CCSI Consensus Cloud Solutions, Inc. - 10-K

Item 1A. Risk Factors

Before deciding to invest in Consensus or to maintain or increase your investment, you should carefully consider the risks described below in addition to the other cautionary statements and risks described elsewhere in this Annual Report on Form 10-K and our other filings with the SEC, including our subsequent reports on Forms 10-Q and 8-K. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties not presently known to us or that we currently deem immaterial also may affect our business. If any of these known or unknown risks or uncertainties actually occurs, our business, prospects, financial condition, operating results and cash flows could be materially adversely affected. In that event, the market price of our common stock will likely decline and you may lose part or all of your investment. The disclosures in this section reflect our beliefs and opinions as to factors that could materially and adversely affect us in the future. References to past events are provided by way of example only and are not intended to be a complete listing or a representation as to whether or not such factors have occurred in the past.

Risk Factors Summary

The following is a summary of the principal risks that could adversely affect our business, operations and financial results.

Risks Related To Our Business

• Our fax services constitute substantially all of our revenue and operating income.

• Developments in the healthcare industry could adversely affect our business.

• The market for our products and services is rapidly evolving. If the market does not develop further, develops more slowly, or in a way that we do not expect, our business will be adversely affected.

• There are particular challenges in addressing the market for healthcare interoperability solutions.

• Our industry is undergoing rapid technological changes, including with the introduction of artificial intelligence (“AI”), and we may not be able to keep up.

• We use AI in our business, and challenges with properly maintaining its use could result in harm to our brand, reputation, business or customers, and adversely affect our results of operations.

• We have made and expect to continue to make acquisitions and investments that could disrupt our operations and harm our operating results.

• Current or future pandemics or global health crises, and related governmental responses could negatively affect our business, operations and financial performance.

• Our business could suffer if providers of broadband Internet access services block, impair or degrade our services.

• Our business is dependent on a small number of telecommunications carriers in each region and our inability to maintain agreements at attractive rates with such carriers may negatively impact our business.

• The successful operation of our business depends on the supply of critical business elements from other companies, including data center services.

• Our sales cycle with enterprise and commercial customers can be long and unpredictable, and our sales efforts require considerable time and expense.

• We face risks associated with system failures, cybersecurity breaches and other technological issues.

• The markets in which we operate are highly competitive, and we may not be successful in growing our brands or revenue.

• We may be found to infringe the intellectual property rights of others, and we may be unable to adequately protect our own intellectual property rights.

• We may be subject to risks from international operations, including risks associated with currency fluctuations and foreign exchange controls and adverse changes in global financial markets.

• We may be engaged in legal proceedings that could cause us to incur unforeseen expenses and could divert significant operational resources and our management’s time and attention.

• Our business is highly dependent on our billing systems functioning properly, and we face risks associated with card declines and merchant standards imposed by card companies.

• We face risks associated with political instability and volatility in the economy.

Risks Related To Regulation, Including Taxation

• Changes in regulations relating to health information communication protocols could affect our business.

• Our services may become subject to burdensome regulation, which could increase our costs or restrict our service offerings.

• Changes in our tax rates, changes in tax treatment of companies engaged in e-commerce, the adoption of new U.S. or international tax legislation, or exposure to additional tax liabilities may adversely impact our financial results.

• Taxing authorities may successfully assert that we should have collected, or in the future should collect sales and use, telecommunications or similar taxes, and we could be subject to liability with respect to past or future tax, which could adversely affect our operating results.

• We are subject to a variety of new and existing laws and regulations which could subject us to claims, judgments, monetary liabilities, and other remedies, and to limitations on our business practices.

Risks Related To Our Common Stock

• We cannot be certain that an active trading market for our common stock will continue to be available and our stock price has in the past and may in the future fluctuate significantly.

• Shares of our common stock generally will be eligible for resale, which may cause our stock price to decline.

• We do not intend to pay dividends on our common stock.

• We previously identified material weaknesses in internal control over financial reporting and if we fail to design and maintain effective internal control over financial reporting it could adversely affect our business, reputation, results of operations and stock price.

Risks Related to the Separation

• If the distribution, together with certain related transactions, does not qualify as a transaction that is generally tax-free for U.S. federal income tax purposes, Ziff Davis, Consensus and Ziff Davis stockholders could be subject to significant tax liabilities, and, in certain circumstances, Consensus could be required to indemnify Ziff Davis for material taxes and other related amounts pursuant to indemnification obligations under the tax matters agreement.

• Our debt obligations could adversely affect our business and our ability to meet our obligations and pay dividends.

• We and Ziff Davis continue to have some obligations under transaction agreements that were executed as part of the separation.

Risks Related To Our Business

Our fax services constitute substantially all of our revenue and operating income.

Cloud fax revenue constitutes substantially all of our revenues and our operating income. The success of our business is therefore dependent upon the continued use of cloud fax as a messaging medium and our ability to expand usage of our other current and future products and services in the secure data exchange area. While our strategy is to pursue development of a range of products to address secure data exchange needs, if the demand for cloud fax as a messaging medium decreases and we are unable to replace lost revenues from decreased usage or cancellation of our cloud fax services with other products and services, or a proportional increase in our customer base, our business, financial condition, operating results and cash flows could be materially and adversely affected.

We believe that one of the attractive features of our cloud fax products is that cloud fax signatures are a generally accepted method of executing contracts and a method of transmitting confidential information in a secure manner especially in the healthcare field in the United States. There are ongoing efforts by governmental and nongovernmental entities to create a universally accepted method for electronically signing documents. Widespread adoption of so-called “digital signatures” have reduced, and could continue to in the future reduce demand for our fax services where the fax service is primarily being used to

evidence a wet signature. While we have introduced a digital signature product, other companies have offered such products for longer and have greater customer adoption. If future adoption of digital signature products results in a reduction for our fax services without a corresponding adoption of our digital signature or other products, it could have a material adverse effect on our business, prospects, financial condition, operating results and cash flows.

Developments in the healthcare industry could adversely affect our business.

A significant portion of our strategy is focused on addressing the secure data exchange and interoperability needs of the healthcare industry and could be affected by circumstances affecting the healthcare industry, including government regulation or other industry circumstances that affect spending in the healthcare industry. Industry changes affecting healthcare, such as government regulation or private initiatives that affect the manner in which healthcare industry participants exchange data, consolidation of healthcare industry participants, reductions in governmental funding for healthcare or adverse changes in business or economic conditions affecting healthcare industry participants could affect the market for our offerings. See the risk factor titled “Changes in regulations relating to health information communication protocols could affect our business” under the heading “Risks Related to Regulation Including Taxation.” The healthcare industry has changed significantly in recent years, and we expect that significant changes to the healthcare industry will continue to occur. However, the timing and impact of developments in the healthcare industry are difficult to predict. We cannot assure you that the demand for our offerings will continue to exist at current levels or that we will have adequate technical, financial and marketing resources to react to changes in the healthcare industry.

The market for our products and services is relatively new and rapidly evolving. If the market does not develop further, develops more slowly, or in a way that we do not expect, our business will be adversely affected.

Part of our strategy is to develop products and services to address customers’ needs in the secure data exchange and healthcare interoperability spaces. The market for secure data exchange and healthcare interoperability products and services is relatively new and rapidly evolving, which makes our business and future prospects difficult to evaluate. Our healthcare interoperability products beyond our online fax products have been recently introduced and currently represent an immaterial portion of our revenues. It is difficult to predict customer demand for our products and services, customer retention and expansion rates, the size and growth rate of the market for secure data exchange and healthcare interoperability products and services, the entry of competitive products or the success of existing competitive products. In response to customer demand, it is important to our success that we continue to enhance our software products and services and to seek to set the standard for secure data exchange capabilities. We expect that we will continue to need significant product development and sales efforts to attract and educate prospective customers, particularly enterprise and commercial customers, about the uses and benefits of our products and services. The size and growth of our addressable market depends on a number of factors, including the level of our customers’ adoption of our critical data exchange and interoperability solutions, as well as changes in the competitive landscape, technological changes, budgetary constraints of our customers, changes in business practices, changes in regulations and changes in economic conditions. If customers do not accept the value proposition of our offerings, then a viable market for products and services may not develop further, or it may develop more slowly than we expect, either of which would adversely affect our business and operating results.

There are particular challenges in addressing the market for healthcare interoperability solutions. If we do not successfully address these challenges, our business will be adversely affected.

There are many challenges to addressing the healthcare interoperability market. Healthcare providers, including hospitals and medical practices, have adopted an enormous variety of data storage, management and exchange solutions that are often not compatible with solutions adopted by other providers. This enormous variety of incompatible systems makes it technically challenging to provide effective solutions to the healthcare interoperability market and is a large part of the reason that the healthcare industry continues to rely heavily on fax for secure data exchange.

The healthcare industry is being driven to find interoperability solutions by government regulation and market forces. However, individual healthcare providers, including hospitals or medical practices, may have concerns about adopting healthcare interoperability solutions due to privacy or security concerns or concerns about patient retention. This dynamic may make it more difficult to drive adoption of our healthcare interoperability solutions.

A wide variety of providers are working on solutions to address healthcare interoperability challenges, and interoperability can be defined in a variety of ways. For example, the Health Information Systems Management Society (“HIMSS”), which is generally recognized as an authority on health information technology, released its definition of interoperability and defined it four ways: foundational, structural, semantic and organizational. Customers or vendors could use any of these four components to define their particular “interoperability solution.” Separately, the Center for Medicare and

Medicaid Services further defined a fifth component of interoperability that includes patients, which is not included in the HIMSS definition. Furthermore, the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (the “ONC”) has developed another definition that is included in the 21st Century Cures Act, which includes the concept of “information blocking” as a component of healthcare interoperability. This wide variety of definitions has the potential to create a risk of confusion in the market, or allow competitors to reframe the problem to their advantage in a competitive situation, potentially allowing less robust solutions to hold themselves out as healthcare interoperability solutions. We expect to encounter significant competition for customers as the healthcare interoperability market develops. Our current competitors in the healthcare interoperability space currently consist mostly of point solutions rather than full suites of healthcare interoperability solutions. If other companies develop solutions to address healthcare operability challenges more successfully than we do, or if customers otherwise adopt competing solutions rather than our solutions, it will adversely affect our business and operating results.

Our industry is undergoing rapid technological changes, and we may not be able to keep up. If our products and services do not gain market acceptance, our operating results may be negatively affected.

Our success depends upon our ability to design, develop, test, market, license, sell and support new products and services and enhancements of current products and services that effectively address the critical data exchange and healthcare interoperability needs of our customers. Our success also depends on our ability to offer such products and services on a timely basis in response to both competitive threats and marketplace demands. The secure data exchange industry is subject to rapid and significant technological change, and effectively addressing the issue of healthcare interoperability is a complex technological challenge. We cannot predict the effect of technological changes on our business. We expect that new products, services and technologies will emerge in the markets in which we compete. These new products, services and technologies may be superior to the products, services and technologies that we use, or these new products, services and technologies may render our products, services and technologies obsolete. Our future success will depend, in part, on our ability to anticipate correctly and adapt effectively to technological changes and evolving industry standards and customer preferences. We expect to invest in the development or acquisition of new technologies, and we may fail to predict accurately which technologies will be adopted in the marketplace. The timing and level of commercial success of new products and services depends on many factors, including the degree of innovation of the products and services we develop or acquire and effective distribution and marketing. We may be unable to develop or acquire new technologies in a cost effective manner or at all, and may therefore be unable to offer products or services in a competitive or profitable manner. Any of the foregoing risks could have a material adverse effect on our business, prospects, financial condition, operating results and cash flows.

We use artificial intelligence in our business, and challenges with properly managing its use could result in harm to our brand, reputation, business or customers, and adversely affect our results of operations.

We are implementing the use of artificial intelligence (“AI”) solutions, including machine learning and generative AI tools, in our products and services and in internal tools that support our business. These applications may become increasingly important in our operations over time. This emerging technology presents a number of risks inherent in its use. AI algorithms are based on machine learning and predictive analytics, which can create accuracy issues, unintended biases, and discriminatory outcomes that could harm our brand, reputation, business, or customers. Additionally, no assurance can be made that the usage of AI will assist us in being more efficient or offset the costs of its implementation. Further, dependence on AI without adequate safeguards to make certain business decisions may introduce additional operational vulnerabilities by producing inaccurate outcomes, recommendations, or other suggestions based on flaws in the underlying data or other unintended results. Our obligation to comply with emerging AI initiatives, laws, and regulations, including under proposed or enacted legislation regulating AI in jurisdictions such as the U.S. and European Union, could entail significant costs, negatively affect our business, or limit our ability to incorporate certain AI capabilities into our business.

We have made and expect to continue to make acquisitions and investments that could disrupt our operations and harm our operating results.

We intend to continue to develop new products and services and enhance existing products and services through acquisitions of and investments in other companies, technologies and personnel.

