADSs at the price at which they were purchased or at a higher price or at all. Factors that could cause this volatility in the market price of Class B Shares and our ADSs include, but are not limited to:
| · | our operating and financial results; |
| · | future announcements concerning our business; |
| · | changes in revenue or earnings estimates and recommendations by securities analysts; |
| · | changes in our business strategy and operations; |
| · | changes in our senior management or board of directors; |
| · | speculation of the press or the investment community; |
| · | disposals of Class B Shares by shareholders; |
| · | actions of competitors; |
| · | our involvement in acquisitions, strategic alliances or joint ventures; |
| · | regulatory factors; |
| · | arrival and departure of key personnel; |
| · | investment community views on technology stock; |
| · | liquidity of the Class B Shares and our ADSs; and |
| · | general market, economic and political conditions. |
In addition, securities markets in general have from time to time, experienced significant price and volume fluctuations. Such fluctuations, as well as the economic environment as a whole, can have a substantial negative effect on the market price of our securities, regardless of our operating results or our financial position. Any such broad market fluctuations may adversely affect the trading price of our securities.
Our securities will be traded on more than one market or exchange and this may result in price variations.
Our Class B Shares have been trading on the SIX since March 2016. The ADSs have been listed on NASDAQ since December 2019. Trading in Class B Shares and ADSs, as applicable, on these markets will take place in different currencies (U.S. dollars on NASDAQ and Swiss francs on the SIX), and at different times (resulting from different time zones, trading days, and public holidays in the United States and Switzerland). The trading prices of our Class B Shares and ADSs on these two markets may differ due to these and other factors. Any decrease in the price of our Class B Shares on the SIX could cause a decrease in the trading price of the ADSs on NASDAQ, and vice versa.
12
Future sales or issuances, or the possibility or perception of future sales or issuances, of a substantial number of Shares could cause the market price of our Class B Shares or the ADSs to fall.
The market price of our Class B Shares or ADSs could decline as a result of sales of a large number of Class B Shares in the public market in the future or the possibility or perception that such sales could occur. These sales, or the possibility that these sales may occur, also might make it more difficult for the Company to issue equity securities in the future at a time and price that it deems appropriate.
Further, the Company may choose to raise additional capital by issuing additional Class B Shares, depending on market conditions or strategic considerations. In particular, under our Articles of Association as at December 31, 2021, the board of directors is authorized to issue up to 18,469,207 new Class B Shares out of authorized capital at any time until May 25, 2023 and thereby increase the Company's share capital without further shareholder approval. After May 25, 2023 (and each subsequent two-year period), the shareholders may re-approve this authorization. Further, our Articles of Association provide for a conditional share capital based on which, as at December 31, 2021, the Company is authorized to issue up to 31,469,207 new Class B Shares, corresponding to CHF 1,573,460.35 in par value. Since April 15, 2020, the date of reference for the last formal recording in the Articles and the commercial register of the Canton of Zug, Switzerland, an aggregate number of 529,330 Class B Shares has been issued out of the Company's conditional share capital as at December 31, 2021. As a result, the available conditional share capital of the Company, as at December 31, 2021, amounted to CHF 1,546,993.85, corresponding to the issuance of 30,939,877 Class B Shares. Among other things, the Company's conditional share capital could be used in connection with the issuance of securities that are convertible into Class B Shares. To the extent that additional capital is raised through the issuance of Class B Shares or other securities that are convertible into Class B Shares, the issuance of such securities could dilute the Company's shareholders' interest in the Company.
On February 08, 2018, the Company entered into a Standby Equity Distribution Agreement, as amended on September 28, 2018 (the "SEDA") with YA II PN, Ltd., a fund managed by Yorkville Advisors Global, LLC (collectively referred to as "Yorkville"). Pursuant to the SEDA, the Company has the right, at any time during a five-year period, to request Yorkville, in one or several steps, to subscribe for Class B Shares up to an aggregate subscription amount of CHF 50,000,000. After several drawdowns made by WISeKey under the SEDA in 2019, 2020 and 2021, in the aggregate amount of CHF 4,356,045, the remaining amount available for drawdown is CHF 45,643,955 as at December 31, 2021. As long as a sufficient number of Class B Shares is provided through share lending, WISeKey has the right to make drawdowns under the SEDA at its discretion by requesting Yorkville to subscribe for (if the Class B Shares are issued out of authorized share capital) or purchase (if the Class B Shares are delivered out of treasury) Class B Shares worth up to CHF 5,000,000 each, subject to certain exceptions and limitations (including the exception that a drawdown request by WISeKey shall in no event cause the aggregate number of Class B Shares held by Yorkville to meet or exceed 4.99% of the total number of shares registered with the commercial register of the Canton of Zug). The subscription price for each subscription request of the Company corresponds to 93% of the lowest daily volume-weighted average share price (the "VWAP") of a Class B Share, as traded and quoted on the SIX, over the five trading days following the drawdown request by WISeKey. If the Company elects to exercise its rights under the SEDA, the issuance of Class B Shares would dilute the Company's shareholders' interest in the Company. As at December 31, 2021, the remaining amount available for drawdown by the Company under the SEDA is CHF 45,643,955 (USD 50,058,912 at closing rate) and, as at December 31, 2021, the estimated maximum number of Class B Shares deliverable under the SEDA is 64,927,389 Class B Shares at CHF 0.703 per Class B Share (calculated based on the closing price of a Class B Share on December 30, 2021 of CHF 0.756 per Class B Share, discounted by 7%). The actual price, at which the Company may drawdown under the SEDA is subject to change, and, therefore, the number of Class B Shares deliverable to Yorkville may vary.
In connection with a convertible loan agreement WISeKey entered into with Crede CG III, Ltd., Hamilton, Bermuda ("Crede") on September 28, 2018 (which matured on October 30, 2020), the Company granted to Crede, on September 28, 2018, 408,247 warrants (the "Crede Warrants") for the acquisition of an equal number of Class B Shares. As a result, the maximum total number of Class B Shares that are issuable under the Crede Warrants as at December 31, 2021 is 408,247 Class B Shares. The Crede Warrants were amended on September 18, 2020 to extend the exercise period and may be exercised by Crede at any time on or before October 29, 2023 at an exercise price per Crede Warrant equal to CHF 3.84 per Class B Share. The Class B Shares issued to Crede in connection with the Crede Warrants would be issued out of the Company's conditional share capital or authorized share capital without triggering the pre-emptive rights of the existing shareholders of the Company. The exercise of Crede Warrants will dilute the Company's shareholders' interests in the Company.
13
In connection with a convertible loan agreement WISeKey entered into with YA II PN, Ltd., a fund managed by Yorkville (“Yorkville”) on June 27, 2019 (which matured on August 1, 2020), the Company granted to Yorkville, on June 27, 2019, 500,000 warrants (the "Yorkville Warrants") for the acquisition of an equal number of Class B Shares. As a result, the maximum total number of Class B Shares that are issuable under the Yorkville Warrants as at December 31, 2021 is 500,000 Class B Shares. The Yorkville Warrants may be exercised by Yorkville at any time on or before June 27, 2022, at an exercise price per Yorkville Warrant initially set to CHF 3.00 per Class B Share (the "Yorkville Initial Exercise Price"). The Yorkville Initial Exercise Price may be adjusted using certain agreed-upon formulae more fully described in Item 10C – Contracts – Warrants Issued to Yorkville. The Class B Shares issued to Yorkville in connection with the Yorkville Warrants would be issued out of the Company's conditional share capital or authorized share capital without triggering the pre-emptive rights of the existing shareholders of the Company. The exercise of Yorkville Warrants will dilute the Company's shareholders' interests in the Company.
On May 18, 2020, WISeKey entered into an Agreement for the Issuance and Subscription of Convertible Notes (the “Nice & Green Facility”) with Nice & Green SA (“Nice & Green”), pursuant to which WISeKey has the right to draw down up to a maximum of CHF 10,000,000 in up to 25 tranches, each of which is divided into 25 convertible notes (the “Nice & Green Convertible Notes”), during a commitment period of 24 months commencing on May 20, 2020. The Nice & Green Convertible Notes do not bear interest. Subject to a cash redemption right of WISeKey, the Nice & Green Convertible Notes are mandatorily convertible into Class B Shares within a period of 12 months from issuance of the respective Nice & Green Convertible Notes (the “Nice & Green Conversion Period”). Conversion takes place upon request by Nice & Green during the Nice & Green Conversion Period, but in any case, no later than at the expiry of the Nice & Green Conversion Period, at a conversion price of 95% of the lowest daily volume-weighted average price of a Class B Share as traded on the SIX Swiss Exchange during the ten trading days preceding the relevant conversion date. WISeKey made several drawdowns in 2020 under the Nice & Green Facility, and no drawdown in 2021. The remaining amount available for drawdown as at December 31, 2021 is CHF 1,083,111 (USD 1,187,876 at closing rate). The conversion of the drawdowns under the Nice & Green Facility into Class B Shares will dilute the Company's shareholders' interest in the Company. In 2020, Nice & Green requested to convert all Nice & Green Convertible Notes issued in 2020, therefore, as at December 31, 2021, there were no Nice & Green Convertible Notes outstanding. As at December 31, 2021, the remaining amount available for drawdown by the Company under the Nice & Green Facility is CHF 1,083,111 (USD 1,187,876 at closing rate) and, as at December 31, 2021, the estimated maximum number of Class B Shares deliverable under the Nice & Green Facility is 1,508,511 Class B Shares at CHF 0.718 per Class B Share (calculated based on the closing price of a Class B Share on the SIX on December 30, 2021 of CHF 0.756 per Class B Share discounted by 5%). Note that the actual price at which Nice & Green may convert each tranche under the Nice & Green Facility is subject to change, and, therefore, the number of Class B Shares deliverable to Nice & Green may vary.
In connection with a second convertible loan, the Company granted to Crede on August 07, 2020, 1,675,885 warrants (the "Second Crede Warrants") for the acquisition of an equal number of Class B Shares. As a result, the maximum total number of Class B Shares that are issuable under the Second Crede Warrants as at December 31, 2021 is 1,675,885 Class B Shares. The Second Crede Warrants may be exercised by Crede at any time on or before September 14, 2023 at an exercise price per warrant equal to CHF 1.375 per Class B Share, as amended. The Class B Shares issued to Crede in connection with the Second Crede Warrants would be issued out of the Company's conditional share capital or authorized share capital without triggering the pre-emptive rights of the existing shareholders of the Company. The exercise of the Second Crede Warrants will dilute the Company's shareholders' interests in the Company.
In connection with, an Agreement for the Issuance and Subscription of Convertible Notes WISeKey entered into with GLOBAL TECH OPPORTUNITIES 8, Grand Cayman, Cayman Islands ("GTO") on December 8, 2020, the Company granted GTO warrants to acquire Class B Shares at an exercise price of the higher of (a) 120% of the 5-trading day VWAP of the Class B Shares on the SIX Swiss Stock Exchange over the 5 trading days immediately preceding the relevant subscription request and (b) CHF 1.50 (the “GTO Warrant Exercise Price”). The number of warrants granted at each tranche subscription was calculated as 15% of the principal amount of each subscription divided by the GTO Warrant Exercise Price. Each warrant agreement has a 5-year exercise period starting on the relevant subscription date. As at December 31, 2021, a total of 1,319,161 warrants (the "GTO Warrants") have been issued for the acquisition of an equal number of Class B Shares. As a result, the maximum total number of Class B Shares that are issuable under the GTO Warrants as at December 31, 2021 is 1,319,161 Class B Shares. The GTO Warrants may be exercised by GTO at any time until the fifth anniversary of their respective grant at the GTO Warrant Exercise Price. The Class B Shares issued to GTO in connection with the GTO Warrants would be issued out of the Company's conditional share capital or authorized share capital without triggering the pre-emptive rights of the existing shareholders of the Company. The exercise of the GTO Warrants will dilute the Company's shareholders' interests in the Company.
