ITEM 1A. RISK FACTORS
Investing in our Class A common stock involves a high degree of risk. You should consider carefully the risks and uncertainties described below, together with all of the other information in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” our consolidated financial statements and the related notes included elsewhere in this Annual Report on Form 10-K before deciding whether to invest in shares of our Class A common stock. Our business, financial condition, results of operations, or prospects could also be adversely affected by risks and uncertainties that are not presently known to us or that we currently believe are not material. If any of the risks actually occur, our business, financial condition, results of operations, and prospects could be adversely affected. In that event, the market price of our Class A common stock could decline, and you could lose all or part of your investment.
Risks Related to Our Business and Industry
We have experienced rapid growth and operational and strategic expansion in recent periods. Such historical trends, including growth rates, may not continue in the future, and failure to effectively manage our growth could harm our business and results of operations.
We have experienced rapid growth and increased demand for our platform in recent periods. There is no assurance that we will manage our growth successfully, and our recent growth rates may not be indicative of our future growth. Our rapid growth has resulted in increased costs as we expanded our operations to scale our business and address increased customer and user demand, and we expect to continue to invest broadly across our organization to support our growth.
Continued macroeconomic uncertainty, including as a result of fluctuating interest rates, inflation, tariffs, political unrest, geopolitical conflict, instability in the global banking system, and the potential for an economic recession, has resulted, and is expected to continue to result, in reductions as well as fluctuations in demand for travel and our offerings as companies reduce or deprioritize spending on T&E management offerings. Macroeconomic uncertainty has impacted and may continue to impact our ability to plan for future operations and strategic initiatives or predict our future financial performance (due in part to our usage-based revenue model for certain of our offerings, including our Travel Management offerings). Disruptions and changes in traveler behavior have occurred in recent times, including as a result of the COVID-19 pandemic and macroeconomic uncertainty, and may occur in the future, and we have faced and may continue to face challenges in accurately forecasting demand for travel and travel management services as a result. To maintain growth in our business, we need to, among other things, continue development and implementation of Navan Cognition and related AI features and functionalities, increase adoption and market acceptance of our offerings beyond travel, develop and increase adoption of additional offerings, compete effectively larger and more established market participants as well as newer entrants, execute our go-to-market strategies, address an increasing portion of the unmanaged travel market, and maintain or our relationships with suppliers.
Our growth has also been and may continue to be negatively impacted as our customers, particularly customers with whom we have historically high adoption or expansion rates, do not increase or decrease headcount, including in connection with their adoption of automation and other AI solutions, reduce T&E budgets or otherwise increase scrutiny over IT spending for any reason. Over the last few years, adoption of remote work models has also become widespread, initially as a matter of necessity in response to the COVID-19 pandemic and more recently as a matter of company policy in light of evolving perspectives on the need and desire for full-time in-person workforces. While more companies and organizations have instituted return-to-office policies and business travel levels have normalized following the COVID-19 pandemic, we cannot predict with certainty future trends in teleconference and virtual meeting technologies adoption, the impact that remote work policies will continue to have on the nature and amount of business travel, or whether employer and employee attitudes toward business travel will change in a lasting way. For example, smaller companies with limited travel or IT budgets may in the
Table of Conte n ts
future prefer to use teleconference and virtual meeting technologies indefinitely or substantially limit business travel spending.
We have also encountered, and will continue to encounter, the risks and uncertainties frequently experienced by growing companies in rapidly changing industries. For example, we are required to manage multiple relationships with various suppliers, payment or expense service partners, other partners, customers, and other third parties. In the event of further growth of our operations or in the number of our third-party relationships, including in connection with acquisitions of complementary businesses and companies, our computer systems, procedures, or internal controls may not be adequate to support our operations, we may encounter further difficulties and delays in integrating acquired businesses and companies (including into our controls environment), and our management may not be able to manage such growth effectively. The growth and expansion of our business and platform places a significant strain on our management and our administrative, operational, and financial reporting resources. To effectively manage our growth, we must continue to implement and improve our operational, financial, and management information and reporting systems and manage our employee base, including recruiting and training new engineers, sales professionals, and agents.
As a result of the foregoing, our recent growth rates and financial performance should not necessarily be considered indicative of our future performance and results of operations, and you should not rely on the recent growth in our key business metrics as an indication of our future performance. In addition, if our assumptions regarding these risks and uncertainties, which we use to plan our business strategies and operations, are incorrect or change due to industry or market developments, or if we do not address these risks successfully, our business, financial condition, results of operations, and prospects could be negatively impacted.
Our revenue has historically been, and is expected to continue to be, significantly dependent on our Travel Management offerings, and a prolonged or substantial decrease in, or systemic disruptions to, global travel could adversely affect us.
Our revenue has historically been, and is expected to continue to be, significantly dependent on our Travel Management offerings, which have historically been and may in the future be significantly impacted by declines in, or disruptions to, global travel activity, including as a result of macroeconomic factors, geopolitical conflict, and widespread health concerns, such as pandemics. Factors over which we have no control but which impact travel patterns and, depending on the scope and duration, cause significant declines in global or widespread travel volumes and reductions in our customers’ travel budgets include, among other things:
• the impact of macroeconomic uncertainty, including due to tariffs, volatile interest rates, inflation, domestic and foreign currency fluctuation, instability in the global banking system, volatility in global stock markets, and the potential for a prolonged economic recession;
• political unrest or instability, including due to tariff policies;
• global security concerns caused by cyber-terrorism or other terrorist attacks, the threat of terrorist attacks, or the precautions taken in anticipation of such attacks, including elevated threat warnings or selective cancellation or redirection of travel;
• the outbreak of hostilities, global conflict, or escalation or worsening of existing hostilities or war, such as the ongoing conflicts in Ukraine and the Middle East and tensions between China and Taiwan, in some cases resulting in in adverse impacts to the cost of airline and other travel;
• increased oil prices, including as a result of geopolitical conflict, and related adverse impacts to the cost of airline and other travel;
Table of Conte n ts
• sanctions imposed by the United States and other countries, including in response to geopolitical conflict, and retaliatory actions taken by sanctioned countries in response to such sanctions, and the resultant impact on the cost of airline and other travel and the level of travel demand;
• adverse changes in visa and immigration policies or the imposition of travel restrictions or more restrictive security procedures;
• climate change-related impact to travel destinations, such as extreme weather, natural disasters and disruptions, and actions taken by governments, businesses, our suppliers, and our other partners to combat climate change, such as new travel-related regulations, policies, or conditions related to sustainability and climate-change concerns;
• the occurrence of travel-related accidents or the grounding of aircraft due to safety concerns or regulatory actions;
• technical and operational disruptions at key transit hubs, including key international airports, due to insufficient funding of aviation and other travel or transportation agencies or governmental bodies;
• changes in preferences from traditional hotel bookings to the use of alternative providers that are not available on our platform;
• regulatory actions or changes to regulations governing the travel industry; and
• widespread health concerns or pandemics, such as the COVID-19 pandemic.
We have historically experienced and may in the future experience negative impacts to our business, financial condition, results of operations, and prospects from some or all of the above disruptions to business and consumer travel.
In addition, from time to time, certain airlines struggle to meet spikes in demand, leading to elevated cancellations and delays that frustrate passengers and strain airport operations. When large numbers of our customers experience delays or cancellations, our support costs tend to increase, and prolonged periods of systemic disruptions increase our operating costs and adversely affect our margins and results of operations.
Shifts in business travel trends or any decline in business travel demand would negatively impact our business, growth, results of operations, and financial condition.
Our business and growth depend on continued demand for business travel. In addition to global travel trends, business travel volume has been and may in the future be impacted by a number of different factors. The continued proliferation of remote and hybrid work models has enabled many companies to replace in-person meetings and events with virtual alternatives, which can be more cost-effective, resulting in some companies reducing discretionary travel. Shifts in trends regarding return-to-office mandates at our existing and potential customers have in the past impacted and may in the future impact our growth and business model, particularly if we face difficulties in acquiring new customers. Geopolitical instability and shifting political policies and landscapes have also impacted and may continue to impact certain existing and potential customers’ policies with respect to business travel, particularly international travel, as well as business travel in and around geographic regions experiencing political instability, hostilities, or conflict. Companies have also been periodically reassessing and adjusting travel policies and related T&E budgets, including due to the factors described above and broader factors impacting the travel industry generally, which has resulted and may continue to result in fluctuations in or reduced usage levels of our offerings across periods, contributing to fluctuations in our results of operations. Shifts in business travel trends or any in business travel demand could result in decreased new platform acquisition rates as well as reductions in usage of our offerings by our customers, which would impact our business, results of operations, and financial condition.
Table of Conte n ts
We may be unable to attract new customers and grow our customer base, which would negatively impact our revenue growth and results of operations.
Our future growth depends in large part on increasing our customer base and maintaining and increasing the revenue we generate from those customers. To increase our gross booking volume (“GBV”) and revenue, we seek to expand our customers’ usage of our offerings, including by increasing their usage of our Travel offering and by driving their adoption and increased use of our additional offerings, including Corporate Payments, Expense Management, Meetings and Events, VIP, and Bleisure. The success of our business is substantially dependent on the actual and perceived viability, benefits, and advantages of our platform as a preferred product for T&E management and corporate card programs, particularly when compared to customers’ existing alternatives and new competitive offerings.
While we have experienced significant growth in the number of our customers in recent periods, we do not know whether we will continue to achieve similar customer growth rates in the future. Numerous factors have impeded, and may continue to impede, our ability to attract new customers and to retain, and to expand the use of our platform within, our existing customers, including:
• continued macroeconomic uncertainty, including as a result of tariffs and trade issues, rising interest rates, inflation, domestic and foreign currency fluctuation, instability in the global banking system, volatility in global stock markets, and the potential for a prolonged economic recession;
• changes in demand for and trends in business travel among existing and potential customers;
• reductions in T&E budgets and increased IT budget scrutiny at existing or potential customers;
• failure to establish, maintain, or expand relationships with key suppliers and other partners, including any related changes in commission rates that negatively impact us;
• failure to compete effectively against alternative products or services, including traditional offline travel services provided by large and established competitors as well as digital-native offerings (including those powered by AI);
• our ability to determine optimal pricing for our offerings, including in international markets;
• failure to successfully deploy new features and integrations or continue development or integration of Navan Cognition and related AI features and functionalities;
• failure to provide a quality customer experience and customer support; and
• failure of our sales and marketing strategies, including if we spend time and funding on strategies that do not provide sufficient return on our investment.
Our growth will also depend in part on capturing a greater portion of the unmanaged travel market. For example, if customers do not adopt Navan Edge at the rates that we anticipate, we may be unsuccessful in the effort to capture a greater portion of this market. If we are unsuccessful in our efforts to acquire new customers and increase our customer base, including due to any of the above factors, or if we do so in a way that is not profitable, our growth, business, results of operations, and financial condition would be harmed.
We may not be successful in our efforts to retain and increase revenue from our customers, including by promoting and expanding adoption and usage of our offerings, which could adversely impact our business, financial condition, and results of operations.
Our strategy involves landing customers with our Travel offering and expanding those relationships by increasing our customers’ engagement with and usage of additional offerings, including Corporate Payments, Expense Management, Meetings and Events, VIP, and Bleisure, and working to manage all of our customers’ corporate travel spend on our platform. If our customers do not adopt one or more of these
Table of Conte n ts
additional offerings at the rate we anticipate or at all, our business and prospects could be negatively impacted. The success of these additional offerings depends upon our ability to sell them to our existing travel management customers and on increasing utilization once adopted by our customers. Additionally, we recently announced the planned transition of customers of our R&M service model to our Navan platform. We have been investing and expect to continue to invest in this and a number of other strategic growth initiatives to drive adoption of our offerings, but there can be no assurance that such investments will be effective on a timely basis or at all. In particular, we may experience more difficulty or fluctuations in adoption of our core Navan offering by former customers of the R&M service model, including because we have experienced some challenges to customer retention in this customer group in the past. We may also see slower than anticipated expansion rates of our additional offerings by smaller customers in the unmanaged travel market, including due to their heightened focus on total cost of ownership and self-service models. In addition, there is a period of time between when we acquire new customers and when we begin to recognize the bulk of our revenues, during which the customer implements our technology, moves corporate travel budgets to our platform, and then launches initial bookings. This time period fluctuates depending on the size, scope, and complexity of a customer’s overall corporate travel spend and organization. To expand our customers’ usage of our offerings, we will need to partner with customers to help them realize increased value in our offerings in an manner, particularly in uncertain macroeconomic environments characterized by heightened over T&E and IT budgets. If we do not effectively help our customers realize the value of managing more of their corporate travel spend on our platform, our business, growth, and results of operations could be . In addition, use of our corporate card offering, along with the Navan Connect offering that allows customers to connect their non-Navan corporate cards to the Navan Expense system, gives us insights into travelers throughout their journey and, as a result, adoption by customers of this offering is to our long-term strategy of providing comprehensive and personalized experiences to travelers. Accordingly, if customers do not adopt our additional offerings, they may not realize the full value of our platform and consequently may be more to retain. In the past, we have experienced higher churn from customers of our R&M service model than from customers of our Navan platform, and uncertainty exists regarding the degree to which the transition to the Navan technology platform will impact our relationships with existing customers of the R&M service model. As a result of any of these factors, our business, financial condition, results of operations, and prospects may be affected.
Our Expense Management offerings are subscription-based, and Expense Management customers are not obligated to and may not renew their subscriptions after their existing subscriptions expire. We cannot assure you that such customers will renew subscriptions with the same or greater number of users or that they will upgrade to use features such as the corporate cards or Navan Connect. Customers may or may not renew their subscriptions as a result of a number of factors, including their satisfaction or dissatisfaction with our platform, changes we may implement in our pricing or structure, the pricing or capabilities of the products and services offered by our competitors, the effects of general economic conditions, or customers’ budgetary constraints. If our existing Expense Management customers do not renew their subscriptions, renew on less favorable terms, or fail to expand the adoption of our platform within their companies, our revenue may decline or grow less quickly than anticipated, which could adversely affect our business, financial condition, results of operations, and prospects.
If we fail to offer high-quality customer support, including through our AI-powered virtual agents, or if our support is more expensive than anticipated, our business, margins, and reputation could suffer.
Our customers rely on our customer support services to resolve issues and realize the full benefits provided by our platform. High-quality support is also important for retaining and expanding the use of our offerings by our customers. We provide customer support over chat, telephone, and email, including through Ava, our AI-powered virtual agent. In particular, our business and margins are highly dependent on our AI-powered framework that enables us to create, train, deploy, and supervise specialized AI-powered virtual agents that can handle complex tasks previously requiring human intervention, from booking modifications to expense tracking to resolving issues during trips. Our growth, business, margins,
Table of Conte n ts
and results of operations could be harmed if our virtual agents do not effectively and satisfactorily address our users’ needs and demands in using our platform to book and manage business travel and related expenses (including if users ultimately need to interact with live agents due to any failures, including perceived failures, of such virtual agents). Our growth, reputation, business, margins, and results of operations could also be harmed if our virtual agents make errors or introduce flawed, incomplete, or inaccurate outputs, some of which may appear correct, including due to flaws in the logic of the AI (a so-called “hallucination”), when interacting with users or processing their requests. In some cases, our virtual agents produce results that are inaccurate or incomplete or may take unintended actions from user queries and inputs, even with no hallucinations, which could result in impacts to our users and customers and our reputation, growth, business, and results of operations. If we do not help our customers quickly issues and provide ongoing support, or if our methods of providing support are to meet the needs of our customers, our ability to retain customers, expand usage of our offerings by our customers, and acquire new customers could , and our reputation with existing or potential customers could be . Moreover, if we are not to meet the customer support needs of our customers through our AI-powered virtual agents or by chat and email, we may need to increase our support coverage and provide additional phone-based support. Agent-based phone-based support is more expensive to provide than the other customer support services we offer. As a result, increasing our support coverage and phone-based support services may impact our gross margins.
Our customers have experienced increased customer wait times in the past and may experience similar delays in the future, including due to circumstances outside of our control. For example, when large numbers of our travelers experience delays or cancellations, our travelers have and may in the future experience delays in receiving necessary support services from us and our suppliers. If we are unable to help our travelers quickly resolve issues as a result of support issues we ourselves experience from our suppliers, our ability to retain customers and expand their usage of our offerings and attract new customers, as well as our reputation, could be harmed, and our business, financial condition, results of operations, and prospects could be adversely affected. In addition, as we continue to grow our operations internally and reach a larger and increasingly global customer base, we need to be able to provide efficient customer support that meets the needs of companies using our platform globally at scale. The number of customers using our platform has grown significantly, which puts additional pressure on our customer support services. If we are to provide high-quality customer support while controlling our customer support costs, our may be impacted.
Our Travel Management offerings depend on our relationships with suppliers.
The success of our Travel Management offerings depends on our ability to maintain and expand our relationships with our suppliers to offer our customers an unrivaled range of global travel inventory at optimal prices. Our ability to maintain our supplier relationships on favorable terms will depend on, among other things, providing suppliers with access to a large, expanding, and highly engaged user base of frequent travelers, visibility into traveler demand signals, flexible retailing and brand control for their products offered on our platform, access to new distribution initiatives like the International Air Transport Association’s New Distribution Capability (“NDC”), and access to our flexible platform architecture and integration capabilities to allow suppliers to roll out and test new products, content, pricing, and other features. In addition, if one or more of our suppliers suffers a deterioration in its financial condition, changes our contractual commission rate, or terminates its relationship with us, it could adversely affect our ability to deliver desired travel inventory to our customers as well as our business, financial condition, and results of operations.
Commissions on sales through global distribution systems (“GDSs”) are highly standardized, while direct supplier agreements are more variable and may involve higher commissions. If industry-wide commissions are reduced, or if we are unable to enter into favorable direct agreements with new suppliers, our business, financial condition, and results of operations could be adversely affected. Suppliers may change their commission rates, whether pursuant to our supplier contracts or more broadly, for a number of reasons, including in response to macroeconomic factors or changes in their
Table of Conte n ts
business strategy. As part of strategic shifts, suppliers may also seek to implement their own direct distribution channels or pivot from intermediary channels, such as certain GDSs, which may result in negative impacts to our business, such as reductions in our supply inventory or increased prices by such suppliers on our platform. Such strategic shifts may reflect supplier efforts to optimize the financial profile of their distribution channels, including by managing commission rates in a manner that negatively impacts our usage-based revenue. Further proliferation or market acceptance of new distribution standards like NDC may also result in strategic shifts by our suppliers, which may negatively impact their relationships with us and are outside of our control.
Finally, we typically negotiate or renegotiate our agreements with these suppliers annually or every several years, depending on the duration of the agreement. No assurances can be given that suppliers will elect to participate in our platform or that our compensation, access to inventory, or access to inventory at competitive rates will not be reduced or eliminated in the future. Suppliers may also elect to reduce the cost of their products or services and therefore reduce our margins, and there can be no assurance that our agreements with suppliers will not lapse between renewals, which could limit our inventory. Such providers could seek to charge us for or otherwise restrict access to premium inventory, increase credit card fees or fees for other services, fail to provide us with accurate booking information, or otherwise take actions that could increase our operating expenses. As we focus our sales strategy on targeting and acquiring more of the unmanaged travel market, suppliers may reassess their strategic positioning with us which may in turn result in renegotiations of our contractual terms, including commission rates. Any of these actions, or other similar actions, could reduce our revenue and margins and could adversely affect our business, financial condition, results of operations, and prospects.
We have a history of operating losses and may not achieve or sustain profitability in the future.
We were incorporated in 2015 and have incurred net losses in each year since inception, and we may not achieve or, if achieved, sustain profitability in the future . We generated net losses of $398.0 million, $181.1 million and $331.6 million, for fiscal 2026, 2025 and 2024.