Acquisitions involve numerous risks, including the following:

• difficulties in integrating the operations, systems, controls, technologies, products and personnel of the acquired businesses;

• difficulties in entering markets in which we have no or limited direct prior experience and where competitors in such markets may have stronger market positions;

• diversion of management’s attention from normal daily operations of the business and the challenges of managing larger and more widespread operations resulting from acquisitions; and

• the potential loss of key employees, customers, distributors, vendors and other business partners of the businesses we acquire.

Acquisitions may also cause us to:

• use a substantial portion of our cash resources or incur debt;

• significantly increase our interest expense, leverage and debt service requirements if we incur additional debt to pay for an acquisition;

• assume liabilities;

• issue common stock that would dilute our current stockholders’ percentage ownership;

• record goodwill and intangible assets that are subject to impairment testing on a regular basis and potential periodic impairment charges;

• incur amortization expenses related to certain intangible assets; and

• become subject to intellectual property or other litigation.

Mergers and acquisitions are inherently risky and subject to many factors outside of our control. We cannot give assurance that our previous or future acquisitions will be successful and will not materially adversely affect our business, operating results or financial condition. Failure to manage and successfully integrate acquisitions could materially harm our business and operating results. In addition, our effective tax rate for future periods is uncertain and could be impacted by mergers and acquisitions.

From time to time we also make strategic investments. These investments typically involve many of the same risks posed by acquisitions, particularly those risks associated with the diversion of our resources, the inability of the new venture to be successful, the management of relationships with third parties, and potential expenses. Strategic ventures have the added risk that the other strategic venture partners may have economic, business, or legal interests or objectives that are inconsistent with our interests and objectives.

Pandemics or global health crises, and related governmental responses could negatively affect our business, operations and financial performance.

The impact of pandemics and global health crises has in the past had, and may in the future have, a negative effect on the global economy, disrupting the financial markets and creating increasing volatility and overall uncertainty. Among other things, pandemics and global health crises have resulted in, and may in the future result in, travel bans around the world, declarations of states of emergency, stay- or shelter-at-home requirements, business and school closures and manufacturing restrictions. In addition, pandemics and global health crises have in the past, and may in the future, contribute to (i) increased unemployment and decreased consumer confidence and business generally; (ii) sudden and significant declines, and significant increases in volatility, in financial and capital markets; (iii) increased spending on our business continuity efforts, which has required and may further require that we cut costs or investments in other areas; and (iv) heightened cybersecurity, information security and operational risks as a result of work-from-home arrangements.

The extent of any future adverse effects of pandemics or global health crises will depend on future developments, which are highly uncertain and outside our control, including the scope and duration of the pandemic, the emergence and virulence of new variants, the effect of the rollout of vaccines on the pandemic and public acceptance of vaccines, the direct and indirect impact of the pandemic on our employees, customers, counterparties and service providers, as well as other market participants, and actions taken by governmental authorities and other third parties in response to the pandemic.

Our business could suffer if providers of broadband Internet access services block, impair or degrade our services.

Our business is dependent on the ability of our customers to access our services and applications over broadband Internet connections. Internet access providers and Internet backbone providers may be able to block, degrade or charge for access or bandwidth use of certain of our products and services, which could lead to additional expenses and the loss of users.

Our products and services depend on the ability of our users to access the Internet. Use of our products and services through mobile devices, such as smartphones and tablets, must have a high-speed data connection. Broadband Internet access services, whether wireless or landline, are provided by companies with significant market power. Many of these providers offer products and services that directly compete with ours.

Many of the largest providers of broadband services have publicly stated that they will not degrade or disrupt their customers’ use of products and services like ours. If such providers were to degrade, impair or block our services, it would negatively impact our ability to provide services to our customers and likely result in lost revenue and profits, and we would incur legal fees in attempting to restore our customers’ access to our services. Broadband internet access providers may also attempt to charge us or our customers additional fees to access services like ours that may result in the loss of customers and revenue, decreased profitability, or increased costs to our retail offerings that may make our services less competitive.

Our business is dependent on a small number of telecommunications carriers in each region and our inability to maintain agreements at attractive rates with such carriers may negatively impact our business.

Our business substantially depends on the capacity, affordability, reliability and security of our network and services provided to us by our telecommunications suppliers. Only a small number of carriers in each region, and in some cases only one carrier, offer the number and network services we require. We purchase certain telecommunications services pursuant to short-term agreements that the providers can terminate or elect not to renew. As a result, any or all of our current carriers could discontinue providing us with service at rates acceptable to us, or at all, and we may not be able to obtain adequate replacements, which could materially and adversely affect our business, prospects, financial condition, operating results and cash flows.

Our business could suffer if we cannot obtain or retain numbers, are prohibited from obtaining local numbers or are limited to distributing local numbers to only certain customers.

The future success of our phone number-based cloud fax services products depends on our ability to procure large quantities of local numbers in the U.S. and other countries in desirable locations at a reasonable cost and offer our services to our prospective customers without restrictions. Our ability to procure and distribute numbers depends on factors such as applicable regulations, the practices of telecommunications carriers that provide numbers, the cost of these numbers and the level of demand for new numbers. For example, several years ago the Federal Communications Commission (the “FCC”) conditionally granted petitions by Connecticut and California to adopt specialized “unified messaging” area codes, but neither state has adopted such a code. Adoption of a specialized area code within a state or nation could harm our ability to compete in that state or nation if it materially affects our ability to acquire numbers for our operations or makes our services less attractive due to the unavailability of numbers with a local geographic area.

In addition, although we are the customer of record for all of our U.S. numbers, from time to time, certain U.S. telephone carriers inhibit our ability to port numbers or port our numbers away from us to other carriers. If a federal or regulatory agency determines that our customers should have the ability to port numbers without our consent, we may lose customers at a faster rate than what we have experienced historically, potentially resulting in lower revenues. Also, in some foreign jurisdictions, under certain circumstances, our customers are permitted to port their numbers to another carrier. These factors could lead to increased cancellations by our customers and loss of our number inventory. These factors may have a material adverse effect on our business, prospects, financial condition, operating results, cash flows and growth in or entry into foreign or domestic markets.

In addition, future growth in our phone number-based cloud services customer base, together with growth in the customer bases of other providers of phone number-based services, has increased and may continue to increase the demand for large quantities of numbers, which could lead to insufficient capacity and our inability to acquire sufficient numbers to accommodate our future growth.

The successful operation of our business depends upon the supply of critical business elements from other companies.

We depend upon third parties for critical elements of our business, and we do not control the operations of these parties or their facilities on which we depend. We rely on private third-party providers for our Internet, telecommunications and other connections and for data center hosting facilities and cloud computing needs. We have from time to time experienced interruptions in our services and such interruptions may occur in the future. Any damage to or disruption in the services provided by any of these suppliers, any adverse change in access to their platforms or services or in their terms and conditions of use or services, any cybersecurity or physical breach of their facilities, or any failure by them to handle current or higher volumes of activity could have a material adverse effect on our customer relations, business, prospects, financial condition,

operating results and cash flows. Our arrangements with these third parties typically are not exclusive and do not extend over a significant period of time. Failure to continue these relationships on terms that are acceptable to us or to continue to create additional relationships could have a material adverse effect on our business, prospects, financial condition, operating results and cash flows. We do not control the operation of third-party facilities, and they may be vulnerable to damage or interruption from earthquakes, floods, fires, power loss, telecommunications failures, and similar events. They may also be subject to break-ins, sabotage, intentional acts of vandalism, and similar misconduct, as well as local administrative actions, changes to legal or permitting requirements, and litigation to stop, limit, or delay operation. The occurrence of a natural disaster, a pandemic or an act of terrorism, a decision to close the facilities without adequate notice, or other unanticipated problems at these facilities could result in lengthy interruptions in our services.

These hardware, software, data, and cloud computing systems may not continue to be available at reasonable prices, on commercially reasonable terms, or at all. Any loss of the right to use any of these hardware, software, or cloud computing systems could significantly increase our expenses and otherwise result in delays in the provisioning of our services until equivalent technology is either developed by us, or, if available, is identified, obtained through purchase or license, and integrated into our services.

We may be subject to increased rates for the telecommunications services we purchase from regulated carriers which could require us to either raise the retail prices of our offerings and lose customers or reduce our profit margins.

The FCC may continue to reform the system under which regulated providers of telecommunications services compensate each other for the exchange of various kinds of traffic. While we are not a provider of regulated telecommunications services, we rely on such providers to offer our services to our customers. As a result of any such reforms, it is possible that some or all of our underlying carriers will increase the rates we pay for certain telecommunications services. Should this occur, the costs we incur to provide phone number-based cloud services may increase which may require us to increase the retail price of our products services. Increased prices could, in turn, cause us to lose customers, or, if we do not pass on such higher costs to our customers, our profit margins may decrease.

Increased cost of email transmissions could have a material adverse effect on our business.

We rely on email for the delivery of certain cloud fax services. If regulations or other changes in the industry lead to a charge associated with the sending or receiving of email messages, the cost of providing our services could increase and, if significant, could materially adversely affect our business, prospects, financial condition, operating results and cash flows.

Our sales cycle with enterprise and commercial customers can be long and unpredictable, and our sales efforts require considerable time and expense.

Our ability to increase our revenue and grow our business is partially dependent on the widespread acceptance of our products and services by large businesses and other commercial organizations. We often need to spend significant time and resources to better educate and familiarize these potential customers with the value proposition of our products and services. The length of our sales cycle for enterprise customers from initial evaluation to payment for our offerings can be as long as 12 to 18 months but can vary substantially from customer to customer and from offering to offering. Further, these enterprise and commercial customers may require services based on volume of usage which can vary seasonally and/or slowly ramp up over an initiation period of 12-36 months. Customers frequently require considerable time to evaluate, test and qualify our offerings prior to entering into or expanding a subscription. This is particularly true in the case of customers in highly regulated industries, including healthcare, where longer evaluation, testing and qualification processes often result in longer sales cycles and set-up time. The timing and contractual commitments of our sales with our enterprise customers and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle and the variable usage of the services by these customers. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which may not result in any sale or any significant sale.

A system failure, cybersecurity breach or other technological risk could delay or interrupt service to our customers, harm our reputation or subject us to significant liability.

Our operations are dependent on our network being free from material interruption by damage from fire, earthquake, flood, storm, tornado and other severe weather and climate conditions (including those resulting from or exacerbated by climate change), power loss, telecommunications failure, unauthorized entry, computer viruses, cyber-attacks or any other events beyond our control. Similarly, the operations of our partners and other third parties with which we work are also susceptible to the same risks. There can be no assurance that our existing and planned precautions of backup systems, regular data backups, security protocols and other procedures will be adequate to prevent significant damage, system failure or data loss and the same

is true for our partners, vendors and other third parties on which we rely. We have experienced automated log in attempts to gain unauthorized access to customer accounts. To date, these events have not resulted in the material impairment of any business operations.

Many of our services are cloud and web-based, and the amount of data we store for our customers on our servers has been increasing. Despite the implementation of security measures, our infrastructure, and that of our partners, vendors and other third parties, may be vulnerable to computer viruses, hackers or similar disruptive problems caused by our vendors, partners, other third parties, customers employees or other internet users who attempt to invade public and private data networks. As seen in the industries in which we operate and others, these activities have been, and will continue to be, subject to continually evolving cybersecurity and technological risks. Further, in some cases we do not have in place disaster recovery facilities for certain ancillary services.

A significant portion of our operations relies heavily on the secure processing, storage and transmission of confidential and other sensitive data. For example, a significant number of our customers authorize us to bill their credit or debit card accounts directly for all transaction fees charged by us. We rely on encryption and authentication technology to effect secure transmission of confidential information, including customer credit and debit card numbers. Advances in computer capabilities, new discoveries in the field of cryptography or other developments, including the use of increasingly sophisticated and evolving artificial intelligence and machine learning tools, may result in a material compromise or breach of the technology used by us, our partners, vendors, or other third parties, to protect transaction and other confidential data. Additionally, due to geopolitical tensions related to Russia’s invasion of Ukraine and the conflict in the Middle East, the risk of cyber-attacks may be elevated. Moreover, these threats are constantly evolving, thereby making it more difficult to successfully defend against them or to implement adequate preventative measures. We may not have the current capability to detect certain vulnerabilities, which may allow those vulnerabilities to persist in our systems over long periods of time. Any system failure or security breach that causes interruptions or data loss in our operations, our partners, vendors, or other third parties, or in the computer systems of our customers or leads to the misappropriation of our or our customers’ confidential information could result in a significant liability to us (including in the form of judicial decisions and/or settlements, regulatory findings and/or forfeitures, and other means), cause considerable harm to us and our reputation (including requiring notification to customers, regulators, and/or the media), cause a loss of confidence in our products and services, and deter current and potential customers from using our services. Additionally, it may be difficult to determine the best way to investigate, mitigate, contain, and remediate the harm caused by a cybersecurity breach. Such efforts may not be successful, and we may make errors or fail to take necessary actions. It may take considerable time for us to investigate and evaluate the full impact of incidents, particularly for sophisticated attacks. These factors may inhibit our ability to provide prompt, full, and reliable information about the incident to customers, partners, regulators, and the public.

