Innovid (CTV) Risk Factors

Innovid relies on products, technologies, and intellectual property that it licenses from third parties, for use in operating its business. Innovid cannot assure that these third-party licenses, or support for such licensed products and technologies, will continue to be available to Innovid on commercially reasonable terms, if at all. Innovid cannot be certain that its licensors are not infringing the intellectual property rights of others or that its suppliers and licensors have sufficient rights to the technology in all jurisdictions in which Innovid may operate. Some of Innovid's license agreements may be terminated by its licensors for convenience. If Innovid is unable to obtain or maintain rights to any of this technology because of intellectual property infringement claims brought by third parties against its suppliers and licensors or against it, or if Innovid is unable to continue to obtain the technology or enter into new agreements on commercially reasonable terms, its ability to operate and expand its business could be harmed.

Innovid's success depends on the efficient and uninterrupted operation of its platform. In delivering Innovid's solutions, it is dependent on the operation of third-party data and cloud computing platforms centers, which are vulnerable to damage or interruption from computer viruses, computer denial of service attacks, unidentified security vulnerabilities, exploitation of encryption technology, or other attempts to harm Innovid's system and similar events. In the future, in particular due to the increasingly evolving methods of bad actors, Innovid may need to expand its systems at a significant cost and at a more rapid pace than Innovid has to date. Innovid may be unable to provide its solutions on a timely basis or experience performance issues with its platform if Innovid fails to adequately expand or maintain its system capabilities to meet future requirements and address future threats. Some of Innovid's systems are not fully redundant, and its disaster recovery planning cannot account for all eventualities. The occurrence of any issues or failures at Innovid's data centers could result in interruptions in the delivery of its solutions to its customers. Additionally, certain of Innovid's third-party service providers and other vendors have access to portions of its IT system. Performance failures or acts of negligence by these service providers may cause material disruptions to Innovid's IT systems. A failure or disruption of Innovid's computer systems, or those of its demand-side integration partners, could impede access to its platform, interfere with its data analytics and prevent the timely delivery of Innovid's solutions. The techniques used by criminals to obtain unauthorized access to systems or proprietary information or sensitive, personal or confidential data change frequently and often are not recognized until after being launched against a target, and accordingly, we may be unable to anticipate these techniques or implement adequate preventative measures and there may be a significant delay between the initiation of an attack on our systems and our recognition of the attack. The occurrence of inadvertent or intentional acts of our employees, third-party service providers and other vendors, or business partners may result in a compromise or breach of our networks, or those of third parties with whom we do business. Outside parties may also attempt in the future to fraudulently induce Innovid's employees or users of its platform to disclose sensitive information via illegal electronic spamming, phishing, or other tactics. Any actual or perceived breach of Innovid's security measures or Innovid's third party service providers and other vendors with access to Innovid's IT system, or the accidental loss, inadvertent disclosure or unauthorized dissemination of proprietary information or sensitive, personal or confidential data about us, our employees, customers or integration partners, or our advertisers and their consumers, including the potential loss or disclosure of such information or data as a result of hacking, fraud, trickery or other forms of deception, could expose Innovid, our employees, our customers or integration partners, or our advertisers and their consumers to risks of loss or misuse of this information. Any such breach, loss, disclosure or dissemination may also result in potential liability or fines, governmental inquiry or oversight, enforcement actions, injunctive relief, litigation, public statements against us by advocacy groups or others, or a loss of customer confidence, any of which could harm Innovid's business and damage its reputation, possibly impeding its ability to retain and attract new customers, and cause a material adverse effect on Innovid's operations and financial condition. The cost of investigating, mitigating and responding to potential security breaches and complying with applicable breach notification obligations to individuals, regulators, partners and others can be significant and the risk of legal claims in the event of a security breach is increasing. For example, the CCPA creates a private right of action for certain data breaches. Further, defending a suit, regardless of its merit, could be costly, divert management attention and harm Innovid's reputation. The successful assertion of one or more large claims against Innovid that exceed available insurance coverage, or the occurrence of changes in its insurance policies, including premium increases or the imposition of large deductibles or co-insurance requirements, could adversely affect Innovid's reputation, business, financial condition, results of operations and cash flows. Any material disruption or slowdown of Innovid's systems or those of its third-party vendors or business partners, could have a material adverse effect on Innovid's business, financial condition, results of operations and cash flows.