We had an accumulated deficit of $2.0 billion and $1.6 billion as of January 31, 2026 and 2025. While we experienced significant revenue growth in recent periods, we cannot predict whether we will maintain this level of growth or when we will achieve profitability. We are not certain whether or when our revenue will be sufficient to sustain or increase our growth or to achieve profitability in the future. Even if we achieve profitability, we may not be able to sustain or increase our profitability. We also expect our costs and expenses to increase in future periods, which could negatively affect our future results of operations if our revenue does not increase. In particular, we intend to continue to make significant investments in our business, including to further develop our platform and offerings, such as our technology infrastructure and our AI framework, features, and functionalities, expand our marketing programs and sales teams to drive new customer acquisition and expand engagement with our platform and offerings within our customers, support our international expansion, and develop and introduce new offerings, use cases, and platform features and functionalities. We will also face increased costs associated with growth, the expansion of our customer and supplier base, continued focus on our sales strategies, expansion of our efforts to increase our share of the unmanaged travel market, and increases in general and administrative expenses as a result of being a public company. We also may never or maintain if we are not to acquire new customers, drive further adoption within existing customers, or maintain and our supplier relationships. Our efforts to grow our business may be costlier than we expect, and we may not be to increase our revenue enough to offset our increased operating expenses. We may incur significant in the future for several reasons, including the other risks described herein, and expenses, , , , and other unknown events. If we are to or, once , sustain , the value of our business and Class A common stock may significantly decrease and our business, financial condition, results of operations, and prospects could be affected.
We have a limited history operating our business at its current scale, scope, and complexity in an evolving market and economic environment, which makes it difficult to evaluate our current
Table of Conte n ts
business, plan for future operations and strategic initiatives, predict future results, and evaluate our future prospects, increasing the risks associated with an investment in our Class A common stock.
We were incorporated in 2015, launched our Travel offering in 2016, introduced our Expense Management offerings in 2020, and in March 2026 launched our Navan Edge product. Travel demand levels have normalized in recent periods, a trend that we expect to continue, and our recent accelerated growth rates have moderated and may continue to do so in future periods. Further, in more recent periods, there has been uncertainty and disruption in the political environment, global economy, and financial markets, which have resulted and may continue to result in fluctuations in demand for business travel as well as reductions of corporate travel budgets and IT investment. Accordingly, we have limited experience in, and data and results from, operating our business at its current scale, scope, and complexity and in a rapidly evolving market for business travel. We also have limited data from, and experience operating our business under current macroeconomic conditions, including elevated inflation, and interest rate and foreign‐exchange fluctuations, and cannot fully predict how customers and suppliers will operate in this environment. We have encountered, and expect to continue to encounter risks and uncertainties frequently experienced by growing companies in rapidly changing industries, such as the risks and uncertainties described herein. As a result, our ability to plan for future operations and strategic initiatives, predict future results of operations, and plan for and model future growth in revenue and expenses and prospects is subject to significant risk and uncertainty as compared to companies with longer and more consistent operating histories and in more macroeconomic environments and industries. These circumstances in turn limit our ability to accurately predict and plan for our customer demands and, given our usage-based travel revenue model, our growth rates, revenue, margins, and .
Moreover, while we have invested heavily in our additional offerings beyond Travel Management, including our Corporate Payments, Expense Management, Meetings and Events, VIP, and Bleisure offerings, we are continuing to grow and scale these offerings, and we cannot be certain when, if ever, we will achieve meaningful scale, customer adoption and expansion, and revenue from such offerings, particularly as we continue to grow our customer base and as we scale in number of customers served. Our business and growth strategies are also dependent on continued development, implementation, and integration of Navan Cognition, our proprietary AI framework for our platform, and related AI features and functionalities for our platform such as Navan Edge. While we have invested significantly in our AI framework, features and functionalities over the past several years, including our Navan Cognition framework, to help drive future growth in our business and reduce costs, AI technology is expected to continue to rapidly advance. We may not be successful in maintaining or increasing market acceptance of our platform to satisfy customer and user demand for integrated AI technologies, features, and functionalities, particularly as competitive technologies and solutions are introduced. We may also not be successful in properly and effectively implementing and integrating our AI features and functionalities for our platform as we work to continue developing them to the user and customer experience with our platform and to reduce our costs. Any of these outcomes could our business, results of operations, and financial condition. We also expect future trends in our revenue, margins, and to vary in ways that we may not anticipate or predict, which may be driven by our own product or strategic initiatives as well as external factors such as economic conditions. We also have limited experience in deploying our product-led growth strategy, as compared to our sales-led growth strategy. As a result, any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history at the current scale, scope, and complexity of our business or operated in a more predictable or market.
We have also recently completed several acquisitions of complementary businesses and have also broadened the scope and extent of our offerings outside of the United States. We have limited experience operating this expanded business at current scale and in increasing non-U.S. jurisdictions, including under economic conditions characterized by high inflation or in economic recessions. Certain of our longer-term strategic initiatives may also be obstructed or have unintended effects in the event of an
Table of Conte n ts
economic recession, which we may not be able to predict. If our assumptions regarding these risks and uncertainties are incorrect or change due to changes in our markets or otherwise, or if we do not address these risks successfully, our results of operations could differ materially from our expectations and our business, financial condition, results of operations, and prospects could be adversely affected. We cannot assure you that we will be successful in addressing these and other challenges we may face in the future.
Our results of operations may fluctuate significantly, which could make our future results difficult to predict and could cause our results of operations to fall below expectations.
Our results of operations have varied significantly from period to period in the past, and we expect that our results of operations will continue to vary significantly in the future such that period-to-period comparisons may not be meaningful. Accordingly, our results of operations in any one quarter should not be relied upon as indicative of our future performance. Our results of operations may fluctuate as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:
• our ability to attract new customers and retain and grow sales within our existing customers;
• our ability to drive adoption of our offerings beyond Travel Management, including our Expense Management offerings;
• our ability to continue integrating AI into our offerings and expanding our use of AI;
• our ability to maintain and expand our relationships with our suppliers, and to identify and attract new suppliers;
• changes in overall demand for business travel due to technological changes or changes in business practices, including as a result of current macroeconomic conditions;
• the occurrence of travel-related accidents or the grounding of aircraft due to safety concerns or regulatory actions;
• technical and operational disruptions at key transit hubs, including key international airports, including due to insufficient funding of aviation and other travel or transportation agencies or governmental bodies;
• fluctuations in demand for, or pricing of, our platform, including the mix of hotel and air travel booked each quarter;
• seasonal demand fluctuations, such as reduced travel by our users during holiday periods;
• changes in customers’ T&E budgets and IT spending budgets;
• potential and existing customers choosing our competitors’ products and services;
• the development or introduction of new products or services that are easier to use or more advanced than our platform;
• the adoption or retention of more entrenched or rival services in the international markets where we compete;
• our ability to control costs, including our operating expenses;
• the amount and timing of payment for operating expenses, particularly research and development and sales and marketing expenses, including commissions;
• the amount and timing of non-cash expenses, including stock-based compensation;
Table of Conte n ts
• the amount and timing of costs associated with recruiting, training, and integrating new employees, and retaining and motivating existing employees;
• fluctuation in market interest and foreign exchange rates, and the impact of inflation and instability in the global banking system on the United States and global economies;
• the impact of geopolitical conflicts, such as the ongoing conflicts in Ukraine and the Middle East, including related sanctions implemented by other countries, on global travel patterns and financial markets;
• political unrest or instability;
• our ability to successfully execute acquisitions and integrate acquired businesses, and their accounting impact on our results of operations, including impairment of goodwill;
• the impact of new accounting pronouncements or changes in our accounting policies or practices;
• security breaches of, technical difficulties with, or interruptions to, the delivery and use of our platform;
• our brand and reputation;
• legal and regulatory compliance costs in new and existing markets; and
• general economic conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers participate.
Any of these and other factors, or the cumulative effect of some of these factors, may cause our results of operations to vary significantly. In addition, our results may fluctuate based on the relative volume of flights and hotel stays booked on our platform, as we tend to collect higher commissions on hotel reservations than air travel.
Finally, we expect to incur significant additional expenses due to the increased costs of operating as a public company. If our results of operations fall below the expectations of investors and securities analysts who cover our stock, the price of our Class A common stock could decline substantially, and we could face costly lawsuits, including securities class action suits, and our business, financial condition, results of operations, and prospects could be adversely affected.
Future acquisitions, strategic investments, partnerships, collaborations, or alliances could be difficult to identify and integrate, divert the attention of management, disrupt our business, dilute stockholder value, and adversely affect our business, financial condition, results of operations, and prospects.
As part of our business strategy, we have in the past and may in the future seek to acquire or invest in businesses, products, or technologies that we believe could complement or expand our platform, enhance our technical capabilities, or otherwise offer growth opportunities. For example, in April 2021, we acquired R&M, a global travel management provider headquartered in the United Kingdom; in February 2022, we acquired Comtravo, a modern travel solution in Germany, Austria, and Switzerland and Resia, a travel agency covering Northern Europe; and in May 2023, we acquired Tripeur, an India-based travel management company. However, there can be no assurance we will be able to successfully identify desirable acquisition candidates in the future, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or ability to achieve our business objectives, and any acquisitions we complete could be viewed negatively by our customers or investors.
We have encountered and may in the future encounter difficulties assimilating or integrating the businesses, technologies, products and platform capabilities, personnel, or operations of our acquired
Table of Conte n ts
companies, assets, and businesses, particularly if key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform, or we have difficulty retaining the customers of any acquired business due to changes in management, product offerings, or otherwise. We may also have difficulty establishing our company values with personnel of acquired companies, which may negatively impact our culture and work environment. Any such transactions that we are able to complete may not result in any synergies or other benefits we had expected to achieve, which could result in impairment charges that could be substantial. We have also experienced and may in the future experience difficulties and delays in integrating acquired companies and their systems into our controls environment, which may harm our ability to comply with reporting requirements, impact our understanding of certain details of our business and our ability to plan and forecast, or subject us to regulatory . Moreover, an acquisition, investment, or business relationship may result in operating and expenditures, including our ongoing operations, management from their primary responsibilities, us to additional liabilities, and increasing our expenses, any of which could affect our business, financial condition, results of operations, and prospects.
In addition, the technology and information security systems and infrastructure of businesses we acquire may be underdeveloped or subject to vulnerabilities, subjecting us to additional liabilities. We have incurred and could in the future incur significant costs related to the implementation of enhancements to information security systems and infrastructure of acquired businesses and to the remediation of any security breaches. If security, data protection, and information security measures in place at businesses we acquire are inadequate or breached, or are subject to cybersecurity attacks, or if any of the foregoing are reported or perceived to have occurred, our reputation and business could be damaged, and we could be subject to regulatory scrutiny, investigations, proceedings, and penalties. We may also acquire businesses whose operations may not be fully compliant with all applicable regulations, including governmental laws and requirements regarding economic and trade sanctions, anti-money laundering, counter-terror financing, and privacy and security laws, us to potential liabilities and requiring us to spend considerable time, effort, and resources to become compliant.
Acquisitions could also result in dilutive issuances of equity securities or the incurrence of debt, as well as unfavorable accounting treatment and exposure to claims and disputes by third parties, including intellectual property claims. In addition, if an acquired business fails to meet our expectations, our business, financial condition, results of operations, and prospects could be adversely affected.
We plan to continue expanding our international operations which could subject us to additional costs and risks, and our continued expansion internationally may not be successful.
A significant amount of our revenue is derived from customers from outside the United States, and we plan to continue expanding our operations internationally in the future. Revenue generated from customers outside of the United States was $266.4 million, or 38% of our revenue, $221.0 million, or 41% and $184.8 million or 46% of our revenue, for the years ended January 31, 2026, 2025 and 2024, respectively. Outside of the United States, we currently have direct and indirect subsidiaries in many countries, including the United Kingdom, France, Israel, Singapore, India, the United Arab Emirates, and Australia, and we have employees in more than 15 countries. Operating in international markets requires significant resources and management attention and subjects us to regulatory, economic, and political risks that are different from those in the United States. In addition, there are significant costs and risks inherent in conducting business in international markets, including:
• establishing and maintaining effective controls at foreign locations and the associated increased costs;
• adapting our platform and offerings to non-U.S. consumers’ preferences and customs;
• localizing our platform and features for specific countries, including translation into foreign languages, tax, and regulatory updates and associated expenses;
Table of Conte n ts
• expanding our platform and offerings to cover travel methods and providers that are not part, or do not reflect a significant portion, of our offering in the United States;
• increased competition from local providers;
• compliance with foreign laws, regulations, and licensing requirements;
• adapting to doing business in other languages and/or cultures;
• compliance with the laws of numerous taxing jurisdictions where we conduct business, potential double taxation of our international earnings, and potentially adverse tax consequences due to U.S. and foreign tax laws as they relate to our international operations;
• compliance with anti-bribery laws, such as the U.S. Foreign Corrupt Practices Act of 1977 (the “FCPA” and the UK Bribery Act 2010 (the “UK Bribery Act’) by us, our team members, our suppliers, and our other partners;
• difficulties in staffing and managing global operations and the increased travel, infrastructure, and compliance costs associated with multiple international locations;
• r egulatory and other delays and difficulties in setting up foreign operations;
• complexity and other risks associated with current and future foreign legal requirements, including legal requirements related to data privacy and security frameworks, such as the European Union, and UK General Data Protection Regulations, and other data privacy and security laws that impose different and potentially conflicting obligations with respect to how personal data is processed or require that customer data be stored in a designated territory ;
• currency exchange rate fluctuations and related effects on our results of operations;
• economic and political instability in some countries;
• the uncertainty of protection for intellectual property rights in some countries and practical difficulties of enforcing rights abroad; and
• other costs of doing business internationally.
These factors and other factors have historically posed and may in the future pose challenges to growing our international operations organically, and could harm our international operations and, consequently, negatively impact our business, results of operations, and financial condition. As we seek to continue to expand internationally, we will likely encounter unexpected challenges and expenses due to local regulations, requirements, practices, and markets. Further, we may incur significant operating expenses as a result of our international expansion, and it may not be successful. We also hold cash and cash equivalents internationally, and in some cases, such liquidity resources may not be easily transferred across jurisdictions, which may negatively impact our financial condition and results of operations. We have limited experience with regulatory environments and market practices internationally, and we may not be able to penetrate or successfully operate in new markets. If we are unable to continue to expand internationally and manage the complexity of our global operations , our business, financial condition, results of operations, and prospects could be affected.
Failure to effectively develop and expand our sales and marketing capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our platform.
Our ability to increase our customers and achieve broader market acceptance of our platform will depend to a significant extent on our ability to expand our sales and marketing teams and to deploy our sales and marketing resources efficiently. We intend to continue investing significantly in our sales force and capabilities to land customers with our Travel offering and expand their adoption, usage of, and
Table of Conte n ts
engagement with additional offerings. Our growth and business strategy are dependent on our ability to successfully execute our sales strategies at increasing scale.
Successfully executing our sales and marketing strategy requires strong leadership, alignment across our sales and marketing functions, and the ability to scale across diverse customer types, channels, and geographies. If we are unable to recruit, hire, develop, and retain high-performing sales or marketing personnel, if our new sales or marketing personnel are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing leaders fail to execute our sales strategies effectively, our ability to attract new customers and expand usage of and engagement with our offerings could be harmed.
We have historically focused our customer acquisition strategy on targeting mid-size and larger customers with a direct sales-led motion via our dedicated sales team. These customers often have a travel and expense vendor already and are sometimes characterized by more complex customer requirements, higher upfront sales costs, and less predictability in the timing or likelihood of expanding their usage of and engagement with additional offerings following adoption of our Travel offering. In certain circumstances, a larger enterprise or company’s decision to initially adopt our platform, particularly our Travel offering, and expand their usage of and engagement with additional offerings, may be a company-wide decision, requiring additional education regarding the use and benefits of our platform for managing their business travel spend. As a result, the length of our sales cycle and ramp time for usage of and engagement with additional offerings has varied, and may continue to vary, significantly from customer to customer depending on the size and type of the customer. We have also more recently begun deploying our product-led growth (“PLG”) go-to-market strategy to acquire new customers who have traditionally been unmanaged, meaning they have historically not used any travel and expense vendor or solution. Our success depends on our ability to maintain brand trust, execute effective growth marketing, deliver a flexible and intuitive platform experience, and demonstrate tangible cost savings and differentiated technology at scale, including compared to those of our competitors. These customers demand flexible deployment of our offerings within their companies and prioritize ease of use, particularly self-service implementation tools, to roll out our offerings across their employee base at their own pace. While we may adjust our sales strategies from time to time, including investing in newer motions such as our PLG strategy and targeting different customer channels, we have historically acquired the majority of our customers through our sales-led growth (“SLG”) strategy and expect such strategy and related customer channels to remain an important driver for new customer growth in the future. If we to allocate sufficient sales and marketing funds and resources to our SLG sales strategy, including due to prioritization of other sales strategies that do not generate meaningful return on our investment, our growth, including in new customer acquisition, and our business could be .
We also dedicate significant resources to sales and marketing programs, including digital advertising services. The effectiveness and cost of these programs may fluctuate due to competition for key search terms, changes in search engine use, and changes in the search algorithms used by major search engines. We have limited experience conducting broad brand marketing campaigns and other marketing initiatives. Even if we successfully increase revenue as a result of our paid marketing efforts, it may not offset the additional marketing expenses we incur. Our marketing campaigns may also be long-term endeavors, and we may not be able to accurately assess the success of these campaigns for several periods. If we are not able to effectively develop our sales and marketing capabilities and implement our marketing strategies, our business, financial condition, results of operations, and prospects could be adversely affected.
If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, and changing customer needs or preferences, our platform may become less competitive.
The business software and travel industries are subject to rapid technological change, evolving industry standards and practices, and changing customer needs and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes by
Table of Conte n ts
continually modifying and enhancing our platform and offerings to keep pace with changes in hardware systems and software applications, AI, database technology, and evolving technical standards and interfaces on a timely basis. If we are unable to develop and market new technology, features, and functionality for our platform that keep pace with rapid technological and industry change and satisfy our customers, our revenue and results of operations could be adversely affected. If new technologies emerge that deliver competitive products at lower prices, with more use cases, more efficiently, more conveniently, or more securely, it could adversely impact our ability to compete.
We have incorporated AI-based solutions into our offerings, including through our Navan Cognition framework that powers Navan Edge, Ava and our other virtual agents. As with many innovations, AI presents risks, challenges, and unintended consequences that could impact our ability to successfully incorporate the use of AI in our business. For example, our algorithms may be flawed and not achieve sufficient levels of accuracy or contain biased information. Moreover, AI models may create flawed, incomplete, or inaccurate outputs, some of which may appear correct. This may happen if the inputs that the model relied on were inaccurate, incomplete, or flawed (including if a bad actor “poisons” the AI with bad inputs or logic), or if the logic of the AI is , resulting in a hallucination. Algorithms are also subject to privacy and data security laws, as well as increasing regulation and . In addition, our competitors or other third parties may incorporate AI solutions into their products more than us, and their AI solutions may higher market acceptance than ours, which may result in us to recoup our investments in developing AI-powered applications. For example, competitors leveraging AI or other automation may drive increasing in their support costs while offering faster, more personalized service than us. We have made significant investments in our AI technology, including in our Navan Cognition framework that powers our agentic product offerings that are tools in the scaling of our platform. Our ability to deploy AI, or the ability of our competitors to do so , may impact our gross margins, our ability to compete effectively, result in reputational and have an impact on our operating results. Our platform must also integrate with a variety of network, hardware, mobile, and software platforms and technologies. We may need to modify and our platform and offerings to adapt to changes and in these technologies as well as to demonstrate increasing benefits and of our platform to customers and their employees, who are expected to demand continued in the features and functionalities of our platform and offerings. This development effort will require significant engineering, marketing, and sales resources, all of which would affect our business and results of operations. Any of our platform to operate effectively with future technologies could reduce the demand for our platform. If we are to respond to these changes in a cost- manner, our platform may become less marketable and less competitive or , which could affect our business, financial condition, results of operations, and prospects.