We use vendors to assist with cybersecurity risks, but these vendors may not be able to assist us adequately in preparing for or responding to a cybersecurity incident. We maintain insurance related to cybersecurity risks, but this insurance may not be sufficient to cover all of our losses from any breaches or other adverse consequences related to a cybersecurity-event.

Any of these events could have a material adverse effect on our business, prospects, financial condition, operating results and cash flows, or cause us to suffer other negative consequences. For example, we may incur remediation costs (such as liability for stolen assets or information, repairs of system damage, and incentives to customers or business partners in an effort to maintain relationships after an attack); increased cybersecurity protection costs (which may include the costs of making organizational changes, deploying additional personnel and protection technologies, training employees, and engaging third party experts and consultants); lost revenues resulting from the unauthorized use of proprietary information or the failure to retain or attract customers following an attack; litigation and legal risks (including regulatory actions by state and federal governmental authorities and non-U.S. authorities); increased insurance premiums; reputational damage that adversely affects customer or investor confidence; and damage to the company’s competitiveness, stock price, and diminished long-term shareholder value. Although we have experienced, and expect to continue to confront, efforts by third parties to gain unauthorized access or deny access to, or otherwise disrupt, our information systems, to date, these events have not resulted in the material effect of any business operations.

If our products and services fail to perform properly and if we fail to develop enhancements to resolve any defect or other problems, we could lose customers or become subject to service performance or warranty claims, and our market share could decline.

Our operations are dependent upon our ability to prevent system interruptions and, as we continue to grow, we will need to devote additional resources to improving our infrastructure in order to maintain the performance of our products and services. The applications underlying our products and services are inherently complex and may contain material defects or

errors, which may cause disruptions in availability or other performance problems. We have, from time to time, found defects in our products and services and may discover additional defects in the future that could result in data unavailability or unauthorized access or other harm to, or loss or corruption of, our customers’ data. While we implement bug fixes and upgrades as part of our regularly scheduled system maintenance, we may not be able to detect and correct defects or errors before implementing our products and services. Consequently, we or our customers may discover defects or errors after our products and services have been employed. If we fail to perform timely maintenance or if customers are otherwise dissatisfied with the frequency and/or duration of our maintenance services and related system outages, our existing customers could elect not to renew their subscriptions, delay or withhold payment to us, or cause us to issue credits, make refunds or pay penalties, potential customers may not adopt our products and services and our brand and reputation could be harmed. In addition, the occurrence of any material defects, errors, disruptions in service or other performance problems with our software could result in warranty or other legal claims against us and diversion of our resources. The costs incurred in addressing and correcting any material defects or errors in our software and expanding our infrastructure and architecture in order to accommodate increased demand for our products and services may be substantial and could adversely affect our operating results.

The markets in which we operate are highly competitive, and our competitors may have greater resources to commit to growth, superior technologies, cheaper pricing or more effective marketing strategies. Also, we face significant competition for users, developers and distributors.

Some of our competitors include major companies with much greater resources and significantly larger customer bases than we have. Some of these competitors offer their services at lower prices than we do. These companies may be able to develop and expand their network infrastructures and capabilities more quickly, adapt more swiftly to new or emerging technologies, such as artificial intelligence, and changes in customer requirements, take advantage of acquisition and other opportunities more readily and devote greater resources to the marketing and sale of their products and services than we can. There can be no assurance that additional competitors will not enter markets that we are currently serving and plan to serve or that we will be able to compete effectively. Competitive pressures may reduce our revenue, operating profits or both.

Some of our existing competitors and possible entrants may have greater brand recognition for certain products and services, more expertise in a particular segment of the market, and greater operational, strategic, technological, financial, personnel, or other resources than we do. Many of our competitors have access to considerable financial and technical resources with which to compete aggressively, including by funding future growth and expansion and investing in acquisitions, technologies, and research and development. Further, emerging start-ups may be able to innovate and provide new products and services faster than we can. In addition, competitors may consolidate with each other or collaborate, and new competitors may enter the market. Some of our competitors in international markets have a substantial competitive advantage over us because they have dominant market share in their territories, are owned by local telecommunications providers, have greater brand recognition, are focused on a single market, are more familiar with local tastes and preferences, or have greater regulatory and operational flexibility due to the fact that we may be subject to both U.S. and foreign regulatory requirements.

If our competitors are more successful than we are in developing and deploying compelling products or in attracting and retaining users, advertisers, publishers, developers, or distributors, our revenue and growth rates could decline.

Our growth will depend on our ability to develop, strengthen, and protect our brands, and these efforts may be costly and have varying degrees of success.

Some of our brands, such as eFax are widely recognized, while others of our brands, including Consensus, are relatively new to the market. Developing Consensus or other new brands into competitive brands and strengthening our current brands will be critical to achieving widespread commercial acceptance of our products and services. This will require our continued focus on active marketing, the costs of which have been increasing and may continue to increase. In addition, substantial initial investments may be required to launch new brands and expand existing brands to cover new geographic territories and fields. Accordingly, we may need to spend increasing amounts of money on, and devote greater resources to, advertising, marketing and other efforts to cultivate brand recognition and customer loyalty. Brand promotion activities may not yield increased revenues and, even if they do, increased revenues may not offset the expenses incurred. A failure to launch, promote, and maintain our brands, or the incurrence of substantial expenses in doing so, could have a material adverse effect on our business.

Our brand recognition depends, in part, on our ability to protect our trademark portfolio and establish trademark rights covering new brands and territories. Some regulators and competitors have taken the view that certain of our brands, such as eFax, are descriptive or generic when applied to the products and services we offer. Nevertheless, we have obtained U.S. and foreign trademark registrations for our brand names, logos, and other brand identifiers, including eFax. If we are unable to obtain, maintain or protect trademark rights covering our brands across the territories in which they are or may be offered, the

value of these brands may be diminished, competitors may be able to dilute, harm, or take advantage of our brand recognition and reputation, and our ability to attract customers may be adversely affected.

We hold domain names relating to our brands, in the U.S. and internationally. The acquisition and maintenance of domain names are generally regulated by governmental agencies and their designees. The regulation of domain names may change. Governing bodies may establish additional top-level domains, appoint additional domain name registrars or modify the requirements for holding domain names. As a result, we may be unable to acquire or maintain all relevant domain names that relate to our brands. Furthermore, international rules governing the acquisition and maintenance of domain names in foreign jurisdictions are sometimes different from U.S. rules, and we may not be able to obtain all of our domains internationally. As a result of these factors, we may be unable to prevent third parties from acquiring domain names that are similar to, infringe upon or otherwise decrease the value of our brands, trademarks or other proprietary rights. In addition, failure to secure or maintain domain names relevant to our brands could adversely affect our reputation and make it more difficult for users to find our websites and services.

Inadequate intellectual property protections could prevent us from defending our proprietary technology and intellectual property.

Our success depends, in part, upon our proprietary technology and intellectual property. We rely on a combination of patents, trademarks, trade secrets, copyrights, contractual restrictions, and other confidentiality safeguards to protect our proprietary technology. However, these measures may provide only limited protection and it may be costly and time-consuming to enforce compliance with our intellectual property rights. In some circumstances, we may not have adequate, economically feasible or realistic options for enforcing our intellectual property and we may be unable to detect unauthorized use. While we have a robust worldwide portfolio of issued patents and pending patent applications, there can be no assurance that any of these patents will not be challenged, invalidated or circumvented, that we will be able to successfully police infringement, or that any rights granted under these patents will in fact provide a competitive advantage to us.

In addition, our ability to register or protect our patents, copyrights, trademarks, trade secrets and other intellectual property may be limited in some foreign countries. As a result, we may not be able to effectively prevent competitors in these regions from utilizing our intellectual property, which could reduce our competitive advantage and ability to compete in those regions and negatively impact our business.

We also strive to protect our intellectual property rights by relying on federal, state and common law rights, as well as contractual restrictions. We typically enter into confidentiality and invention assignment agreements with our employees and contractors, and confidentiality agreements with parties with whom we conduct business in order to limit access to, and disclosure and use of, our proprietary information. However, we may not be successful in executing these agreements with every party who has access to our confidential information or contributes to the development of our technology or intellectual property rights. Those agreements that we do execute may be breached, and we may not have adequate remedies for any such breach. These contractual arrangements and the other steps we have taken to protect our intellectual property rights may not prevent the misappropriation or disclosure of our proprietary information nor deter independent development of similar technology or intellectual property by others.

Monitoring unauthorized use of the content on our websites and mobile applications, and our other intellectual property and technology, is difficult and costly. Our efforts to protect our proprietary rights and intellectual property may not have been and may not be adequate to prevent their misappropriation or misuse. Third parties from time to time copy content or other intellectual property or technology from our solutions without authorization and seek to use it for their own benefit. We generally seek to address such unauthorized copying or use, but we have not always been successful in stopping all unauthorized use of our content or other intellectual property or technology, and may not be successful in doing so in the future. Further, we may not have been and may not be able to detect unauthorized use of our technology or intellectual property, or to take appropriate steps to enforce our intellectual property rights.

Companies that operate in the same industry as us have experienced substantial litigation regarding intellectual property. We may find it necessary or appropriate to initiate claims or litigation to enforce our intellectual property rights or determine the validity and scope of intellectual property rights claimed by others. This or any other litigation to enforce or defend our intellectual property rights may be expensive and time consuming, could divert management resources and may not be adequate to protect our business.

We may be found to have infringed the intellectual property rights of others, which could expose us to substantial damages or restrict our operations.

We may be subject to legal claims that we have infringed the intellectual property rights of others. The ready availability of damages and royalties and the potential for injunctive relief have increased the costs associated with litigating and settling patent infringement claims. In addition, we may be required to indemnify our resellers and users for similar claims made against them. Any claims, whether or not meritorious, could require us to spend significant time, money, and other resources in litigation, pay damages and royalties, develop new intellectual property, modify, design around, or discontinue existing products, services, or features, or acquire licenses to the intellectual property that is the subject of the infringement claims. These licenses, if required, may not be available at all or have acceptable terms. As a result, intellectual property claims against us could have a material adverse effect on our business, prospects, financial condition, operating results and cash flows.

We may be subject to risks from international operations.

To the extent we expand our business operations in countries outside the U.S., our future results could be materially adversely affected by a variety of uncontrollable and changing factors including, among others: foreign currency exchange rates; political or social unrest, economic instability, geopolitical tensions or war in a specific country or region (including the invasion of Ukraine by Russia and the conflict in the Middle East); trade protection measures and other regulatory requirements, such as U.S. imposed tariffs and other trade restrictions along with retaliatory measures taken by other nations in response to these tariffs, which may affect our ability to provide our services; difficulties in staffing and managing international operations; and adverse tax consequences, including imposition of withholding or other taxes on payments by subsidiaries and affiliates and transfer pricing implications. Any or all of these factors could have a material adverse impact on our future business, prospects, financial condition, operating results and cash flows.

Further, the impact on the global economy as a result of unforeseen global crises such as war (including the ongoing conflict in the Middle East, invasion of Ukraine by Russia and any related political or economic responses and counter-responses or otherwise by various global actors), strife, strikes, global health pandemics, earthquakes or major weather events or other uncontrollable events could negatively impact our revenue and operating results.

We may be engaged in legal proceedings that could cause us to incur unforeseen expenses and could divert significant operational resources and our management’s time and attention.

From time to time, we may be subject to litigation or claims or become involved in other legal disputes or regulatory inquiries, including in the areas of patent infringement and anti-trust that could negatively affect our business operations and financial condition. Such disputes could cause us to incur unforeseen expenses, divert operational resources, occupy a significant amount of our management’s time and attention and negatively affect our business operations and financial condition. The outcomes of such matters are subject to inherent uncertainties, carrying the potential for unfavorable rulings that could include monetary damages and injunctive relief. We may not always have insurance coverage for defense costs, judgments, and settlements. We may also be subject to indemnification requirements with business partners, vendors, current and former officers and directors, and other third parties. Payments under such indemnification provisions may be material.

Our business is highly dependent on our billing systems.

A significant part of our revenues depends on prompt and accurate billing processes. Customer billing is a highly complex process, and our billing systems must efficiently interface with third-party systems, such as those of credit card processing companies. Our ability to accurately and efficiently bill our customers is dependent on the successful operation of our billing systems and the third-party systems upon which we rely, such as our credit card processor, and our ability to provide these third parties the information required to process transactions. In addition, our ability to offer new services or alternative-billing plans is dependent on our ability to customize our billing systems. Any failures or errors in our billing systems or procedures, or any disruptions in billing-related services provided by our vendors, could impair our ability to properly bill our current customers or attract and service new customers, and thereby could materially and adversely affect our business and financial results.

Increased numbers of credit and debit card declines in our business could lead to a decrease in our revenues or rate of revenue growth.