Innovid uses "cookies," or small text files placed on consumer devices when an internet browser is used, as well as mobile device identifiers, to gather data that enables its platform to be more effective. Innovid's cookies and mobile device IDs do not identify consumers directly, but record information such as when a consumer views or clicks on an advertisement, when a consumer uses a mobile app, the consumer's location, and browser or other device information. Publishers, advertisers and partners may also choose to share their information about consumers' interests or give Innovid permission to use their cookies and mobile device IDs. Without cookies, mobile device IDs, and other tracking technology data, transactions processed through Innovid's platform would be executed with less insight into consumer activity, reducing the precision of advertisers' decisions about which impressions to purchase for an advertising campaign. This could make placement of advertising through Innovid's platform less valuable, and harm its revenue. If Innovid's ability to use cookies, mobile device IDs or other tracking technologies is limited, it may be required to develop or obtain additional applications and technologies to compensate for the lack of cookies, mobile device IDs and other tracking technology data, which could be time consuming or costly to develop, less effective, and subject to additional regulation.

Innovid's industry and business is subject to rapid and frequent changes in technology, evolving client demands and frequent competitors with new and enhanced offerings. Innovid competes for both supply and demand with larger, well-established companies that may have technological advantages stemming from their experience in the market. Innovid's future success will depend on its ability to continuously enhance and improve its offerings to meet client needs and address technological and industry advancements. If Innovid is unable to enhance its solutions to meet market demand in a timely manner, it may not be able to maintain its existing clients or attract new clients. Innovid has made, and intends to continue to make, substantial investments in order to further advance its brand and scale its technology capabilities. However, these investments are inherently risky and may not be successful. Addressing broader marketing and monetization goals, is relatively new to Innovid and it has had to invest in substantial resources to adapt its model, pricing and organization to support this expansion. Similarly, Innovid does not have a long or established track record of competing successfully in this space. If Innovid is not successful in expanding its solutions along broader marketing goals, its results of operations could be adversely affected. Furthermore, Innovid believes the importance of brand recognition will increase as competition in its market increases. However, if Innovid is unable to continuously enhance and improve its offerings, it may be unable to respond effectively to changes in its industry, technology or user preferences, and its solutions may become less competitive or obsolete. Furthermore, brand promotion activities may not yield any increased revenue, and even if they do, any increased revenue may not offset the expenses Innovid incurred in building its brand. Innovid's business depends on the overall demand for advertising and on the economic health of Innovid's current and prospective advertisers. The market for digital advertising solutions is highly competitive and rapidly changing. New technologies and methods of advertising present a dynamic competitive challenge as market participants develop and offer multiple new products and services aimed at facilitating and/or capturing advertising spending. With the introduction of new technologies and the influx of new entrants to the market, including large established companies and companies that Innovid does not yet know about or do not yet exist, Innovid expects competition to persist and intensify in the future, which could harm its ability to increase sales and maintain its profitability. Large and established internet and technology companies may have the power to significantly change the very nature of the digital advertising marketplaces in ways that could materially disadvantage Innovid. These companies could leverage their positions to make changes to their web browsers, mobile operating systems, platforms, exchanges, networks or other solutions or services that could be significantly harmful to Innovid's business and results of operations. These companies also have significantly larger resources than Innovid does, and in many cases have advantageous competitive positions in popular products and services like Gmail, YouTube, Chrome, Facebook and Instagram, which they can use to their advantage. Furthermore, Innovid's competitors include large and established internet and technology companies that have invested substantial resources in innovation, which could lead to technological advancements that change the competitive dynamics of Innovid's business in ways that it may not be able to predict. Competition could also hinder the success of new advertising solutions that Innovid offers in the future. If any of these risks were to materialize, Innovid's ability to compete effectively could be significantly compromised and its results of operations could be harmed. Any of these developments would make it more difficult for Innovid to sell its offerings and could result in increased pricing pressure, reduced gross margins, increased sales and marketing expense and/or the loss of market share.

Innovid's revenue, cash flow, operating results and other key operating and performance metrics may vary from quarter to quarter due to the seasonal nature of its customers spending on advertising campaigns. For example, advertisers typically allocate the largest portion of their media budgets to the fourth quarter of the calendar year in order to coincide with increased holiday purchasing. As a result, the fourth quarter of the year typically reflects Innovid's highest level of measurement activity while the first quarter reflects the lowest level of such activity. Innovid's historical revenue growth has masked the impact of seasonality, but if its growth rate declines or seasonal spending becomes more pronounced, seasonality could have a more significant impact on its revenue, cash flow and operating results from period to period.