14
On 29 June 2021, WISeKey entered into an Agreement for the Subscription of up to $22M Convertible Notes (the “L1 Facility”) with L1 Capital Global Opportunities Master Fund (“L1”), as amended on September 27, 2021, pursuant to which L1 committed to grant loans, in several tranches and in the form of convertible notes (the “L1 Convertible Notes”), to WISeKey up to a maximum amount of USD 22,000,000, subject to certain conditions, over a period of 24 months. The L1 Convertible Notes bear interest at a rate of 6% per annum (“L1 Interest”). Subject to a cash redemption right of WISeKey, the L1 Convertible Notes are mandatorily convertible into Class B Shares within a period of 24 months from issuance of the respective L1 Convertible Notes (the “L1 Conversion Period”), extendable under certain conditions by a maximum of 6 months (the “L1 Maximum Conversion Period”). Conversion takes place upon request by L1 during the L1 Conversion Period, but in any case no later than at the expiry of the L1 Maximum Conversion Period. The conversion price applied to the principal amount of the L1 Convertible Notes and accrued interest, converted into CHF at the relevant exchange rate will be the lower of (i) 95% of the lowest volume weighted average price of Class B Shares on the SIX Swiss Exchange during the five trading days preceding the relevant conversion date and (ii) depending on the tranche, a fixed conversion price ranging from CHF 4 to CHF 7.50, for the tranches subscribed under the original agreement, and 90% of the lowest volume weighted average price of Class B Shares on the SIX Swiss Exchange during the ten trading days preceding the relevant conversion date for the tranches subscribed under the amendment dated September 27, 2021. WISeKey made several loan subscriptions in 2021 under the L1 Facility and the remaining amount available for loans as at December 31, 2021 is USD 5,000,000. In 2021, L1 requested to convert L1 Convertible Notes issued in 2021 for a total amount of USD 13,500,000, resulting in the issuance of 11,858,831 Class B Shares to L1. The conversion of the subscriptions under the L1 Facility into Class B Shares will dilute the Company's shareholders' interest in the Company. L1 requested to convert some but not all L1 Convertible Notes issued in 2021. As at December 31, 2021, L1 Convertible Notes in an aggregate amount of USD 3,500,000 remained unconverted and the remaining amount available for subscription by the Company under the L1 Facility is USD 5,000,000, therefore, as at December 31, 2021, the estimated maximum number of Class B Shares deliverable under the L1 Facility is 12,435,057 Class B Shares at a conversion price of, respectively, CHF 0.718 per Class B Share for the tranches subscribed under the original agreement (calculated based on the closing price of a Class B Share on the SIX on December 30, 2021 of CHF 0.756 discounted by 5%) and CHF 0.68 per Class B Share for the tranches subscribed under the amendment dated September 27, 2021 (calculated based on the closing price of a Class B Share on the SIX on December 30, 2021 of CHF 0.756 discounted by 10%). Note that the actual price at which L1 may convert each tranche under the L1 Facility is subject to change, and, therefore, the number of Class B Shares deliverable to L1 may vary.
In connection with the L1 Facility, the Company granted L1 the option to acquire Class B Shares at an exercise price of the higher of (a) 1.5 times the 5-trading day volume-weighted average price of the WISeKey Class B Share (“WIHN Class B Share”) on the SIX Swiss Stock Exchange immediately preceding the tranche closing date and (b) CHF 5.00 (the “L1 Warrant Exercise Price”). The number of warrants granted at each tranche subscription is calculated as 25% of the principal amount of each tranche divided by the volume-weighted average price of the trading day immediately preceding the tranche closing date. Each warrant agreement has a 3-year exercise period starting on the relevant subscription date. As at December 31, 2021, a total of 3,078,963 warrants (the "L1 Warrants") for the acquisition of an equal number of Class B Shares. As a result, the maximum total number of Class B Shares that are issuable under the L1 Warrants as at December 31, 2021 is 3,078,963 Class B Shares. The L1 Warrants may be exercised by L1 at any time until the third anniversary of their respective grant at the L1 Warrant Exercise Price. Should the remaining amount available for subscription by the Company under the L1 Facility of USD 5,000,000 be subscribed for, the estimated maximum number of warrants deliverable under the L1 Facility is 1,507,606 for the acquisition of an equal number of Class B Shares. As a result, assuming the L1 Facility is fully subscribed for, the maximum total number of Class B Shares that are issuable under the L1 Facility as at December 31, 2021 is 4,586,569 Class B Shares (the “Total L1 Warrants”). The Class B Shares issuable to L1 in connection with the Total L1 Warrants would be issued out of the Company's conditional share capital or authorized share capital without triggering the pre-emptive rights of the existing shareholders of the Company. The exercise of the Total L1 Warrants will dilute the Company's shareholders' interests in the Company. Note that the actual volume-weighted average price of the trading day immediately preceding the subscription date at each subscription used to calculate the number of warrants granted to L1 is subject to change, and, therefore, the number of Class B Shares deliverable to L1 may vary.
15
On 29 June 2021, WISeKey entered into an Agreement for the Subscription of up to $22M Convertible Notes (the “Anson Facility”) with Anson Investments Master Fund LP (“Anson”), as amended on September 27, 2021, pursuant to which Anson committed to grant loans, in several tranches and in the form of convertible notes (the “Anson Convertible Notes”), to WISeKey up to a maximum amount of USD 22,000,000, subject to certain conditions, over a period of 24 months. The Anson Convertible Notes bear interest at a rate of 6% per annum (“Anson Interest”). Subject to a cash redemption right of WISeKey, the Anson Convertible Notes are mandatorily convertible into Class B Shares within a period of 24 months from issuance of the respective Anson Convertible Notes (the “Anson Conversion Period”), extendable under certain conditions by a maximum of 6 months (the “Anson Maximum Conversion Period”). Conversion takes place upon request by Anson during the Anson Conversion Period, but in any case no later than at the expiry of the Anson Maximum Conversion Period. The conversion price applied to the principal amount of the Anson Convertible Notes and accrued interest, converted into CHF at the relevant ex-change rate will be the lower of (i) 95% of the lowest volume weighted average price of Class B Shares on the SIX Swiss Ex-change during the five trading days preceding the relevant conversion date and (ii), depending on the tranche, a fixed conversion price ranging from CHF 4 to CHF 7.50, for the tranches subscribed under the original agreement, and 90% of the lowest volume weighted average price of Class B Shares on the SIX Swiss Exchange during the ten trading days preceding the relevant conversion date for the tranches sub-scribed under the amendment dated September 27, 2021. WISeKey made several loan subscriptions in 2021 under the Anson Facility and the remaining amount available for loans as at December 31, 2021 is USD 5,500,000. In 2021, Anson requested to convert Anson Convertible Notes issued in 2021 for a total amount of USD 9,800,000, resulting in the issuance of 8,228,262 Class B Shares to Anson. The conversion of the subscriptions under the Anson Facility into Class B Shares will dilute the Company's shareholders' interest in the Company. Anson requested to convert some but not all Anson Convertible Notes issued in 2021. As at December 31, 2021, Anson Convertible Notes in an aggregate amount of USD 6,700,000 remained unconverted and the remaining amount available for subscription by the Company under the Anson Facility is USD 5,500,000, therefore, as at December 31, 2021, the estimated maximum number of Class B Shares deliverable under the Anson Facility is 18,088,674 Class B Shares at a conversion price of, respectively, CHF 0.718 per Class B Share for the tranches subscribed under the original agreement (calculated based on the closing price of a Class B Share on the SIX on December 30, 2021 of CHF 0.756 discounted by 5%) and CHF 0.68 per Class B Share for the tranches subscribed under the amendment dated September 27, 2021 (calculated based on the closing price of a Class B Share on the SIX on December 30, 2021 of CHF 0.756 discounted by 10%). Note that the actual price at which Anson may convert each tranche under the Anson Facility is subject to change, and, therefore, the number of Class B Shares deliverable to Anson may vary.
In connection with the Anson Facility, the Company granted Anson the option to acquire Class B Shares at an exercise price of the higher of (a) 1.5 times the 5-trading day volume-weighted average price of the WIHN Class B Shares on the SIX Swiss Stock Exchange immediately preceding the tranche closing date and (b) CHF 5.00 (the “Anson Warrant Exercise Price”). The number of warrants granted at each tranche subscription is calculated as 25% of the principal amount of each tranche divided by the volume-weighted average price of the trading day immediately preceding the tranche closing date. Each warrant agreement has a 3-year exercise period starting on the relevant subscription date. As at December 31, 2021, a total of 2,821,922 warrants (the "Anson Warrants") for the acquisition of an equal number of Class B Shares. As a result, the maximum total number of Class B Shares that are issuable under the Anson Warrants as at December 31, 2021 is 2,821,922 Class B Shares. The Anson Warrants may be exercised by Anson at any time until the third anniversary of their respective grant at the Anson Warrant Exercise Price. Should the remaining amount available for subscription by the Company under the Anson Facility of USD 5,500,000 be subscribed for, the estimated maximum number of warrants deliverable under the Anson Facility is 1,658,366 for the acquisition of an equal number of Class B Shares. As a result, assuming the Anson Facility is fully subscribed for, the maximum total number of Class B Shares that are issuable under the Anson Facility as at December 31, 2021 is 4,480,288 Class B Shares (the “Total Anson Warrants”). The Class B Shares issuable to Anson in connection with the Total Anson Warrants would be issued out of the Company's conditional share capital or authorized share capital without triggering the pre-emptive rights of the existing shareholders of the Company. The exercise of the Total Anson Warrants will dilute the Company's shareholders' interests in the Company. Note that the actual volume-weighted average price of the trading day immediately preceding the subscription date at each subscription used to calculate the number of warrants granted to Anson is subject to change, and, therefore, the number of Class B Shares deliverable to Anson may vary.
16
Our financial results may be affected by fluctuations in exchange rates.
Due to the broad scope of our international operations, a portion of our revenue and our expenses are denominated in currencies other than USD, our reporting currency. As a result, our business is exposed to transactional and translational currency exchange risks caused by fluctuations in exchange rates among those different currencies.
The functional currency of most of our operating subsidiaries is the applicable local currency. The translation from the applicable functional currencies into our reporting currency is performed for balance sheet accounts using exchange rates in effect at the balance sheet date, and, for the statement of operations accounts, using average exchange rates prevailing during the relevant period. Functional currency exchange rates for our operating subsidiaries have in the past, and may in the future, fluctuate significantly against the USD. Because we prepare our consolidated financial statements in USD, these fluctuations may have an effect both on our results of operations and on the reported value of our assets, liabilities, revenue and expenses as measured in USD, which in turn may significantly affect reported earnings, either positively or negatively, and the comparability of period-to-period results of operations.
In addition to currency translation risks, we are exposed to currency transaction risks. Currency transaction risk is the risk that the domestic currency value of a future foreign currency denominated cash flow (payments or receipts from a committed or uncommitted contract or credit facility) varies as a direct result of changes in exchange rates. Fluctuations in currencies may adversely impact our ability to compete on a global basis and our results of operations and our financial condition.
Our operating results can vary significantly due to the impairment of goodwill and other tangible and intangible assets due to changes in the business environment.
Our operating results can also vary significantly due to impairments of intangible assets, including goodwill, and other fixed assets. As at December 31, 2021, the value of our goodwill as recorded on our balance sheet was USD 30,841,303 and the value of acquired technologies and other intangible assets was USD 9,186,479, net of impairment and amortization. Because the market for our products is characterized by rapidly changing technologies, our future cash flows may not support the value of goodwill and other intangibles recorded in our consolidated financial statements. According to U.S. GAAP, we are required to annually test our recorded goodwill and indefinite-lived intangible assets, if any, and to assess the carrying values of other intangible assets when impairment indicators exist. As a result of such tests, we could be required to book impairment charges in our statement of operations if the carrying value is greater than the fair value. The amount of any potential impairment is not predictable.
Factors that could trigger an impairment of such assets include, but are not limited to, the following:
| · | underperformance relative to projected future operating results; |
| · | negative industry or economic trends, including changes in borrowing rates or weighted average cost of capital; |
| · | applicable tax rates; |
| · | changes in working capital; |
| · | the market multiples utilized in our fair value calculations; |
| · | changes in the manner or use of the acquired assets or the strategy for our overall business; and |
| · | changes in our organization or management reporting structure, which could require greater aggregation or disaggregation in our analysis by reporting unit and potentially alternative methods/ assumptions of estimating fair values. |
Any potential future impairment, if required, could have a material adverse effect on our business, financial condition and results of operations.
17
We may need additional capital in the future and it may not be available on terms favorable to us or at all.
We may require additional capital in the future to do, among other things, the following:
| · | fund our operations; |
| · | finance investments in equipment and infrastructure needed to maintain our manufacturing capabilities; |
| · | enhance and expand the range of products and services we offer; |
| · | respond to potential strategic opportunities, such as investments, acquisitions and expansions; and |
| · | service or refinance other indebtedness. |
Our ability to obtain external financing in the future is subject to a variety of uncertainties, including: (i) our financial condition, results of operations and cash flows, and (ii) general market conditions for financing activities.
The terms of available financing may also restrict our financial and operating flexibility. If adequate funds are not available on acceptable terms, we may be forced to reduce our operations or delay, limit or abandon expansion opportunities. Moreover, even if we are able to continue our operations, the failure to obtain additional financing could have a material adverse effect on our business, financial condition and results of operations.
The Company is a holding company with no direct cash generating operations and relies on its subsidiaries to provide it with funds necessary to pay dividends to shareholders.