A significant number of our customers pay for our services through credit and debit cards, particularly with respect to our SoHo fax products. Weakness in certain segments of the credit markets and in the U.S. and global economies could result in increased numbers of rejected credit and debit card payments. We believe this could result in increased customer cancellations

and decreased customer signups. Rejected credit or debit card payments, customer cancellations and decreased customer sign up may adversely impact our revenues and profitability.

If our business experiences excessive fraudulent activity or cannot meet evolving credit card company merchant standards, we could incur substantial costs and lose the right to accept credit cards for payment and our customer base could decrease significantly.

A significant number of our customers, particularly for our SoHo fax products, authorize us to bill their credit card accounts directly for all service fees charged by us. If people pay for these services with stolen credit cards, we could incur substantial unreimbursed third-party vendor costs. We also incur losses from claims that the customer did not authorize the credit card transaction to purchase our service. If the numbers of unauthorized credit card transactions become excessive, we could be assessed substantial fines for excess chargebacks and could lose the right to accept credit cards for payment. In addition, we are subject to Payment Card Industry (“PCI”) data security standards, which require periodic audits by independent third parties to assess our compliance. PCI standards are a comprehensive set of requirements for enhancing payment account data security. Failure to comply with the security requirements or rectify a security issue may result in fines or a restriction on accepting payment cards. Credit card companies may change the standards required to utilize their services from time to time. If we are unable to meet these new standards, we could be unable to accept credit cards. Further, the law relating to the liability of providers of online payment services is currently unsettled and states may enact their own rules with which we may not comply. Substantial losses due to fraud or our inability to accept credit card payments, which could cause our customer base to significantly decrease, could have a material adverse effect on our business, prospects, financial condition, operating results and cash flows.

Our success depends on our retention of our executive officers, senior management and our ability to hire and retain key personnel.

Our success depends on the skills, experience and performance of our key personnel, including our executive officers, senior management and skilled workforce. The loss of the services of one or more of our key employees could have a material adverse effect on our business, prospects, financial condition, operating results and cash flows. In particular, the recruitment and retention of top technical, marketing, sales and subject matter experts - particularly those with specialized knowledge, will be critical to our success. Competition for such people is intense, substantial and continuous, and we may not be able to attract, integrate or retain highly qualified technical, sales or managerial personnel in the future. In our effort to attract and retain key personnel, we may experience increased compensation costs that are not offset by either improved productivity or higher prices for our products or services.

Changes in the labor market, employee turnover, changes in the availability of our employees and labor shortages more generally could result in, increased costs, and could adversely impact the efficiency of our operations.

Political instability and volatility in the economy may adversely affect segments of our customers, which may result in decreased usage and advertising levels, customer acquisition and customer retention rates and, in turn, could lead to a decrease in our revenues or rate of revenue growth.

Certain segments of our customers may be adversely affected by political instability and volatility in the general economy or any downturns. To the extent these customers’ businesses are adversely affected by political instability or economic volatility, their usage of our services and/or our customer retention rates could decline. This may result in decreased cloud services subscription and/or usage revenues and decreased advertising, e-commerce or other revenues, which may adversely impact our revenues and profitability. For example, in connection with the conflict between Russia and Ukraine, the U.S. government has imposed severe economic sanctions and export controls and has threatened additional sanctions and controls. The full impact of these measures, or of any potential responses to them by Russia or other countries, on the businesses and results of operations or our customers or us is unknown.

Risks Related To Regulation Including Taxation

Changes in regulations relating to health information communication protocols could affect our business.

The ONC is the principal U.S. federal entity charged with the coordination of nationwide efforts to implement and use health IT for the electronic exchange of health information. ONC regularly proposes legislative changes to incentivize the healthcare industry to adopt specific electronic tools to exchange health information. Changes to information exchange requirements could impact the use of cloud fax as a communication choice for healthcare entities and have a material impact on our business, prospects, financial condition, operating results and cash flows.

We face potential liability related to the privacy and security of health-related information we collect from, or on behalf of, our consumers and customers.

The privacy and security of information about the physical or mental health or condition of an individual is an area of significant focus in the U.S. because of heightened privacy concerns and the potential for significant consumer harm from the misuse of such sensitive data. We have procedures and technology in place intended to safeguard the information we receive from customers and users of our services from unauthorized access or use. The Privacy Standards and Security Standards under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) establish a set of basic national privacy and security standards for the protection of individually identifiable health information by health plans, healthcare clearinghouses and certain healthcare providers, referred to as “covered entities”, and the business associates with whom such covered entities contract for services. Notably, whereas HIPAA previously directly regulated only these covered entities, the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”) makes certain of HIPAA’s Privacy and Security Standards directly applicable to covered entities’ business associates. As a result, business associates are now subject to significant civil and criminal penalties for failure to comply with applicable Privacy and Security Standards. Additionally, certain states have adopted comparable privacy and security laws and regulations, some of which may be more stringent than HIPAA.

HIPAA directly applies to covered entities such as our hospital clients. Since these clients disclose protected health information to our subsidiaries so that those subsidiaries can provide certain services to them, those subsidiaries are business associates of those clients. In addition, we may sign business associate agreements in connection with the provision of the products and services developed for other third parties or in connection with certain of our other services that may transmit or store protected health information.

Failure to comply with the requirements of HIPAA or HITECH or any of the applicable federal and state laws regarding patient privacy, identity theft prevention and detection, breach notification and data security may subject us to penalties, including civil monetary penalties and, in some circumstances, criminal penalties or contractual liability under agreements with our customers and clients. Any failure or perception of failure of our products or services to meet HIPAA, HITECH and related regulatory requirements could expose us to risks of investigation, notification, litigation, penalty or enforcement, adversely affect demand for our products and services and force us to expend significant capital and other resources to modify our products or services to address the privacy and security requirements of our clients and HIPAA and HITECH.

Our services may become subject to burdensome regulation, which could increase our costs or restrict our service offerings.

We believe that most of our services are “information services” under the Telecommunications Act of 1996 and related precedent, or, if not “information services,” that we are entitled to other exemptions, meaning that we generally are not currently subject to U.S. telecommunications services regulation at both the federal and state levels. We utilize data transmissions over public telephone lines and other facilities provided by third-party carriers. These transmissions are subject to foreign and domestic laws and regulation by the FCC, state public utility commissions and foreign governmental authorities. These regulations affect the availability of numbers, the prices we pay for transmission services, the administrative costs associated with providing our services, the competition we face from telecommunications service providers and other aspects of our market. However, as messaging and communications services converge and as the services we offer expand, we may become subject to FCC or other regulatory agency regulation. It is also possible that a federal or state regulatory agency could take the position that our offerings, or a subset of our offerings, are properly classified as telecommunications services or otherwise not entitled to certain exemptions upon which we currently rely. Such a finding could potentially subject us to fines, penalties or enforcement actions as well as liabilities for past regulatory fees and charges, retroactive contributions to various telecommunications-related funds, telecommunications-related taxes, penalties and interest. It is also possible that such a finding could subject us to additional regulatory obligations that could potentially require us either to modify our offerings in a costly manner, diminish our ability to retain customers, or discontinue certain offerings, in order to comply with certain regulations. Changes in the regulatory environment could decrease our revenues, increase our costs and restrict our service offerings. In many of our international locations, we are subject to regulation by the applicable governmental authority.

In the U.S., Congress, the FCC, and a number of states require regulated telecommunications carriers to contribute to federal and/or state Universal Service Funds (“USF”). Generally, USF is used to subsidize the cost of providing service to low-income customers and those living in high cost or rural areas. Congress, the FCC and a number of states are reviewing the manner in which a provider’s contribution obligation is calculated, as well as the types of entities subject to USF contribution obligations. If any of these reforms are adopted, they could cause us to alter or eliminate our non-paid services and to raise the price of our paid services, which could cause us to lose customers. Any of these results could lead to a decrease in our revenues

and net income and could materially adversely affect our business, prospects, financial condition, operating results and cash flows.

The Telephone Consumer Protection Act (the “TCPA”) and FCC rules implementing the TCPA, as amended by the Junk Fax Act, prohibit sending unsolicited facsimile advertisements to telephone fax machines. The FCC, the Federal Trade Commission (“FTC”), or both may initiate enforcement action against companies that send “junk faxes” and individuals also may have a private cause of action. Although entities that merely transmit facsimile messages on behalf of others are not liable for compliance with the prohibition on faxing unsolicited advertisements, the exemption from liability does not apply to fax transmitters that have a high degree of involvement or actual notice of an illegal use and have failed to take steps to prevent such transmissions. We take significant steps to ensure that our services are not used to send unsolicited faxes on a large scale, and we do not believe that we have a high degree of involvement in or notice of the use of our service to broadcast junk faxes. However, because fax transmitters do not enjoy an absolute exemption from liability under the TCPA and related FCC and FTC rules, we could face inquiries from the FCC and FTC or enforcement actions by these agencies, or private causes of action, if someone uses our service for such impermissible purposes. If this were to occur and we were to be held liable for someone’s use of our service for transmitting unsolicited faxes, the financial penalties could cause a material adverse effect on our operations and harm our business reputation.

Likewise, the TCPA also prohibits placing calls or sending text messages to mobile phones without “prior express consent” subject to limited exceptions. Parties that solely enable calling or text messaging are only directly liable under the TCPA pursuant to federal common law vicarious liability principles. We take significant steps to ensure that users understand that they are responsible for how they use our technology including complying with relevant federal and state law. However, because we do not enjoy absolute exemption from liability under the TCPA and related FCC and FTC rules, we could face inquiries from the FCC and FTC or enforcement actions by these agencies, or private causes of action, if someone uses our service for such impermissible purposes. If this were to occur and we were to be held liable for someone’s use of our service for unauthorized calling or text messaging mobile users, the financial penalties could cause a material adverse effect on our operations and harm our business reputation.

Changes in our tax rates, changes in tax treatment of companies engaged in e-commerce, the adoption of new U.S. or international tax legislation, or exposure to additional tax liabilities may adversely impact our financial results.

We are a U.S.-based multinational company subject to taxes in the U.S. and foreign jurisdictions. Our provision for income taxes is based on a jurisdictional mix of earnings, statutory tax rates and enacted tax rules, including transfer pricing. Due to economic and political conditions, tax rates in various jurisdictions may be subject to significant change. As a result, our future effective tax rates could be affected by changes in the mix of earnings in countries with differing statutory tax rates, changes in the valuation of deferred tax assets and liabilities, or changes in tax laws or their interpretation. These changes may adversely impact our effective tax rate and harm our financial position and results of operations.

We are subject to examination by the U.S. Internal Revenue Service (“IRS”) and other domestic and foreign tax authorities and government bodies. We regularly assess the likelihood of adverse outcomes resulting from these examinations to determine the adequacy of our income tax and other tax reserves. If our reserves are not sufficient to cover these contingencies, such inadequacy could materially adversely affect our business, prospects, financial condition, operating results, and cash flows.

In addition, due to the global nature of the Internet, it is possible that various states or foreign countries might attempt to impose additional or new regulation on our business or levy additional or new sales, income or other taxes relating to our activities. Tax authorities at the international, federal, state and local levels are currently reviewing the appropriate treatment of companies engaged in e-commerce. New or revised international, federal, state or local tax regulations or court decisions may subject us or our customers to additional sales, income and other taxes. For example, the European Union, certain member states, and other countries, as well as states within the United States, have proposed or enacted taxes on online advertising and marketplace service revenues. The application of existing, new or revised taxes on our business, in particular, sales taxes, VAT and similar taxes would likely increase the cost of doing business online and decrease the attractiveness of selling products over the internet. Any of these events could have a material adverse effect on our business, financial condition, and operating results.

We are subject to examination for indirect taxes in various states, municipalities and foreign jurisdictions. Management currently believes we have adequate reserves established for these matters. If a material indirect tax liability associated with prior periods were to be recorded, for which there is not a reserve, it could materially affect our financial results for the period in which it is recorded.

Taxing authorities may successfully assert that we should have collected, or in the future should collect sales and use, telecommunications or similar taxes, and we could be subject to liability with respect to past or future tax, which could adversely affect our operating results.

We believe we have provided for state and local sales and use tax, excise, utility user, and ad valorem taxes, fees and surcharges or other similar obligations in all relevant jurisdictions in which we generate sales, based on our understanding of the applicable laws in those jurisdictions. Such tax, fees and surcharge laws and rates vary greatly by jurisdiction, and the application of such taxes to e-commerce businesses, such as ours, is a complex and evolving area. The jurisdictions where we have sales may apply more rigorous enforcement efforts or take more aggressive positions in the future that could result in greater tax liability. In addition, in the future we may also decide to engage in activities that would require us to pay sales and use, telecommunications, or similar taxes in new jurisdictions. Such tax assessments, penalties and interest for failure to comply with current or future laws and regulations may materially adversely affect our business, financial condition and operating results. Compliance with these laws and regulations may also cause us to change or limit our business practices in a manner adverse to our business.