Our corporate card offering exposes us to credit risk and other risks related to customers' ability to pay the balances incurred on their corporate cards.
We offer our corporate card product to a wide range of businesses, and the success of this product depends on our ability to effectively manage related risks and detect fraud. The credit decision-making process for our corporate card uses proprietary risk assessment methodologies and other techniques designed to analyze the credit risk of specific businesses based on, among other factors, their past purchase and transaction history. In addition, we bear the entire credit risk and are liable to the issuing bank to settle the transaction and may incur losses as a result of claims from the issuing banks. While we would seek to recover losses from a customer, we may not fully recover them if a customer is unwilling or unable to pay due to their financial condition. Because we are liable to the issuing bank, we may also bear the risk of losses if a customer does not provide payment due to fraudulent or disputed transactions. We are also subject to risk from acts of employees or contractors. Additionally, are using increasingly sophisticated methods to engage in activities which they may use to target us, including “skimming,” payment cards, phishing schemes, and identity theft. A single, significant or a series of of or theft involving our corporate cards could result in reputational to us, potentially reducing the use and acceptance of our corporate card offering or lead to
Table of Conte n ts
greater regulation that would increase our compliance costs. Fraudulent activity could also result in the imposition of regulatory sanctions, including significant monetary fines. The foregoing could harm our business, results of operations, and financial condition.
Additionally, our funding model relies on a variety of funding arrangements, including warehouse facilities and purchase arrangements, with a variety of funding sources. Any significant underperformance of the card receivables we own may adversely impact our relationships with such funding sources and result in increased costs of financing, modification or termination of our existing funding arrangements, or impairment of our ability to procure funding, which could adversely affect our business, financial condition, results of operations, and prospects.
While we have entered into redundant relationships with third-party partners and issuing banks for our corporate cards, if we lose any of these services, or if the card network ceases to support our cards, our business, results of operations, financial condition, and growth prospects could be harmed.
Our corporate card is an important element of our growth strategy. We have entered into card issuing agreements with bank program managers and issuing banks for card issuing, compliance, transaction settlement, and related services. Those agreements include significant security, compliance, and operational obligations, including adherence on short notice to evolving regulatory requirements. If we are not able to comply with those obligations or our agreements with the third-party bank program managers and issuing banks are suspended, limited, or otherwise terminated for any reason (including, but not limited to, the failure by an issuing bank to comply with applicable regulations), we could experience service interruptions, delays, and additional expenses in arranging new services. As a result, we may be unable to replace these services on competitive terms, or at all, which could adversely affect our business, financial condition, results of operations, and prospects.
Our Navan Connect service enables customers to connect their non-Navan corporate cards to our expense management platform to automate reporting and, in some cases, enable the creation of virtual cards for travel bookings on our platform. We do not bear the credit risk or the risk of card losses on cards enrolled in Navan Connect. These cards are issued independently from Navan, and accordingly, we do not have agreements in place that would make Navan liable for those cards' transactions. We do not earn revenue from interchange on cards enrolled in Navan Connect. Navan Connect depends on us maintaining contractual relationships with card networks and card providers, and if a card network or card provider suspends or terminates its agreement with us, our business, financial condition, results of operations, and prospects could be harmed.
Dependence on third-party service providers by us and our suppliers involves risks, including security incidents, service disruptions, and operational failures that could compromise confidential information, disrupt critical business operations, and damage our reputation. Interruptions or delays in these services have impaired and may in the future impair the delivery of our platform, harming our business.
We host our platform using third-party cloud infrastructure services. All of our offerings utilize resources operated by us through these providers. We therefore depend on our third-party cloud providers’ ability to protect their data centers against damage or interruption from natural disasters, power or telecommunications failures, criminal acts, and similar events. Our operations depend on protecting the cloud infrastructure hosted by such providers by maintaining their respective configuration, architecture, and interconnection specifications, as well as the information stored in these virtual data centers and transmitted by third-party internet service providers. We have periodically experienced service disruptions in the past, and we cannot assure you that we will not experience interruptions or delays in our service in the future. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the data storage services we use. Although we have recovery plans that utilize multiple data storage locations, an affecting our backup data storage locations that may be caused by fire, flood, storm, earthquake, power ,
Table of Conte n ts
telecommunications failures, unauthorized intrusion, computer viruses, disabling devices, natural disasters, military actions, terrorist attacks, negligence, and other similar events beyond our control could negatively affect our platform.
Beyond cloud hosting, we rely on numerous third parties to operate our critical business systems and process confidential and personal information, such as payment processors that handle customer credit card payments, cloud service providers, and customer care centers. Our ability to monitor these third parties’ information security practices is limited, creating significant exposure to potential security events, disruptions, or outages outside our direct control. These third parties may inappropriately access confidential and personal information or may lack adequate security measures, potentially leading to security incidents that compromise the confidentiality, integrity, or availability of systems they operate for us or the information they process on our behalf.
For example, the CrowdStrike incident and resulting systems outage in July 2024 significantly impacted airline operations and forced several major carriers to ground flights for a prolonged period. While we were not the source of that incident and the CrowdStrike incident did not have a direct impact on our operations, disruptions of this nature could in the future significantly affect our ability to provide timely travel services to customers who rely on our platform for booking and itinerary management and support. Substantial or sustained failures caused by third-party software issues, airline infrastructure outages, or vulnerabilities in our systems could lead to service delays, reduced functionality, customer frustration, and reduced trust in our platform. Any prolonged service disruption affecting our platform for any of the foregoing reasons could our reputation with current and potential customers, us to liability, or cause us to or otherwise our business. Also, in the event of or , our insurance policies may not compensate us for any that we may incur. Such could affect our business, financial condition, results of operations, and prospects.
Supply chain attacks targeting service providers have increased in both frequency and severity in recent years. We cannot guarantee that our service providers' infrastructure or the infrastructure of their partners has not been compromised. While we may be entitled to damages if our third-party service providers fail to satisfy their privacy or security-related obligations to us, we cannot be certain that our applicable contracts with these third parties will adequately limit our data security-related liability or provide sufficient mechanisms for indemnification or recovery of losses they cause us to incur.
Our platform is accessed by many customers, often at the same time. Any interruptions or delays in access to our platform, including due to third-party provider failures or incidents, could impede our ability to grow our business and scale our operations. If our third-party infrastructure service agreements are terminated, or there is a lapse of service, interruption of internet service provider connectivity, or damage to data centers, we could experience interruptions in access to our platform as well as delays and additional expense in arranging new facilities and services.
Given the increasingly international nature of our business, we may also partner with local travel management companies in specific geographies that may not meet the cybersecurity controls expected or required by our suppliers and customers. These local partners may operate under different regulatory frameworks and security standards that don't align with our requirements or customer and supplier expectations, creating additional vulnerability points in our overall security posture. Security incidents involving these international partners could damage customer trust, result in regulatory violations across multiple jurisdictions, and create complex legal challenges due to varying international privacy laws if data these international partners process on our behalf is impacted.
Table of Conte n ts
We may not successfully develop or introduce new offerings, services, features, integrations, capabilities, and versions of our existing offerings that achieve market acceptance, and our business could be harmed and our revenue could suffer as a result.
Our ability to attract new customers and increase revenue from existing customers depends in large part upon the successful development, introduction, and customer acceptance of new offerings, services, features, integrations, capabilities, and versions of our existing offerings. Unexpected delays in releasing new or enhanced offerings, or errors following their release, could result in loss of sales, delay in market acceptance of our platform, or customer claims against us, any of which could harm our business. The success of any new product, service, feature, integration, capability, or version depends on several factors, including timely completion and delivery, competitive pricing, adequate quality testing, integration with existing technologies, proper marketing of the offering, and market acceptance. For example, our Bleisure and Navan Edge offerings are nascent, and there can be no assurance that either will reach the level of customer adoption that they were designed to . We may not be to develop new offerings or to introduce and market acceptance of new offerings in a timely manner, or at all. If we are to expand our offerings in a manner that increases retention of existing customers and attracts new customers, or drives adoption by our Travel Management customers of our Expense Management and corporate card offerings, our business, financial condition, results of operations, and prospects could be affected.
Our business is affected by seasonality.
Our business has historically been influenced by seasonality, primarily related to seasonal travel trends of business travelers, as our users typically travel less during holiday periods, though this effect varies regionally. As a result, our travel revenue has historically been stronger in the third fiscal quarter. Additionally, a portion of the revenue from our Expense Management offerings is driven by the volume of corporate card spending processed by our Expense Management platform, which tends to decrease during periods of decreased business travel. In addition, demand for travel generally fluctuates based on a number of factors, including periods of perceived or actual adverse economic conditions and times of political or economic uncertainty. As a result of fluctuations caused by these and other factors, comparisons of our results of operations across different fiscal quarters may not be accurate indicators of our future performance. Furthermore, our rapid growth in recent years may obscure the extent to which seasonality trends have affected our business and may continue to affect our business. Accordingly, yearly or quarterly comparisons of our results of operations may not be useful and our results in any particular period will not necessarily be indicative of the results to be expected for any future period. Seasonality in our business can also be affected by introductions of new or enhanced offerings, including the costs associated with such introductions.
Our business depends on a strong brand, and if we are not able to maintain and enhance our brand, our ability to maintain and expand our base of customers may be impaired, and our business and results of operations will be harmed.
We believe that the brand identity that we have developed has significantly contributed to the success of our business. We also believe that maintaining and enhancing the Navan brand is critical to expanding our customer base and establishing and maintaining relationships with suppliers and other partners. Successful promotion and protection of our brand will depend largely on the effectiveness of our marketing efforts, our ability to ensure that our platform remains high-quality, reliable, useful and competitively priced, the quality and perceived value of our platform, our ability to successfully differentiate our platform and features from those of our competitors, and the ability of our customers to achieve successful results by using our platform and features. Maintaining and enhancing our brand may require us to make substantial investments not just in our Travel Management offerings but also in newer offerings, such as Bleisure and Navan Edge, and to make substantial investments in new non-U.S. markets, which may not be successful. Marketing campaigns are also to the of our product-led growth sales strategy. Substantial advertising expenditures may be required to maintain and our brand, which may not prove . Advertising and other brand promotion activities
Table of Conte n ts
may not generate customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. In addition, existing and future brand-marketing campaigns and customer awareness strategies may have lengthy return on investment time horizons. We also have limited experience conducting broad marketing campaigns, such as global integrated marketing campaigns, and other marketing initiatives. As a result, we may not be able to adequately assess the benefits of such initiatives until we have made substantial investments of time and capital, which could also negatively impact our ability to effectively allocate sales and marketing funds and resources to the sales strategy that generates the greatest return on our investment. There could also be a negative reaction to certain advertising campaigns and values-based activity and communications.
Additionally, our brand could be damaged by incidents involving our suppliers, particularly if the incidents receive considerable negative publicity or result in litigation, some of which may occur in the ordinary course of our business or the business of our suppliers and other partners. In addition, our failure to provide timely and sufficient support services to our users and customers in connection with travel delays and incidents could harm our brand and reputation. Such incidents may arise from events that are or may be beyond our control, such as actions taken (or not taken) by one or more suppliers, including flight delays and cancellations. If we fail to promote and maintain the Navan brand, or if we incur excessive expenses in this effort, we may to attract or retain customers necessary to realize a sufficient return on our brand-building efforts or to the widespread brand awareness that is for broad customer adoption of our platform and features. We anticipate that, as our market becomes increasingly competitive, maintaining and our brand may become more and expensive.
We face significant competition in the markets we serve, and if we do not compete effectively, our business, results of operations, and financial condition could be harmed.
Our offerings address a highly competitive market with entrenched incumbent industry participants, ranging from legacy service providers to more modern software companies. Some of our competitors may have access to more financial resources, greater name recognition, and better-established customer bases in their target segments, differentiated business models, technology, and other capabilities or a differentiated geographic coverage, which may make it difficult for us to retain or attract new customers. In addition, competitors are increasingly using AI and automation to improve service quality and reduce operational costs, allowing them to deliver more personalized user experiences or more efficient support at scale. New AI-native entrants may bypass traditional models and gain traction quickly, particularly in the unmanaged travel market, including by offering products that more effectively streamline the travel booking and expense management process using AI or other digital-native tools. At the same time, legacy competitors may continue to benefit from their brand strength, customer relationships, and market influence while integrating AI into their offerings, particularly if certain enterprise customers continue to favor traditional offline travel management services. Our travel suppliers may also seek to develop and implement or further invest in existing direct distribution channels. If we cannot compete effectively, our business, financial condition, results of operations, and prospects could be affected.
In Travel Management, we currently compete, and will continue to compete, with a variety of travel and travel-related companies, including other corporate travel management service providers such as BCD Group, Global Business Travel Group, Inc., and SAP Concur, traditional travel agencies, and emerging and established online travel agencies. We compete, to a lesser extent, with credit card loyalty programs, online travel search and price comparison services, facilitators of alternative accommodations such as short-term home or condominium rentals, and social media and e-commerce websites, as well as direct-booking platforms from hotel chains and airlines.
In addition, our Expense Management and corporate card offerings face significant competitive challenges from do-it-yourself approaches as well as companies that provide traditional horizontal platform solutions with expense management features, such as Expensify, Oracle, and SAP, corporate card providers, and expense management solutions, such as Brex and Ramp. Moreover, some travelers may prefer to use their existing travel rewards credit cards to book rather than our corporate card, even if their personal rewards from our Expense Management offerings would be superior. It is difficult to predict
Table of Conte n ts
adoption rates and demand for our Expense Management offerings, the future growth rate and size of the market for expense management and other pre-accounting products, or the entry of competitive offerings. Some traditional horizontal platform solutions with expense management features have substantially greater revenue, personnel, and other resources than we do. We also face competition from a growing number of other businesses offering expense management solutions and corporate cards. Some of these companies are using AI to automate workflows and deliver more adaptive user experiences, which may shift customer expectations and alter how expense management solutions are evaluated and adopted. With the introduction of new technologies and the entry of new companies into the market, we expect competition to persist and intensify. Additionally, it is possible that larger companies with substantial resources that operate in adjacent accounting, finance, or compliance verticals may decide to pursue expense management automation and become immediate, significant competitors. Merger and acquisition activity in the technology industry could increase the likelihood that we compete with other large technology companies.
We cannot assure you that we will be able to compete successfully against any current, emerging, and future competitors or provide sufficiently differentiated products and services to our customer base in any of the markets we serve. Increasing competition from current and emerging competitors, consolidation of our competitors, the introduction of new technologies, and the continued expansion of existing technologies may force us to make changes to our business model, which could adversely affect our business, financial condition, results of operations, and prospects.
If our customers or users of our platform engage in, or are subject to, fraud, criminal activity, or inappropriate conduct, our reputation, brand, business, financial condition, and results of operations could be harmed.
We are not able to control or predict the actions of our customers or users during their engagement with our platform or otherwise. We face the risk of criminal activity, fraud, and inappropriate conduct from users or individuals impersonating users on our platform. Such risks include identity theft, use of stolen or fraudulent credit card data, social engineering attacks to gain unauthorized account access, and fraudulent exploitation of our payment card programs. This conduct has in the past involved, and may in the future involve, coordinated and complex fraud schemes that are difficult to detect and prevent. Given their complexity, such schemes have in the past persisted, and future schemes may also persist, for lengthy periods prior to detection. If our platform is perceived as a conduit for such activity or if we to effectively detect and prevent these , our brand reputation could be , resulting in press coverage, customer , to our supplier relationships, and reduced market confidence. The financial impact of such activities is often to quantify quickly or with precision due to the complexity of certain of these schemes. Consequently, the effects on our financial results may continue into future periods or have a impact than initially anticipated, even after the activity has been . If the activity occurs through systems controlled by any of our partners, such as our suppliers, we may be to remediate or prevent this activity in a timely manner or at all due to in our ability to interact with such systems. The process of identifying the full scope of often requires extensive , potentially financial reporting and creating additional operational .
Our failure to adequately detect, address, or prevent these fraudulent transactions could result in multiple adverse consequences beyond direct financial losses, including:
• significant damage to our reputation and brand trust;
• litigation and regulatory action across multiple jurisdictions;
• errors in financial statements potentially requiring corrections or restatements;
• delays in preparing and filing periodic reports;
• failures to meet our reporting and other obligations as a public company; and
Table of Conte n ts
• additional expenses for remediation and enhanced security measures.
These risks extend beyond direct fraud against our systems. If criminal, inappropriate, or other negative incidents occur due to the conduct of customers, users, suppliers, or other third parties using our platform, our ability to attract and retain business relationships may be harmed. These incidents can significantly undermine confidence in our services, even when we are not directly at fault.
As our platform continues to grow in scale and geographic reach, the sophistication and variety of potential fraud schemes will likely evolve in parallel. This requires continuous investment in fraud detection technologies, security protocols, and specialized personnel to protect our platform integrity and financial stability. The travel industry is particularly vulnerable to these risks due to the high transaction values and complex payment systems involved, making effective fraud prevention a critical component of our operational strategy and long-term business viability. If criminal, inappropriate, or other negative incidents occur due to the conduct of third parties, our ability to attract and retain customers may be harmed, and our reputation, business, and financial results could be .
If the prices we charge in connection with our offerings are unacceptable to our customers, our business, financial condition, and results of operations may be adversely impacted.
We primarily generate revenue through commissions received from our suppliers based on the dollar volume of bookings made by users on our platform as well as per-trip or per-transaction fees from customers for access to our travel management platform or on-demand travel management services. We also generate revenue from annual subscription fees paid by our customers for access to our expense management offerings. As the market for our platform matures, or as new or existing competitors introduce new products or services that compete with ours, we may experience pricing pressure and be unable to renew our agreements with existing customers or attract new customers at prices that are consistent with our pricing model and operating budget. Moreover, our pricing strategy may come under pressure due to industry developments or macroeconomic conditions that are out of our control, including changes in available travel inventory, changes in inventory network standards like the NDC, reduced commission rates, or changes to interchange fees, as well as overall inflation and budget constraints impacting customers in an uncertain macroeconomic environment. Our pricing strategy for existing and new offerings we introduce may prove to be unappealing to our customers, and our competitors could choose to bundle certain products and services competitive with ours. If this were to occur, it is possible that we would have to change our pricing strategies or reduce our prices, which could adversely affect our business, financial condition, results of operations, and prospects.
We track certain performance metrics with internal tools and do not independently verify such metrics. Certain of our performance metrics are subject to inherent challenges in measurement, and real or perceived inaccuracies in such metrics may harm our reputation and negatively affect our business.
Our internal tools have a number of limitations and our methodologies for tracking these metrics may change over time, which could result in unexpected changes to our metrics, including the metrics we report. We calculate and track performance metrics with internal tools, which are not independently verified by any third party. While we believe our metrics are reasonable estimates of our business and financial performance for the applicable period of measurement, the methodologies used to measure these metrics require significant judgment and may be susceptible to algorithm or other technical errors. For example, the accuracy and consistency of our performance metrics may be impacted by changes to internal assumptions regarding how we account for and track customers, limitations on system implementations, and limitations on third-party tools’ abilities to match our database. If the internal tools we use to track these metrics undercount or overcount performance or contain algorithmic or other technical errors, the data we report may not be accurate. In addition, limitations or errors with respect to how we measure data (or the data that we measure) may affect our understanding of certain details of our business, which could affect our longer-term strategies. If our performance metrics are not accurate representations of our business or growth trends; if we discover material in our metrics; or if
Table of Conte n ts
the metrics we rely on to track our performance do not provide an accurate measurement of our business, our reputation may be harmed, we may be subject to legal or regulatory actions, and our business, financial condition, results of operations, and prospects could be adversely affected.