The Company is a holding company with no significant assets other than the equity interests in its subsidiaries. The Company's subsidiaries own substantially all the rights to its revenue streams. The Company has no legal obligation to, and may not, declare dividends or other distributions on its shares. The Company's ability to pay dividends to its shareholders depends on the availability of sufficient legally distributable profits from previous years, which depends on the performance of its subsidiaries and their ability to distribute funds to the Company, and/or on the availability of distributable reserves from capital contributions at the Company level, and on the need for shareholder approval.
The ability of a subsidiary to make distributions to the Company could be affected by a claim or other action by a third party, including a creditor, or by laws which regulate the payment of dividends by companies. In addition, the subsidiaries' ability to distribute funds to the Company depends on, among other things, the availability of sufficient legally distributable profit of such subsidiaries. The Company cannot offer any assurance that legally distributable profit or reserves from capital contributions will be available in any given financial year.
Even if there is sufficient legally distributable profit or reserves from capital contributions available, the Company may not be able to pay a dividend or distribution of reserves from capital contributions for a variety of reasons. Payment of future dividends and other distributions will depend on our liquidity and cash flow generation, financial condition and other factors, including regulatory and liquidity requirements, as well as tax and other legal considerations.
Legal Risks
We are subject to anti-takeover provisions.
Our Articles and Swiss law contain provisions that could prevent or delay an acquisition of the Company by means of a tender offer, a proxy contest or otherwise. These provisions may also adversely affect prevailing market prices for our Class B Shares and our ADSs. These provisions provide, among other things:
| · | an opting-out from the obligation of an acquirer of Shares to make a public offer pursuant to article 135 and 163 of the Swiss Financial Market Infrastructure Act, including its implementing directives, circulars and other regulations (the "FMIA"); |
18
| · | that the share capital is divided into different classes of shares, of which only Class B Shares are listed on the SIX, whereas Class A Shares are not listed and tradable; |
| · | that the Board is currently authorized, at any time until May 25, 2023, to issue up to 6,141,701 new Class B Shares and to limit or withdraw the pre-emptive rights of existing shareholders in various circumstances; |
| · | that any shareholder who is entitled to propose any business or to nominate a person or persons for election as member of the Board at an annual meeting may only do so if advance notice is given to the Company; |
| · | that a merger or demerger transaction requires the affirmative vote of the holders of at least two-thirds of voting rights and an absolute majority of the par value of the shares, each as represented (in person or by proxy) at the general meeting of shareholders and the possibility of a so-called "cash-out" or "squeeze-out" merger if the acquirer controls 90% of the outstanding shares entitled to vote at a general meeting of shareholders; and |
| · | that any action required or permitted to be taken by the holders of shares must be taken at a duly called annual or extraordinary general meeting of shareholders of the Company. |
Each Class A Share and each Class B Share has one vote despite the difference in par value
Each Class A Share and each Class B Share carries one vote per share but our Class A Shares have a lower par value (CHF 0.01 per share) than our Class B Shares (CHF 0.05 per share). This means that, relative to their respective per share contribution to the Company’s capital, the holders of our Class A Shares have a greater relative per share voting power than the holders of our Class B Shares for matters that require approval on the basis of a specified majority of shares present at the shareholders meeting.
However, to the extent shareholder resolutions require as the relevant majority standard a majority of the par value of the shares present at the meeting, Class A Shares as a class have less votes than Class B Shares as a class (as the Class B Shares have a par value of CH 0.05 per Class B Share as compared to CH 0.01 per Class A Share). The majority of par value standard for approval of resolutions applies (i) to shareholder resolutions on certain specific matters (see Item 10B - Memorandum and Articles of Association - Dual Voting Rights) and (ii) to the extent that Swiss corporate law requires that a shareholder resolution be adopted with a majority of (A) two-thirds of the voting rights attached to, and (B) the absolute majority of the par value of, the shares, each as represented at the relevant meeting (see also Item 10B - Memorandum and Articles of Association - Voting Requirements).
Assuming a total of approximately 128.1 million of our shares are issued (in line with the commercial register of the Canton of Zug as at December 31, 2021), of which approximately 40.0 million are Class A Shares and approximately 88.1 million are Class B Shares, the Class A Shares as a class contribute approximately 8.33% of the aggregate par value of the Company, have 31.24% of the total votes for matters that require approval on the basis of a specified majority of the number of shares present or represented at the shareholders meeting, but 8.33% of the total votes for matters that require approval on the basis of a specified majority of the par value of the shares present at the shareholders meeting. Assuming the same total of approximately 128.1 million of our shares are issued, of which approximately 40.0 million are Class A Shares and approximately 88.1 million are Class B Shares, Class B Shares as a class contribute 91.67% of the aggregate par value of the Company, have 68.76% of the total votes for matters that require approval on the basis of a specified majority of the number of shares present or represented at the shareholders meeting, but 91.67% of the total votes for matters that require approval on the basis of a specified majority of the par value of the shares present at the shareholders meeting.
A change in tax laws, treaties or regulations, or their interpretation, of any country in which we operate, including tax rules limiting the deductibility of interest expense, could result in a higher tax rate on our earnings, which could result in a significant negative impact on our earnings and cash flows from operations.
We operate in various jurisdictions. Consequently, we are subject to changes in applicable tax laws, treaties or regulations in the jurisdictions in which we operate, which could include laws or policies directed toward companies organized in jurisdictions with low tax rates. A material change in the tax laws or policies, or their interpretation, of any country in which we have significant operations, or in which we are incorporated or resident, including the limitation of deductibility of interest expense, could result in a higher effective tax rate on our worldwide earnings and such change could be significant to our financial results.
19
We may become exposed to costly and damaging intellectual property or liability claims, and our product liability may not cover all damages from such claims.
We are exposed to potential intellectual property or product liability claims. We currently have not been involved in any such legal proceedings. However, the current and future use of our products may expose us to such claims. Any claims made against us, regardless of their merit, could be difficult and costly to defend, and could compromise the market acceptance of our products and any prospects for future products. Such legal proceedings could have a material adverse effect on our business, financial condition, or results of operations.
If WISeKey is unable to adequately protect its proprietary technology and intellectual property rights, its business could suffer substantial harm.
Our intellectual property rights are important to our business. We rely on a combination of confidentiality clauses, trade secrets, copyrights and trademarks to protect our intellectual property and know-how. In addition, we have filed a number of applications for patents to protect our technologies and have been granted two patents in Switzerland for the company's verification and authentication of valuable objects on the Internet in connection with technology involving the internet of things ("IoT") when connecting to each other or to the cloud. Further, in connection with the acquisition of WISeKey Semiconductors SAS from Inside Secure SA, we have acquired 39 patent families. As mentioned in Item 5C. Research and Development, Patents and Licenses, Etc., seven new patents were granted to WISeKey in 2021.
The steps we take to protect our intellectual property may be inadequate. We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create solutions and services that compete with ours. Some license provisions protecting against unauthorized use, copying, transfer and disclosure of our solutions may be unenforceable under the laws of certain jurisdictions.
We enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances. No assurance can be given that these agreements will be effective in controlling access to our proprietary information. Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our solutions. Additionally, we may from time to time be subject to opposition or similar proceedings with respect to applications for registrations of our intellectual property, including but not limited to our trademarks and patent applications. While we aim to acquire adequate protection of our brand through registrations in key markets, occasionally third parties may have already registered or otherwise acquired rights to identical or similar brands for solutions that also address the cybersecurity, authentication or mobile application markets. Additionally, the process of seeking patent protection can be lengthy and expensive. Any of our pending or future patent or trademark applications, whether challenged or not, may not be issued with the scope of the claims we seek, if at all.
From time to time, we may discover that third parties are infringing, misappropriating or otherwise violating our intellectual property rights. However, policing unauthorized use of our intellectual property and misappropriation of our technology is difficult and we may therefore not always be aware of such unauthorized use or misappropriation. Despite our efforts to protect our intellectual property rights, unauthorized third parties may attempt to use, copy or otherwise obtain and market or distribute our intellectual property rights or technology or otherwise develop solutions with the same or similar functionality as our solutions. If competitors infringe, misappropriate or otherwise misuse our intellectual property rights and we are not adequately protected, or if such competitors are able to develop solutions with the same or similar functionality as ours without infringing our intellectual property, our competitive position and results of operations could be harmed and our legal costs could increase.
20
WISeKey may incur fines or penalties, damage to its reputation or other adverse consequences if its employees, agents or business partners violate, or are alleged to have violated, anti-bribery, competition or other laws.
WISeKey's internal controls may not always protect us from reckless or criminal acts committed by our employees, agents or business partners that would violate Swiss, U.S. or other laws, including anti-bribery, competition, trade sanctions and regulations and other related laws. Any such improper actions could subject WISeKey to administrative, civil or criminal investigations in the competent jurisdictions, could lead to substantial civil or criminal monetary and non-monetary penalties against WISeKey or our subsidiaries, and could damage our reputation. Even the allegation or appearance of WISeKey's employees, agents or business partners acting improperly or illegally could damage our reputation and result in significant expenditures in investigating and responding to such actions.
We could be subject to litigation that, if not resolved in our favor and not sufficiently insured against, could have a material adverse effect on us.
As WISeKey continues to expand products, partnerships, sales and distribution, the risk of being involved in legal proceedings will invariably increase. While WISeKey has successfully avoided being involved in legal proceedings in the past, it may not be able to do so in the future. Legal proceedings, especially when involving intellectual property rights and product liability, may have material adverse effects on WISeKey's financial condition, results of operations and cash flows.
We process and store personal information, which subjects us to data protection laws and contractual commitments, and our actual or perceived failure to comply with such laws and commitments could harm our business.
The personal information we process is subject to an increasing number of laws regarding privacy and data protection, as well as contractual commitments. Any failure or perceived failure by us to comply with such obligations may result in governmental enforcement actions, fines, or cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.
Risks Related to Our Shares and ADSs
As a foreign private issuer, we are permitted to rely on exemptions from certain corporate governance standards.
As a foreign private issuer, we are permitted to, and we are relying on exemptions from certain NASDAQ corporate governance standards applicable to domestic U.S. issuers. This may afford less protection to holders of our ordinary shares and the ADSs.
We are exempted from certain corporate governance requirements of NASDAQ by virtue of being a foreign private issuer. We are required to provide a brief description of the significant differences between our corporate governance practices and the corporate governance practices required to be followed by domestic U.S. companies listed on NASDAQ. The standards applicable to us are considerably different than the standards applied to domestic U.S. issuers. For instance, we are not required to:
| · | have a majority of the board be independent (although all of the members of the audit committee must be independent under the U.S. Securities Exchange Act of 1934, as amended, or the "Exchange Act"); |
| · | have a compensation committee or a nominating or corporate governance committee consisting entirely of independent directors; or |
| · | have regularly scheduled executive sessions with only independent directors. |
We have relied on and intend to continue to rely on some of these exemptions. As a result, you may not be provided with the benefits of certain corporate governance requirements of NASDAQ.
21
As a foreign private issuer, we are exempt from certain disclosure requirements under the Exchange Act, which may afford less protection to our shareholders and ADS holders than they would enjoy if we were a domestic U.S. company.
As a foreign private issuer, we are exempt from, among other things, the rules prescribing the furnishing and content of proxy statements under the Exchange Act. In addition, our executive officers, directors and principal shareholders are exempt from the reporting and short-swing profit and recovery provisions contained in Section 16 of the Exchange Act. We are also not required under the Exchange Act to file periodic reports and financial statements with the SEC as frequently or as promptly as domestic U.S. companies with securities registered under the Exchange Act. As a result, our shareholders and ADS holders may be afforded less protection than they would under the Exchange Act rules applicable to domestic U.S. companies.
We may lose our foreign private issuer status, which would then require us to comply with the Exchange Act’s domestic reporting regime and cause us to incur significant legal, accounting and other expenses.
As a foreign private issuer, we are not required to comply with all of the periodic disclosure and current reporting requirements of the Exchange Act applicable to U.S. domestic issuers. In order to maintain our current status as a foreign private issuer, either (a) a majority of our common shares must be either directly or indirectly owned of record by non-residents of the United States or (b)(i) a majority of our executive officers or directors may not be United States citizens or residents, (ii) more than 50 percent of our assets cannot be located in the United States and (iii) our business must be administered principally outside the United States. These criteria are tested annually. If we lost this status, we would be required to comply with the Exchange Act reporting and other requirements applicable to U.S. domestic issuers, which are more detailed and extensive than the requirements for foreign private issuers. We may also be required to make changes in our corporate governance practices in accordance with various SEC and stock exchange rules. The regulatory and compliance costs to us under U.S. securities laws if we are required to comply with the reporting requirements applicable to a U.S. domestic issuer may be significantly higher than the cost we would incur as a foreign private issuer. As a result, we expect that a loss of foreign private issuer status would increase our legal and financial compliance costs and would make some activities highly time-consuming and costly. We also expect that if we were required to comply with the rules and regulations applicable to U.S. domestic issuers, it would make it more difficult and expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These rules and regulations could also make it more difficult for us to attract and retain qualified members of our board of directors.