We are subject to a variety of new and existing laws and regulations which could subject us to claims, judgments, monetary liabilities and other remedies, and to limitations on our business practices.

The application of existing domestic and international laws and regulations to us relating to issues such as defamation, pricing, advertising, taxation, promotions, billing, consumer protection, export controls, accessibility, content regulation, data privacy, intellectual property ownership and infringement, and accreditation in many instances is unclear or unsettled. In addition, we will also be subject to any new laws and regulations directly applicable to our domestic and international activities. Internationally, we may also be subject to laws regulating our activities in foreign countries and to foreign laws and regulations that are inconsistent from country to country. We may incur substantial liabilities for expenses necessary to comply with these laws and regulations, as well as potential substantial penalties for any failure to comply. Compliance with these laws and regulations may also cause us to change or limit our business practices in a manner adverse to our business.

In certain instances, we may be subject to enhanced privacy obligations based on the type of information we store and process. While we believe we are in compliance with the relevant laws and regulations, we could be subject to enforcement actions, fines, forfeitures and other adverse actions.

The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the “CAN-SPAM Act”), which allows for penalties that run into the millions of dollars, requires commercial emails to include identifying information from the sender and a mechanism for the receiver to opt out of receiving future emails. Several states have enacted additional, more restrictive and punitive laws regulating commercial email. Foreign legislation exists as well, including Canada’s Anti-Spam Legislation and the European laws that have been enacted pursuant to the GDPR and European Union Directive 2002/58/EC and its amendments. We use email as a significant means of communicating with our existing and potential users. We believe that our email practices comply with the requirements of the CAN-SPAM Act, state laws, and applicable foreign legislation. If we were ever found to be in violation of these laws and regulations, or any other laws or regulations, our business, financial condition, operating results and cash flows could be materially adversely affected.

Many third parties are examining whether the Americans with Disabilities Act (“ADA”) concept of public accommodation also extends to websites and to mobile applications. Generally, some plaintiffs have argued that websites and mobile applications are places of public accommodation under Title III of the ADA and, as such, must be equipped so that individuals with disabilities can navigate and make use of subject websites and mobile applications. We cannot predict how the ADA will ultimately be interpreted as applied to websites and mobile applications. We believe we are in compliance with relevant law. If the law changes with the ADA, then any adjustments or requirements to implement any changes prescribed by the ADA could result in increased costs to our business, we may become subject to injunctive relief, plaintiffs may be able to recover attorneys’ fees, and it is possible that, while the ADA does not provide for monetary damages, we become subject to such damages through state consumer protection or other laws. It is possible that these potential liabilities could cause a material adverse effect on our operations and harm our business reputation.

Certain data transfers from and between the European Union (“EU”) are subject to the GDPR. As discussed in more detail below, the GDPR prohibits data transfers from the EU to other countries outside of the EU, including the U.S., without appropriate security safeguards and practices in place. With respect to data transfers from the E.U. to the U.S., the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (the “Framework”), which permits personal data to flow from the E.U. to U.S. companies participating in the Framework. Similarly, the U.K. government adopted an adequacy decision for the U.S., the UK-US Data Bridge, which permits personal data to flow from the U.K. to U.S.

companies participating in the Framework and the U.K. Extension. Such evolving requirements could cause the Company to incur additional costs, require it to change business practices or affect the manner in which it provides its services.

The Company has put into place various alternative grounds on which to rely in order to be in compliance with relevant law for the transfer of data from overseas locations to the U.S. which have not been invalidated by the European Court of Justice. Some independent data regulators have adopted the position that other forms of compliance are also invalid though the legal grounds for these findings remain unclear at this time. We cannot predict at this time whether the alternative grounds that we continue to implement will be found to be consistent with relevant laws nor what any potential liability may be at this time.

The Company is also subject to the California Consumer Privacy Act (“CCPA”), which covers businesses that obtain or access personal information on California resident consumers grants consumers enhanced privacy rights and control over their personal information and imposes significant requirements on covered companies with respect to consumer data privacy rights. The CCPA provides consumers with the right to opt out of the sale of their personal information including the requirement to include a “Do Not Sell” link on our websites and applications that sell personal data of California resident consumers. We believe we have implemented such links to the extent necessary and our privacy policies have been updated and posted on our websites. Further, on November 3, 2020, the California Privacy Rights Act (the “CPRA”) was voted into law by California residents. The CPRA significantly amended the CCPA and imposed additional data protection obligations on companies doing business in California, including additional consumer rights processes and opt outs for certain uses of sensitive data. It also created a new California data protection agency specifically tasked to enforce the law, which could result in increased regulatory scrutiny of California businesses in the areas of data protection and security. Similar laws have been passed in several other states and have been proposed in additional states and at the federal level.

Failure or perceived failure by us to comply with our policies, applicable requirements, or industry self-regulatory principles related to the collection, use, sharing or security of personal information, or other privacy, data-retention or data-protection matters could result in a loss of user confidence in us, damage to our brands, and ultimately in a loss of users and advertising partners, which could adversely affect our business. Changes in these or any other laws and regulations or the interpretation of them could increase our future compliance costs, limit the amount and type of data we can collect, transfer, share, or sell, make our products and services less attractive to our users, or cause us to change or limit our business practices. Further, any failure on our part to comply with any relevant laws or regulations may subject us to significant civil or criminal liabilities.

If we are subject to burdensome laws or regulations or if we fail to adhere to the requirements of public or private regulations, our business, financial condition and results of operations could suffer.

Our debt obligations could adversely affect our business and our ability to meet our obligations and pay dividends.

As of December 31, 2025, Consensus has total outstanding indebtedness of approximately $562.2 million, of which $7.5 million will mature in each of the years 2026 and 2027, and the remainder will mature in 2028. We may also incur additional indebtedness in the future. This significant amount of debt could have important adverse consequences to us and our investors, including:

• requiring a substantial portion of our cash flow from operations to make principal and interest payments;

• making it more difficult to satisfy other obligations;

• increasing the risk of a future credit ratings downgrade of our debt, which could increase future debt costs and limit the future availability of debt financing;

• increasing our vulnerability to general adverse economic, competitive and industry conditions;

• reducing the cash flows available to fund capital expenditures and other corporate purposes and to grow our business;

• limiting our flexibility in planning for, or reacting to, changes in our business and industry;

• placing us at a competitive disadvantage compared with our less-leveraged competitors;

• increasing our cost of borrowing; and

• limiting our ability to borrow additional funds as needed, refinance our debt or take advantage of business opportunities as they arise, pay cash dividends or repurchase our common stock.

In addition, the indentures governing our indebtedness contain, and the agreements governing any future indebtedness may contain, restrictive covenants that may limit our ability to engage in activities that may be in our long-term best interest.

Our failure to comply with those covenants could result in an event of default which, if not cured or waived, could result in the acceleration of substantially all of our debt.

Furthermore, we may be able to incur substantial additional indebtedness in the future. The terms of our outstanding indebtedness limit, but do not prohibit, us from incurring additional indebtedness, and the additional indebtedness incurred in compliance with these restrictions could be substantial. These restrictions will also not prevent us from incurring obligations that do not constitute “indebtedness.” If new indebtedness is added to our current debt levels, the related risks that we now face could intensify. Our ability to incur additional indebtedness and/or refinance our existing indebtedness will depend on the debt and/or capital markets and our financial condition at the relevant time. We may not be able to incur additional debt or refinance our existing debt on desirable terms or at all.

We may not be able to generate sufficient cash to service all of our indebtedness and may be forced to take other actions to satisfy our obligations under our indebtedness, which may not be successful.

Our ability to make scheduled payments due on our debt obligations or to refinance our debt obligations depends on our financial condition and operating performance, which are subject to prevailing economic, industry, and competitive conditions and to certain financial, business, legislative, regulatory, and other factors beyond our control, including those discussed elsewhere in this “Risk Factors” section. We may be unable to maintain a level of cash flow sufficient to permit us to pay the principal, premium, if any, and interest on our indebtedness.

If our cash flow and capital resources are insufficient to fund our debt service obligations, we could face substantial liquidity problems and could be forced to reduce or delay investments and capital expenditures or to dispose of material assets or operations, seek additional debt or equity capital or restructure or refinance our indebtedness. We may not be able to implement any such alternative measures on commercially reasonable terms or at all and, even if successful, those alternative actions may not allow us to meet our scheduled debt service obligations. The indentures governing our indebtedness will restrict, and the agreements governing any future indebtedness may restrict, our ability to dispose of assets and use the proceeds from those dispositions and may also restrict our ability to raise debt or equity capital to be used to repay other indebtedness when it becomes due. We may not be able to consummate those dispositions or to obtain proceeds in an amount sufficient to meet any debt service obligations then due.

If we cannot make payments on our debt obligations, we will be in default and all outstanding principal and interest on our debt may be declared due and payable and we could be forced into bankruptcy or liquidation.

In addition, any event of default or declaration of acceleration under one debt instrument could result in an event of default under one or more of our other debt instruments.

Risks Related To Our Stock

The trading market for our common stock has existed for a relatively short time since the distribution. Our stock price may fluctuate significantly.

Prior to the distribution, there was no public market for our common stock. An active trading market for our common stock commenced only following the distribution and may not be sustainable. The market price of our common stock has in the past, and may continue to, fluctuate significantly due to a number of factors, some of which may be beyond our control, including:

• actual or anticipated fluctuations in our operating results;

• changes in earnings estimated by securities analysts or our ability to meet those estimates;

• the operating and stock price performance of comparable companies;

• changes to the regulatory and legal environment in which we operate; and

• domestic and worldwide economic conditions.

Stock markets in general have experienced volatility that has often been unrelated to the operating performance of a particular company. These broad market fluctuations could also adversely affect the trading price of our common stock.

We do not intend to pay dividends on our common stock.

We have no present intention to pay cash dividends on our common stock. As a result, a stockholder may only receive a return on their investment in our common stock if the trading price of our common stock increases. Any determination to pay dividends to holders of our common stock will be at the discretion of our board of directors and will depend upon many factors, including our financial condition, results of operations, projections, liquidity, earnings, legal requirements, restrictions in our existing and any future debt and other factors that our board of directors deems relevant.

We previously identified material weaknesses in our internal control over financial reporting, and if we fail to design and maintain effective internal control over financial reporting, we may not be able to accurately report our financial results in a timely manner, which may adversely affect investor confidence in us and materially and adversely affect our business and operating results.

As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act and the Dodd-Frank Act and are required to prepare our financial statements according to the rules and regulations required by the SEC. In addition, the Exchange Act requires that we file annual, quarterly and current reports. Our failure to prepare and disclose this information in a timely manner or to otherwise comply with applicable law could subject us to penalties under federal securities laws, expose us to lawsuits and restrict our ability to access financing. In addition, the Sarbanes-Oxley Act requires, among other things, that we establish and maintain effective internal controls and procedures for financial reporting and disclosure purposes. Internal control over financial reporting is complex and may be revised over time to adapt to changes in our business, or changes in applicable accounting rules. We have previously identified material weaknesses in our internal control over financial reporting, although all such material weaknesses have been remediated. A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of our consolidated financial statements will not be prevented or detected on a timely basis.

Completion of remediation does not provide assurance that our remediation or other controls will continue to operate properly or remain adequate. Further, our current internal control over financial reporting and any additional internal control over financial reporting that we develop may become inadequate because of changes in conditions in our business. We also cannot assure you that a material weakness will not be discovered with respect to a prior period for which we had previously believed that internal controls were effective. If we are not able to maintain effective internal control over financial reporting, our independent registered public accounting firm will not be able to certify as to the effectiveness of our internal control over financial reporting, if and when required.

Matters affecting our internal controls, may cause us to be unable to report our financial information on a timely basis, or may cause us to restate previously issued financial information, and thereby subject us to adverse regulatory consequences, including sanctions or investigations by the SEC, violations of applicable stock exchange listing rules, and litigation brought by our shareholders and others. There could also be a negative reaction in the financial markets due to a loss of investor confidence in us and the reliability of our financial statements. This could have a material and adverse effect on us by, for example, leading to a decline in our share price and impairing our ability to raise additional capital, and also could result in litigation brought by our shareholders and others.

Certain provisions in our amended and restated certificate of incorporation and amended and restated bylaws, and of Delaware law, may prevent or delay an acquisition of Consensus, which could decrease the trading price of our common stock.

Our amended and restated certificate of incorporation and amended and restated bylaws contain, and Delaware law contains, provisions that are intended to deter coercive takeover practices and inadequate takeover bids and to encourage prospective acquirers to negotiate with our board of directors (the “Board of Directors”) rather than to attempt a hostile takeover. These provisions will, among other things:

• permit our Board of Directors to issue one or more series of preferred stock with such powers, rights and preferences as the Board of Directors shall determine;

• subject to a five-year sunset from the date of the distribution, provide for a classified Board of Directors, with each class serving a staggered three-year term, which could have the effect of making the replacement of incumbent directors more time consuming and difficult;

• provide that, as long as our Board of Directors is classified, our directors can be removed for cause only;

• prohibit stockholder action by written consent;

• limit the ability of stockholders to call a special meeting of stockholders;

• provide that vacancies on the Board of Directors could be filled only by a majority vote of directors then in office, even if less than a quorum, or by a sole remaining director; and

• establish advance notice requirements for stockholder proposals and nominations of candidates for election as directors.