Our estimates of market opportunity and forecasts of market growth may prove to be inaccurate, and even if the markets in which we compete achieve the forecasted growth, our business could fail to grow at similar rates, if at all.
Our estimates of market opportunity and forecasts of market growth may prove to be inaccurate. Such estimates and forecasts, including those we have generated ourselves or that include our data, are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate including due to the risks described herein. Even if the markets in which we compete achieve the forecasted growth, our business could fail to grow at similar rates, if at all.
The variables that go into the calculation of our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of addressable customers or travelers covered by our market opportunity estimates will purchase our offerings at all or generate any particular level of revenue for us. Any expansion in the markets in which we operate depends on a number of factors, including the cost, performance, and perceived value associated with our platform and those of our competitors. Even if the markets in which we compete meet our size estimates and growth forecasts, our business could fail to grow at similar rates, if at all. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties. Accordingly, our forecasts of market growth should not be taken as indicative of our future growth.
Risks Related to Our People
If we lose Ariel Cohen, our co-founder and Chief Executive Officer, or other key members of our management team or are unable to attract and retain executives and employees we need to support our operations and growth, our business may be harmed.
Our success and future growth depend upon the continued services of our management team and other key employees throughout our organization. The loss of key personnel, including key members of our management team or members of our board of directors, as well as certain of our key marketing, sales, finance, support, product development, human resources, or technology personnel, could disrupt our operations and have a negative impact on our ability to grow our business. In particular, Ariel Cohen, our co-founder and Chief Executive Officer, is critical to our overall management, as well as the continued development of our platform, offerings, culture, and strategic direction. Additionally, certain key members of our management team are based in, or spend considerable time in, Israel, including at our office in Tel Aviv, and the escalating military conflict in the Middle East may impact their safety and availability, potentially disrupting our operations and business continuity.
From time to time, there may be changes in our management team resulting from the hiring or departure of executives and key employees, which could disrupt our business. In addition, we may face challenges retaining senior management and key employees of companies we have acquired, especially as we work to fully integrate those companies into the Navan platform. Our senior management and key employees are employed on an at-will basis. We currently do not have “key person” insurance for any of our employees. Certain of our key employees have been with us for a long period of time and have fully vested equity awards that may cease to be effective as a retention incentive now that we are a public company and such awards are publicly tradable. The loss of our founders, one or more of our senior management, key members of senior management of acquired companies, or other key employees could harm our business, and we may not be able to find adequate replacements. To retain our senior management and key employees, we may also decide to provide them with certain compensation types and structures that may be perceived negatively by certain stakeholders or advisory groups or result in stockholder or , which could impact our reputation, stock price, and business. We cannot ensure that we will be to retain the services of any members of our senior
Table of Conte n ts
management or other key employees or that we would be able to timely replace members of our senior management or other key employees should any of them depart.
In addition, to execute our business strategy, we must attract and retain highly qualified personnel. Competition for highly skilled personnel is intense, especially in the San Francisco Bay Area where we are headquartered, and where we have a need for highly skilled personnel, and we may not be successful in hiring or retaining qualified personnel to fulfill our current or future needs. We compete with many other companies for software developers with high levels of experience in designing, developing, and managing cloud-based software and payment systems, as well as for skilled legal, compliance, and risk operations professionals. We may also face increased competition for personnel from other companies which adopt approaches to remote work that differ from ours. In addition, the current regulatory environment related to immigration is uncertain, including with respect to the availability of certain visas. Many of the companies with which we compete for experienced personnel have greater resources than we do and can frequently offer such personnel substantially greater compensation than we can offer.
In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity or equity awards declines, continues to experience significant volatility, or increases such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to recruit and retain highly skilled employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects would be severely harmed. Inflationary pressures, or stress over economic or geopolitical events such as those the global market is currently experiencing, may also result in employee attrition. Further, our competitors may be successful in recruiting and hiring members of our management team or other key employees, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms, or at all. If we to identify, attract, develop, and integrate new personnel, or to retain and motivate our current personnel, our growth prospects would be affected, which could affect our business, financial condition, results of operations, and prospects.
Our management team has limited experience managing a public company.
Our management team has limited experience managing a publicly traded company, interacting with public company investors and securities analysts, and complying with the increasingly complex laws pertaining to public companies. These new obligations and constituents require significant attention from our management team and could divert their attention away from the day-to-day management of our business, which could adversely affect our business, financial condition, results of operations, and prospects.
Our company values have contributed to our success. If we cannot maintain these values as we grow, we could lose certain benefits we derive from them, and our employee turnover could increase, which could harm our business.
We believe that our company values have been and will continue to be a key contributor to our success. We have rapidly increased our workforce across all departments, and we expect to continue to hire across our business. Our anticipated headcount growth, combined with our transition from a privately-held to a publicly-traded company, may result in changes to certain employees’ adherence to our core company values. If we do not continue to maintain our adherence to our company values as we grow, including through any future acquisitions or other strategic transactions, we may experience increased turnover in a portion of our current employee base and may not continue to be successful in hiring future employees. Moreover, now that our Class A common stock is publicly traded, many of our employees may be eligible to receive significant proceeds from the sale of Class A common stock in the public markets. This may lead to higher employee attrition rates. If we do not replace departing employees on a timely basis, our business and growth may be harmed.
Table of Conte n ts
Risks Related to Privacy, Cybersecurity, and Intellectual Property
We are subject to stringent and changing privacy and security laws, regulations, standards, policies, and contractual obligations related to data privacy and security. Our actual or perceived failure to comply with such obligations could lead to government investigations or enforcement actions, a disruption of our services, private litigation, changes to our business practices, increased costs of operations, adverse publicity, limitations on the use or adoption of our services, and other negative effects on our results of operations and business.
We and our customers and travelers store personal, business, financial, and other sensitive information on our platform. In addition, we receive, store, and otherwise process personal and business information and other data, including sensitive, proprietary, or confidential information from and about actual and prospective customers and travelers, in addition to our employees and service providers. Our handling of such information is subject to a variety of evolving privacy and security laws and regulations, including regulation by various government agencies, such as the U.S. Federal Trade Commission and various state, local, and foreign governments. New or proposed laws and regulations are subject to differing interpretations and may be inconsistent among jurisdictions, and guidance on implementation and compliance practices are often updated or otherwise revised, which adds to the complexity of processing personal information. Moreover, we publish privacy and security policies, representations, certifications, standards, publications, contracts, and other obligations to third parties related to privacy and security. Regulators in the United States are increasingly scrutinizing these statements, and if these policies, materials or statements are found to be deficient, lacking in transparency, deceptive, unfair, , or misrepresentative of our practices, we may be subject to , enforcement actions by regulators or other consequences.
In the United States, numerous federal and state laws and regulations, including state personal information laws, state data breach notification laws, federal and state consumer protection laws and regulations, and other similar laws (such as wiretapping laws) govern the collection, use, disclosure, and protection of personal information. Numerous U.S. states have enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data. As applicable, such rights may include the right to access, correct, or delete certain personal data, and to opt-out of certain data processing activities, such as targeted advertising, profiling, and automated decision-making. The exercise of these rights may impact our business and ability to provide our products and services. Certain states also impose stricter requirements for processing certain personal data, including sensitive information, such as conducting data privacy impact assessments. These state laws allow for statutory fines for noncompliance. For example, in California, the California Consumer Privacy Act (the “CCPA”) requires, among other things, that covered businesses provide disclosures to California residents and afford residents abilities to opt-out of certain sales of personal information, and gives California residents the ability to limit use of certain sensitive information. The CCPA provides for fines and allows private affected by certain data to recover significant statutory . These laws demonstrate the evolving regulatory environment related to personal information and make it to predict the impact of such laws on our business or operations. Such complexities have required and may continue to require us to modify our data-processing practices and policies and to incur substantial costs and expenses in an effort to comply. Similar laws are being considered in several other states, as well as at the federal and local levels, and we expect more states to pass similar laws in the future.
In addition, several foreign countries and governmental bodies, including the European Union and the United Kingdom, have laws and regulations governing the handling and processing of personal information, which are more restrictive than those in the United States. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, disclosure, security, transfer, and other processing of various types of data, including data that identifies or may be used to identify an individual. Our current and prospective service offerings subject us to the European Union General Data Protection Regulation 2016/67 (the “EU GDPR”) the United Kingdom Data Protection Act of 2018 that effectively implemented EU GDPR under UK law and later amended by virtue of the European Union (Withdrawal)
Table of Conte n ts
Act 2018 (collectively, the “UK GDPR”) other EU member state-implementing legislation, and the privacy laws of many other foreign jurisdictions.
For example, the EU GDPR and the UK GDPR impose stringent requirements for controllers and processors of personal data of individuals within the European Economic Area (the “EEA”) and the United Kingdom, respectively, and non-compliance may trigger robust regulatory investigation or enforcement and fines of up to the greater of €20 million or 4% of the annual global revenue in respect of the EU GDPR, and up to the greater of £17.5 million or up to 4% of annual global revenue in respect of the UK GDPR. Companies that violate the EU GDPR or the UK GDPR can also face prohibitions on data processing and other corrective action, such as class action lawsuits brought by classes of data subjects or by consumer protection organizations authorized by law to represent their interests. Other countries outside of Europe increasingly emulate European data protection laws. As another example, the General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, Law No. 13,709/2018) (the “LGPD”) applies to our operations. The LGPD broadly regulates processing personal data of individuals in Brazil and imposes compliance obligations and penalties comparable to those of the EU GDPR. The Swiss Federal Act on Data Protection also applies to the collection and processing of personal data, including health-related information, by companies located in Switzerland, or in certain circumstances, by companies located outside of Switzerland. We also have operations in Singapore and may be subject to new and emerging data privacy regimes in Asia, including Singapore’s Personal Data Protection Act. Operating our business and offering our services in Europe and other countries with similar data protection laws subjects us to substantial compliance costs and potential liability and may in the future require changes to the ways we collect and use personal information.
In the ordinary course of business, we transfer personal data from Europe and other jurisdictions to the United States and other countries. Countries in Europe and other jurisdictions have enacted laws requiring data to be localized and limiting the transfer of personal data to other countries. In particular, the EEA and the United Kingdom have significantly restricted the transfer of personal data to the United States and other countries whose privacy laws they generally believe are inadequate. Other jurisdictions may adopt or have already adopted similarly stringent data localization and cross-border data transfer laws. Although there are currently various mechanisms that may be used to transfer personal data from the EEA and United Kingdom to the United States in compliance with law, such as the EEA standard contractual clauses, the UK International Data Transfer Agreement / Addendum, and the EU-U.S. Data Privacy Framework and the UK extension thereto (which allows for transfers to relevant U.S.-based organizations who self-certify compliance and participate in the Framework), these mechanisms are subject to legal challenges, and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the United States. If there is no lawful manner for us to transfer personal data from the EEA, the United Kingdom or other jurisdictions to the United States, or if the requirements for a legally-compliant transfer are too , we could face significant consequences, including the or of our operations, the need to relocate part of or all of our business or data processing activities to other jurisdictions (such as Europe) at significant expense, increased exposure to regulatory actions, substantial and , the to transfer data and work with partners, vendors, and other third parties, and our processing or transferring of personal data necessary to operate our business. Additionally, companies that transfer personal data out of the EEA and United Kingdom to other jurisdictions, particularly to the United States, are subject to increased from regulators, individual , and activist groups. Some European regulators have ordered certain companies to or permanently certain transfers out of Europe for the GDPR’s cross-border data transfer .
Additionally, the U.S. Department of Justice issued a rule entitled the Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons, which places additional restrictions on certain data transactions involving countries of concern (such as China, Russia, and Iran) and covered persons (i.e., individuals and entities who are designated as such by the U.S. Attorney General or considered “foreign persons” and are majority owned by, organized under the laws of, a primary resident in, or a contractor of, a covered person or country of concern, as
Table of Conte n ts
applicable) that may impact certain business activities such as vendor engagements, sale or sharing of data, employment of certain individuals, and investor agreements. Violations of the rule could lead to significant civil and criminal fines and penalties.
The scope and interpretation of the laws that are or may be applicable to us are often uncertain and may be conflicting, as a result of the rapidly evolving regulatory framework for privacy issues worldwide. As a result of the laws that are or may be applicable to us, and due to the sensitive nature of the information we collect, we have implemented policies and procedures designed to protect our data and our customers’ data against loss, misuse, corruption, misappropriation caused by systems failures, or unauthorized access. If our policies, procedures, or measures relating to privacy, data protection, information security, marketing, or customer communications fail to comply with laws, regulations, policies, legal obligations, or industry standards, we may be subject to governmental enforcement actions, litigation, regulatory investigations, fines, , and publicity, and it could cause our application providers, customers, travelers, suppliers, and other partners to trust in us, which could our business, financial condition, results of operations, and prospects.
In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards that may apply to us. In addition to data privacy and security laws, we are contractually subject to industry standards adopted by industry groups. and we are, and may become in the future, subject to such obligations. We are also bound by contractual obligations related to data privacy and security, and our efforts to comply with such obligations may not be successful. Because the interpretation and application of privacy, data protection, and information security laws, regulations, rules, and other standards and obligations are uncertain, it is possible that these laws, rules, regulations, and other actual or alleged legal obligations, such as contractual or self-regulatory obligations, may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the functionality of our platform. If so, in addition to the possibility of fines, lawsuits, and other claims, we could be required to fundamentally change our business activities and practices or modify our software, which could negatively impact our business, financial condition, results of operations, and prospects.
In addition, major technology platforms on which we rely, privacy advocates, and industry groups have regularly proposed, and may propose in the future, platform requirements or self-regulatory standards by which we are legally or contractually bound. If we fail to comply with these contractual obligations or standards, we may lose access to technology platforms on which we rely and face substantial regulatory enforcement, liability, and fines. Our business is heavily reliant on revenue from behavioral, interest-based, or tailored advertising, which we refer to collectively as targeted advertising, but delivering targeted advertisements is becoming increasingly difficult due to changes to our ability to gather information about user behavior through third party platforms, new laws and regulations, and consumer resistance. Major technology platforms on which we rely to gather information about consumers have adopted or proposed measures to provide consumers with additional control over the collection, use, and sharing of their personal data for targeted advertising purposes. In addition, legislative proposals and present laws and regulations regulate the use of cookies and other tracking technologies, electronic communications, and marketing. For example, in the EEA and the United Kingdom, regulators are increasingly focusing on compliance with requirements related to the targeted advertising ecosystem. European regulators have issued significant in certain circumstances where the regulators that appropriate consent was not obtained in connection with targeted advertising activities. The ePrivacy Regulation and national implementing laws are anticipated to replace the current national laws implementing the ePrivacy Directive, which may require us to make significant operational changes. In the United States, the CCPA, for example, grants California residents the right to opt-out of a company’s sharing of personal data for advertising purposes in exchange for money or other consideration, and requires covered businesses to user- browser signals from the Global Privacy Control. Partially as a result of these developments, individuals are becoming increasingly resistant to the collection, use, and sharing of personal data to deliver targeted advertising. Individuals are now more aware of options related to consent, “do not track” mechanisms (such as browser signals from the Global Privacy Control), and “ad-blocking” software to prevent the collection of their personal data for targeted
Table of Conte n ts
advertising purposes. As a result, we may be required to change the way we market our offerings, and any of these developments or changes could significantly impair our ability to reach new or existing customers or otherwise negatively affect our operations.
Further, our business relies significantly on our ability to accept credit or debit card payments. Such payments are subject to the Payment Card Industry, or PCI, Data Security Standard (“DSS”), which is a multifaceted security standard that is designed to protect credit card account data. We rely on vendors to handle PCI matters and to ensure PCI compliance. Despite our compliance efforts, we may become subject to claims that we have violated the PCI-DSS based on past, present, and future business practices. In addition, payment card networks may adopt changes to the PCI-DSS, or change their interpretations of such rules in a way that we or our processors might find it difficult or even impossible to follow, or costly to implement. If we violate the PCI-DSS or other applicable rules, we may incur fines, restrictions on our ability to accept payment cards, or suffer reputational harm, all of which could have an adverse impact on our business. with PCI-DSS can result in ranging from $5,000 to $100,000 per month by credit card companies, , to our reputation, and revenue .
Obligations related to data privacy and security (and individuals’ data privacy expectations) are quickly changing, becoming increasingly stringent, and creating uncertainty. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources, which may necessitate changes to our services, information technologies, systems, and practices and to those of any third parties that process personal data on our behalf.
We may at times fail (or be perceived to have failed) in our efforts to comply with our data privacy and security obligations. Moreover, despite our efforts, our personnel or third parties with whom we work have in some cases failed and may fail in the future to comply with such obligations, which could negatively impact our business operations. Any failure or perceived failure by us to comply with laws, regulations, policies, legal, or contractual obligations, industry standards, or regulatory guidance relating to privacy, data protection, or information security, may result in governmental investigations and enforcement actions, litigation (including class claims), fines and penalties, or adverse publicity, and could cause our customers, travelers, suppliers, and other partners to trust in us, which could have an effect on our reputation and business. Furthermore, there can be no assurance that the of liability in our contracts would be enforceable or adequate or would otherwise protect us from liabilities or if we to comply with applicable privacy and security laws, privacy policies, or data protection obligations related to information security or security . We also cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or to mitigate liabilities arising out of our privacy and security practices, that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future .
We expect that there will continue to be new proposed laws, regulations, and industry standards relating to privacy, data protection, information security, marketing, and consumer communications, and we cannot determine the impact such future laws, regulations, and standards may have on our business. Future laws, regulations, standards, and other obligations or any changed interpretation of existing laws or regulations could impair our ability to develop and market new functionality and maintain and grow our customer base and increase revenue. Future restrictions on the collection, use, sharing, or disclosure of data, or additional requirements for express or implied consent of our customers, travelers, suppliers, or other partners for the use and disclosure of such information could require us to incur additional costs or modify our platform, possibly in a material manner, and could limit our ability to develop new functionality.
If we are not able to comply with these laws or regulations, or if we become liable under these laws or regulations, our business, financial condition, or reputation could be harmed, and we may be forced to implement new measures to reduce our exposure to this liability. This may require us to expend substantial resources or to discontinue certain products or services, which would negatively affect our business, financial condition, and results of operations. In addition, the increased attention focused upon
Table of Conte n ts
liability issues as a result of lawsuits, regulatory investigations, and legislative proposals could harm our reputation or otherwise adversely affect the growth of our business. Furthermore, any costs incurred as a result of this potential liability could harm our business, financial condition, results of operations, and prospects.
We, our suppliers, our other partners, our customers, and others who use our services obtain and process a large amount of sensitive data. If our information technology systems or data, or those of the third parties upon with whom we work, including our suppliers, our other partners, or customers, are or were compromised, we could experience adverse impacts resulting from such compromise, including, but not limited to, regulatory investigations or actions, litigation, fines and penalties, interruptions to our operations, claims that we breached our data protection obligations, harm to our reputation, and a loss of future customers or sales and other adverse consequences.
In the ordinary course of our business, we, our suppliers, payment or expense service partners, our other partners, our customers, and the third-party vendors and data centers that we use, obtain and process large amounts of sensitive data, including personal data related to our customers and travelers and their transactions, as well as other data of the counterparties to their transactions.