We are an "emerging growth company", and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies may make the ADSs less attractive to investors and, as a result, adversely affect the price of the ADSs and result in a less active trading market for the ADSs.
We are an "emerging growth company" as defined in the U.S. Jumpstart Our Business Startups Act of 2012, or the JOBS Act, and we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not emerging growth companies. For example, we have elected to rely on an exemption from the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act relating to internal control over financial reporting, and we will not provide such an attestation from our auditors. We may avail ourselves of these disclosure exemptions until we are no longer an emerging growth company. We cannot predict whether investors will find the ADSs less attractive because of our reliance on some or all of these exemptions. If investors find the ADSs less attractive, it may adversely affect the price of the ADSs and there may be a less active trading market for the ADSs.
We will cease to be an emerging growth company upon the earliest of:
| · | the last day of the fiscal year during which we have total annual gross revenues of USD 1,070,000,000 (as such amount is indexed for inflation every five years by the United States Securities and Exchange Commission, or SEC) or more; |
| · | the last day of our fiscal year following the fifth anniversary of the completion of our first sale of common equity securities pursuant to an effective registration statement under the Securities Act; |
| · | the date on which we have, during the previous three-year period, issued more than USD 1,070,000,000 in non-convertible debt; or |
22
| · | the date on which we are deemed to be a "large accelerated filer", as defined in Rule 12b-2 of the Exchange Act, which would occur if the market value of our ordinary shares and ADSs that are held by non-affiliates exceeds USD 700,000,000 as of the last day of our most recently-completed second fiscal quarter. |
In addition, under the JOBS Act, emerging growth companies can delay adopting new or revised accounting standards issued subsequent to the enactment of the JOBS Act until such time as those standards apply to private companies. Depending on the circumstances, we may or may not take advantage of the extended transition period under Section 7(a)(2)(B) of the Securities Act for complying with new or revised accounting standards and therefore our financial statements may not be comparable to companies that comply with public company effective dates.
The requirements of being a public company may strain our resources and distract our management.
We are required to comply with various regulatory and reporting requirements, including those required by the SEC. Complying with these reporting and other regulatory requirements will be time-consuming and will result in increased costs to us, either or both of which could have a negative effect on our business, financial condition and results of operations.
As a public company, we are (subject to certain exceptions) subject to the reporting requirements of the Exchange Act and the other rules and regulations of the SEC, including the Sarbanes-Oxley Act and the listing and other requirements of NASDAQ. These requirements may place a strain on our systems and resources. The Exchange Act requires that we file annual and current reports with respect to our business and financial performance. The Sarbanes-Oxley Act requires that we maintain disclosure controls and procedures and internal control over financial reporting. To improve the effectiveness of our disclosure controls and procedures and our internal control over financing reporting, we need to commit significant resources and provide additional management oversight. We are implementing additional procedures and processes for the purpose of addressing the U.S. standards and requirements applicable to public companies. These activities may divert management's attention from other business concerns and we will incur significant legal, accounting and other expenses that we did not have prior to the listing on NASDAQ, which could have a material adverse effect on our business, financial condition and results of operations.
We have never paid dividends on our share capital, and we do not anticipate paying cash dividends in the foreseeable future.
We have never declared or paid cash dividends on our share capital. We do not anticipate paying cash dividends on our shares in the foreseeable future. We currently intend to retain all available funds and any future earnings to fund the development and growth of our business. Any future determination to declare cash dividends will be made at the discretion of our board of directors, subject to compliance with applicable laws and covenants under current or future credit facilities, which may restrict or limit our ability to pay dividends and will depend on our financial condition, operating results, capital requirements, distributable profits and/or distributable reserves from capital contributions, general business conditions and other factors that our board of directors may deem relevant. As a result, capital appreciation, if any, of our securities will be your sold source of gain for the foreseeable future.
ADS holders may not be entitled to a jury trial with respect to claims arising under the deposit agreement, which could result in less favorable outcomes to the plaintiffs in any such action.
The deposit agreement governing the ADSs representing our Class B Shares provides that, to the fullest extent permitted by applicable law, ADSs holders waive the right to a jury trial of any claim they may have against us or the depositary arising out of or relating to our Class B Shares, the ADSs or the deposit agreement, including any claim under the U.S. federal securities laws. The waiver to right to a jury trial of the deposit agreement is not intended to be deemed a waiver by any holder or beneficial owner of ADSs of our or the depositary's compliance with the U.S. federal securities laws and the rules and regulations promulgated thereunder.
If we or the depositary oppose a jury trial demand based on the waiver, the court would determine whether the waiver was enforceable based on the facts and circumstances of that case in accordance with the applicable state and federal law. The enforceability of a contractual pre-dispute jury trial waiver in connection with claims arising under the federal securities laws has not been finally adjudicated by the United States Supreme Court. However, we believe that a contractual pre-dispute jury trial waiver provision is generally enforceable, including under the laws of the State of New York, which govern the deposit agreement. In determining whether to enforce a contractual pre-dispute jury trial waiver provision, courts will generally consider whether a party knowingly, intelligently and voluntarily waived the right to a jury trial. We believe that this is the case with respect to the deposit agreement and the ADSs. It is advisable that you consult legal counsel regarding the jury waiver provision before investing in the ADSs.
23
If you or any other holders or beneficial owners of ADSs bring a claim against us or the depositary in connection with matters arising under the deposit agreement or the ADSs, including claims under federal securities laws, you or such other holder or beneficial owner may not be entitled to a jury trial with respect to such claims, which may have the effect of limiting and discouraging lawsuits against us and/or the depositary. If a lawsuit is brought against us and/or the depositary under the deposit agreement, it may be heard only by a judge or justice of the applicable trial court, which would be conducted according to different civil procedures and may result in different outcome than a trial by jury would have had, including results that could be less favorable to the plaintiffs in any such action.
Nevertheless, if this jury trial waiver is not permitted by applicable law, an action could proceed under the terms of the deposit agreement with a jury trial. No condition, stipulation or provision of the deposit agreement or our ADSs serves as a waiver by any holder or beneficial owner of ADSs or by us or the depositary of compliance with any provision of the U.S. federal securities laws and the rules and regulations promulgated thereunder.
Your voting rights as a holder of our ADSs are limited by the terms of the deposit agreement.
You may exercise your voting rights with respect to the ordinary shares underlying your ADSs only in accordance with the provisions of the deposit agreement. Upon receipt of voting instructions from you in the manner set forth in the deposit agreement, the depositary for our ADSs will endeavor to vote your underlying ordinary shares in accordance with these instructions. When a general meeting is convened, you may not receive sufficient notice of a shareholders' meeting to permit you to withdraw your ordinary shares to allow you to cast your vote with respect to any specific matter at the meeting. In addition, the depositary and its agents may not be able to send voting instructions to you or carry out your voting instructions in a timely manner. We will make all reasonable efforts to cause the depositary to extend voting rights to you in a timely manner, but you may not receive the voting materials in time to ensure that you can instruct the depositary to vote your shares. As a result, you may not be able to exercise your right to vote.
The depositary for our ADSs will give a discretionary proxy to vote the ordinary shares underlying your ADSs if you do not give timely voting instructions, except in limited circumstances, which could adversely affect your interests.
Under the deposit agreement for our ADSs, the depositary will, to the extent permitted under applicable law, give a discretionary proxy to the independent proxy holder elected by the Company's shareholders to exercise the voting rights of the ordinary shares underlying your ADSs at shareholders' meetings if you do not give voting instructions to the depositary, unless:
| · | we have instructed the depositary that we do not wish a discretionary proxy to be given; |
| · | we have informed the depositary that there is substantial opposition as to a matter to be voted on at the meeting; or |
| · | a matter to be voted on at the meeting would have a material adverse impact on shareholders. |
The effect of this discretionary proxy is that, if you fail to give voting instructions to the depositary, you cannot prevent the ordinary shares underlying your ADSs from being voted, absent the situations described above, and it may make it more difficult for shareholders to influence our management.
You may be subject to limitations on transfer of your ADSs.
Your ADSs are transferable on the books of the depositary. However, the depositary may close its transfer books at any time or from time to time when it deems expedient in connection with the performance of its duties. In addition, the depositary may refuse to deliver, transfer or register transfers of ADSs generally when our books or the books of the depositary are closed, or at any time if we or the depositary deems it advisable to do so because of any requirement of law or of any government or governmental body, or under any provision of the deposit agreement, or for any other reason.
24
You may not receive distributions on our Class B Shares or any value for them if it is illegal or impractical to make them available to you as an ADS holder.
The depositary of our ADSs has agreed to pay you the cash dividends or other distributions it or the custodian for the Class B Shares represented by ADSs after deducting its fees and expenses. You will receive these distributions in proportion to the number of our Class B Shares that your ADSs represent. However, the depositary is not responsible for making such payments or distributions if it is unlawful or impractical to make a distribution available to any holders of ADSs. For example, it would be unlawful to make a distribution to a holder of ADSs if it consists of securities that require registration under the Securities Act but that are not properly registered or distributed pursuant to an applicable exemption from registration. The depositary is not responsible for making a distribution available to any holders of ADSs if any government approval or registration required for such distribution cannot be obtained after reasonable efforts made by the depositary. We have no obligation to take any other action to permit the distribution of our ADSs, Class B Shares, rights or anything else to holders of our ADSs. This means that you may not receive the distributions we make on our Class B Shares or any value for them if it is illegal or impractical for us to make them available to you as an ADS holder. These restrictions may reduce the value of your ADSs.
The rights accruing to holders of our shares may differ from the rights typically accruing to shareholders of a U.S. corporation.
We are organized under the laws of Switzerland. The rights of holders of Class B Shares and, therefore, certain of the rights of ADSs, are governed by the laws of Switzerland and by our Articles of Association. These rights differ in certain respects from the rights of shareholders in typical U.S. corporations. See the sections entitled "Description of Share Capital and Articles of Association – Differences in Corporate Law" and "Description of Share Capital and Articles of Association – Articles of Association – Other Swiss Law Considerations" for a description of the principal differences between the provisions of Swiss law applicable to us and, for example, the Delaware General Corporation Law relating to shareholders' rights and protections.
Claims of U.S. civil liabilities may not be enforceable against us.
We are incorporated under the laws of Switzerland. Certain of our directors reside outside the United States. As a result, it may not be possible for investors to effect service of process within the United States upon such persons or to enforce judgments obtained in U.S. courts against them or us, including judgments predicated upon the civil liability provisions of the U.S. federal securities laws. The United States and Switzerland do not currently have a treaty providing for recognition and enforcement of judgments (other than arbitration awards) in civil and commercial matters. Consequently, a final judgment for payment given by a court in the United States, whether or not predicated solely upon U.S. securities laws, would not automatically be recognized or enforceable in Switzerland. In addition, uncertainty exists as to whether Swiss courts would entertain original actions brought in Switzerland against us or our directors predicated upon the securities laws of the United States or any state in the United States. Any final and conclusive monetary judgment for a definite sum obtained against us in U.S. courts would be reviewed by the courts of Switzerland. Whether these requirements are met in respect of a judgment based upon the civil liability provisions of the U.S. securities laws, including whether the award of monetary damages under such laws would constitute a penalty, is an issue for the court making such decision. If a Swiss court gives judgment for the sum payable under a U.S. judgment, the Swiss judgment will be enforceable by methods generally available for this purpose. These methods generally permit the Swiss court discretion to prescribe the manner of enforcement. As a result, U.S. investors may not be able to enforce against us or certain of our directors, or certain experts named herein who are residents of Switzerland or countries other than the United States, any judgments obtained in U.S.
If we fail to maintain an effective system of internal control over financial reporting, we may not be able to accurately report our financial results or prevent fraud. As a result, shareholders could lose confidence in our financial and other public reporting, which would harm our business and the trading price of ADSs or our Class B Shares.
Effective internal controls over financial reporting are necessary for us to provide reliable financial reports and, together with adequate disclosure controls and procedures, are designed to prevent fraud. Any failure to implement required new or improved controls, or difficulties encountered in their implementation could cause us to fail to meet our reporting obligations. Inadequate internal controls could cause investors to lose confidence in our reported financial information, which could have a negative effect on the trading price of our ADSs or our Class B Shares.
25
Management will be required to assess the effectiveness of our internal controls annually. However, for as long as we are an "emerging growth company", our independent registered public accounting firm will not be required to attest to the effectiveness of our internal controls over financial reporting. An independent assessment of the effectiveness of our internal controls could detect problems that our management's assessment might not. Undetected material weaknesses in our internal controls could lead to financial statement restatements requiring us to incur the expense of remediation and could also result in an adverse reaction in the financial markets due to a loss of confidence in the reliability of our financial statements.