These provisions may prevent or discourage attempts to remove and replace incumbent directors. In addition, these limitations may adversely affect the prevailing market price and market for our common stock if they are viewed as limiting the liquidity of our stock or discouraging takeover attempts in the future.

Because we have not chosen to be exempt from Section 203 of the Delaware General Corporation Law (“DGCL”), this provision could also delay or prevent a change of control that stockholders may favor. Section 203 provides that, subject to limited exceptions, persons that acquire, or are affiliated with a person that acquires, more than 15% of the outstanding voting stock of a Delaware corporation shall not engage in any business combination with that corporation, including by merger, consolidation or acquisitions of additional shares, for a three-year period following the date on which that person or their affiliates becomes the holder of more than 15% of the corporation’s outstanding voting stock.

In addition, an acquisition or further issuance of our common stock could trigger the application of Section 355(e) of the Code, causing the distribution to be taxable to Ziff Davis. Under the tax matters agreement, we would be required to indemnify Ziff Davis for the resulting tax, and this indemnity obligation might discourage, delay or prevent a change of control that you may consider favorable.

Our amended and restated bylaws designate the Court of Chancery of the State of Delaware as the sole and exclusive forum for certain types of actions and proceedings that may be initiated by our stockholders, and the United States federal district courts as the exclusive forum for claims under the Securities Act, which could limit our stockholders’ ability to obtain what such stockholders believe to be a favorable judicial forum for disputes with us or our directors, officers or employees.

Our amended and restated bylaws provide that, unless Consensus consents in writing to the selection of an alternative forum, the sole and exclusive forum for (a) any derivative action or proceeding brought on behalf of Consensus, (b) any action asserting a claim of breach of a fiduciary duty owed by any current or former director, officer or other employee, agent or stockholder of Consensus to Consensus or its stockholders, (c) any action asserting a claim against Consensus or any current or former director, officer or other employee of Consensus arising pursuant to any provision of the DGCL or our amended and restated certificate of incorporation or bylaws or as to which the DGCL confers jurisdiction on the Court of Chancery of the State of Delaware or (d) any action asserting a claim against Consensus or any current or former director, officer or other employee of Consensus governed by the internal affairs doctrine shall, in each case to the fullest extent permitted by law, be the Court of Chancery of the State of Delaware, or if such court does not have subject matter jurisdiction, a the federal district court for the District of Delaware. Furthermore, unless Consensus consents in writing to the selection of an alternative forum, the federal district courts of the United States of America shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act or the rules or regulations thereunder. Our exclusive forum provision will not apply to suits brought to enforce any liability or duty created by the Exchange Act or the rules and regulations thereunder, and investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder. These exclusive provisions may limit a stockholder’s ability to bring a claim in a judicial forum that he, she or it believes to be favorable for disputes with us or our directors, officers or other employees, which may discourage such lawsuits. It is possible that a court could find these exclusive forum provisions inapplicable or unenforceable with respect to one or more of the specified types of actions or proceedings, and we may incur additional costs associated with resolving such matters in other jurisdictions, which could materially adversely affect our business, financial condition and results of operations and result in a diversion of the time and resources of our management and Board of Directors.

If securities or industry analysts do not publish research or publish misleading or unfavorable research about our business, our stock price and trading volume could decline.

The trading market for Consensus’ common stock depends in part on the research and reports that securities or industry analysts publish about us or our business. We currently have multiple research analysts covering Consensus’ common stock. If one or more of the analysts downgrades our stock or publishes misleading or unfavorable research about our business, our stock price would likely decline. If one or more of the analysts ceases coverage of Consensus’ common stock or fails to publish reports on us regularly, demand for Consensus’ common stock could decrease, which could cause Consensus’ common stock price or trading volume to decline.

Risks Related To the Separation

If the distribution, together with certain related transactions, does not qualify as a transaction that is generally tax-free for U.S. federal income tax purposes, Ziff Davis, Consensus and Ziff Davis stockholders could be subject to significant tax liabilities, and, in certain circumstances, Consensus could be required to indemnify Ziff Davis for material taxes and other related amounts pursuant to indemnification obligations under the tax matters agreement.

Prior to the completion of the separation and distribution the Parent Company received (i) a private letter ruling from the IRS regarding certain U.S. federal income tax matters relating to the separation and related transactions and (ii) an opinion from its tax advisors regarding the qualification of the distribution, together with certain related transactions, as generally tax-free, for U.S. federal income tax purposes, under Sections 355 and 368(a)(1)(D) of the Code. Such opinions and IRS private letter ruling are based, among other things, on various facts and assumptions, as well as certain representations, statements and undertakings of Ziff Davis and Consensus. If any of these facts, assumptions, representations, statements or undertakings is, or becomes, inaccurate or incomplete, or if Ziff Davis or Consensus breach any of their respective covenants contained in any of the separation-related agreements or in the documents relating to the IRS private letter ruling and/or any tax opinion, the IRS private letter ruling and/or any tax opinion may be invalid. Accordingly, notwithstanding receipt of the IRS private letter ruling and/or opinions of counsel or other external tax advisors, the IRS could determine that the distribution and certain related transactions should be treated as taxable transactions for U.S. federal income tax purposes if it determines that any of the facts, assumptions, representations, statements or undertakings that were included in the request for the IRS private letter ruling or on which any opinion was based are false or have been violated. In addition, the IRS private letter ruling does not address all of the issues that are relevant to determining whether the distribution, together with certain related transactions, qualifies as a transaction that is generally tax-free for U.S. federal income tax purposes, and an opinion of outside counsel or other external tax advisor represents the judgment of such counsel or advisor which is not binding on the IRS or any court. Accordingly, notwithstanding receipt by of the IRS private letter ruling and the tax opinions referred to above, there can be no assurance that the IRS will not assert that the distribution and/or certain related transactions do not qualify for tax-free treatment for U.S. federal income tax purposes or that a court would not sustain such a challenge. In the event the IRS were to prevail with such challenge, Ziff Davis, Consensus and Ziff Davis’s stockholders could be subject to significant U.S. federal income tax liability.

If the distribution, together with certain related transactions, fails to qualify as a transaction that is generally tax-free under Sections 355 and 368(a)(1)(D) of the Code, in general, for U.S. federal income tax purposes, Ziff Davis would recognize taxable gain as if it has sold the Consensus common stock in a taxable sale for its fair market value and Ziff Davis stockholders who received shares of Consensus common stock in the distribution would be subject to tax as if they had received a taxable distribution equal to the fair market value of such shares.

Under the tax matters agreement entered into by Ziff Davis and Consensus in connection with the separation, Consensus generally is required to indemnify Ziff Davis for any taxes resulting from the separation (and any related costs and other damages) to the extent such amounts resulted from (i) an acquisition of all or a portion of the equity securities or assets of Consensus, whether by merger or otherwise (and regardless of whether Consensus participated in or otherwise facilitated the acquisition), (ii) other actions or failures to act by Consensus or (iii) any of the representations or undertakings of Consensus contained in any of the separation-related agreements or in the documents relating to the IRS private letter ruling and/or any tax opinion being incorrect or violated. Any such indemnity obligations could be material.

In addition, Ziff Davis, Consensus and their respective subsidiaries may incur certain tax costs in connection with the separation, including non-U.S. tax costs resulting from separations in multiple non-U.S. jurisdictions that do not legally provide for tax-free separations, which may be material.

We and Ziff Davis continue to have some obligations under transaction agreements that were executed as part of the separation.

In connection with the separation, we entered into several agreements with Ziff Davis, including among others, a separation agreement, a tax matters agreement, an employee matters agreement, an intellectual property license agreement and a stockholder and registration rights agreement with respect to Ziff Davis’ continuing ownership of Consensus common stock. While the term of many of the obligations under these agreements has passed, some obligations still remain. For example, we continue to have indemnification obligations to Ziff Davis for matters including liabilities primarily associated with the Consensus business and we continue to be severally liable for certain Ziff Davis tax obligations. Ziff Davis is also required to indemnify us for certain liabilities. If Ziff Davis were to make an indemnification claim, or if Ziff Davis is unable to pay the taxes for which we may be severally liable, we could incur significant liabilities.

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations

In addition to historical information, the following Management’s Discussion and Analysis of Financial Condition and Results of Operations contains forward-looking statements. These forward-looking statements involve risks, uncertainties and assumptions. The actual results may differ materially from those anticipated in these forward-looking statements as a result of many factors, including but not limited to those discussed in Part I, Item 1A - “Risk Factors” in this Annual Report on Form 10-K. Readers are cautioned not to place undue reliance on these forward-looking statements, which reflect management’s opinions only as of the date hereof. We undertake no obligation to revise or publicly release the results of any revision to these forward-looking statements, except as required by law. Readers should carefully review the Risk Factors and the risk factors set forth in other documents we file from time to time with the SEC.

Overview

Consensus is a leading provider of secure information delivery services. With our most prominent brand eFax® established over twenty-five years ago, Consensus has now evolved the service platform from pure cloud Fax to efficient and secure information exchange featuring solutions for data extraction, comprehension and transformation, facilitating interoperability and process improvement. Consensus is committed to security and compliance in data exchange, and our scalable Software-as-a-Service (“SaaS”) platform is particularly attractive to regulated industries like healthcare and healthcare technology, public sector, financial services, law, and education. We offer local phone numbers in 46 countries and/or territories, servicing approximately 703 thousand customers ranging from small businesses to large enterprises and the federal government. Each customer cohort has unique needs and engagement preferences, and our go-to-market and customer service offerings are adapted across this continuum to serve each appropriately. Our top 10 customers represent approximately $32.7 million or 9% of total revenues.

Over the past decade, Consensus has increasingly focused on larger commercial customers (“Corporate”) and public sector customers. This shift occurred as enterprise data communication moved toward digitization and cloud-based solutions. Sales to these customers are made through e-commerce and direct interaction with a salesperson, and often involve specific pricing, multiple line subscriptions, API connections, and/or commercial grade security. Sales channels include e-commerce, direct sales and sales through or referred by channel and strategic partners.

Key Performance Metrics

We use the following metrics to generally assess the operational and financial performance of our business, including the growth of our business, the value provided by customers to our business and our customer retention that provide insights that contribute to certain of our business planning decisions. We believe these financial measures are useful to investors both because (1) they allow for greater transparency with respect to key metrics used by management in its financial and operational decision-making and (2) they are used by our institutional investors and the analyst community to help them analyze the health of our business.

The following table sets forth certain key performance metrics for our operations for the years ended December 31, 2025, 2024 and 2023 (in thousands, except for percentages and Average Revenue per Customer Account):

Years Ended December 31,

Revenue

Corporate

SoHo

Total

Other revenues

Consolidated

Average Revenue per Customer Account (“ARPA”) (1)(2)

Corporate

SoHo

Consolidated

Customer Accounts (1)

Corporate

SoHo

Consolidated

Paid Adds (3)

Corporate

SoHo

Consolidated

Monthly Churn % (4)

Corporate

SoHo

Consolidated

(1) Consensus customers are defined as paying Corporate and SoHo customer accounts. In the second quarter of 2025, we eliminated dormant accounts not contributing to revenue from the number of SoHo customer accounts. The prior year periods have been revised for consistency with the current year, and all metrics calculated based on the number of customer accounts (including ARPA and Monthly Churn %) are calculated based on the revised numbers. As a result of this change, the number of SoHo customer accounts for 2024 and 2023 decreased by 26 thousand and 22 thousand, respectively.

(2) Represents a monthly ARPA for the year, calculated as follows: monthly ARPA on an annual basis is calculated by dividing revenue for the year by the average customer base for the applicable period and dividing that amount by 12 months. We believe ARPA provides investors an understanding of the average monthly revenues we recognize per account associated within Consensus’ customer base. As ARPA varies based on fixed subscription fee and variable usage components, we believe it can serve as a measure by which investors can evaluate trends in the types of services, levels of services and the usage levels of those services across Consensus’ customers.

(3) Paid Adds represents paying new Consensus customer accounts added during the annual period.

(4) Monthly churn represents paid monthly Corporate and SoHo customer accounts that were cancelled during each month of the annual period, divided by the average number of customers during each month of the same annual period (including the paid adds). The period measured is annual and expressed as a monthly churn rate over the annual period.

Critical Accounting Policies and Estimates

We prepare our consolidated financial statements and related disclosures in accordance with U.S. generally accepted accounting principles (“GAAP”) and our discussion and analysis of our financial condition and operating results requires us to make judgments, assumptions and estimates that affect the amounts reported in our consolidated financial statements and accompanying notes. See Note 2 - Basis of Presentation and Summary of Significant Accounting Policies of the Notes to the Consolidated Financial Statements in Part II, Item 8 of this Form 10-K, which describes the significant accounting policies and methods used in the preparation of our consolidated financial statements. We base our estimates on historical experience and on various other assumptions we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying value of assets and liabilities. Actual results may differ significantly from those estimates under different assumptions and conditions and may be material.