We, and the suppliers, partners and other third-party vendors and data centers that we use, have experienced, and may in the future experience, cybersecurity attacks and threats, including threats or attempts to disrupt our information technology infrastructure and unauthorized attempts to gain access to sensitive or confidential information. Cybersecurity incidents and malicious internet-based activity continue to increase, and providers of cloud-based services have frequently been targeted by such attacks. These cybersecurity challenges, including threats to our own IT infrastructure or those of our customers or third-party providers, may take a variety of forms ranging from stolen credit cards, compromised business and personal information, errors or malfeasance of our personnel, including personnel who have authorized access to our systems and/or information, customer employee , account takeover, social engineering (including through deep fakes, which may be increasingly more to identify as fake, and phishing attacks), ransomware, code (such as viruses and worms), malware (including as a result of advanced intrusions), -of-service attacks, credential stuffing attacks, credential harvesting, personnel or , supply-chain attacks, software bugs, server , software or hardware , of data or other information technology assets, adware, telecommunications , earthquakes, fires, floods, attacks or facilitated by AI, and other similar . In particular, ransomware attacks are becoming increasingly prevalent and can lead to significant in our operations, ability to provide our offerings, of sensitive data and income, reputational , and of funds. Extortion payments may alleviate the impact of a ransomware attack, but we may be or to make such payments due to, for example, applicable laws or regulations prohibiting such payments. These could be initiated by individuals or groups of hackers or sophisticated cyber (including the deployment of malware such as code, viruses, and worms). State-sponsored cybersecurity attacks could also our business, financial condition, results of operations, and prospects. actors, nation-states, and nation-state-supported actors now engage, and are expected to continue to engage, in cyber-attacks, including for geopolitical reasons and in connection with military and operations. During times of war and other major , we and the third parties upon which we rely may be to heightened risk of these attacks, including cyber-attacks that could significantly our systems and operations, supply chain, and ability to provide our services.
It may be difficult and/or costly to detect, investigate, mitigate, contain, and remediate a security incident. Our efforts to do so may not be successful. Actions taken by us or the third parties with whom we work to detect, investigate, mitigate, contain, and remediate a security incident could result in outages, data losses, and disruptions of our business. Threat actors may also gain access to other networks and systems after a compromise of our networks and systems. For example, threat actors may use an initial compromise of one part of our environment to gain access to other parts of our environment, or leverage a compromise of our networks or systems to gain access to the networks or systems of third parties with
Table of Conte n ts
whom we work, such as through phishing or supply chain attacks. Future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be difficult to integrate companies into our information technology environment and security program.
We employ a shared responsibility model where our customers are responsible for using, configuring and otherwise implementing security measures related to our platform and offerings in a manner that meets applicable cybersecurity standards, complies with laws, and addresses their information security risk. As part of this shared responsibility security model, we make certain security features available to our customers that can be implemented at our customers’ discretion, or identify security areas or measures for which our customers are responsible. In certain cases where our customers choose not to implement, or incorrectly implement, those features or measures, misuse our services, or otherwise experience their own vulnerabilities, policy violations, credential exposure or security incidents, even if we are not the cause of a resulting customer security issue or incident, our customer relationships reputation, and revenue may be adversely impacted.
The techniques used to sabotage or to obtain unauthorized access to our information technology systems or those upon whom we rely to process our information change frequently, and we have not always been able in the past and may be unable in the future to anticipate such techniques or implement adequate preventative measures or to stop security breaches in all instances. The recovery systems, security protocols, network protection mechanisms, and other security measures that we have integrated into our information technology systems, which are designed to protect against, detect, and minimize security breaches, may not be adequate to prevent or detect service interruption, system failure, or data loss. Third parties may also attempt to and successfully exploit vulnerabilities in, or obtain access to, platforms, systems, networks, and/or physical facilities utilized by us or others upon whom we rely. For more information on this risk, see the section titled “—Risks Related to Our Business and Industry—Dependence on third-party service providers by us and our suppliers involves risks, including security , service , and operational that could compromise confidential information, business operations, and our reputation. or in these services have and may in the future the delivery of our platform, our business.”
We take steps designed to detect, mitigate, and remediate vulnerabilities in our information systems (such as our hardware and/or software, including that of third parties with whom we work). We have not and may not in the future, however, detect and remediate all such vulnerabilities including on a timely basis. Further, we have and may in the future experience delays in developing and deploying remedial measures and patches designed to address identified vulnerabilities. Even if we have issued or otherwise made patches or information for vulnerabilities in our software applications or offerings, our customers may be unwilling or unable to deploy such patches and use such information effectively and in a timely manner. Vulnerabilities could be exploited and result in a security incident.
We and our suppliers have in the past experienced cybersecurity incidents of a limited scale. We may be unable to anticipate or prevent techniques used in the future to obtain unauthorized access or to sabotage systems because they change frequently and often are not detected until after an incident has occurred.
We have certain administrative, technical, and physical security measures in place, and we have policies and procedures in place to contractually require service providers to whom we disclose data to implement and maintain reasonable privacy, data protection, and information security measures. Certain data privacy and security obligations have required us to implement and maintain specific security measures or industry-standard or reasonable security measures to protect our information technology systems and sensitive information. However, if our privacy protection, data protection, or information security measures or those of the previously mentioned third parties are inadequate or are breached or
Table of Conte n ts
are perceived to be inadequate or breached, our reputation and business could be damaged. Recent high-profile security breaches and related disclosures of sensitive data by large institutions suggest that the risk of such events is significant, even if privacy, data protection, and information security measures are implemented and enforced. If sensitive information is lost or improperly disclosed or threatened to be disclosed, we could incur significant costs associated with remediation and the implementation of additional security measures, and we may incur significant liability and financial loss and be subject to regulatory scrutiny, investigations, proceedings, and penalties.
Additionally, if our own confidential business information were improperly disclosed, our business, financial condition, results of operations, and prospects could be harmed. A core aspect of our business is the reliability and security of our platform. Any perceived or actual breach of security, regardless of how it occurs or the extent of the breach, could have a significant impact on our reputation as a trusted brand, cause us to lose existing partners or other customers and travelers, prevent us from obtaining new partners and other customers, require us to expend significant funds to remedy problems caused by breaches and implement measures to prevent further breaches, and expose us to legal risk and potential liability including those resulting from governmental or regulatory investigations, class action litigation, and costs associated with remediation, such as monitoring and forensics. Further, applicable privacy and security obligations may require us to notify relevant stakeholders of security . Such disclosures are , and the disclosures or the to comply with such requirements could lead to consequences. Any actual or perceived security at a company providing services to us or our customers could have similar effects. Further, as many of our employees continue to work remotely, such as our customer support agents, these cybersecurity risks are heightened by an increased attack surface across our business and those of our partners and service providers. We have heightened monitoring in the face of such risks, but cannot guarantee that our efforts, or the efforts of those upon whom we rely and partner with, will be in any such information security .
In addition to experiencing a security incident, third parties may gather, collect, or infer sensitive information about us from public sources, data brokers, or other means that reveals competitively sensitive details about our organization and could be used to undermine our competitive advantage or market position. Additionally, our sensitive information or that of our customers could be leaked, disclosed, or revealed as a result of or in connection with our employees’, personnel’s, or vendors’ use of AI technologies.
While we maintain cybersecurity insurance, our insurance may be insufficient or may not cover all liabilities incurred as a result of cybersecurity attacks. We also cannot be certain that our insurance coverage will be adequate for data handling or data security liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could negatively impact our business, financial condition, results of operations, and prospects.
If we are unable to ensure that our platform interoperates with a variety of software applications that are developed by others, including our suppliers and other partners, we may become less competitive and our business, results of operations, and financial condition may be harmed.
Our platform must integrate with a variety of hardware and software platforms, and we need to continuously modify and enhance our platform to adapt to changes in hardware, software and browser technologies. In particular, we have developed our platform to be able to easily integrate with third-party applications, including the applications of software providers that compete with us as well as our suppliers and other partners, through the interaction of APIs and/or platforms. In general, we rely on the providers of such software systems to allow us access to their APIs to enable these integrations. We are typically subject to standard terms and conditions of such providers, which govern the distribution, operation, and
Table of Conte n ts
fees of such software systems, and which are subject to change by such providers from time to time. Our business will be harmed if any provider of such software systems:
• discontinues or limits our access to its software (including legacy software) or APIs;
• modifies its terms of service or other policies, including fees charged to, or other restrictions on us, or other application developers;
• changes how information is accessed by us or our customers;
• establishes more favorable relationships with one or more of our competitors; or
• develops or otherwise favors its own competitive offerings over our platform.
The agreements under which we in-license intellectual property or technology from third parties may be complex, and certain provisions in such agreements may be susceptible to multiple interpretations. The resolution of any contract interpretation disagreement that may arise could narrow the scope of our rights to the relevant technology or increase our financial or other obligations. Moreover, if disputes over intellectual property we have in-licensed, or in-license in the future, prevent or impair our ability to maintain our licensing arrangements on commercially acceptable terms, we may experience disruptions to our business or to the development of product candidates. Any of the foregoing outcomes could harm our business, financial condition, and results of operations.
Third-party services and products are constantly evolving, and we may not be able to modify our platform to assure its compatibility with that of other third parties. Should any of our third-party services or product providers modify their products or standards in a manner that degrades the functionality of our platform or gives preferential treatment to competitive products or services, whether to enhance their competitive position or for any other reason, or if we are not permitted or able to integrate with these and other third-party applications in the future, our business, results of operations, and financial condition could be harmed. In addition, some of our competitors may be able to disrupt the operations or compatibility of our platform with their products or services. Such competitors may also be able to exert strong business influence on our ability to, and the terms on which we, operate our platform.
Further, our platform includes mobile applications to enable individuals and companies to access our platform through their mobile devices. If our mobile applications do not perform well, our business will suffer. In addition, our platform interoperates with servers, mobile devices, and software applications predominantly through the use of protocols, many of which are created and maintained by third parties. We therefore depend on the interoperability of our platform with such third-party services, mobile devices, and mobile operating systems, as well as cloud-enabled hardware, software, networking, browsers, database technologies, and protocols that we do not control. The loss of interoperability, whether due to actions of third parties or otherwise, and any changes in technologies that degrade the functionality of our platform or give preferential treatment to competitive services could adversely affect adoption of our offerings and engagement with our platform. Also, we may not be successful in developing or maintaining relationships with key participants in the mobile industry or in ensuring that our platform operates effectively with a range of operating systems, networks, devices, browsers, protocols, and standards. If we are to effectively anticipate and manage these risks, or if it is for customers to access and use our platform, our business, financial condition, results of operations, and prospects could be affected.
We use open-source software in our platform, which could subject us to litigation or other actions.
We use open-source software on our platform. Using open source software can incur greater risk than using third-party commercial software due to the fact that open source licensors do not provide warranties, maintenance and support, or other contractual protections. Open source software may also present a heightened risk of security vulnerabilities, including due to the intentional acts of malicious actors who inject such vulnerabilities into the code, or to older versions of the software not remaining
Table of Conte n ts
current with applicable updates and patches to address vulnerabilities or other bugs. In addition, if we were to combine our proprietary technology with open-source software in a certain manner under certain open-source licenses, we could be required to release the source code of our proprietary technology. While we take precautions to monitor our use of open-source software, if we inappropriately use or incorporate open-source software subject to certain types of open-source licenses that challenge the proprietary nature of our offerings, we may be subject to claims that we violated the license requirements, or be required to re-engineer such offerings, discontinue the sale of such offerings, or take other remedial actions.
Our use of artificial intelligence, including Gen AI and ML, gives rise to legal, business, and operational risks, which may result in diminished performance, regulatory scrutiny, social impacts, reputational harm, and liability arising from the use of this technology.
We currently use AI, including Gen AI and ML, in our platform framework and our offerings, as well as new agentic AI and Gen AI developments, including in our Navan Cognition framework and product interface enhancements such as Navan Edge. The rapid evolution of AI, including Gen AI and ML, technologies will continue to require the application of significant resources to adopt, develop, test, integrate, and maintain the technologies included in our platform framework and our offerings in order to remain competitive, implement these technologies responsibly, and minimize unintended or harmful impacts. There are significant risks involved in adopting, developing, maintaining, and deploying these technologies, and there can be no assurance that the usage of such technologies will enhance our offerings or services or be beneficial to our business, including our efficiency or profitability. In particular, AI, including Gen AI and ML, technologies may be incorrectly designed or implemented; may be trained or reliant on incomplete, inadequate, , biased, or otherwise quality data or on data to which we or third parties do not have sufficient rights; may produce results that are or or may take actions from user queries and inputs, even with no hallucinations; and/or may be impacted by , technical , cybersecurity , third-party or regulatory action, or material performance issues. Any of the above could impact the performance of our offerings and business, as well as our reputation, and we could be subject to civil or incur liability and costs resulting from the actual or perceived of laws or contracts to which we are a party.
In addition, AI technologies, including agentic AI, may be vulnerable to adversarial user behavior or create inaccurate or misleading content or other discriminatory or unexpected results or behaviors, such as hallucinatory behavior that can generate irrelevant, unintended, nonsensical, or factually incorrect results. Our customers may rely on or use this flawed content or information to their detriment, which may expose us to brand or reputational harm, competitive harm, consumer complaints, legal liability, and other adverse consequences, any of which could harm our business, results of operations, and financial condition.
Development, maintenance and operation of AI, including Gen AI and ML, technologies requires additional investment in the development of proprietary datasets, machine learning models, and systems to train and operate models, and monitor and test for accuracy, bias, and other variables, which are complex, costly, and could impact our profit margin as we expand the use of AI, including Gen AI and ML, technologies in our offerings.
In addition to our proprietary technologies, we use, or may use, AI, including Gen AI and ML, technologies licensed from third parties. Our ability to continue to adopt, integrate and use such technologies at the scale we may need may be dependent on access to specific third-party software and infrastructure, such as processing hardware or third-party AI models, and we cannot control the quality, availability or pricing of such third-party software and infrastructure, especially in a highly competitive environment. If any such third-party AI, including Gen AI and ML, technologies become incompatible with our offerings or unavailable for use or have degradations in performance, or if the providers of such models unfavorably change the terms on which their AI, including Gen AI and ML, technologies are offered or terminate their relationship with us, our solutions may become less appealing to our customers.
Table of Conte n ts
In addition, to the extent any third-party AI, including Gen AI and ML, technologies are used as a vendor hosted service, any disruption, outage, or loss of information through such hosted services could disrupt our operations or solutions, damage our reputation, cause a loss of confidence in our solutions, or result in legal claims or proceedings, for which we may be unable to recover damages from the affected provider.
We face competition from other companies in our industry with respect to the development and deployment of AI, including Gen AI and ML, technologies to enhance our competitive offerings. Those other companies may develop AI, including Gen AI and ML, technologies that are similar or superior to ours and/or are more cost-effective and/or quicker to develop, deploy, and maintain. Any inability to develop, offer or deploy new AI, including Gen AI and ML, technologies as effectively, quickly and/or as cost-efficiently as our competitors could negatively impact our operating results, customer relationships, and growth.
The regulatory and intellectual property frameworks governing the use and protection of AI, including Gen AI and ML, technologies and of its outputs are rapidly evolving, and we cannot predict how future legislation and regulation will impact our ability to offer and protect offerings that we develop which leverage AI, including Gen AI and ML, technologies. Many federal, state, and foreign government bodies and agencies have introduced or proposed additional laws and regulations, such as the EU’s AI Act, the Colorado Artificial Intelligence Act, California Bot Disclosure Law, the Utah Artificial Intelligence Policy Act, and the CCPA regulations on automated decision-making technology. For example, the EU AI Act sets out a risk-based framework, subjecting certain AI technologies to numerous compliance obligations, including transparency, conformity and risk assessment, monitoring and human oversight requirements. Under the EU AI Act, non-compliant companies may be subject to administrative fines of up to 35 million Euros or 7% of a company’s total worldwide annual turnover for the preceding financial year, whichever is the higher. We may have to adapt our business practices, contractual arrangements, and services to comply with such obligations. We expect other jurisdictions will adopt similar laws.
Additionally, certain privacy laws extend rights to consumers (such as the right to delete certain personal data) and regulate automated decision making, which may be incompatible with our use of AI, including Gen AI and ML. These obligations may make it harder for us to conduct our business using AI, including Gen AI and ML, lead to regulatory fines or penalties, require us to change our business practices, retrain our AI, including Gen AI and ML, or prevent or limit our use of AI, including Gen AI and ML. For example, the FTC has required other companies to turn over (or disgorge) valuable insights or trainings generated through the use of AI, including Gen AI and ML where they allege the company has violated privacy and consumer protection laws.
Existing laws and regulations may also be interpreted in ways that would affect the operation of and availability of IP protection for our AI, including Gen AI and ML, technologies, as well as the outputs from our use of such technologies. Further, countries and states are applying their data and consumer protection laws to AI technologies, and particularly generative AI and interactive chatbots. As a result, implementation standards, enforcement practices, and available scope of protection are likely to remain uncertain for the foreseeable future, and we cannot yet determine the impact future laws, regulations, or standards may have on our business (including our positioning with respect to our competition) and may not always be able to anticipate how to respond to these laws or regulations. Already, certain existing legal regimes (such as those relating to data privacy) regulate certain aspects of AI, including Gen AI and ML, technologies, and new laws regulating AI, including Gen AI and ML, technologies are expected to continue to be proposed and enacted in the United States and globally.
It is also possible that new laws and regulations will be adopted in the United States and in other non-U.S. jurisdictions, or that existing laws and regulations, including data privacy, consumer protection, competition laws, may be interpreted in ways that would limit our ability to use AI, including Gen AI and ML, technologies for our business, or require us to change the way we use AI, including Gen AI and ML, technologies in a manner that negatively affects the performance of our offerings, services, and business and requires us to expend resources and adjust our offerings or services in certain jurisdictions. Further,
Table of Conte n ts
the cost to comply with such laws, regulations, or decisions and/or guidance interpreting existing laws, could be significant and would increase our operating expenses (such as by imposing additional reporting obligations regarding our use of AI, including Gen AI and ML, technologies). Such an increase in operating expenses, as well as any actual or perceived failure to comply with such laws and regulations, could adversely affect our business, financial condition and results of operations.
Any sensitive information (including confidential, competitive, proprietary, or personal data) that we or our customers and their users input into a third-party Gen AI, including Gen AI or ML, platform could be leaked or disclosed to others, including if sensitive information is used to train the third parties’ AI, including Gen AI or ML, model. Additionally, where an AI model, including Gen AI or ML, ingests personal data and makes connections using such data, those technologies may reveal other personal or sensitive information generated by the model.
Our failure or inability to protect our intellectual property rights, or claims by others that we are infringing upon or unlawfully using their intellectual property, could diminish the value of our brand and weaken our competitive position, and could adversely affect our business, financial condition, results of operations, and prospects.
We currently rely on a combination of copyright, patent, trademark, trade secret, and unfair competition laws, as well as confidentiality agreements and procedures and licensing arrangements, to establish and protect our intellectual property rights. We have devoted substantial resources to the development of our proprietary technologies and related processes. In order to protect our proprietary technologies and processes, we rely in part on trade-secret laws and confidentiality agreements with our employees, licensees, independent contractors, suppliers, partners, and other advisors. These agreements may not effectively prevent disclosure of confidential information and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. We cannot be certain that the steps taken by us to protect our intellectual property rights will be adequate to prevent infringement of such rights by others. Additionally, the process of obtaining patent or trademark protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications or apply for all necessary or desirable trademark applications at a reasonable cost or in a timely manner. Even if we are in such , such legal protections may be or time-limited. Though an issued patent is presumed valid and enforceable, this presumption is not . Patents, if issued, may be , deemed unenforceable, or and the related proceedings could be . And even if not , patents only have a limited lifespan. Furthermore, the issuance of a patent does not give us the right to practice the patented . Third parties may have blocking patents that could prevent us from marketing our own products and practicing our own technology. Alternatively, third parties may seek approval to market their own products that are competitive with our offerings. Thus, any patents that we may own may not provide any protection competitors. Competitors may also attempt to replicate or reverse engineer our offerings, design around our patents, or develop and obtain patent protection for more products.