Innovid's business depends on its ability to maintain and expand relationships with advertisers and agencies. Innovid depends on advertisers and agencies to specify and utilize its offering. Innovid currently relies on, and expects to continue to rely on, approximately 177 core clients calculated according to a new methodology to include publishers described elsewhere in this Form 10-K. This amount may include multiple paying customers. These core clients accounted for 90% of our 2023 revenue, with no single client accounting for more than 17% of our 2023 revenue. To support Innovid's continued growth, it will seek to add additional advertisers to its platform and expand current utilization with its existing advertisers. However, there are no assurances it will be able to do so. Innovid has few advertising customers with minimum commitments so there is no guarantee that existing advertiser relationships will persist. Any disruptions in Innovid's relationships with advertisers could adversely affect its business, results of operations and financial condition. If Innovid cannot retain or add individual advertisers, or if existing advertisers reduce their use of its offering, it could adversely affect Innovid's business, results of operations, and financial condition. Additionally, if Innovid's offerings do not meet the current or future expectations of its advertisers or agencies or if Innovid's services or employees fail to perform as expected, such advertisers or agencies may seek alternative options and Innovid's results may suffer. Furthermore, if existing advertisers significantly reduce their ad-spend in response to continued supply change disruptions, labor shortages or other macroeconomic trends, Innovid's results will suffer.

The advertisers and publishers engaging in transactions through Innovid's platform impose various requirements upon each other, and Innovid and the underlying advertisers are subject to regulatory requirements by governments and standards bodies applicable to their activities. Innovid may assume responsibility for satisfying or facilitating the satisfaction of some of these requirements through the contracts it enters into with advertisers or publishers transacting business through its platform under applicable laws, regulations or common law duties, even if Innovid has not assumed responsibility contractually. These responsibilities could expose Innovid to significant liabilities, perhaps without the ability to impose effective mitigating controls upon, or to recover from, advertisers and publishers and our contractual indemnities and limitations of liability may not protect us adequately. Innovid contractually requires its advertisers, publishers and data providers to abide by relevant laws, rules and regulations, and restrictions by their counterparties, when transacting on Innovid's platform, and it generally attempts to obtain representations from advertisers that the advertising they place through its platform complies with applicable laws and regulations and does not violate third-party intellectual property rights. Innovid also generally receives representations from advertisers, publishers and data providers about their data privacy practices and compliance with applicable laws and regulations, including their maintenance of adequate privacy policies that disclose and permit Innovid's data collection practices. Nonetheless, there are many circumstances in which it is difficult or impossible for Innovid to monitor or evaluate its compliance. For example, Innovid cannot control the content of advertisers and/or publisher's media properties. If advertisers, publishers or data providers fail to abide by relevant laws, rules and regulations, or contract requirements when transacting over Innovid's platform or after such a transaction is completed, or if such parties fail to provide proper notice to and obtain proper consent from individuals that permit Innovid's data collection practices where applicable, Innovid could potentially face liability to consumers for such misuse. Further, Innovid could face potential liability to consumers in the event such parties engage in malicious activities, such as the introduction of malware into consumers' computers through advertisements served through Innovid's platform, and code that redirects consumers to sites other than the ones consumers sought to visit, potentially resulting in malware downloads or use charges from the redirect site. Advertisers often have terms of use in place with their consumers that disclaim or limit their potential liabilities to such consumers, or pursuant to which consumers waive rights to bring class-action lawsuits against the publishers related to advertisements, which could make Innovid a more likely target for certain lawsuits. Similarly, if such misconduct results in enforcement action by a regulatory body or other governmental authority, Innovid could become involved in a potentially time-consuming and costly investigation, or it could be subject to some form of sanction or penalty and face reputational damage. Innovid may not have adequate indemnities to protect itself against, and its policies of insurance may not cover, all such claims and losses.

Innovid's income tax obligations are based in part on its corporate operating structure and intercompany arrangements. The tax laws applicable to Innovid's business, including the laws of the US and other jurisdictions, are subject to interpretation, and certain jurisdictions are aggressively interpreting their laws in new ways in an effort to raise additional tax revenue. Innovid's existing corporate structure and intercompany arrangements have been implemented in a manner Innovid believes is in compliance with current prevailing tax laws. However, the taxing authorities of the jurisdictions in which Innovid operates may challenge Innovid's methodologies for intercompany arrangements, which could impact Innovid's worldwide effective tax rate and harm its financial position and results of operations. In addition, changes to Innovid's corporate structure and intercompany agreements, including through acquisitions, could impact Innovid's worldwide effective tax rate and harm its financial position and results of operation.