If securities or industry analysts do not publish research, or publish inaccurate or unfavorable research, about our business, the price of our ADSs or our Class B Shares and their respective trading volumes could decline.
The trading market for our ADSs and our Class B Shares depends in part on the research and reports that securities or industry analysts publish about us or our business. Since we have not undertaken an initial public offering of ADSs in connection with the listing of our ADSs on NASDAQ, we do not anticipate that many or any industry analysts in the United States will publish such research and reports in the United States about our Class B Shares or our ADSs. If no or too few securities or industry analysts commence or continue coverage on us, the trading price for our ADSs and our Class B Shares could be affected. If one or more of the analysts who may eventually cover us downgrade our ADSs or our Class B Shares or publish inaccurate or unfavorable research about our business, the trading price of our ADSs or our Class B Shares would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, demand for our ADSs or Class B Shares could decrease, which might cause the price of such securities and their respective trading volumes to decline.
Although we believe that we were not a "passive foreign investment company," or PFIC, for U.S. federal income tax purposes in 2021, there can be no assurance in this regard, and it is likely that we will be a PFIC in 2022. If we are a PFIC in any year, U.S. holders of our ADSs may be subject to adverse U.S. federal income tax consequences.
Under the Internal Revenue Code of 1986, as amended, or the Code, we will be a PFIC for any taxable year in which, after the application of certain look-through rules with respect to subsidiaries, either (i) 75% or more of our gross income consists of passive income or (ii) 50% or more of the average quarterly value of our assets consists of assets that produce, or are held for the production of, passive income. Based on our financial statements, business plan and certain estimates and projections, including as to the relative values of our assets, we do not believe that we were a PFIC for our 2021 taxable year. However, based on the expected composition of our assets following the pending sale of our 51% ownership stake in arago and its affiliates for cash, which is expected to be completed in the second quarter of 2022, we are likely to be a PFIC for our 2022 taxable year if we do not spend a substantial amount of our liquid assets on active business operations or if our market capitalization does not substantially increase. Furthermore, there can be no assurance that the Internal Revenue Service (the "IRS") will agree with our conclusion regarding our PFIC status for 2021, and whether we are or will be classified as a PFIC in any particular year is uncertain because we currently own a substantial amount of passive assets, including cash, and the valuation of certain of our assets is uncertain and may vary substantially over time. Accordingly, there can be no assurance that we will not be a PFIC for any taxable year.
If we are a PFIC for any taxable year during which a U.S. investor holds ADSs, we generally would continue to be treated as a PFIC with respect to that U.S. investor for all succeeding years during which the U.S. investor holds ADSs, even if we ceased to meet the threshold requirements for PFIC status. Such a U.S. investor may be subject to adverse U.S. federal income tax consequences, including (i) the treatment of all or a portion of any gain on disposition as ordinary income, (ii) the application of a deferred interest charge on such gain and the receipt of certain dividends and (iii) compliance with certain reporting requirements. We do not intend to provide the information that would enable investors to make a qualified electing fund election that could mitigate the adverse U.S. federal income tax consequences should we be classified as a PFIC.
For further discussion, see "Taxation—Material U.S. Federal Income Tax Considerations for U.S. Holders."
If a United States person is treated as owning at least 10% of our shares or ADSs, such holder may be subject to adverse U.S. federal income tax consequences.
If a U.S. investor owns or is treated as owning (indirectly or constructively) at least 10% of the value or voting power of our shares or ADSs, such investor may be treated as a "United States shareholder" with respect to each "controlled foreign corporation" in our group (if any). Because our group includes a U.S. subsidiary, certain of our non-U.S. subsidiaries could be treated as controlled foreign corporations (regardless of whether or not we are treated as a controlled foreign corporation). A United States shareholder of a controlled foreign corporation may be required to report annually and include in its U.S. taxable income its pro rata share of "Subpart F income," "global intangible low-taxed income," and investments in U.S. property by controlled foreign corporations, regardless of whether we make any distributions. Failure to comply with these reporting obligations may subject a United States shareholder to significant monetary penalties and may prevent the statute of limitations with respect to such shareholder's U.S. federal income tax return for the year for which reporting was due from starting. We cannot provide any assurances that we will assist investors in determining whether any of our non-U.S. subsidiaries is treated as a controlled foreign corporation or whether any investor is treated as a United States shareholder with respect to any such controlled foreign corporation or furnish to any United States shareholders information that may be necessary to comply with the aforementioned reporting and tax paying obligations. A United States investor should consult its advisors regarding the potential application of these rules to an investment in our ADSs.
26
| Item 4. | Information on the Company |
| A. | History and Development of the Company |
We are a Swiss stock corporation (Aktiengesellschaft) of unlimited duration with limited liability under the laws of Switzerland and registered in the Commercial Register of the Canton of Zug, Switzerland, on December 3, 2015 under the register number CHE-143.782.707. We are registered under the company name "WISeKey International Holding AG" and have our registered office and principal executive offices at General-Guisan-Strasse 6, 6300 Zug, Switzerland. WISeKey International Holding AG is the parent company of WISeKey SA, which was established in 1999. Our address on the Internet is http://www.wisekey.com. The information on our website is not incorporated by reference in this annual report.
In the first quarter of 2019, we completed the sale of the QuoVadis Group to DigiCert Inc, a leading global provider of TLS/SSL, IoT and other PKI solutions, for USD 45 million cash. The products and solutions of the QuoVadis Group sold to DigiCert Inc. consisted of QuoVadis Trust/Link which provides managed Public Key Infrastructure (PKI) including Digital Certificates for authentication, encryption, and digital signature; TLS/SSL Certificates for websites; QuoVadis sealsign which provides software and cloud solutions for Electronic Signatures and time-stamping. We retained ownership of the ISTANA Platform used to secure, among other things, the connected car industry, as part of its offerings for the Internet of Things (IoT) market, together with its latest Blockchain technology. The ISTANA Platform complements our core products and solutions which are based on our Cybersecurity SaaS business, also known as managed PKI services, and on our Semiconductor chips, and focus on securing the IoT market and using Artificial Intelligence (AI) to analyze data, with products and services using public key encryption and hardware encryption, digital identity protection services, anti-illicit trade products and services, and Blockchain services.
On February 1, 2021, we acquired a controlling interest in arago GmbH (“arago”) through conversion of a CHF 5 million loan to arago into 51% of arago’s share capital carrying 51% of the voting rights (see Notes 11 and 15 of our consolidated financial statement as at December 31, 2021). arago is a leading German technology company that provides Artificial Intelligence (“AI”) to enterprises globally through knowledge automation. See also Item 8-B (Significant Changes) and in particular the Share Purchase and transfer Agreement we entered into in relation to the disposition of the arago group.
The SEC maintains an internet site at http://www.sec.gov that contains reports, information statements, and other information regarding issuers that file electronically with the SEC.
| B. | Business Overview |
Overview
We are a Swiss cybersecurity company, publicly listed in Switzerland on the SIX since 2016 (Class B Shares, ticker: WIHN) and in the U.S. on the NASDAQ, since 2019 (American Depositary Shares, ticker WKEY), focused on delivering integrated security solutions for the Internet of Things (IoT) and digital identity ecosystems. With over two decades of experience in the digital security market, we integrate our secure semiconductors, cybersecurity software, and a globally recognized Root of Trust (RoT) into leading-edge products and services that protect users, devices, data and transactions in the internet-connected world.
The rapid proliferation of internet-connected devices and individuals' increasing dependence on them for personal and business purposes have exposed shortcomings in traditional security solutions. Legacy IT networks are easy targets for attackers that leverage the vulnerabilities of the outdated perimeter-based security methods that cannot keep up with the sheer number of devices that are being added every day. Our cybersecurity platform is the first of its kind to be intentionally designed to provide organizations with a holistic cybersecurity solution to safeguard their connected device ecosystem from the evolving cyber threats that lurk around every corner of the burgeoning Internet of Things (IoT) landscape.
27
Cyber-attacks are becoming increasingly sophisticated, posing significant and persistent threats to international organizations and the sensitive data that they are responsible to protect under government regulations such as GDPR. Attackers deploy clandestine, advanced, and targeted attacks on less secure bring-your-own-devices (BYOD) to infiltrate broader networks. These attacks can remain inside a network for extended periods of time undetected, most often to steal valuable data, spread malicious malware, or sabotage critical infrastructure. The proliferation of the IoT and the increase in connected devices is driving the severity of these risks up. As more devices are connected, more data is shared and as more data is shared, there are more points of vulnerability. Being able to secure these points of vulnerability is critical to the success of business and data communications future. The World Economic Forum said, in an article published in November of 2019, that Cybercrime will remain a large-scale concern for years to come. From 2019 to 2023E, approximately $5.2 trillion in global value will be at risk from cyberattacks, creating an ongoing challenge for corporations and investors alike1.
In the context of cybersecurity, a major concern is not just the risk of exposing data to bad actors, but also the actions and decisions that are made based on the data and that cannot take place if the data cannot be trusted. As a result, conceptually in terms of data classes, some data can be trusted to take a particular action and other data cannot. If data is categorized as "Untrusted Data", where the identity of a device or data source is not known, the network security is low or the data integrity cannot be validated, that data is flagged as untrusted. So-called "Secure Data" on the other hand stems from devices and data sources with trusted identities and data validation processes, inherently part of a Public Key Infrastructure (PKI), generating "Trusted Data" that can trigger reliable actions, transactions and processes. As more and more applications rely on immediate actions, like the decision for a drone to complete its delivery, the need for Secure Data becomes critical for safety and security and it can only derive from secure, trusted IoT ecosystems.
WISeKey believes that we are one among very few companies in our market combining secure IoT microchips with proven cybersecurity software and services. Simply put, devices and data sources that are deployed without the security provided by our platform are exposed and lack the mission-critical security systems to defend themselves and the networks they are connected to. Our security solutions are therefore at the forefront of cybersecurity innovation, driving the future of IoT and IT security as the most comprehensive way to fill all gaps in identity and data protection, giving organizations the confidence that they are protected from device-to-cloud and beyond.
Our cybersecurity and automation platform is comprised of our proprietary software and hardware products that have been designed from the ground up to address the unique attack parameters that threaten the IoT and data ecosystem:
| · | Hardware - Our unique position as one of only six companies worldwide that have their own IP to design secure chips and capable of deploying secure microchips that have been certified by globally recognized security certification boards like Common Criteria, Cybersecurity and Infrastructure Security Agency and FIPS (Federal Information Processing Standards) gives us the advantage of being able to provide our clients with the highest level of digital security available on the market at this time. Our secure microchips, typically referred to as Secure Elements, have been embedded into billions of devices and are trusted to secure drone, enterprise, government, and medical-grade applications. |
| · | Software - Our software solutions are driven by proprietary technologies based on widely adopted standards such as Root of Trust (RoT) and Public Key Infrastructure (PKI), that enable our clients to effectively manage their digital identities, information, and communications through a single integrated platform. RoT enables us to secure electronic information through our PKI digital certificate technology. These digital certificates are deployed for mutual authentication and encryption, creating tamperproof electronic "fingerprints", allowing our clients to adapt to an always changing device landscape without compromising their digital security and integrity. |
__________________________________
1 Ghosh, I, ‘This is the crippling cost of cybercrime on corporations’, World Economic Forum, November 7, 2019.
28
Market Opportunities
Our security solutions address the complex needs of global enterprises and organizations. Our customers include leading organizations in a diverse set of industries, including energy and utilities, financial services, healthcare, manufacturing, retail, technology, IT operations and telecommunications, as well as the public and academic sectors. In addition, we have an extensive network of channel partners, including software providers, systems integrators, IT outsourcing providers and leading cybersecurity consulting firms.
While our focus is on integrated solutions, we market and sell our products as both standalone products and integrated product suites. We derive revenue from the sales of microchips, software subscriptions, maintenance and licenses across our product portfolio.
Our core business addresses primarily two large and growing markets: Cybersecurity and IoT.
According to PwC’s 2022 Global Digital Trust Insights report, “investments continue to pour into cybersecurity” with 69% of responding organizations predicting a rise in their cyber spending for 2022. Some even expect a surge in spending, with 26% saying they anticipate a 10% or higher spike in cyber spending for the upcoming year2. Meanwhile, tech research and advisory firm Gartner estimated that spending on information security and risk management will total US$172 billion in 2022, up from US$155 billion in 2021 and US$137 billion the year before3.