Moreover, intellectual property protection may be unavailable or limited in some foreign countries where laws or law enforcement practices may not protect our intellectual property rights as fully as in the United States, and it may be more difficult for us to successfully challenge the use of our intellectual property rights by other parties in these countries. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and our failure or inability to obtain or maintain trade-secret protection or otherwise protect our proprietary rights could adversely affect our business, financial condition, results of operations, and prospects.
Additionally, although we require our employees, third-party providers, and contractors to assign or grant us rights in the intellectual property they create while working for us, we may not have entered into enforceable agreements in every case or may not have sufficient rights to certain works developed before the execution of such agreements. Further, applicable laws may limit the enforceability or scope of such assignments. If we are unable to adequately establish our ownership of intellectual property created for us, or if such intellectual property is later found to be owned by others, we could face claims of
Table of Conte n ts
infringement, be required to obtain additional licenses on unfavorable terms, or lose valuable rights, any of which could adversely affect our business, financial condition, results of operations, and prospects.
We have in the past and may in the future be subject to patent infringement and trademark claims and lawsuits in various jurisdictions, and we cannot be certain that our platform and solutions or activities do not violate the patents, trademarks, or other intellectual property rights of third-party claimants. Companies in the technology industry and other patent, copyright, and trademark-holders seeking to profit from royalties in connection with grants of licenses own large numbers of patents, copyrights, trademarks, domain names, and trade secrets and frequently commence litigation based on allegations of infringement, misappropriation, or other violations of intellectual property or other rights. As we face increasing competition and gain an increasingly high profile, the intellectual property rights claims against us have grown and will likely continue to grow.
Further, from time to time, we may receive letters from third parties alleging that we are infringing upon their intellectual property rights or inviting us to license their intellectual property rights. Our technologies and other intellectual property may not be able to withstand such third-party claims, and successful infringement claims against us could result in significant monetary liability, prevent us from selling some of our products and services, or require us to change our branding. In addition, resolution of claims may require us to redesign our platform and offerings, license rights from third parties at a significant expense, or cease using those rights altogether. We may in the future bring claims against third parties for infringing our intellectual property rights. Costs of supporting such and may be considerable, and there can be no assurances that a outcome will be obtained. Patent , trademark , trade secret , and other intellectual property and proceedings brought us or brought by us, whether or not, could require significant attention of our management and resources and have in the past and could further result in substantial costs, to our brand, and could affect our business, financial condition, results of operations, and prospects.
If we do not adequately identify our patentable inventions or protect our patent rights, the value of our offerings may be adversely affected and our business, financial condition, results of operations, and prospects could be adversely affected.
We have issued patents and a number of pending patent applications in the United States to protect our intellectual property and competitive position. However, we may fail to timely identify or protect patentable inventions, particularly those arising in the course of development activities conducted by or on behalf of us. If we do not file for patent protection in a timely manner, we may lose the opportunity to secure such protection. Moreover, although we enter into confidentiality and non-disclosure agreements with employees, consultants, collaborators, suppliers, and other third parties, there is a risk that such parties could breach these agreements and disclose proprietary information before a patent application is filed, thereby jeopardizing our rights. We may also rely on in-licenses to patents or patent applications owned by third parties. Depending on the terms of the applicable licenses, we may not have control over the prosecution, maintenance, or enforcement of such intellectual property rights, and such activities may not be conducted in a manner that is consistent with our best interests.
Additionally, some of our current and future patents and applications may share ownership with or require cross-licenses with third parties. If we are unable to obtain exclusive rights to such shared or cross-licensed intellectual property, the other co-owners may license their rights to third parties, including competitors. Furthermore, enforcement of shared patents may require cooperation from co-owners, which may not be forthcoming. Any of these factors could impair our ability to protect our innovations, limit our competitive advantage, and adversely affect our business, financial condition, and results of operations.
Our reliance on third parties, including employees located outside of the United States, for the development of our intellectual property exposes us to additional risks, including limited enforceability of intellectual property rights, potential violations of U.S. export controls, and increased risk of intellectual property theft or misappropriation.
Table of Conte n ts
We rely, or may rely, on employees and third-party service providers located outside of the United States for certain aspects of development for our products and services. The use of foreign developers may expose us to risks related to trade secrets, confidentiality, and the assignment of intellectual property rights, particularly where local laws may not recognize or enforce contractual provisions related to ownership or confidentiality in the same manner as we expect in the United States. We also face risks related to compliance with U.S. export control laws and regulations when sharing technology or technical data with foreign nationals. Any failure to adequately secure our intellectual property rights or comply with applicable laws could harm our business, financial condition, results of operations, and prospects.
Risks Related to Legal and Regulatory Matters
Payments and other financial services-related regulations and oversight are or may become material to our business. Our failure to comply could harm our business.
We are directly and indirectly subject to local, state, and federal laws, rules, regulations, licensing and other authorization schemes, including card network scheme rules, and industry standards that govern our business, activities, as well as the services our vendors and our partners provide (such as our corporate card offering, which our partner banks offer via Navan). These laws, rules, regulations, and licensing and authorization schemes include, or may in the future include, those relating to banking, invoicing, cross-border and domestic money transmission, foreign exchange, payments services (such as payment processing and settlement services), lending, brokering, servicing, debt collection, anti-money laundering, counter-terrorism financing, escheatment, U.S. and international sanctions regimes, and compliance with the PCI-DSS. These laws, rules, regulations, licensing and other authorization schemes, and industry standards are complex, subject to change, vary across different jurisdictions, and are implemented and enforced in the United States by multiple authorities and governing bodies, including but not limited to the U.S. Department of the Treasury, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the U.S. Department of Treasury’s Office of Foreign Assets Control, or OFAC, self-regulatory organizations, state banking departments, and numerous state and local governmental and regulatory authorities. We may not always be able to accurately predict the scope or applicability of certain laws, rules, regulations, licensing schemes, or standards to our business, or interpretations of the same, particularly as we expand into new areas of operations, which could have a significant effect on our existing business and our ability to pursue future plans.
Banking agencies, including the Office of the Comptroller of the Currency, also have imposed requirements on regulated financial institutions to manage their third-party service providers. Among other things, these requirements include performing appropriate due diligence when selecting third-party service providers; evaluating the risk management, information security, and information management systems of third-party service providers; imposing contractual protections in agreements with third-party service providers (such as performance measures, audit and remediation rights, indemnification, compliance requirements, confidentiality and information security obligations, insurance requirements, and limits on liability); and conducting ongoing monitoring of the performance of third-party service providers. Our relationships with our banks, as well as third-party service providers we engage in connection with our banking relationships, require accommodating these requirements and therefore impose additional costs and risks on us in connection with such arrangements. We expect to expend significant resources on an ongoing basis in an effort to assist our bank partners in meeting their legal requirements.
Further, any failure or perceived failure to comply with existing or new laws and regulations, or orders of any governmental authority, including changes to or expansion of their interpretations, may subject us to significant fines, penalties, criminal and civil lawsuits, forfeiture of significant assets, enforcement actions in one or more jurisdictions, may result in additional compliance and licensing or registration requirements, and may increase regulatory scrutiny of our business. We have been and may continue to be subject to such regulatory scrutiny. In particular, while we believe that we are not currently subject to licensing, registration, and related types of regulatory requirements with respect to our Expense Management offerings, we may still receive inquiries from regulators given our offering to corporate
Table of Conte n ts
customers of credit cards issued by an issuing bank. Further, if any of our current or future product offerings become subject to additional lending-, payment-, or other financial service-related laws or regulations in the future, we could be subject to licensing and registration requirements that impose obligations and restrictions with respect to the investment of customer funds, reporting requirements, bonding requirements, minimum capital requirements, customer disclosure requirements, and oversight and examination by state regulatory agencies concerning various aspects of our business. This could also require changes to the manner in which we conduct some aspects of our business and increase our compliance costs.
The adoption of new or amended money transmitter or money services business statutes and regulations or changes in regulators’ interpretation of existing state and federal money transmitter or money services business statutes or regulations could subject us to new registration or licensing requirements. Such changes could also limit business activities until we are appropriately licensed. There can be no assurance that we will be able to obtain or maintain any such licenses, and, even if we were able to do so, there could be substantial costs and potential product changes involved in obtaining and maintaining such licenses, which could negatively impact our business. In addition, we may be forced to restrict or change our operations or business practices, make product changes, or delay planned product launches or improvements.
Many of these laws and regulations are evolving, unclear, and inconsistent across various jurisdictions, and ensuring compliance with them is difficult and costly. With increasing frequency, federal and state regulators are holding businesses in the lending and payments industry to higher standards of training, monitoring, and compliance, including monitoring for possible violations of laws by our customers and people who do business with our customers while using our products. If we fail to comply with laws and regulations applicable to our business in a timely and appropriate manner, we may be subject to litigation or regulatory proceedings, we may have to pay fines and penalties, and our customer relationships and reputation may be adversely affected, which could negatively impact our business, results of operations, and financial condition. Any of the foregoing could negatively impact our brand, reputation, business, results of operations, and financial condition.
We are subject to governmental laws and requirements regarding economic and trade sanctions, anti-money laundering, and counter-terrorism financing that could impair our ability to compete in international markets or subject us to criminal or civil liability if we violate such laws.
As we continue to expand internationally, we will become subject to additional laws and regulations, and will need to implement new regulatory controls to comply with applicable laws. We are currently required to comply with U.S. economic and trade sanctions administered by OFAC, and we have processes in place to comply with such OFAC regulations as well as similar requirements in other jurisdictions, including the United Kingdom and European Union. Under OFAC and other applicable sanctions laws and regulations, direct and indirect transactions or other business dealings and activities, including the facilitation of such transactions and the provision of certain products and/or services, to specified countries, governments, individuals, and entities are prohibited. As part of our compliance efforts, we scan our customers and counterparties against OFAC and other governmental watch lists. We are also subject to or otherwise required by contract to comply with and address various anti-money laundering and counter-terrorist financing laws, regulations, and standards around the world that require the maintenance of an anti-money laundering compliance program and prohibit, among other things, facilitating transactions involving the proceeds of criminal activities or other illicit activities. Our financial institution partners as well as regulators in the United States and globally continue to increase their of compliance with these obligations, which may require us to further invest resources in, or otherwise revise or expand our compliance program, including the procedures we use to verify the identity of our customers and to monitor transactions facilitated through our services, including payments to persons outside of the United States. Additionally, we currently engage in limited activity in OFAC-sanctioned regions based upon general licenses issued by OFAC to engage in such activity. We also have sought specific licenses from OFAC when required. We continue to review the OFAC sanctions and our practices to verify compliance. We could be subject to or other enforcement action, and
Table of Conte n ts
and desist orders, if we are found to violate these laws, and our relationships with our financial institution partners could be at risk of or could be subject to termination or other adverse consequences.
Violations of sanctions and anti-money laundering laws and regulations could lead to fines, criminal sanctions against us, our officers, or our employees, cessation of business activities in sanctioned countries, implementation of compliance programs, and prohibitions on the conduct of our business. Any such violations could include prohibitions on our ability to offer our services in our or more countries, and could significantly damage our reputation, our brand, our international expansion efforts, our ability to attract and retain employees, and our business, prospects, operating results, and financial condition.
We are subject to anti-corruption, anti-bribery, and similar laws, and non-compliance with such laws can subject us to criminal or civil liability and harm our business.
We are subject to the FCPA, U.S. domestic bribery laws, and other anti-corruption laws, including the UK Bribery Act. Anti-corruption and anti-bribery laws are interpreted broadly to generally prohibit companies, their employees, and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public sector. These laws also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent any such actions. As we increase our international cross-border business and expand operations abroad, we may engage with business partners and third-party intermediaries to market our services and obtain necessary permits, licenses, and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize or have actual knowledge of such activities. In addition, we cannot you that all of our employees and agents will not take actions in of our Company compliance policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.
Any allegations or violation of the FCPA or other applicable anti-bribery, and anti-corruption laws could result in whistleblower complaints, sanctions, settlements, prosecution, enforcement actions, fines, damages, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, or suspension or debarment from U.S. government contracts, all of which could harm our business, financial condition, results of operations, and prospects. Responding to any investigation or action will likely result in a significant of management’s attention and resources and significant defense costs and other professional fees. If any are received or are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or proceeding, our business, financial condition, results of operations, and prospects could be affected. In addition, the U.S. government may seek to hold us liable for successor liability for FCPA committed by companies in which we invest or that we acquire. As a general matter, , enforcement actions, and sanctions could our reputation, business, results of operations, and financial condition.
We will face risks associated with the growth of our business with certain heavily regulated industry verticals.
We market and sell our offerings to customers in heavily regulated industry verticals. As a result, we face additional regulatory scrutiny, risks, and burdens from the governmental entities and agencies which regulate those industries. Selling to and supporting customers in heavily regulated verticals and expanding in those verticals will continue to require significant resources, and there is no guarantee that such efforts will be successful or beneficial to us. If we are unable to successfully maintain or expand our market share in such verticals, or cost-effectively comply with governmental and regulatory requirements applicable to our activities with customers in such verticals, our business, financial condition, and results of operations may be harmed.
Table of Conte n ts
Current and future litigation against us could be costly and time-consuming to defend.
In addition to intellectual property litigation, we have in the past and may in the future become subject to legal proceedings and claims or regulatory inquiries or proceedings that arise in the ordinary course of business, such as claims brought by our customers in connection with commercial disputes, employment claims made by our current or former employees, or claims for reimbursement following misappropriation of customer data. Insurance might not cover such claims, might not provide sufficient payments to cover all the costs to resolve one or more such claims, and might not continue to be available on terms acceptable to us. For example, on February 23, 2026, a putative securities class action complaint was filed against us and our directors and certain of our current and former executive officers in the U.S. District Court for the Northern District of California of the Securities Act. A claim brought us that is or could result in costs, thereby reducing our results of operations and analysts or potential investors to reduce their expectations of our performance, which could reduce the trading price of our Class A common stock. might result in substantial costs and may management’s attention and resources, which could affect our business, financial condition, results of operations, and prospects.
Risks Related to Tax Matters
We could be subject to additional tax liabilities as a result of changes in tax laws.
We are subject to U.S. federal, state, and local income, sales, and other taxes in the United States, as well as foreign income, withholding, and value-added taxes, and other indirect taxes in numerous foreign jurisdictions. Significant judgment is required in evaluating our tax positions and our worldwide provision for income taxes. During the ordinary course of business, there are many activities and transactions for which the ultimate tax determination is uncertain. In addition, our future income tax obligations could be adversely affected by changes in, or interpretations of, tax laws in the United States or in other jurisdictions in which we operate.
In addition, the tax regimes we are subject to or operate under are unsettled and may be subject to significant change, which may become increasingly challenging as we expand our operations globally. Changes in tax laws, issuance of new tax rulings, or changes in interpretations of existing laws could cause us to be subject to additional income-based and non-income-based taxes, including payroll, sales, use, value-added, digital, net worth, property, and goods and services taxes, which could adversely affect our results of operations and financial condition. In particular, in 2025 the U.S. government enacted legislation commonly referred to as the One Big Beautiful Bill Act which, along with other recent U.S. federal tax reform legislation, has resulted in significant changes to the taxation of business entities including, among other changes, the imposition of minimum taxes or surtaxes on certain types of income, changes to the taxation of income derived from international operations, changes in the deduction and amortization of research and development expenditures, and limitations on the deductibility of business interest. In 2022, the Inflation Reduction Act was signed into law in the United States, which enacted, among other changes, a minimum tax on certain corporations with book income of at least $1 billion, subject to certain adjustments, and a 1% excise tax on certain stock buybacks and similar corporate actions. The issuance of additional regulatory or accounting guidance related to these and any future changes in tax law could significantly affect our tax obligations and tax rate in the period issued.
In addition, our tax obligations and effective tax rate in the countries where we do business could increase as a result of international tax developments, including the implementation of certain initiatives led by the Organization for Economic Cooperation and Development (the “OECD”) and the European Commission. For example, the OECD has been leading multilateral efforts on proposals, commonly referred to as “BEPS 2.0”, which include, among other measures, the imposition of a minimum effective corporate tax rate (referred to as “Pillar Two”). A number of countries in which we conduct business have enacted, or are in the process of enacting, core elements of the Pillar Two rules (with further provisions expected to be enacted in the future). Based on our understanding of the applicable minimum revenue thresholds, we currently expect that we do not fall within the scope of the Pillar Two rules. However, if we
Table of Conte n ts
become subject to the Pillar Two rules in the future, it could increase our overall tax obligations and result in additional compliance costs. We are monitoring developments and evaluating the potential impact of the Pillar Two rules and assessing our eligibility for applicable transitional and safe harbor provisions (including the additional safe harbor published by the OECD on January 5, 2026 as part of its proposed “side-by-side” arrangement, which applies to multinational groups headquartered in certain qualifying jurisdictions, which includes the United States).
Due to expansion of our international business activities, any changes in the U.S. taxation and foreign taxation of our cross-border activities may increase our worldwide effective tax rate and adversely affect our results of operations and financial condition. The enactment of legislation implementing changes in the U.S. taxation of international business activities or the adoption of other tax reform policies globally could adversely affect our business, financial condition, results of operations, and prospects.
Our ability to use our net operating loss carryforwards to offset future taxable income may be subject to certain limitations.
As of January 31, 2026, we had net operating loss (“NOL”) carryforwards of approximately $841.5 million, $702.2 million and $19.8 million for federal, state, and foreign tax purposes, respectively, that are available to reduce future taxable income. Under current U.S. federal income tax law, our NOLs generated in tax years beginning before January 1, 2018 will begin expiring in 2036, and our NOLs generated in tax years beginning after December 31, 2017 may be carried forward indefinitely, but utilization of such post-2017 NOLs that are carried forward to taxable years beginning after December 31, 2020 is limited to a maximum of 80% of the taxable income for such year determined without regard to such carryforwards. Our state NOL carryforwards will begin to expire in 2027. Our foreign NOLs will carryforward indefinitely. As of January 31, 2026, we had available research and development tax credit carryforwards of approximately $17.0 million and $13.2 million for federal and state tax purposes, respectively. If not utilized, our federal tax credits will expire at various dates beginning in 2036. Our state tax credits do not expire and will carry forward indefinitely. Also, for state income tax purposes, the extent to which states will conform to the U.S. federal income tax laws is uncertain and there may be periods during which the use of NOL or tax credit carryforwards is suspended or otherwise limited, which could accelerate or permanently increase state taxes owed. For example, California has enacted legislation that, with certain exceptions, suspends the ability to use California net operating to offset California income and limits the ability to use California business tax credits to offset California taxes, for taxable years beginning on or after January 1, 2024, and before January 1, 2027. Any such could our business, results of operations, financial condition or prospects.
In addition, under Sections 382 and 383 of the Code, a corporation that undergoes an “ownership change,” generally defined as a greater-than-50-percentage-point change (by value) in its equity ownership by certain stockholders over a three-year period, is subject to limitations on its ability to utilize its pre-change NOLs and other tax attributes such as research tax credits to offset future taxable income or income tax. We have identified certain ownership changes since our inception but do not believe that these changes will significantly impact our ability to use our NOL or tax credit carryforwards. We may have experienced additional ownership changes that have not yet been identified that could result in the expiration of our NOL or tax credit carryforwards before utilization.