We believe that our most critical accounting policies are those related to revenue recognition, internal-use software development costs, share-based compensation expense, income taxes and tax contingencies. We consider these policies critical because they are those that are most important to the portrayal of our financial condition and results and require management’s most difficult, subjective and complex judgments, often as a result of the need to make estimates about the effect of matters that are inherently uncertain. Senior management has reviewed these critical accounting policies and related disclosures with the Audit Committee of the Company’s Board of Directors.

Revenue Recognition

We earn revenue from contracts with customers, primarily through the provision of cloud-based communication and digital signature solutions that allow customers to access our software without taking possession. The contracts include both recurring subscription and usage-based fees, and the total transaction price is allocated to performance obligations in each contract as appropriate. Revenue for cloud-based services is recognized over time in the period earned. The contracts may be terminated early. Fees collected in advance are non-refundable, and they are deferred and recognized in revenue when the related performance obligations are satisfied. Standard Corporate contracts billed monthly include a termination charge equal to the minimum fees payable through the last day of the contract term.

Along with our numerous proprietary solutions, we also generate revenues by reselling various third-party solutions. These third-party solutions, along with our proprietary products, allow us to offer customers a variety of solutions to better meet their needs. We record revenue on a gross basis with respect to reseller revenue because we have control of the specified good or service prior to transferring control to the customer. See Note 3 - Revenues of the Notes to the Consolidated Financial Statements in Part II, Item 8 of this Form 10-K.

Internal-Use Software Development Costs

We capitalize certain internal-use software and website development costs that are incurred during the application development stage, provided that management with the relevant authority authorizes and commits to the funding of the project, it is probable the project will be completed, and the software will be used to perform the function intended. Costs related to preliminary project activities and post implementation activities are expensed as incurred. Capitalized internal-use software development costs are included in property and equipment and are amortized on a straight-line basis over their estimated useful lives. There is judgment involved in estimating the stage of development as well as estimating time allocated to a particular project. A significant change in the time spent on each project could have a material impact on the amount capitalized and related amortization expense in subsequent periods. See Note 5 - Property and Equipment of the Notes to the Consolidated Financial Statements in Part II, Item 8 of this Form 10-K.

Share-Based Compensation Expense

We account for share-based awards to employees and non-employees in accordance with the provisions of FASB ASC Topic No. 718, Compensation - Stock Compensation (“ASC 718”). Accordingly, we measure share-based compensation expense at the grant date, based on the fair value of the award, and recognize the expense over the employee’s requisite service period using the straight-line method. The measurement of share-based compensation expense is based on several criteria

including, but not limited to, the valuation model used and associated input factors, such as the stock price on the date of grant, expected term of the award, stock price volatility, risk free interest rate, dividend rate and forfeiture rate. These inputs are subjective and are determined using management’s judgment.

For awards with performance-based conditions, share-based compensation expense is recognized using the graded-vesting method over the requisite service period if it is probable that the performance condition will be satisfied. The share-based compensation expense for performance-based awards is evaluated each quarter based on the achievement of the performance conditions. The effect of a change in the estimated number of performance-based awards expected to be earned is recognized in the period those estimates are revised.

If differences arise between the assumptions used in determining share-based compensation expense and the actual factors, which become known over time, we may change the input factors used in determining future share-based compensation expense. Any such changes could materially impact our results of operations in the period in which the changes are made and in periods thereafter. The Company estimates the expected term based upon the contractual term of the award. See Note 13 - Equity Incentive and Employee Stock Purchase Plan of the Notes to the Consolidated Financial Statements in Part II, Item 8 of this Form 10-K.

Income Taxes

Our income is subject to taxation in the U.S. and numerous foreign jurisdictions. Significant judgment is required in evaluating our tax positions and determining our provision for income taxes. During the ordinary course of business, there are many transactions and calculations for which the ultimate tax determination is uncertain. We establish reserves for tax-related uncertainties based on estimates of whether, and the extent to which, additional taxes will be due. These reserves for tax contingencies are established when we believe that certain positions might be challenged despite our belief that our tax return positions are fully supportable. We adjust these reserves in light of changing facts and circumstances, such as the outcome of a tax audit or lapse of a statute of limitations. The provision for income taxes includes the impact of reserve provisions and changes to reserves that are considered appropriate.

We account for income taxes in accordance with FASB ASC Topic No. 740, Income Taxes (“ASC 740”), which requires that deferred tax assets and liabilities are recognized using enacted tax rates for the effect of temporary differences between the book and tax basis of recorded assets and liabilities. GAAP also requires that deferred tax assets are reduced by a valuation allowance if it is more likely than not that some or all of the net deferred tax assets will not be realized. Our valuation allowance is reviewed quarterly based upon the facts and circumstances known at the time. In assessing this valuation allowance, we review historical and future expected operating results and other factors to determine whether it is more likely than not that deferred tax assets are realizable. See Note 11 - Income Taxes of the Notes to the Consolidated Financial Statements in Part II, Item 8 of this Form 10-K.

Income Tax Contingencies

We calculate current and deferred tax provisions based on estimates and assumptions that could differ from the actual results reflected in income tax returns filed during the following year. Adjustments based on filed returns are recorded when identified in the subsequent year.

ASC 740 provides guidance on the minimum threshold that an uncertain income tax position is required to meet before it can be recognized in the financial statements and applies to all tax positions taken by a company. ASC 740 contains a two-step approach to recognizing and measuring uncertain income tax positions. The first step is to evaluate the income tax position for recognition by determining if the weight of available evidence indicates that it is more likely than not that the position will be sustained upon audit, including resolution of related appeals or litigation processes, if any. The second step is to measure the tax benefit as the largest amount that is more than 50% likely of being realized upon settlement. If it is not more likely than not that the benefit will be sustained on its technical merits, no benefit will be recorded. Uncertain income tax positions that relate only to timing of when an item is included on a tax return are considered to have met the recognition threshold. We recognize accrued interest and penalties related to uncertain income tax positions in income tax expense on our Consolidated Statements of Income. On a quarterly basis, we evaluate uncertain income tax positions and establish or release reserves as appropriate under GAAP.

As a multinational corporation, we are subject to taxation in many jurisdictions, and the calculation of our tax liabilities involves dealing with uncertainties in the application of complex tax laws and regulations in various taxing

jurisdictions. Our estimate of the potential outcome of any uncertain tax issue is subject to management’s assessment of relevant risks, facts and circumstances existing at that time. Therefore, the actual liability for U.S. or foreign taxes may be materially different from our estimates, which could result in the need to record additional tax liabilities or potentially to reverse previously recorded tax liabilities. In addition, we may be subject to examination of our tax returns by the U.S. Internal Revenue Service (“IRS”) and other domestic and foreign tax authorities.

Recent Accounting Pronouncements

See Note 2 - Basis of Presentation and Summary of Significant Accounting Policies, to our accompanying consolidated financial statements for a description of recent accounting pronouncements and our expectations of their impact on our consolidated financial position and results of operations.

Results of Operations

Years Ended December 31, 2025, 2024 and 2023

The main strategic focus of our offerings is to enable our customers to securely and cooperatively access, exchange and use information across organizational, regional and national boundaries. As a result, we expect to continue to take steps to enhance our existing offerings and offer new services to continue to satisfy the evolving needs of our customers.

We expect our business to primarily grow organically and inorganically through the use of capital for re-investment in the business and opportunistic acquisitions that expedite our product roadmap in the interoperability space should they arise.

The following table sets forth information derived from our Consolidated Statements of Income as a percentage of revenues for the years ended December 31, 2025, 2024 and 2023. This information should be read in conjunction with the accompanying financial statements and the Notes to the Consolidated Financial Statements included elsewhere in this Annual Report on Form 10-K.

Years Ended December 31,

Revenues

Cost of revenues

Gross profit

Operating expenses:

Sales and marketing

Research, development and engineering

General and administrative

Total operating expenses

Income from operations

Interest expense

Interest income

Other (expense) income, net

Income before income taxes

Income tax expense

Net income

Revenues

(in thousands, except percentages)

Percentage Change 2025 versus 2024

Percentage Change 2024 versus 2023

Revenues

Consensus revenues primarily consist of revenues from “fixed” customer subscription revenues and “variable” revenues generated from actual usage of our services.

Revenues decreased by $0.7 million for the year ended December 31, 2025 compared to the prior comparable period. The reduction is the result of a $14.3 million decline in SoHo revenues, partially offset by an increase in Corporate revenues of $13.6 million, due to organic growth in customer usage and new customer acquisitions.

Revenues decreased by $12.2 million for the year ended December 31, 2024 compared to the prior comparable period. The reduction is the result of a $21.7 million decline in SoHo revenues, partially offset by an increase in Corporate revenues of $9.5 million due to organic growth in customer usage and new customer acquisitions.

Cost of Revenues

(in thousands, except percentages)

Percentage Change 2025 versus 2024

Percentage Change 2024 versus 2023

Cost of revenues

As a percent of revenues

Cost of revenues is primarily comprised of costs associated with personnel costs (inclusive of share-based compensation), data transmission, online processing fees, network operations as well as capitalized software amortization and equipment depreciation.

The increase in cost of revenues for the year ended December 31, 2025 over the prior comparable period was primarily due to an increase of $1.5 million in data transmission costs, partially offset by a decrease of $0.5 million in depreciation associated with platform development costs.

The increase in cost of revenues for the year ended December 31, 2024 over the prior comparable period was primarily due to an increase of $3.1 million in depreciation associated with platform development costs, partially offset by decreases of $0.7 million in online processing fees, $0.4 million in data transmission costs and $0.2 million in personnel-related expenses.

Operating Expenses

Sales and Marketing

(in thousands, except percentages)

Percentage Change 2025 versus 2024

Percentage Change 2024 versus 2023

Sales and marketing

As a percent of revenues

Our sales and marketing costs consist primarily of personnel costs (inclusive of share-based compensation), internet-based advertising and other business development-related expenses. Our internet-based advertising relationships consist primarily of fixed cost and performance-based (cost-per-impression, cost-per-click and cost-per-acquisition) advertising relationships with an array of online service providers. Our sales personnel consist of a combination of inside sales and outside sales professionals.

Sales and marketing expenses for the year ended December 31, 2025 were consistent with the prior comparable period.

The decrease in sales and marketing expenses of $14.0 million for the year ended December 31, 2024 over the prior comparable period was primarily due to a reduction in third-party advertising spend of $14.3 million, predominantly in SoHo.

Research, Development and Engineering

(in thousands, except percentages)

Percentage Change 2025 versus 2024

Percentage Change 2024 versus 2023

Research, development and engineering

As a percent of revenues

Our research, development and engineering costs consist primarily of personnel-related expenses (inclusive of share-based compensation).

Research, development and engineering costs for the years ended December 31, 2025, 2024, and 2023 remained consistent year-to-year.

General and Administrative

(in thousands, except percentages)

Percentage Change 2025 versus 2024

Percentage Change 2024 versus 2023

General and administrative

As a percent of revenues

Our general and administrative costs consist primarily of personnel-related expenses (inclusive of share-based compensation), depreciation and amortization, professional fees, bad debt expense and non-income related tax expenses.

The decrease in general and administrative expense of $2.7 million for the year ended December 31, 2025 over the prior comparable period was primarily due to decreases of $1.3 million in depreciation and amortization expense, $0.9 million in non-income related tax expenses and $0.9 million in bad debt expense, partially offset by an increase of $0.7 million in personnel-related expenses.

The decrease in general and administrative expense of $1.7 million for the year ended December 31, 2024 over the prior comparable period was primarily due to decreases of $2.5 million in professional fees and $0.8 million in bad debt expense, partially offset by an increase of $1.7 million in computer-related equipment costs.

Share-Based Compensation

The following table represents share-based compensation expense included in cost of revenues and operating expenses in the accompanying Consolidated Statements of Income for the years ended December 31, 2025, 2024 and 2023 (in thousands):

Years Ended December 31,

Cost of revenues

Operating expenses:

Sales and marketing

Research, development and engineering

General and administrative

Total

Non-Operating Income and Expenses

Interest expense . Our interest expense is due to outstanding debt and is offset by any extinguishment gain or losses and capitalized interest. Interest expense was $35.5 million, $34.0 million and $45.4 million for the years ended December 31, 2025, 2024 and 2023, respectively. During the year ended December 31, 2025, interest expense increased by $1.5 million compared to the prior year. Interest expense increased due to a net loss on debt extinguishment of $0.9 million in the current period compared to a net gain on debt extinguishment of $6.6 million in the prior year. This increase to interest expense was partially offset by a favorable decrease of $5.9 million in interest expense as debt repurchases and redemption lowered our outstanding debt balance. During the year ended December 31, 2024, interest expense decreased $11.4 million compared to the prior year, which included a decrease of $9.6 million in interest expense as debt repurchases lowered our outstanding debt balance, as well as a $1.8 million favorable increase in debt extinguishment gain compared to 2023.