More than 12 billion IoT devices were connected in 2021. This number is expected to boom and grow to 27 billion units in 2025, with a compound annual growth rate (‘CAGR’) of 22%4. The global IoT cybersecurity market is expected to grow to more than $50 billion in 2025, with a 33% CAGR from 20205. Some notable sub-categories of where we have a significant track record include:
| · | Industry 4.0 |
| · | Drone Security |
| · | Healthcare and Medical Devices |
| · | Data Privacy |
| · | Autonomous Safety. |
As at December 31, 2021, we had 136 employees located across 8 countries. We also have 3 independent contractors located in Germany and 2 in France.
For the fiscal years ended December 31, 2021, 2020 and 2019 we generated revenues of, respectively, USD 22.3 million, USD 14.8 million and USD 22.7 million, with cash reserves (restricted and unrestricted) of USD 34.4 million as at December 31, 2021 and USD 21.8 million as at December 31, 2020.
Security is our DNA and we are committed to continuing to develop and deliver solutions that keep our clients ahead of the unique cybersecurity threats that they face within their markets, enabling them to adapt to an evolving landscape. Trustworthiness is also demonstrated by means of independent audits and accreditations. WISeKey products and services are recognized for their superior quality and maximum-security levels through accreditations such as WebTrust for the PKI solutions and Common Criteria for the semiconductor products, meeting or exceeding the highest standards required by the industry.
__________________________________
2 Pwc, ‘2022 Global Digital Trust Insights - The C-suite guide to simplifying for cyber readiness,today and tomorrow’, https://www.pwc.com/us/en/forms/2022-global-digital-trust-insights-download.html.
3 Moore S., ‘Gartner Forecasts Worldwide Security and Risk Management Spending to Exceed $150 Billion in 2021’, Gartner, May 17, 2021.
4 Sinha, S., ‘State of IoT 2021: Number of connected IoT devices growing 9% to 12.3 billion globally, cellular IoT now surpassing 2 billion’, IoT Analytics, September 22, 2021.
5 Middleton P. et al., ‘ Forecast: IT Services for IoT, Worldwide, 2019-2025’, Gartner, August 16, 2021.
29
Industry Background
Broad rollout and adoption of internet connected devices creates increased exposure
The Internet of Things (IoT) is the network of physical devices, vehicles, home appliances, and other things embedded with electronics, software, sensors, actuators and network connectivity that create an ecosystem of connected devices exchanging and making decisions on data that is being broadcast across the Internet.
Organizations face persistent threats from advanced attackers who are increasingly aware of existing vulnerabilities in existing security solutions and target the weakest link in the chain of security. Attackers can penetrate unsecured devices and subsequently connect to and cause harm to networks, manipulate data or use this data to gain competitive advantages. These devices include employees' personal devices (e.g., smartphones, laptops, and tablets), non-employee personal devices, (e.g., devices owned by third parties and others within enterprises), as well as IoT devices used for corporate purposes (e.g., lights, security cameras, printers, point-of-sale machines, thermostats, and medical devices). This landscape is growing rapidly and securing these devices and the data they provide has become an overwhelming priority for almost every single company in business today.
Most devices today lack encryption, authentication and other forms of protection from malicious attacks. Once the security parameters are penetrated, attackers can infiltrate and further spread malicious software to a range of devices. This can ultimately lead to interruption of business operations, slowdown of internet functionality, potential disruptions to critical infrastructure, and in some cases even the loss of sensitive consumer information. Based on a report that INC.com conducted with collaboration from Cisco and the National Center for Middle Market, 60% of small businesses would fold within 6 months of a cyber-attack (Galvin 2018)6.
Existing security solutions were not built for today's connected world
Traditional IT security consists of software security solutions that were developed decades ago and focus primarily on legacy closed networks where the security landscape and challenges are less fractured and firewalls are used to protect a well-defined network perimeter.
Unlike personal computers, IoT devices rely on cloud computing for much of their operations. This has driven a paradigm shift to device-level security, as smart devices lack the critical security infrastructure to prevent infiltration. Attackers carry out DDoS (Distributed Denial of Service) attacks by taking advantage of vulnerabilities in these devices, which enables them to command a much greater and more widely distributed IP address base than other attacks.
In today's environment, security for IoT relies on various vendors and solutions. According to Symantec Corporation, the average enterprise uses 75 distinct and different security products (Symantec 2015)7. These products can be effective at preventing an attack if it falls within the scope of their specific capability and the enterprises have the necessary security knowledge of how to implement the different elements. Enterprises increasingly require a vendor such as WISeKey that can provide a fully integrated offering designed specifically to address the unique challenges of IoT security.
Enterprises need security solutions that address today's complexities and dynamic threat environment
Enterprises must address the IoT security problem and bridge the gap between device proliferation and device security. It is imperative for devices to be manufactured with immutable digital identities that can be secured inside embedded microchips, giving the devices the ability to securely authenticate themselves within the network. This device-level authentication creates an end-to-end secure connection, extending all of the way from the device through the cloud platforms and ultimately to the end applications, eliminating potential security gaps that are inevitably generated during integration of various technologies.
Cyber-attackers often target identities as they provide access to valuable systems and data while concealing their activity within networks. More than ever, enterprises must focus on digital identities as the primary constant in an ever-evolving technology and threat landscape. PKI and digital certificates are two tools in the security chain that leverage the device's digital identity to implement strong authentication, encryption and digital signatures, which are the building blocks of cybersecurity solutions. Digital certificates provide identifying information, are forgery resistant, and can be verified because they are issued by official, trusted agencies. As digital identities have effectively become the new network perimeter, securing these identities has become paramount.
__________________________________
6 Galvin, J, ‘60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here’s How to Protect Yourself’, Inc., May 7, 2018.
7Symantec, ‘Symantec Introduces New Era of Advanced Threat Protection’, Symantec Press Release, October 27, 2015.
30
Our Technology
After reviewing the market conditions listed in the Industry Background section above, it is easy to see that there is a clear and present need for a unified platform that can address the broad range of unique security and trust challenges facing the market today. Even with a host of large corporations operating in the semiconductor or cybersecurity software markets, we believe that they have not succeeded in building - in the way WISeKey does - comprehensive solutions that integrate software and hardware into a single, easy to implement, platform that gives organizations the peace of mind that their processes are automated and products, networks, private data, and reputations are holistically protected.
WISeKey with its Trust Technology
is a leader in cybersecurity with core technology used to generate digital identities
and authenticate data and IoT, thereby enabling trust in IoT, data and identification. WISeKey’s recent acquisition of arago brings
with it its AI and Data Technology who are leaders in business process automation and their next-generation Knowledge Automation enables
up to 3x higher automation at lower ownership cost and enables full digitization of end-to-end processes and establishes customer data
platform to support AI and analytics.
WISeKey is now combining these technologies, adding Trust to Knowledge Automation and enabling the delivery of the next wave in business process automation with the Trust required to combat the cyberthreats that have plagued the automation market in the past. This is a cloud-based SaaS offering designed for an uncertain cyberthreat environment with the customer data secured and authenticated throughout the entire process delivering unprecedented value to customers.
Knowledge Automation – There are three steps in the knowledge automation process:
 |
1. Data, a ticket or request is sent to HIRO, the arago knowledge automation platform, and the AI engine assesses if additional data required to determine what to do next. |
| 2. HIRO requests contextual data to determine what the problem is and through a trial-and-error process AI identifies the problem. | |
| 3. HIRO then applies automation to solve problem, where each action feeds back data and the AI engine uses data to determine if the problem is solved or more steps are required. |
This entire process is secured by Trust technology:
| • | All communication through secure APIs, not directly to UI or server |
| • | Data “watermarked” when leaving customer systems |
| • | Encrypted in transit to HIRO |
| • | All contact with data is securely recorded and auditable |
| • | Personal data (PII) can be pseudomized for GDPR compliance |
At the heart is an AI Data Warehouse:
| • | All data used by HIRO during automation is stored in a Knowledge Graph |
| • | Data is structured and tagged for analytics – AI ready |
31
Connected Trust Essentials - The future of the connected world relies on trust and our mission at WISeKey is to build trust through the delivery of integrated security solutions. This is at the core of our Knowledge Automation platform and supported by three core technologies that we believe are necessary to deliver on this mission: Digital Identities (Digital IDs), Public Key Infrastructure (PKI), and a globally recognized Root of Trust (RoT). Below is a brief overview of each component:
Digital IDs - A digital identity is the virtual representation of the real identity of a person, application or object. This identity must be:
| · | Based on standards that are commonly adopted and implemented by default by most common software applications and operating systems, in order to reduce the implementation effort; |
| · | Trustworthy by all parties involved in its use or validation, by means of trusting the entity that issued the digital identity; |
| · | Multifunctional, so the same technology can be used for as many purposes as possible, like strong authentication, digital signature and encryption; |
| · | Revocable, in case of security compromise, cease of operation or other causes, in such a way that all participants can verify at any moment if an identity is valid. |
WISeKey leverages the standards around Public Key Cryptography and Digital Certificates to build its concept of Digital ID and electronic transaction security.
Public Key Infrastructure (PKI) - A Public Key Infrastructure (PKI) is commonly defined as "a set of IT systems, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates". PKI is WISeKey's base technology to manage Digital Identities. WISeKey's PKI is built fully compatible with the ITU X.509 standard (International Telecommunication Union 2016 ITU-T X-Series Recommendations) for personal certificates, and is built around a proprietary software solution for certificate management, that allows issuing millions of certificates and provide a multi-tenant interface that can be accessed by our corporate customers to manage the certificates of their employees or customers.
Root of Trust (RoT) - The concept of "Root of Trust" has a dual approach and interpretation:
| · | Software-approach: Transactional RoT - This approach to the RoT is the one related to PKI technology and Digital Certificates. Typically, the PKI is built as a hierarchy of Certification Authorities (‘CA’), in such a way that the CA that issues the Digital Certificate of an entity is itself endorsed by a higher level Certification Authority . Typically, this chain has two or three levels and at the top level we'll find what is called the "Root Certification Authority" (Root CA). This brings a key concept around Trust in PKI: We can trust a Digital Certificate if we trust the Root CA. WISeKey's Root CA is endorsed by the OISTE Foundation. |
| · | Device-approach: Hardware RoT - Encryption techniques in general and Public Key Cryptography in particular require an adequate protection of these encryption keys. Keys must be protected against physical and logistical attacks, ensuring that only the authorized owner can use it. The highest protection for these keys can be achieved by incorporating in the device a specific chip that assumes the role to protect the encryption keys and perform the cryptographic operations in a protected environment. These chips, or secure microcontrollers, are commonly known as the "Secure Element". For IoT devices it is also important to ensure that the software running in the device can't be corrupted or modified. This can also be achieved by encrypting and digitally signing the device firmware with a key protected in the secure element. |
32
The WISeKey Unique RoT – WISeKey at present is the only company in the world with a value proposition for Root of Trust that covers both the requirements for the Transactional RoT and the Hardware RoT:
| · | WISeKey provides worldwide trusted Digital Certificates thanks to its PKI and the WISeKey/OISTE Root Certification Authorities. |
| · | WISeKey provides extremely secure elements that can protect the cryptographic keys in IoT devices. |
OISTE Root of Trust - Founded in 1998, Transactions Electroniques OISTE was created with the objectives of promoting the use and adoption of international standards to secure electronic transactions, expand the use of digital certification and ensure the interoperability of certification authorities' e-transaction systems. OISTE holds special consultative status with the Economic and Social Council of the UN (ECOSOC) and is an accredited member of the Non-commercial Users Stakeholders Group (NCSG) of ICANN as part of the Not-for-Profit Operational Concerns (NPOC) constituency. The OISTE foundation is regulated by article 80 of the Swiss Civil Code. The OISTE Foundation owns and regulates the OISTE Global Trust Model, which includes as "Root of Trust" a number of Root Certification Authorities that are globally recognized. OISTE delegated to WISeKey SA the operation of the systems and infrastructures supporting the Global Trust Model. The OISTE foundation does not itself issue certificates to end subscribers or operate as data center, instead, it granted WISeKey SA an exclusive license as Subordinate Certification Authority, allowing the delivery of Trust Services for Persons, Applications and Objects.
WISeKey acts as the operator chosen by the foundation for the management of the OISTE Cryptographic Root Key. The OISTE RoT serves as a common trust anchor, recognized by operating systems and IoT applications to ensure the authenticity, confidentiality, and integrity of online identities and transactions. We believe these features are important in creating business opportunities with governments, international bodies, and corporations that are wary of foreign government oversight intervention and centralization of data on servers outside of their respective jurisdictions.