In addition, we may experience ownership changes as a result of future stock offerings or other changes in the ownership of our stock. Future changes in our stock ownership, many of which are outside of our control, could result in an ownership change under Sections 382 or 383 of the Code. Furthermore, our ability to utilize NOL or tax credit carryforwards of companies that we acquire may be subject to limitations. For these reasons, we may not be able to utilize a significant portion of our NOL or tax credit carryforwards, even if we were to achieve profitability. In addition, any future changes in tax laws could impact our ability to utilize NOL or tax credit carryforwards in future years and may result in greater tax liabilities than we would otherwise incur and adversely affect our cash flows and financial position.
Table of Conte n ts
Our operating results may be negatively affected if we are required to pay additional sales and use tax, value added tax, or other transaction taxes, and we could be subject to liability with respect to all or a portion of past or future sales.
The application of U.S. federal, state, local, and foreign tax laws to our business, or any potential changes in our business model, is unclear and continually evolving. New tax laws, statutes, rules, regulations, or ordinances could be enacted at any time (possibly with retroactive effect) and could be applied solely or disproportionately to our business model or could otherwise negatively impact our results of operations and financial condition.
We currently collect and remit sales and use, value added and other transaction taxes in certain of the jurisdictions where we do business based on our assessment of the amount of taxes owed by us in such jurisdictions. However, in some jurisdictions in which we do business, we do not believe that we owe such taxes, and therefore we currently do not collect and remit such taxes in those jurisdictions or record contingent tax liabilities in respect of those jurisdictions. A successful assertion that we are required to pay additional taxes in connection with sales of our products and solutions, or the imposition of new laws or regulations or the interpretation of existing laws and regulations requiring the payment of additional taxes, would result in increased costs and administrative burdens for us. If we are subject to additional taxes and decide to offset such increased costs by collecting and remitting such taxes from our customers, or otherwise passing those costs through to our customers, our customers may be discouraged from purchasing our products and solutions. Any increased tax burden may decrease our ability or willingness to compete in relatively burdensome tax jurisdictions, result in substantial tax liabilities related to past or future sales, or otherwise seriously our business, results of operations, financial condition or prospects.
Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which could adversely affect our business, financial condition, results of operations, and prospects.
We are continuing to expand our international operations and staff to support our business in international markets. We generally conduct our international operations through wholly-owned subsidiaries and are or may be required to report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. Our intercompany relationships are subject to complex transfer-pricing regulations administered by taxing authorities in various jurisdictions in which we operate with potentially divergent tax laws. The amount of taxes we pay in different jurisdictions will depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies by taxing authorities and courts in various jurisdictions, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements then in effect. It is not uncommon for tax authorities in different countries to have conflicting views, for instance, with respect to, among other things, the manner in which the arm’s length standard is applied for transfer pricing purposes, the transfer-pricing and charges for intercompany services and other transactions, or with respect to the valuation of intellectual property. If taxing authorities in any of the jurisdictions in which we conduct our international operations were to successfully challenge our transfer pricing, we could be required to reallocate part or all of our income to reflect transfer-pricing adjustments, which could result in an increased tax liability to us. In such circumstances, if the country from which the income was reallocated does not agree to the reallocation, we could become subject to tax on the same income in both countries, resulting in double taxation.
In addition, we have been and may continue to be audited in various foreign jurisdictions, and such jurisdictions, including jurisdictions in which we are not currently filing, may assess new or additional taxes, sales taxes and value added taxes against us. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be significantly different from our historical tax provisions and accruals, which could have an adverse effect on our results of operations or
Table of Conte n ts
cash flows in the period or periods for which a determination is made, and could significantly harm our business, financial condition, results of operations, and prospects.
Changes in our effective tax rate or tax liability may adversely affect our results of operations.
Our effective tax rate could increase due to several factors, including:
• changes in the relative amounts of income before taxes in the various U.S. and international jurisdictions in which we operate due to differing statutory tax rates in various jurisdictions;
• changes in tax laws, tax treaties, and regulations or the interpretation of them;
• changes in our international operations, corporate structure, business model, or intercompany arrangements;
• changes to our assessment about our ability to realize our deferred tax assets that are based on estimates of our future results, the prudence and feasibility of possible tax-planning strategies, and the economic and political environments in which we do business;
• the outcome of current and future tax audits, examinations, or administrative appeals; and
• limitations or adverse findings regarding our ability to do business in some jurisdictions.
Any of these developments could adversely affect our business, financial condition, results of operations, and prospects.
Risks Related to Financial and Accounting Matters
If our estimates or judgments relating to our critical accounting policies prove to be incorrect or financial reporting standards or interpretations change, our business, financial condition, results of operations, and prospects could be adversely affected.
The preparation of financial statements in conformity with U.S. Generally Accepted Accounting Principles, or GAAP, requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Critical Accounting Policies and Estimates.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include but are not limited to those related to revenue recognition, contract acquisition costs, valuation of embedded derivative liabilities, stock-based compensation, common stock valuations, and business combinations. Additionally, as a result of the current macroeconomic uncertainty, many of management’s estimates and assumptions have required and will continue to require increased judgment and carry a higher degree of variability and volatility. Our business, financial condition, results of operations, and prospects could be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a in the trading price of our Class A common stock.
Additionally, we regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and drafts thereof that are relevant to us. As a result of new standards, changes to existing standards and changes in their interpretation, we might be required to change our accounting policies, alter our operational policies, and implement new or enhance existing systems so that they reflect new or amended financial reporting standards, or we may be required to restate our published financial statements. Such changes to existing standards or changes in their interpretation may negatively impact our business, financial condition, results of operations, and prospects, or cause an
Table of Conte n ts
adverse deviation from our revenue and operating profit target, which may negatively impact our results of operations.
We are an “emerging growth company” and the reduced disclosure requirements applicable to emerging growth companies may make our Class A common stock less attractive to investors.
We are an “emerging growth company” as defined in Section 2(a) of the Securities Act of 1933, as amended (the “Securities Act”) as modified by the Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”). For as long as we continue to be an emerging growth company, we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not emerging growth companies, including (i) not being required to comply with the independent auditor attestation requirements of the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), (ii) reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements and the required number of years of audited financial statements, and (iii) exemptions from the requirements of holding non-binding advisory stockholder votes on executive compensation and stockholder approval of any golden parachute payments not approved previously.
We could be an emerging growth company for up to five fiscal years following the completion of our IPO. However, certain circumstances could cause us to lose that status earlier, including the date on which we are deemed to be a “large accelerated filer,” under applicable SEC rules, if we have total annual gross revenue of $1.235 billion or more, or if we issue more than $1.0 billion in non-convertible debt during any three-year period before that time.
Under the JOBS Act, emerging growth companies can also delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have elected to take advantage of the benefits of this extended transition period. Accordingly, our consolidated financial statements may therefore not be comparable to those of companies that comply with such new or revised accounting standards.
Investors may find our Class A common stock less attractive because we may rely on certain of these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our Class A common stock and our share price may be more volatile and may decline.
We incur significant increased costs and demands on management resources as a result of operating as a public company.
As a public company, we incur significant legal, accounting, compliance, investor relations, and other expenses that we did not incur as a private company and these expenses will increase even more after we are no longer an “emerging growth company.” Our management and other personnel will need to devote a substantial amount of time and incur significant expense in connection with legal, compliance, and investor relations initiatives.
Regulations and standards relating to corporate governance and public disclosure, including the Sarbanes-Oxley Act, and the related rules and regulations implemented by the Securities and Exchange Commission (the “SEC”) have increased legal and financial compliance costs and will make some compliance activities more time-consuming. We intend to invest resources to comply with evolving laws, regulations, and standards, and this investment will result in increased general and administrative expenses and may divert management’s time and attention from our other business activities. If our efforts to comply with new laws, regulations, and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to practice, regulatory authorities may initiate legal proceedings against us, and our business may be harmed. In connection with our IPO, we increased our directors’ and officers’ insurance coverage, which increased our insurance cost. In the future, it may be more expensive or more difficult for us to obtain directors’ and officers’ liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors would also make it more difficult for us to attract and retain qualified members of our board of directors,
Table of Conte n ts
particularly to serve on our audit committee and compensation committee, and qualified executive officers. If we are unable to effectively manage these increased costs and demands upon management resources, our business, financial condition, results of operations, and prospects could be adversely affected.
The material weakness in our internal control over financial reporting, which we first identified in the fiscal year ended January 31, 2023, has been remediated as of the end of fiscal 2025. In the future, we may identify additional material weaknesses or otherwise fail to maintain an effective system of internal controls, which could result in material misstatements of our annual or interim consolidated financial statements or cause us to fail to meet our periodic reporting obligations.
We may, in the future, discover material weaknesses in our system of internal financial and accounting controls and procedures that could result in a material misstatement of our consolidated financial statements. Our internal control over financial reporting will not prevent or detect all errors and all fraud. A control system, no matter how well designed and operated, can provide only reasonable, not absolute, assurance that the control system’s objectives will be met. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that misstatements due to error or fraud will not occur or that all control issues and instances of fraud will be detected.
We have previously identified a material weakness in our internal control over financial reporting, which resulted from a lack of established internal controls and procedures and an insufficient number of accounting and finance personnel possessing the necessary GAAP technical expertise at our R&M subsidiary, resulting in a series of adjustments, including controls and procedures:
• to ensure journal entries are properly reviewed and approved; and
• to ensure compliance with GAAP, specifically as it relates to accounting for revenue.
After the material weakness was identified, we implemented a remediation plan that included new controls and processes, hiring additional accounting and finance personnel with an appropriate level of expertise, and improved group level oversight over and review of significant and complex transactions. We completed our remediation efforts, including the testing of the operating effectiveness of the controls, and we have concluded that the material weakness has been remediated as of the end of fiscal 2025. However, we recognize that maintaining effective internal control over financial reporting will continue to require significant attention from management and expense, and we cannot assure that we will not identify material weaknesses in the future.
Section 404 of the Sarbanes-Oxley Act requires that we include a report of management on our internal control over financial reporting in our annual report on Form 10-K beginning with our second annual report.
Our independent registered public accounting firm is not required to formally attest to the effectiveness of our internal control over financial reporting until after we are no longer an “emerging growth company” as defined in the JOBS Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed, or operating. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will eventually be required to include in our periodic reports that are filed with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our Class A common stock. In addition, if we are to continue to meet these requirements, we may not be to remain listed on the Nasdaq.
Table of Conte n ts
If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable laws and regulations could be impaired.
As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the listing requirements of Nasdaq, and other applicable securities rules and regulations. We expect that compliance with these rules and regulations will increase our legal and financial compliance costs, make some activities more difficult, time-consuming, or costly, and increase demand on our systems and resources, particularly after we are no longer an emerging growth company.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls, internal control over financial reporting and other procedures that are designed to ensure information required to be disclosed by us in our consolidated financial statements and in the reports that we will file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms, and information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. In order to maintain and improve the effectiveness of our internal controls and procedures, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight.
Our current controls and any new controls we develop may become inadequate because of changes in conditions in our business. Further, weaknesses in our internal controls may be discovered in the future. Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our results of operations, may result in a restatement of our financial statements for prior periods, cause us to fail to meet our reporting obligations, and could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we are required to include in the periodic reports we will file with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a effect on the market price of our Class A common stock. We are not currently required to comply with the SEC rules that implement Sections 302 and 404 of the Sarbanes-Oxley Act, and we are therefore not required to make a formal assessment of the effectiveness of our internal control over financial reporting for that purpose. We will be required to include a management’s report on internal control over financial reporting in our annual report on Form 10-K for the fiscal year ending January 31, 2027.
Our independent registered public accounting firm is not required to formally attest to the effectiveness of our internal control over financial reporting until after we are no longer an “emerging growth company” as defined in the JOBS Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed, or operating. Any failure to maintain effective disclosure controls and internal control over financial reporting could cause a decline in the price of our Class A common stock and could negatively impact our business, financial condition, results of operations, and prospects.
Significant resources and management oversight are required now that we are a public company, and even more resources will be required once we are no longer an emerging growth company. As a result, management’s attention may be diverted from other business concerns, which could harm our business, financial condition, and results of operations.
Our debt-service obligations may adversely affect our financial condition and results of operations.
Table of Conte n ts
We have multiple debt arrangements that are significant to our business, as described further under “Management’s Discussion and Analysis of Financial Condition and Results of Operations―Liquidity and Capital Resources―Debt Obligations.” Our ability to make payments of the principal of, to pay interest on, or to refinance our indebtedness, depends on our future performance, which is subject to economic, financial, competitive, and other factors beyond our control. Our business may not generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt, or obtaining additional debt financing or equity capital on terms that may be onerous or highly dilutive. Our ability to refinance any future indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations. In addition, any of our future debt agreements may contain restrictive covenants that may prohibit us from adopting any of these alternatives. Our to comply with these covenants could result in an event of which, if not cured or waived, could result in the acceleration of our debt.
In addition, our indebtedness, combined with our other financial obligations and contractual commitments, could have other important consequences. For example, it could:
• make us more vulnerable to adverse changes in general U.S. and worldwide economic, industry, and competitive conditions and adverse changes in government regulation;
• limit our flexibility in planning for, or reacting to, changes in our business and our industry;
• place us at a disadvantage compared to our competitors that have less debt;
• limit our ability to borrow additional amounts to fund acquisitions, for working capital, and for other general corporate purposes; and
• make an acquisition of our company less attractive or more difficult.
Any of these factors could harm our business, results of operations, and financial condition. In addition, if we incur additional indebtedness, the risks related to our business and our ability to service or repay our indebtedness would increase. We are also required to comply with the restrictive covenants set forth in certain of our debt arrangements, including a requirement that we satisfy certain financial liquidity conditions, certain limitations on our ability to incur additional indebtedness, and other operating restrictions that could adversely impact our ability to engage in certain transactions and conduct our business. Our ability to comply with these covenants may be affected by events beyond our control. If we breach any covenants or other terms of these agreements, which has happened in the past or may occur in the future, and do not obtain a waiver from the lenders, then, subject to applicable cure periods, any outstanding indebtedness may be declared immediately due and payable. For additional information regarding the Warehouse Credit Facility (as defined in “Management’s Discussion and Analysis of Financial Condition and Results of Operations”), see Management’s Discussion and Analysis of Financial Condition and Results of Operations―Liquidity and Capital Resources―Debt Obligations—Warehouse Credit Facility.” In addition, changes by any rating agency to our credit rating may impact the value and liquidity of our securities. in our credit ratings could restrict our ability to obtain additional financing in the future and could affect the terms of any such financing. If we are to effectively manage our debt-service obligations, our business, financial condition, results of operations, and prospects could be affected.
We may require additional capital to support the growth of our business, and this capital might not be available on acceptable terms, if at all.
We have funded our operations since inception primarily through equity and debt financings as well as cash generated from operations. We cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business. We intend to continue to make investments to support our business, which may require us to engage in equity or debt financings to
Table of Conte n ts
secure additional funds. Additional financing may not be available on terms favorable to us, if at all. If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, results of operations, and financial condition. If we were to incur additional debt, the debt holders would have rights senior to holders of Class A common stock to make claims on our assets, and the terms of any new debt could further restrict our operations, including our ability to pay dividends on our Class A common stock. Furthermore, if we issue additional equity securities, including in connection with merger and acquisition transactions, stockholders will experience dilution. In addition, new equity securities could have rights senior to those of our Class A common stock.
The trading prices for technology companies have been and may continue to be highly volatile, including due to evolving artificial intelligence technologies, interest rate fluctuations, inflation, and the uncertain macroeconomic and geopolitical environment, which may reduce our ability to access capital on favorable terms or at all. In addition, a recession, depression, or other sustained adverse market event could adversely affect the value of our Class A common stock as well as our business, financial condition, results of operations, and prospects. Because our decision to issue securities in the future will depend on numerous considerations, including factors beyond our control, we cannot predict or estimate the amount, timing, or nature of any future issuances of debt or equity securities. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our Class A common stock and diluting their interests.
Risks Related to Ownership of our Class A Common Stock
The market price of our Class A common stock may be volatile, and investors could lose all or part of their investment.
The trading price of our Class A common stock could be subject to wide fluctuations in response to numerous factors in addition to the ones described in this “Risk Factors” section, many of which are beyond our control, including the following:
• actual or anticipated fluctuations in our GBV, payment volume, revenue, gross margins, and other results of operations as well as in demand for business travel;
• actual or anticipated developments in the travel industry generally;
• the financial projections we may provide to the public, any changes in these projections, or our failure to meet these projections;
• announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments;
• industry or financial analyst or investor reaction to our press releases, other public announcements, and filings with the SEC;
• rumors and market speculation involving us or other companies in our industry;
• investor sentiment regarding AI-related business models, our competitors, and our industry in general;
• price and volume fluctuations in the overall stock market from time to time;
• changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
• the expiration of market standoff or contractual lock-up agreements and sales of shares of our Class A common stock by us or our stockholders;
Table of Conte n ts
• failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
• actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally;
• litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;
• developments or disputes concerning our intellectual property rights, or third-party proprietary rights;
• announced or completed acquisitions of businesses or technologies by us or our competitors;
• new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
• any major changes in our management or our board of directors;
• effects of public health crises, pandemics, and epidemics;
• sales or expectations with respect to sales of shares of our Class A common stock by us or our security holders;
• general macroeconomic conditions, including rising interest rates, inflation, foreign currency fluctuation, instability in the global banking system, risks of economic recession, and slow or negative growth of our markets;
• political unrest or instability; and
• other events or factors, including those resulting from war, incidents of terrorism, or responses to these events, including the ongoing conflicts in Ukraine and the Middle East and tensions between China and Taiwan.
In addition, the stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. Broad market and industry factors may seriously affect the market price of our Class A common stock, regardless of our actual operating performance. In addition, in the past, following periods of volatility in the overall market and the market prices of a particular company’s securities, securities class action litigation has often been instituted. For example, on February 23, 2026, a putative securities class action complaint was filed against us and our directors and certain of our current and former executive officers (collectively, the “Defendants”) in the U.S. District Court for the Northern District of California. The lawsuit alleges the Defendants violated the Securities Act by making materially false and statements about our sales and marketing expenses in our IPO offering documents. Motions for the lead are due April 24, 2026. This suit, or additional potential , could result in substantial costs and our management’s attention and resources from our business. This could affect our business, financial condition, results of operations, and prospects.
Sales of substantial amounts of our Class A common stock in the public markets, or the perception that they might occur, could cause the market price of our Class A common stock to decline.
Sales of a substantial number of shares of our Class A common stock into the public market, particularly sales by our directors, executive officers, and principal stockholders, or the perception that these sales might occur, could cause the market price of our Class A common stock to decline. For
Table of Conte n ts
example, the significant number of shares underlying outstanding equity awards and shares reserved for future issuance under our 2025 Equity Incentive Plan (the “2025 Plan”) could result in substantial dilution if such awards are exercised or vested, which may adversely affect the market price of our Class A common stock. As of January 31, 2026, there were 48.6 million shares of Class A common stock issuable upon the exercise of outstanding stock options or subject to vesting of outstanding restricted stock units, or RSU, awards. We have registered all of the shares of Class A common stock issuable upon exercise of outstanding stock options and upon the settlement of RSU awards for public resale under the Securities Act. Accordingly, these shares are freely salable in the public market upon issuance subject to compliance with applicable securities laws. Including the aforementioned outstanding equity awards, as of January 31, 2026, there were approximately 37.8 million shares of common stock reserved and available for future issuance under the 2025 Plan which may become available for public resale to the extent we issue future equity incentive awards pursuant to these plans and such awards vest and are exercised or settle according to their terms.
As of March 30, 2026, the holders of 115,302,421 shares of our capital stock have rights, subject to some conditions, to require us to file registration statements for the public resale of such capital stock or to include such shares in registration statements that we may file for us or other stockholders.