Interest income . Our interest income is generated from interest earned on cash and cash equivalents. Interest income was $2.5 million, $2.5 million and $3.7 million for the years ended December 31, 2025, 2024, and 2023, respectively. Interest income in 2025 was consistent with 2024. The decrease in interest income in 2024 compared to 2023 was primarily attributable to a lower average cash and cash equivalents balance primarily due to the repurchase of our debt, which resulted in lower money market investments throughout 2024.

Other (expense) income, net . Our other (expense) income, net is generated primarily from foreign currency and miscellaneous items. Other (expense) income, net was $(3.2) million, $4.3 million and $(2.4) million for the years ended December 31, 2025, 2024 and 2023, respectively. The change between periods was primarily attributable to exchange rate fluctuations on inter-company balances between periods in foreign subsidiaries that were in functional currencies other than the U.S. Dollar.

Income Taxes

Significant judgment is required in determining our provision for income taxes and in evaluating our tax positions on a worldwide basis. We believe our tax positions, including intercompany transfer pricing policies, are consistent with the tax laws in the jurisdictions in which we conduct our business. Certain of these tax positions have in the past been, and may be challenged in the future, and this may have a significant impact on our effective tax rate if our tax reserves are insufficient.

Our effective tax rate is based on pre-tax income, statutory tax rates, tax regulations and different tax rates in the various jurisdictions in which we operate. The tax bases of our assets and liabilities reflect our best estimate of the tax benefits and costs we expect to realize. When necessary, we establish valuation allowances to reduce our deferred tax assets to an amount that will more likely than not be realized.

As of December 31, 2025 and 2024, the Company had an interest expense limitation carryforward of $40.8 million and $32.9 million, respectively, which carries forward indefinitely.

As of December 31, 2025 and 2024, the Company had $2.1 million and $1.7 million, respectively, of foreign tax credit carryforwards that begin to expire in 2031, and $1.9 million and $1.7 million, respectively, of state research and development

tax credits carryforwards that can be carried forward indefinitely. As of December 31, 2025, the Company also had $1.7 million of state net operating loss carryforwards that will expire in 2044, if unused.

Income tax expense amounted to $29.5 million, $32.8 million and $25.9 million for the years ended December 31, 2025, 2024 and 2023, respectively. Our effective tax rates for the year ended December 31, 2025, 2024 and 2023 were 25.9%, 26.8% and 25.1%, respectively.

The decrease in our annual effective income tax rate from 2024 to 2025 was primarily attributable to a decrease in tax expense relating to intercompany dividends received from controlled foreign subsidiaries during the year, lower research and development credits, a decrease in tax expense relating to uncertain tax positions and the impact of the change in the geographical mix of the income.

The increase in our annual effective income tax rate from 2023 to 2024 was primarily attributable to an increase in tax expense relating to higher state taxes due to intercompany dividends received from controlled foreign subsidiaries during the year, lower research and development credits, a higher valuation allowance on foreign tax credits and the impact of the change in the geographical mix of the income.

On July 4, 2025, the budget reconciliation bill H.R. 1, referred to as the One Big Beautiful Bill Act (“OBBBA”), was signed into law. The OBBBA includes significant provisions, such as the permanent extension of certain expiring provisions of the Tax Cuts and Jobs Act, modifications to the international tax framework and the restoration of favorable tax treatment for certain business provisions, including modifications to capitalization of research and development expenses, limitations on deductions for interest expense and accelerated fixed asset depreciation. The OBBBA did not have a significant impact on the Company’s effective tax rate for the year ended December 31, 2025.

Liquidity and Capital Resources

Cash and Cash Equivalents

At December 31, 2025, we had cash and cash equivalents of $74.7 million compared to $33.5 million at December 31, 2024. The increase in cash and cash equivalents resulted primarily from cash provided by operations, partially offset by cash used to pay down and/or repurchase our debt, capitalized expenditures, common stock repurchases and investments. As of December 31, 2025, cash and cash equivalents held within domestic and foreign jurisdictions were $8.9 million and $65.8 million, respectively.

2026 Senior Notes

On October 7, 2021, Consensus issued $305.0 million of 6.0% senior notes due in 2026 (the “2026 Senior Notes”), in a private placement offering exempt from the registration requirements of the Securities Act of 1933. During the year ended December 31, 2025, the Company redeemed the remaining outstanding principal balance of the 2026 Senior Notes in full.

2028 Senior Notes

On October 7, 2021, Consensus issued $500 million of 6.5% senior notes due in 2028 (the “2028 Senior Notes”), in a private placement offering exempt from the registration requirements of the Securities Act of 1933. In exchange for the equity interest in the Company, Consensus issued the 2028 Senior Notes to Ziff Davis. Ziff Davis then exchanged the 2028 Senior Notes with lenders under its credit agreement (or their affiliates) in exchange for extinguishment of a similar amount indebtedness under such credit agreement. The 2028 Senior Notes are presented as current portion of long-term debt and long-term debt, net of current portion, both of which are net of deferred issuance costs, on the Consolidated Balance Sheets as of December 31, 2025 and 2024. The 2028 Senior Notes bear interest at a rate of 6.5% per annum, payable semi-annually in arrears on April 15 and October 15 of each year, which commenced on April 15, 2022.

2025 Credit Agreement

On July 9, 2025, the Company entered into a Credit Agreement (the “2025 Credit Agreement”) with certain lenders party thereto (collectively, the “Lenders”) and U.S. Bank National Association, as agent (the “Agent”). Pursuant to the 2025 Credit Agreement, the Lenders have provided the Company with a senior secured revolving credit facility of $75.0 million (the “Revolving Credit Facility”) and a senior secured delayed-draw term loan facility of $150.0 million (the “DDTL Facility” and

together with the Revolving Credit Facility, the “2025 Credit Facility”). The Company may borrow, repay and reborrow revolving loans at any time during the term of the facility. Borrowings under the DDTL Facility that are prepaid or repaid may not be reborrowed. The Revolving Credit Facility was entered into upon retirement of the previous revolving credit facility of $25.0 million with no balance (see Note 7 - Long-Term Debt of the Notes to the Consolidated Financial Statements). The final maturity of the 2025 Credit Facility is scheduled to occur on July 10, 2028.

During the fourth quarter of 2025, the Company borrowed $70.0 million from the Revolving Credit Facility and $150.0 million from the DDTL Facility in order to fund the redemption of our outstanding 2026 Senior Notes, which were retired. Subsequent to the borrowings made on the Revolving Credit Facility, the Company repaid $6.0 million during the fourth quarter of 2025. As of December 31, 2025, the Company has $11.0 million available for borrowing under the Revolving Credit Facility.

As the DDTL was funded during the fourth quarter of 2025, beginning in the first quarter of 2026, the Company is required to make consecutive quarterly principal payments, each in an amount of 1.25% of the initial aggregate principal amount borrowed on the DDTL Facility. The interest rates applicable to the loans made under the 2025 Credit Facility are, at the Company’s option, equal to either a base rate or the Secured Overnight Financing Rate (“SOFR”) plus an applicable margin based on the total net leverage ratio (0.50% - 1.25% in the case of base rate loans and 1.50% - 2.25% in the case of SOFR loans).

Material Cash Requirements

Our long-term contractual obligations generally include our debt and related interest payments, noncancellable operating leases as well as other commitments. As of December 31, 2025, we had outstanding $562.2 million in aggregate principal amount of indebtedness (of which $7.5 million is payable within the next 12 months), total minimum lease payments of $14.4 million and a liability for uncertain tax positions of $14.5 million (see Note 7 - Long-Term Debt, Note 8 - Leases and Note 11 - Income Taxes of the Notes to the Consolidated Financial Statements in Part II, Item 8 of this Form 10-K, respectively). Due to uncertainties in the timing of the amounts and timing of cash settlement with the taxing authorities, we are unable to make a reasonably reliable estimate of the timing of payments.

We currently anticipate that our existing cash and cash equivalents and cash generated from operations and financing activities will be sufficient to fund our anticipated needs for working capital, capital expenditures, principal payments on our debt and stock repurchases, if any, for at least the next 12 months from the issuance of this Annual Report on Form 10-K and the foreseeable future.

Debt Repurchase Program

On November 9, 2023, the Board of Directors approved a debt repurchase program, pursuant to which Consensus may reduce, through redemptions, open market purchases, tender offers, privately negotiated purchases or other retirements, a combination of the outstanding principal balance of the 2026 and 2028 Senior Notes (“Debt Repurchase Program”). The authorization permits an aggregate principal amount reduction of up to $300 million and expires on November 9, 2026. The timing and amounts of purchases are determined by the Company, depending on market conditions and other factors it deems relevant. Any gains or losses on extinguishment of debt are recognized in interest expense on the Consolidated Statements of Income. During the years ended December 31, 2025 and 2024, the Company retired $15.7 million and $144.3 million, respectively, in principal of its senior notes under this program. Cumulatively as of December 31, 2025, $222.6 million in principal of the Company’s senior notes has been retired under this program.

Common Stock Repurchase Program

On March 1, 2022, the Company’s Board of Directors approved a share buyback program. Under this program, the Company may purchase, in the public market, or in off-market transactions, up to $100.0 million of the Company’s common stock through February 2025. In February 2025, the Company’s Board of Directors authorized and approved a three-year extension of the share repurchase program through February 2028. The share buyback program may end before this date if the maximum amount of repurchases has been reached or at the discretion of the Company’s Board of Directors. The timing and amounts of purchases are determined by the Company, depending on market conditions and other factors it deems relevant. The Company entered into Rule 10b-18 and Rule 10b5-1 trading plans under this program. During the years ended December 31, 2025 and 2024, the Company repurchased 1,013,085 and 57,063 shares, respectively, at an aggregate cost of $23.2 million (inclusive of excise tax of $0.1 million) and $1.0 million, respectively, under this program. Cumulatively as of December 31,

2025, 2,098,810 shares have been repurchased at an aggregate cost of $55.5 million (inclusive of excise tax of $0.3 million). The excise tax is assessed at 1% of the fair market value of net stock repurchases after December 31, 2022.

Vested Restricted Stock

At the time of certain vesting events related to restricted stock units or restricted stock awards that are held by participants in Consensus’ Equity Incentive Plan, a portion of the awards subject to vesting are withheld by the Company to satisfy the employees’ tax withholding obligations that arise upon the vesting of restricted stock. As a result, the number of shares issued upon vesting for these awards is net of the statutory withholding requirements that the Company pays on behalf of its employees. Although shares withheld are not issued, they are treated as common share repurchases in the Company’s consolidated financial statements, as they reduce the number of shares that would have been issued upon vesting. These shares do not count against the authorized capacity under the Company’s share repurchase program described above. During the years ended December 31, 2025, 2024 and 2023 the Company withheld shares on its vested restricted stock units and restricted stock awards relating to its share-based compensation plans of 173,276, 122,406 and 61,878 shares, respectively.

Cash Flows

Our primary sources of liquidity are cash flows generated from operations, together with cash and cash equivalents. Net cash provided by operating activities was $136.1 million, $121.7 million and $114.1 million for the years ended December 31, 2025, 2024 and 2023, respectively. Our operating cash flows resulted primarily from cash received from our customers offset by cash payments we made to third parties for their services and employee compensation and lease payments for our offices. The increase in our net cash provided by operating activities in 2025 compared to 2024 was primarily attributable to increased income after excluding noncash items, partially offset by a decrease in cash inflows resulting from changes in our working capital accounts. The increase in our net cash provided by operating activities in 2024 compared to 2023 was primarily attributable to increased income after excluding noncash items, partially offset by an increase in cash outflows resulting from changes in our working capital accounts. Our prepaid tax payments were $5.5 million and $2.1 million at December 31, 2025 and 2024, respectively.

Net cash used in investing activities was $35.2 million, $33.4 million and $40.5 million for the years ended December 31, 2025, 2024 and 2023, respectively. Net cash used in investing activities in 2025 included capital expenditures, primarily capitalized software development costs, and cash paid for investments. Net cash used in investing activities in 2024 included capital expenditures, primarily capitalized software development costs. Net cash used in investing activities in 2023 included capital expenditures, primarily capitalized software development costs, and cash paid for investments.

Net cash used in financing activities was $63.3 million, $138.6 million and $81.7 million for the years ended December 31, 2025, 2024 and 2023, respectively. Net cash used in financing activities in 2025 primarily relates to the repayment of our 2026 Senior Notes, partially offset by borrowings made under our 2025 Credit Facility. In addition, financing activities in 2025 also included repurchases of debt and common stock and a payment made on our Revolving Credit Facility. Net cash used in financing activities in 2024 primarily relates to the repurchases of debt. Net cash used in financing activities in 2023 primarily relates to the repurchases of debt and common stock.