Our Products & Services
Secure Microchips and Secure Software Products - We offer a large range of secure microcontrollers that share consistent secure 8-/16-/32-bit RISC CPU performance, with strong security mechanisms, and enhanced crypto engines to optimize performance and power consumption. The products also provide high-density, low-power EEPROM and FLASH memory storage technologies. We design our chips to meet the most stringent security requirements, many of them are EAL5+ Common Criteria security-certified, or VISA and MasterCard certified. Common Criteria is a world standard, government driven design for assessing the level of resistance of systems or devices to all known attacks. It is constantly updated with all new attacks, and the chips' resistance is reassessed annually. EAL5+ is currently the highest level of resistance in the secure chip industry. We offer over 50 versions of secure microcontrollers and various supporting secure software solutions:
| · | VaultIC - Family of secure microcontrollers delivered with our own embedded firmware, which we designed to give an unforgeable identity to any connected device, and to provide system integrators with a set of cryptographic APIs (Application Programming Interface) to protect devices against cyber-attacks, counterfeiting and forgery. VaultIC chips are bundled together with our software and services platform to serve the IoT market. |
| · | Nanoseal - New family of secure memory chips specifically designed for digital brand protection applications. |
| · | MicroXsafe - Secure microcontrollers delivered with an SDK (Software Development Kit) that allows our customers to develop their own embedded firmware (also called OS – Operating System). They are designed to protect smart cards, USB tokens, and electronic systems against cyber-attacks, counterfeiting and forgery. |
| · | MicroPass - Family of secure microcontrollers certified by VISA and MasterCard. They have been designed and certified to be integrated into payment cards as well as into wearable devices such as watches, bracelets, and jerseys. They are compatible with NFC (Near Field Communication) standards, thus capable to interact with NFC enabled devices such as Android or iOS smartphones. |
| · | PicoPass - Family of secure memory chips specifically designed for NFC (Near Field Communication) access control badges. |
33
| · | VaultiTrust - WISeKey’s VaultiTrust offers two modules: trusted data generation and secure elements provisioning. VaultiTrust takes advantage of WISeKey’s government grade security certified offerings and end-to-end digital security management to generate identity keys and efficiently install them into chips. VaultiTrust’s web portal complements the service by offering an easy way to configure, manage and track production. WISeKey operates FIPS 140-2 Level 3 certified Hardware Security Modules (HSM) to efficiently generate secure data. These HSM are located in a WISeKey Common Criteria EAL5+ and ISO27001 certified backed up data center and the HSM can be shared only upon customer’s request. WISeKey also offers a cryptography customization service whenever needed. |
| · | WISeTrustBoot - WISeKey's WISeTrustBoot solution, is the first platform-independent "Secure Boot" and "Secure Firmware Update" solution that combines the strength of a tamper resistant secure elements - VaultIC, state-of-the-art crypto libraries and strong digital signatures. By storing critical boot information in a VaultIC chip, and cryptographically embedding this chip into the device's main processor, the carefully designed boot loader of the main processor becomes a stronghold able to verify the authenticity of the firmware prior to starting up or receive firmware updates. WISeTrustBoot is delivered to our customers with a powerful toolbox providing application developers the flexibility to tailor it to their specific needs. |
| · | CertifyID PKI Suite – WISeKey's PKI Suite is branded with the "CertifyID" trademark. This suite comprises all the products required to: 1) build an enterprise-grade PKI platform that can be used to serve the most vital needs, and 2) leverage the use of the digital certificates due to software applications to implement digital signatures, authentication and encryption. The CertifyID Suite is composed of these Products: |
| o | Universal Registration Authority (URA) - The URA is WISeKey's main application for certificate management and can be used to build a multi-tenant, multi-purpose certificate management Solution |
| o | WISignDoc - This product provides a "Document Signature Server" that can be integrated into the corporate business processes to manage legally-binding digital signatures |
| o | CertifyID Suite for Microsoft CAS - WISeKey provides series of modules that can enhance the Microsoft Active Directory Certificate Services to build enterprise-grade PKI systems. WISeKey uses the CertifyID Suite to build its own PKI platform and operate it from our Secure Datacenter in Switzerland and other locations to provide "Trust Services" like mPKI (managed PKI). |
| · | WISeID - WISeKey's WISeID offers secured storage to protect Personally Identifiable Information (PII). Protecting your PII is important to avoid impersonation and identity theft. The personal data that you save in WISeID always stays under your control, is encrypted with strong keys, and is never communicated to third parties. WISeID users have the freedom to choose where their data resides and who is allowed to access it. By decoupling content from the application and digital identity itself, users are able to use their data as currency and develop digital data dividends-based solutions in the spirit that consumers have a right to know and control how their data is being used and should be able to monetize their data. |
| · | WISeAuthentic - WISeKey has been a pioneer in digital luxury product authentication since 2007. WISeKey's expertise in the design of NFC (Near Field Communication) secure chips combined with its WISeAuthentic platform for the identification, authentication, tracking and direct marketing of goods, provides customer-tailored solutions for brand protection. WISeAuthentic provides the link between a physical product and a digital identity to effectively protect them against counterfeiting and create new, unprecedented channels between brands and their distributors and customers. WISeAuthentic is both an enterprise solution as well as mobile applications that provide a variety of services and information specifically designed to a particular a stakeholder group. WISeKey has successfully deployed its WISeAuthentic platform to luxury brands including Bulgari and LVMH's Hublot watches, and believes the WISeAuthentic platform can successfully be deployed for a large variety of sectors. Our most recent developments enhance our security solution through secure Blockchain layers. |
| · | WISePrint – The WISeAuthentic portfolio has been expanded to reduce the risk of fraud and help printer manufacturers to protect their legitimate cartridges. This solution called WISePrint includes cryptographic hardware modules and a turnkey high security infrastructure as well as services that help deployment from the manufacturer to the end-user. |
34
| · | Trust Services, Managed PKI - WISeKey operates, under the WISeKey/OISTE Root, a worldwide-recognized PKI platform from its secure datacenter in Switzerland. This platform is based in the Certificate Management Solution CertifyID URA (Universal Registration Authority), and enables WISeKey to provide a full portfolio of "Trust Services", delivering digital certificates to protect persons, applications and objects. One of the advantages of the URA platform is the capability to build a multi-tenant service with delegated administrators. This service allows WISeKey to provide a "Managed PKI" service to our customers, that can access the URA to manage their digital certificates without requiring to deploy any on-premises architecture, as the MPKI service is securely accessed from the cloud using a web portal or advanced API, that enables certificate management automation. MPKI customers have the ability to manage multiple certificate types, as for example: |
| · | Personal Digital Certificates for employees or customers, that enable secure email, document signatures and others; |
| · | SSL Certificates, to protect the corporate web and application servers; |
| · | Device Certificates, to protect IoT applications. |
Market Verticals
Industry 4.0 - Industry 4.0 is based on the concept of smart cities and factories where machines are augmented with internet connectivity and connected to a system that can visualize the entire production chain and make decisions on its own. The trend is towards automation and data exchange in technologies which include Smart Cities, Smart Meters, Cyber-Physical Systems (CPS), the Industrial IoT (IIOT), cloud computing and cognitive computing. Industry 4.0 is also referred to as the fourth industrial revolution. Our solutions are ideally suited to meet the needs of the Industry 4.0 market, where connected devices and cloud platforms merge with the goal of automating processes and introducing predictive analytics that can submit a repair request before a problem occurs, saving valuable down-time that costs manufacturers and suppliers millions in lost production. Industry 4.0 is fast becoming synonymous for the connectivity trend that is happening inside of smart cities, smart electricity grids, smart buildings, and any network that connects industrial applications.
Drone Security - Enterprise drones as all unmanned aerial vehicles (UAVs) are experiencing massive growth across many segments including agriculture, construction, delivery, and law enforcement. As this growth occurs, the need for security becomes even more prevalent. There are security vulnerabilities through the entire process with risks not only of the drones being illicitly used but also of the data being highjacked. WISeKey has solutions to secure not only the drones themselves, but also the controllers, data, communications and even pilots with digital identities.
Healthcare and Medical Devices – COVID-19 has changed the landscape of healthcare and driven a massive increase in virtual health visits and home testing. This has continued to exacerbate the need for data privacy and test and health monitoring security. WISeKey has proven technologies already deployed in the market that provide digital identities for healthcare workers and consumers alike. These digital identities are combined with device security and data encryption to provide holistic security solutions allowing for home health care and testing to not only meet the current regulations but go beyond them and future proof the solutions.
Data Privacy - The protection of the information in general, and the protection of the private personal information of people in particular, is based on two major paradigms:
| · | Information can only be accessed by the authorized parties, as decided by the owner at any moment. This includes the capability to authenticate who is trying to access the information, and also to avoid eavesdropping during storage or transmission. |
| · | Information must be authentic, so it cannot be manipulated while stored or transmitted, and there must be a mechanism to detect if any tampering occurred. |
35
WISeKey uses advanced technologies that ensure the privacy of personal data thanks to the adoption of PKI technology, including:
| · | Digital Identity, in the form of a Digital Certificate, to implement strong authentication mechanism, being able to ensure who can access the information. |
| · | Strong encryption to protect the data while stored in servers or transmitted over the internet. |
| · | Legally-binding digital signatures to ensure that the authenticity and integrity of the information |
WISeKey's suite of products and services, including CertifyID and WISeID products enable such capabilities on all environments, including enterprise applications, desktop solutions, and mobile applications.
Autonomous Safety - The growing addition of complex technologies in the automotive industry had always as a goal to elevate the levels of safety and comfort for drivers and passengers. Self-driving cars, intelligent collision detection, advanced entertainment systems, each connected to the Internet, are just a few to mention. The potential risk of security flaws or errors in these technologies is enormous. Latest reports go as far as to consider that “given the high level of connectivity, autonomous vehicles are tempting targets for hackers who might attempt to steal financial data from drivers or even launch high-level terrorist attacks by turning vehicles into weapons”8. The only possibility to adopt these technologies with a reasonable control of the inherent risks is to adopt and embed security as a fundamental principle of the design and manufacturing process. Intelligent cars must embed security technologies in all layers where a potential attack vector exists. All sensors in the cars must interact with the controlling units in a way that both parts can be sure that there is no room for tampering in the data and commands. One must also control who can access the car components, from the driver to the personnel at the service shops. WISeKey offers a suite of technologies to enable such levels of security, including:
| · | VaultiTrust - WISeKey’s VaultiTrust can be used for trusted data generation and secure elements provisioning inside of secure automotive manufacturing applications. |
| · | ISTANA PKI solution: Solution to manage all components in an intelligent car, by means of providing strong digital identities, based on PKI technology. |
Our Competitive Strengths
We believe we have several competitive advantages that will enable us to defend and extend our market position in automation, digital identification and IoT security. Our key competitive strengths include:
| · | Cybersecure Knowledge Automation - Business process automation is not a new market, but the WISeKey offer is changing the landscape and revolutionizing the opportunity for process automation with a new and comprehensively secure automation platform. This allows for end-to-end automation provided via the cloud which opens signtifiantly more opportunity. In addition, the fact that all of the data and inputs are secured enables for automation to be accomplished with less data because data uncertainty is removed from the equation. This is transformational and empowers business process automation to be fully digitized. |
| · | Unified Cybersecurity Platform - On the surface it may seem easy to look at WISeKey's secure semiconductor offerings and to compare us to other traditional semiconductor companies like NXP, Microchip, or ST Microelectronics or, or considering our experience in Root of Trust and PKI services, compare us to Certificate Authorities (CA) like Digicert, Comodo, or Globalsign. The key to our success is the fact that we are the first company of our scale to combine both offerings into a single platform. |
__________________________________
8 IEEE Innovation at work, ‘Six Ways to Protect Against Autonomous Vehicle Cyber Attacks’, IEEE Innovationatwork.
36
The term "one-stop-shop" may seem a bit cliché but in this case it's a perfect description of our capabilities. In the end, your security ecosystem must be solid across the full spectrum. There are three distinct advantages to building a connected security scheme from the products delivered by one vendor: First, one does not have to hire or pay for the security expertise to make sure that each different component will work with the next element; second, time to market is critical in the IoT space and qualifying multiple vendors and negotiating contracts takes up time where a manufacturer's product could be selling instead of waiting to be built; third, if a security issue needs to be addressed only one vendor needs to be engaged to resolve the issues as quickly as possible.