We may also issue our shares of Class A common stock or securities convertible into shares of our Class A common stock from time to time in connection with a financing, acquisition, investment, or otherwise. If we are unable to effectively manage the risks relating to the price of our Class A common stock, our business, financial condition, results of operations, and prospects could be adversely affected.
The dual class structure of our common stock has the effect of concentrating voting power with Ariel Cohen and Ilan Twig, our co-founders, which will limit other stockholders’ ability to influence the outcome of important transactions, including a change in control.
Our Class B common stock has 30 votes per share, and our Class A common stock, which is the stock we are have listed for trading on Nasdaq, has one vote per share. Our co-founders together hold all of the issued and outstanding shares of our Class B common stock. Accordingly, Ariel Cohen, our co-founder, Chief Executive Officer, and a member of our board of directors, currently holds, together with his affiliates, approximately 27% of the voting power of our outstanding capital stock; and Ilan Twig, our co-founder, Chief Technology Officer, and a member of our board of directors, currently holder, together with his affiliates, approximately 48% of the voting power of our outstanding capital stock, which voting power may increase over time upon the exercise or settlement and exchange of equity awards held by our co-founders pursuant to their equity exchange rights. Therefore, our co-founders, individually or together, are able to significantly influence matters submitted to our stockholders for approval, including the election of directors, amendments of our organizational documents and any merger, consolidation, sale of all or substantially all of our assets or other major corporate transactions. Additionally, upon (i) the date that Mr. Twig is no longer providing services to us as an officer, employee, or director, or (ii) the date of the death or disability of Mr. Twig, a voting proxy will automatically be granted to Mr. Cohen over all of the shares of Class B common stock held by Mr. Twig and his related entities and permitted transferees, such that Mr. Cohen will have voting control over such shares, and such shares will remain as Class B common stock. Our co-founders, individually or together, may have interests that differ from those of our other stockholders and may vote in a way with which other stockholders and which may be to other stockholders’ interests. This concentrated control may have the effect of , , or a change in control of our company, could our stockholders of an to receive a premium for their capital stock as part of a sale of our company and might ultimately affect the market price of our Class A common stock.
Future transfers by the holders of Class B common stock will generally result in those shares automatically converting into shares of Class A common stock, subject to limited exceptions, such as certain transfers effected for estate planning. In addition, each outstanding share of Class B common stock will convert automatically into a share of Class A common stock upon the earliest to occur following this offering: (i) the date fixed by our board of directors that is no less than 61 days and no more than 180
Table of Conte n ts
days following the first date following the completion of our IPO on which the number of shares of our Class B common stock, and any shares of Class B common stock underlying equity securities, held by Mr. Cohen, and his permitted entities and permitted transferees, is less than 20% of the Class B common stock held by Mr. Cohen and his permitted entities as of immediately following the completion of our IPO; (ii) the last trading day of the fiscal year following the tenth anniversary of our IPO; (iii) the date fixed by our board of directors that is no less than 61 days and no more than 180 days following the date on which Mr. Cohen is no longer providing services as an officer or employee and Mr. Cohen is no longer a member of our board of directors as a result of his voluntary resignation or agreement not to stand for reelection; (iv) the date fixed by our board of directors that is no less than 61 days and no more than 180 days following the date on which Mr. Cohen is terminated for cause (as defined in our amended and restated certificate of incorporation); and (v) twelve months after Mr. Cohen’s death or disability (as defined in our amended and restated certificate of incorporation). If we are unable to effectively manage these risks, our business, financial condition, results of operations, and prospects could be affected.
The dual class structure of our common stock may adversely affect the trading market for our Class A common stock.
We cannot predict whether our dual class structure will result in a lower or more volatile market price of our Class A common stock, adverse publicity, or other adverse consequences. Certain stock index providers exclude companies with multi-class share structures from being added to certain of their indices. In addition, several stockholder advisory firms and large institutional investors oppose the use of multiple class structures. As a result, the dual class structure of our common stock may make us ineligible for inclusion in certain indices and may discourage such indices from selecting us for inclusion, and notwithstanding our automatic termination provisions, may cause stockholder advisory firms to publish negative commentary about our corporate governance practices or otherwise seek to cause us to change our capital structure, and may result in large institutional investors not purchasing shares of our Class A common stock. Given the sustained flow of investment funds into passive strategies that seek to track certain indices, any exclusion from certain stock indices could result in less demand for our Class A common stock. Any actions or publications by stockholder advisory firms or institutional investors of our corporate governance practices or capital structure could also affect the value of our Class A common stock, and could affect our business, financial condition, results of operations, and prospects.
Investors’ expectations of our performance relating to environmental, social, and governance factors may impose additional costs and expose us to new risks.
There is an increasing focus from certain investors, employees, customers, and other stakeholders concerning corporate responsibility, specifically related to environmental, social, and governance, or ESG, matters. Some investors may use these non-financial performance factors to guide their investment strategies and, in some cases, may choose not to invest in us if they believe our policies and actions relating to corporate responsibility are inadequate. We may face reputational damage in the event that we do not meet the ESG standards set by various constituencies.
Furthermore, if our competitors’ corporate social responsibility performance is perceived to be better than ours, potential or current investors may elect to invest with our competitors instead. In addition, in the event that we communicate certain initiatives and goals regarding ESG matters, we could fail, or be perceived to fail, in our achievement of such initiatives or goals, or we could be criticized for the scope of such initiatives or goals. If we fail to satisfy the expectations of investors, employees, and other stakeholders, or our initiatives are not executed as planned, our business, financial condition, results of operations, and prospects could be adversely affected.
If industry or financial analysts do not publish research or reports about our business, or if they issue inaccurate or unfavorable research regarding our Class A common stock, our stock price and trading volume could decline.
Table of Conte n ts
The trading market for our Class A common stock is influenced by the research and reports that industry or financial analysts publish about us or our business. We do not control these analysts or the content and opinions included in their reports. As a new public company, we may be slow to attract research coverage and the analysts who publish information about our Class A common stock will have had relatively little experience with our company, which could affect their ability to accurately forecast our results and make it more likely that we fail to meet their estimates. In the event we obtain industry or financial analyst coverage, if any of the analysts who cover us issues an inaccurate or unfavorable opinion regarding our stock price, our stock price would likely decline. In addition, the stock prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts. If our results of operations fail to meet, or significantly exceed, our announced guidance or the expectations of analysts or public investors, analysts could our Class A common stock or publish research about us. If one or more of these analysts coverage of our Class A common stock or to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our stock price or trading volume to and could cause our business, financial condition, results of operations, and prospects to be affected.
We are, and could in the future be, subject to securities class action litigation.
In the past, securities class action litigation has often been instituted against companies following periods of volatility in the market price of a company’s securities. For example, on February 23, 2026, a putative securities class action complaint was filed against us, our directors and certain of our current and former executive officers (collectively, the “Defendants”) in the U.S. District Court for the Northern District of California. The lawsuit alleges the Defendants violated the Securities Act by making materially false and misleading statements about our sales and marketing expenses in our IPO offering documents. Motions for the lead plaintiff are due April 24, 2026. This suit, or similar litigation, could result in substantial costs and a diversion of management’s attention and resources, which could affect our business, financial condition, results of operations, and prospects.
Additionally, the dramatic increase in the cost of directors’ and officers’ liability insurance as a result of becoming a public company may cause us to opt for lower overall policy limits or to forgo insurance that we may otherwise rely on to cover significant defense costs, settlements, and damages awarded to plaintiffs.
We do not intend to pay dividends for the foreseeable future.
We have never declared or paid any cash dividends on our capital stock, and we do not intend to pay any cash dividends in the foreseeable future. In addition, the Warehouse Credit Facility and ABL Facility contain restrictions on our ability to pay cash dividends on our capital stock. For additional information regarding the Warehouse Credit Facility and ABL Facility, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations―Liquidity and Capital Resources―Debt Obligations.” Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must rely on sales of their Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
Provisions in our charter documents and under Delaware law could make an acquisition of us, which may be beneficial to our stockholders, more difficult and may limit attempts by our stockholders to replace or remove our current management.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a merger, acquisition, or other change of control of the company that the stockholders may consider favorable. In addition, because our board of directors is responsible for appointing the members of our management team, these provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors. Among other things, our
Table of Conte n ts
amended and restated certificate of incorporation and amended and restated bylaws include provisions that:
• provide that our board of directors is classified into three classes of directors with staggered three-year terms;
• permit our board of directors to establish the number of directors and fill any vacancies and newly created directorships;
• require super-majority voting by our stockholders to amend some provisions in our amended and restated certificate of incorporation and amended and restated bylaws;
• authorize the issuance of “blank check” preferred stock that our board of directors could use to implement a stockholder rights plan;
• only a majority of our board of directors will be authorized to call a special meeting of stockholders;
• eliminate the ability of our stockholders to call special meetings of stockholders;
• do not provide for cumulative voting;
• directors may only be removed “for cause” and only with the approval of at least 66 2/3% of the voting power of our then-outstanding capital stock;
• provide for a dual-class common stock structure in which holders of our Class B common stock may have the ability to significantly influence the outcome of matters requiring stockholder approval, including the election of directors and other significant corporate transactions, such as a merger or other sale of our company or its assets, even if they own significantly less than a majority of the outstanding shares of our common stock;
• prohibit stockholder action by written consent, which requires all stockholder actions to be taken at a meeting of our stockholders;
• our board of directors is expressly authorized to make, alter, or repeal our bylaws; and
• establish advance-notice requirements for nominations for election to our board of directors or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.
Moreover, Section 203 of the Delaware General Corporation Law (the “DGCL”) may discourage, delay, or prevent a change in control of our company. Section 203 imposes certain restrictions on mergers, business combinations, and other transactions between us and holders of 15% or more of our common stock.
Our amended and restated certificate of incorporation contains exclusive forum provisions for certain claims, which may limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware, to the fullest extent permitted by law, will be the exclusive forum for any derivative action or proceeding brought on our behalf, any action asserting a breach of fiduciary duty, any action asserting a claim against us arising pursuant to the DGCL, our amended and restated certificate of incorporation, or our amended and restated bylaws, or any action asserting a claim against us that is governed by the internal affairs doctrine.
Moreover, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all claims brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder. Our amended and restated certificate of incorporation provides that the federal
Table of Conte n ts
district courts of the United States will, to the fullest extent permitted by law, be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act (the “Federal Forum Provision”). Our decision to adopt the Federal Forum Provision followed a decision by the Supreme Court of the State of Delaware holding that such provisions are facially valid under Delaware law. While there can be no assurance that federal or state courts will follow the holding of the Supreme Court of the State of Delaware or determine that the Federal Forum Provision should be enforced in a particular case, application of the Federal Forum Provision means that suits brought by our stockholders to enforce any duty or liability created by the Securities Act must be brought in federal court and cannot be brought in state court.
Section 27 of the Exchange Act creates exclusive federal jurisdiction over all claims brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder. In addition, the Federal Forum Provision applies to suits brought to enforce any duty or liability created by the Exchange Act. Accordingly, actions by our stockholders to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder must be brought in federal court.
Our stockholders will not be deemed to have waived our compliance with the federal securities laws and the regulations promulgated thereunder.
Any person or entity purchasing or otherwise acquiring or holding any interest in any of our securities shall be deemed to have notice of and consented to our exclusive forum provisions, including the Federal Forum Provision. These provisions may limit a stockholders’ ability to bring a claim in a judicial forum of their choosing for disputes with us or our directors, officers, or employees, which may discourage lawsuits against us and our directors, officers, and employees. Alternatively, if a court were to find the choice of forum provision contained in our amended and restated certificate of incorporation or amended and restated bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, financial condition, and results of operations.
General Risk Factors
Unfavorable conditions in our industry or the global economy could limit our ability to grow our business and negatively affect our results of operations.
Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers and potential customers. Negative conditions in the general economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, global tariff uncertainty, labor shortages, supply chain disruptions, rising interest rates, inflation, international trade relations, weak economic conditions in certain regions, political turmoil, natural catastrophes, warfare, terrorist attacks on the United States, Europe, the Asia Pacific region, including Japan, or elsewhere, could cause a decrease in business investments by existing or potential customers, including spending on travel and information technology, and negatively affect the growth of our business. Competitors, many of whom are larger and have greater financial resources than we do, may respond to challenging market conditions by lowering prices in an attempt to attract our customers. In addition, the increased pace of consolidation in certain industries may result in reduced overall spending on our offering. We cannot predict the timing, , or duration of any economic , , or recovery, generally or within any particular industry.
We may be adversely affected by natural disasters, pandemics, cyberattacks and other catastrophic events, and by man-made problems such as terrorism, that could disrupt our business operations, and our business continuity and disaster recovery plans may not adequately protect us from a serious disaster.
Natural disasters or other catastrophic events may cause damage or disruption to our operations, international commerce, and the global economy, and thus could negatively impact our business, financial condition, results of operations, and prospects. Our business operations are also subject to interruption by
Table of Conte n ts
fire, power shortages, flooding, and other events beyond our control. In addition, our global operations expose us to risks associated with public health crises, such as pandemics and epidemics, which could harm our business and cause our results of operations to suffer. Further, acts of war, armed conflict, terrorism, and other geopolitical unrest, such as the ongoing conflicts in Ukraine and the Middle East and tensions between China and Taiwan, could cause disruptions in our business or the businesses of our customers, suppliers or the economy as a whole. In particular, we have operations and customers in Israel, and certain of our customers in other regions have substantial operations and customers in Israel. Our growth, business, and results of operations could be negatively impacted if the current conflicts in the Middle East, including the escalating between Israel and Iran, continues, or expands to other nations or regions, including if our customers are and reduce their engagement with our platform. In the event of a natural , including a major earthquake, blizzard, or hurricane, or a event such as a fire, power , , or telecommunications , we may be to continue our operations and may endure system , reputational , in development of our platform, lengthy in service, of data security, and of data, all of which could impact our business, financial condition, results of operations, and prospects. For example, our corporate headquarters is located in the San Francisco Bay Area in California, a state that frequently experiences earthquakes, wildfires, heatwaves, and . Additionally, all the aforementioned risks will be further increased if we do not implement an recovery plan or our suppliers’ or other partners’ recovery plans prove to be .
If currency exchange rates fluctuate substantially in the future, the results of our operations, which are reported in U.S. dollars, could be adversely affected.
As we continue to expand our international operations, we become more exposed to the effects of fluctuations in currency exchange rates. Although the majority of our sales contracts have historically been denominated in U.S. dollars, and therefore, most of our revenue has not been subject to foreign currency risk, we also book significant sales in Euros and Pounds, and any changes in the value of foreign currencies relative to the U.S. dollar could affect our revenue and results of operations due to transactional and translational remeasurement that is reflected in our earnings. In addition, we incur expenses for employee compensation and other operating expenses at our non-U.S. locations in the local currency. Fluctuations in the exchange rates between the U.S. dollar and other currencies could result in the dollar equivalent of such expenses being higher. These exposures may change over time as business practices evolve and economic conditions change, such as shifts driven by monetary policy changes and geopolitical events, and could have a negative impact on our results of operations, revenue and net income (loss) as expressed in U.S. dollars. Although we may in the future decide to undertake foreign exchange hedging transactions to cover a portion of our foreign currency exchange exposure, we currently do not hedge our exposure to foreign currency exchange risks.
ITEM 1C. CYBERSECURITY.
Risk management and strategy
We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, and confidential information that is proprietary, strategic or competitive in nature, including information related to our customers (“Information Systems and Data”).
We have a cross-functional team led by our Chief Information Security Officer (CISO) and comprised of members of our Security, Legal, Engineering, and Governance, Risk, and Compliance (GRC) departments to help identify, assess and manage the Company’s cybersecurity threats and risks. This team identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment and the Company’s risk profile using various methods including, for example by using manual tools, automated tools, subscribing to reports and services that identify cybersecurity threats, analyzing reports of threats and threat actors, conducting scans of our environment, evaluating our and
Table of Conte n ts
our industry’s risk profile and threats reported to us, conducting internal and external audits, conducting threat assessments and vulnerability assessments, referencing third party intelligence feeds, and conducting tabletop and other testing exercises.
Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data. For example, we have an incident response policy and incident response and detection capabilities, a vulnerability management policy, business continuity and disaster recovery plans, a vendor risk management program, and we maintain cyber insurance. We also conduct risk assessments, encrypt data at rest and in transit, implement network security controls, segregate data based on sensitivity, implement access controls, physical security controls, asset management and tracking, employee training, penetration testing, and use endpoint detection and response tools and data loss prevention tools.
Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. For example, (1) cybersecurity risk is addressed as a component of the Company’s enterprise risk management program through our GRC department and is reviewed as part of our risk committee meetings comprised of key senior management; (2) our CISO works with management to prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact to our business; (3) our CISO evaluates material risks from cybersecurity threats against our overall business objectives and reports to the audit committee of the board of directors, which evaluates our overall enterprise risk.
We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example automated cloud security scanning, threat intelligence providers, software providers, penetration testing firms, code security scanning, and dark web monitoring services.
We use third-party service providers to perform a variety of functions throughout our business, application providers, hosting companies, supply chain resources, payment providers, and travel and hospitality providers. We have a vendor management program to manage cybersecurity risks associated with our use of these providers. The program includes risk assessments for vendors, security questionnaires, a review of a vendor’s written information security program and associated audit and compliance documentation, audits of the vendor if needed, vulnerability scans of the vendor in certain circumstances, and in certain cases, security assessment calls with the vendor. We also impose certain contractual obligations related to cybersecurity on certain vendors. Depending on the nature of the services provided, the sensitivity of the Information Systems and Data at issue, and the identity of the provider, our vendor management process may involve different levels of assessment designed to help identify cybersecurity risks associated with a provider and impose contractual obligations related to cybersecurity on the provider.
For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see the section titled “Risk Factors,” including “Risk Factors—Risks Related to Privacy, Cybersecurity, and Intellectual Property—We, our suppliers, our other partners, our customers, and others who use our services obtain and process a large amount of sensitive data. If our information technology systems or data, or those of the third parties upon with whom we work, including our suppliers, our other partners, or customers, are or were compromised, we could experience adverse impacts resulting from such compromise, including, but not limited to, regulatory investigations or actions, litigation, fines and penalties, interruptions to our operations, claims that we breached our data protection obligations, harm to our reputation, and a loss of future customers or sales and other adverse consequences.”
Governance
Table of Conte n ts
Our board of directors addresses the Company’s cybersecurity risk management as part of its general oversight function. The board of directors’ audit committee is responsible for overseeing Company’s cybersecurity risk management processes, including oversight of mitigation of risks from cybersecurity threats.
Our cybersecurity risk assessment and management processes are designed, implemented and maintained by certain Company management, specifically our CISO, who has 25 years of technical, senior engineering and product management experience and was previously the Executive Vice President of Security at Salesforce and CISO at Tesla and Vimeo, and our Director of Governance, Risk and Compliance, who has two decades of experience in GRC programs and relevant cybersecurity certifications.
Our CISO is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy, and communicating key priorities to relevant personnel. Our CISO is also responsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, and reviewing security assessments and other security-related reports. Our Director of GRC is responsible for leading security compliance, risk management, and third party governance and trust functions across our enterprise.
Our cybersecurity incident response and vulnerability management processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including the CISO, CEO, COO, and other executive staff members. The CISO, CEO, COO, and other executive staff members work with the Company’s incident response team to help the Company mitigate and remediate cybersecurity incidents of which they are notified. In addition, the Company’s incident response and vulnerability management processes include reporting to the audit committee of the board of directors for certain cybersecurity incidents .
The audit committee receives periodic reports from our CISO concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them. The audit committee also has access to various reports, summaries or presentations related to cybersecurity threats, risk and mitigation. The chair of our audit committee has extensive experience serving as an executive officer and director of public and private technology companies providing oversight of cybersecurity risk.