| · | Swiss-based RoT - Swiss neutrality, security and privacy laws allow us to operate as the trusted operator of the OISTE Global RoT and without geo-political or governmental constraints. The OISTE RoT is located in Switzerland and is managed by a not-for-profit entity, OISTE. The OISTE RoT serves as a common trust anchor, recognized by operating systems and IoT applications to ensure the authenticity, confidentiality, and integrity of online identities and transactions. We believe these features are important in creating business opportunities with various governments, international bodies, and industrial companies that are wary of foreign government oversight intervention and centralization of data on servers outside of their respective jurisdictions. |
| · | Global Interoperability - We offer solutions on a global scale that are capable of adapting to complex and country-specific rules and regulations. We operate our RoT within the EU and India, and expect to operate RoT in the United States and China. Our RoT satisfies national cybersecurity requirements and is backed by globally recognized security credentials, allowing us to deploy our trusted platforms on a global scale while adapting to country-specific security regulatory bodies. |
Our Growth Strategies
Our mission is to build trust through the delivery of integrated security solutions. This is a broad reaching goal that requires a well-thought-out strategy to accomplish it. The key elements of our growth strategy include:
| · | Direct Sales and Expansion within our Existing Customer Base - Our existing customer base provides a significant opportunity to drive incremental sales. We plan to increasingly market our cybersecurity software and ROT offerings to our customers. We currently have a growing number of customers using multiple components of our portfolio and believe helping our current customers identify gaps in their strategies will drive significant cross selling opportunities and increase our product deployment. In addition, we are investing in our Sales and Marketing to increase our ability to address new customers and opportunities in a direct sales model. |
| · | Acquiring New Customers through an OEM approach - Leveraging the expertise of others is always a smart way to approach the market. What is more valuable is being able to offer others, OEMs and Systems Integrators, to expand their own business models and approach by leveraging our cybersecurity portfolio. This empowers them to customize their approach to the market and support that with a platform they can build upon. This, in turn, enables WISeKey to address new markets and niche plays that otherwise might not be realized. |
| · | Expand our Geographic Coverage - We operate in a large, growing market and there are substantial opportunities to expand our geographic coverage and client base. We plan to expand our global footprint outside of the areas where we currently operate. Our Swiss affiliation allows us to penetrate markets that have been traditionally difficult for our competitors and other security vendors, including China. In recent years we entered into the Indian market and expanded our operations in France, Taiwan, Japan, the United States and Germany. We specifically want to focus on continued expansion in the United States, which is a very underpenetrated foreign market for the Company. |
| · | Selectively Pursue Strategic Transactions - We will continue to proactively explore and pursue selective acquisitions to help drive our growth and complement our product offerings, expand the functionality of our security solutions, acquire technology or talent, or bolster our leadership position by gaining access to new customers or markets. Acquisitions remain core to our strategy and we continue to monitor an active pipeline of opportunities. |
37
| C. | Organizational Structure |
We are the holding company of the WISeKey Group.
The chart below contains a summary of our organizational structure and sets out our subsidiaries, associated companies and joint ventures as at December 31, 2021. Although not all of our subsidiaries are wholly-owned, all of them are assessed as being under our control.
As at December 31, 2021, our main operating subsidiaries were WISeKey Semiconductors SAS, domiciled in France, arago GmbH, domiciled in Germany, and WISeKey SA, domiciled in Switzerland:
| Company Name | Country of Incorporation | Percentage Ownership as at December 31, 2021 | ||
| WISeKey SA | Switzerland | 95.75% | ||
| WISeKey Semiconductors SAS | France | 100% | ||
| Arago GmbH | Germany | 51% |
| D. | Property, Plant, and Equipment |
Our corporate headquarters are located in Geneva, Switzerland. The principal office for our Swiss and international operations, which is also our registered office, is located in Zug, Switzerland.
As of December 31, 2021, the net book values of tangible fixed assets were as follows:
| As at December 31, 2021 | |||
| Asset category |
Net book value (USD millions) | ||
| Machinery & equipment | 0.3 | ||
| Office equipment and furniture | 0.3 | ||
| Total tangible fixed assets | 0.6 |
38
We do not own any facility and our group companies have entered into lease arrangements for the premises in which they operate. The following table sets forth our most significant facilities as at December 31, 2021:
| Location |
Size of Site (in m2) |
Use of the Property | ||
| Meyreuil, France | 1,498* | Research & development, sales & marketing, administration. | ||
| Geneva, Switzerland | 854* | Head office administration, sales & marketing and data center. |
* excluding parking spaces
Item 4A. Unresolved Staff Comments
Not applicable.
| Item 5. | Operating and Financial Review and Prospects |
The following discussion of our financial condition and results of operations is based upon and should be read in conjunction with our consolidated financial statements and their related notes included in this annual report on Form 20-F.
Certain information included in this discussion and analysis includes forward-looking statements that are subject to risks and uncertainties, and which may cause actual results to differ materially from those expressed or implied by such forward-looking statements. For further information on important factors that could cause our actual results to differ materially from the results described in the forward-looking statements contained in this discussion and analysis, see "Special Note Regarding Forward-Looking Statements" and "Item 3D. Risk Factors".
| A. | Operating Results |
Company Overview
We are a Swiss cybersecurity company focused on delivering integrated security solutions globally. With over two decades of experience in the digital security market, we integrate our secure semiconductors, cybersecurity software, and a globally recognized Root of Trust (RoT) into leading-edge products and services that protect users, devices, data and transactions in the connected world.
Basis of presentation
We prepare our financial statements in accordance with US GAAP. Our reporting currency is the U.S. Dollar ("USD").
Our critical accounting policies are described in Note 4.
Discontinued Operations relating to WISeKey (Bermuda) Holding Ltd and affiliates (QuoVadis Group)
On December 21, 2018 the Group signed a sale and purchase agreement (the "SPA") to sell WISeKey (Bermuda) Holding Ltd, a Bermuda based company, and its affiliates to Digicert Inc. The sale was completed in the first quarter of 2019. The group subsidiaries making up the QuoVadis Group in scope for the sale were WISeKey (Bermuda) Holding Ltd, QuoVadis Trustlink Schweiz AG, WISeKey (UK) Ltd, QuoVadis Trustlink BVBA, QuoVadis Trustlink BV, QV BE BV, QuoVadis Trustlink GmbH, QuoVadis Services Ltd, and QuoVadis Ltd.
39
WISeKey Consolidated Financial Statements for the Year Ended December 31, 2019
The sale of WISeKey (Bermuda) Holding Ltd and its affiliates was completed on January 16, 2019, when all entities except QuoVadis Services Ltd were transferred to Digicert Inc. The transfer of ownership of QuoVadis Services Ltd was conditional on receiving the consent from the Regulatory Authority in Bermuda (the "RAB Consent") to the change in ultimate beneficial ownership of QuoVadis Services Ltd, being the entity holding the Communications Operating Licence in Bermuda. The RAB Consent was obtained in February 2019 and the transfer of ownership of QuoVadis Services Ltd from WISeKey to Digicert Inc. was effective on February 28, 2019. We assessed the SPA under ASC 810-10-40-6 and concluded that the terms and conditions of the SPA met the definition to account for the sale as a single transaction effective on January 16, 2019.
We assessed the SPA under ASC 205 and concluded that, for the period January 01, 2019 to January 16, 2019, the operation met the requirement to be classified as held for sale and as such qualifies as a discontinued operation. The Group elected to allocate interest to discontinued operations in accordance with ASC 205-20-45-6 to 205-20-45-8. The allocation method is detailed in Note 28.
In line with ASC 205-20-45-3A, we reported the results of the discontinued operations as a separate component of income. The divested assets and liabilities were deconsolidated from February 28, 2019 for QuoVadis Services Ltd, and from January 16, 2019 for all other entities.
The gain from divestiture recorded in the year to December 31, 2019 is shown as a separate line within discontinued operations in the income statement.
Acquisition of arago
On February 1, 2021, the Company acquired arago GmbH, a private German company, and its affiliates (together, “arago” or the “arago Group”). arago is a leader in artificial intelligence automation. arago aims to provide the benefits of artificial intelligence to enterprise customers globally through knowledge automation. arago uses modern technologies such as inference and machine learning in order to automatically operate the entire IT stack – from heterogeneous environments to individual applications.
WISeKey Consolidated Financial Statements for the Year Ended December 31, 2021
The acquisition of arago was completed on February 1, 2021. The assets, liabilities and results of arago have been consolidated in the Group’s financial statements from the acquisition date of February 1, 2021.
Factors affecting our results of operations
Although most of our IoT segment customers are recurring customers, it is not industry practice to work with long-term contracts. Therefore, most of our IoT customers have signed a framework agreement with us but are not committed to certain volumes over a period of time. This introduces a level of uncertainty on the level of revenue generated from recurring customers in the IoT segment.
The IoT segment results are also dependent on the supply chain. Any factor affecting the availability of material or component, and/or the production capacity of our suppliers will impact our ability to deliver on customer orders. For instance, after the start of the COVID-19 pandemic, the semiconductor industry suffered from significant shortages of material which means that some customer orders placed in 2021 could only be delivered in 2022, and some customer orders placed in 2022 will only be delivered in 2023. We are in constant discussions with our suppliers to increase production capacity to meet our customer orders, but the supply chain variables can limit the revenue potential in a given year as some order deliveries have to be schedule in future fiscal years.
Finally, also in our IoT segment, as microelectronics technology evolves, customers look for added functionalities, and competitors in the semiconductors industry develop new products, sales of a given product typically decrease over time as the next-generation semiconductors are introduced. In order to sustain revenue, IoT companies must be able to develop or otherwise acquire the rights to develop or market new products with additional or innovative security and application features. See Item 4. B. Business Overview for information regarding our technology and product developments.
Operating Segments
Since the acquisition of WISeKey Semiconductors SAS in 2016 and of a 51% controlling interest in arago GmbH in 2021, we organize our business into three operating segments: the IoT segment, which is centered on our family of secure microcontrollers designed to give an unforgeable identity to any connected device, the AI segment which encompasses the AI automation services acquired with arago GmbH, and the mPKI segment, for managed Public Key Infrastructure, which encompasses our digital identity, certificate management and signing solutions, and trust services.
40
Geographic Information
Our operations are global in scope and we generate revenue from selling our products and services across various regions. While our operations in Europe have historically contributed the largest portion of our revenues, our efforts to expand in the United States have increased the revenue generated from North America.
Our total revenue by geographic region for the fiscal years ended December 31, 2021, December 31, 2020 and December 31, 2019 is set forth in the following table:
| 12 months ended December 31, | |||||||||
| 2021 | 2020 | 2019 | |||||||
| Net Sales by region | USD'000 | % | USD'000 | % | USD'000 | % | |||
| Switzerland | 1,272 | 6% | 592 | 4% | 2,137 | 9% | |||
| Rest of EMEA* | 7,702 | 35% | 4,321 | 29% | 8,046 | 36% | |||
| North America | 11,148 | 50% | 8,260 | 56% | 9,691 | 43% | |||
| Asia Pacific | 2,062 | 9% | 1,526 | 10% | 2,504 | 11% | |||
| Latin America | 74 | 0% | 80 | 1% | 274 | 1% | |||
| Total Net sales from continuing operations | 22,258 | 100% | 14,779 | 100% | 22,652 | 100% | |||
|
*EMEA means Europe, Middle East and Africa |
|||||||||
41
Financial year ended December 31, 2021 compared with financial year ended December 31, 2020
| 12 months ended December 31, | 12 months ended December 31, | Year-on-Year Variance | ||||||||||
| USD'000 | 2021 | 2020 | ||||||||||
| Net sales | 22,258 | 14,779 | 51 | % | ||||||||
| Cost of sales | (12,869 | ) | (8,578 | ) | 50 | % | ||||||
| Depreciation of productions assets | (301 | ) | (736 | ) | -59 | % | ||||||
| Gross profit | 9,088 | 5,465 | 66 | % | ||||||||
| Other operating income | 183 | 43 | 326 | % | ||||||||
| Research & development expenses | (7,007 | ) | (6,012 | ) | 17 | % | ||||||
| Selling & marketing expenses | (10,226 | ) | (7,355 | ) | 39 | % | ||||||
| General & administrative expenses | (18,726 | ) | (10,673 | ) | 75 | % | ||||||
| Total operating expenses | (35,776 | ) | (23,997 | ) | 49 | % | ||||||
| Operating income / (loss) | (26,688 | ) | (18,532 | ) | 44 | % | ||||||
| Non-operating income | 8,716 | 1,127 | 673 | % | ||||||||
| Debt conversion expense | (325 | ) | — | 100 | % | |||||||
| Gain / (loss) on derivative liability | 44 | -100 | % | |||||||||
| Interest and amortization of debt discount | (1,057 | ) | (458 | ) | 131 | % | ||||||
| Non-operating expenses | (4,833 | ) | (11,079 | ) | -56 | % | ||||||
| Income / (loss) from continuing operations before income tax expense | (24,187 | ) | (28,898 | ) | -16 | % | ||||||
| Income tax (expense)/recovery | 93 | (9 | ) | -1133 | % | |||||||
| Income/ (loss) from continuing operations, net | (24,094 | ) | (28,907 | ) | -17 | % | ||||||
| Net income / (loss) | (24,094 | ) | (28,907 | ) | -17 | % | ||||||
| Less: Net income / (loss) attributable to noncontrolling interests | (3,754 | ) | (248 | ) | 1414 | % | ||||||