Privacy and data protection laws and regulation of digital advertising may cause Innovid to incur additional or unexpected costs, subject it to enforcement actions for compliance failures or cause it to change our platform or business model, which may have a material adverse effect on our business. There are a growing number of data privacy and protection laws and regulations in the digital advertising industry that apply to Innovid's business. Innovid has dedicated, and expects to continue to dedicate, significant resources in its efforts to comply with such laws and regulations. For example, Innovid has implemented policies and procedures to comply with applicable data privacy laws and regulations, and relies on contractual representations made to it by customers and partners that the information they provide to it and their use of its solutions do not violate these laws and regulations or their own privacy policies. If Innovid's customers' and partners' representations are false or inaccurate, or if its customers and partners do not otherwise comply with applicable privacy laws, Innovid could face adverse publicity and possible legal or regulatory action. Conversely, Innovid's partners and communications services providers have adopted their own policies based on their own perceptions of legal requirements or other policy determinations, and these policies have in the past temporarily prevented Innovid, and may again in the future prevent it, from operating on their platforms and possibly result in loss of business or litigation. The application, interpretation and enforcement of data privacy and protection laws and regulations are often uncertain and continue to evolve, particularly in the new and rapidly evolving industry in which Innovid operates, and may be interpreted and applied inconsistently between states within a country or between countries, and Innovid's current policies and practices may be found not to comply. In the US, federal and state laws impose limits on, or requirements regarding the collection, distribution, use, security and storage of personal information of individuals. For example, the Children's Online Privacy Protection Act applies to websites and other online services that collect personal information about children under 13 years of age. The FTC Act grants the FTC authority to enforce against unfair or deceptive practices, which the FTC has interpreted to require companies' practices with respect to personal information comply with the commitments posted in their privacy policies. With respect to the use of personal information for direct marketing purposes, we may send short message service, or SMS, text messages which would be subject to the TCPA. The actual or perceived improper calling or sending of text messages may subject us to potential risks, including liabilities or claims relating to consumer protection laws such as the TCPA. Further, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, establishes specific requirements for commercial email messages and specifies penalties for the transmission of commercial email messages that are intended to deceive the recipient as to source or content, and obligates, among other things, the sender of commercial emails to provide recipients with the ability to opt out of receiving future commercial emails from the sender. Additionally, we are subject to laws, regulations and standards in the US covering marketing, advertising, cookies, tracking technologies, e-marketing, and other activities conducted by the internet, and regulation of cookies and similar technologies, and any use of cookies or similar online tracking technologies as a means to identify and potentially target users, may lead to broader restrictions and impairments on our services and may negatively impact our efforts to help our customers better understand their users. Regulatory attention in the US is driving increased attention to cookies and tracking technologies and privacy activists are referring non-compliant companies to regulators. There has also been increased regulation of data privacy and security in the US particularly at the state level. For example, in 2018, California enacted the CCPA, which came into effect in January 2020 and places increased obligations on businesses. The CCPA gives California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. Further, in November 2020, California voters passed the CPRA, which significantly expands the CCPA. The CPRA took effect January 1, 2023 (and applies to data collected during the prior year), introduced additional obligations such as data minimization and storage limitations, granting additional rights to consumers, such as correction of personal information and additional opt-out rights, and creates a new entity, the California Privacy Protection Agency, to implement and enforce the law. The CCPA has marked the beginning of a trend toward more stringent state data privacy legislation in the US, which could increase Innovid's potential liability and adversely affect its business, and has created the potential for a patchwork of overlapping but different state laws. For example, general privacy statutes similar to the CCPA are now in effect and enforceable in Virginia, Colorado, Connecticut, and Utah, and similar statutes will soon be enforceable in several other states as well. Many other states are also currently reviewing or proposing the need for greater regulation of the collection, sharing, use and other processing of information related to individuals for marketing purposes or otherwise, and there remains increased interest at the federal level. Further, foreign data privacy laws are also rapidly changing and have become more stringent in recent years. In the EEA and the UK, the EEA GDPR, the UK General Data Protection Regulation, and the UK Data Protection Act 2018 impose strict obligations on the ability to collect, analyze, use, transfer and otherwise process personal data. This includes requirements with respect to accountability, transparency, obtaining individual consent, international data transfers, security and confidentiality and personal data breach notifications, which may restrict our processing activities. Separate, restrictive obligations relating to electronic marketing and the use of cookies which may limit our ability to advertise or analyze user behavior online. In the EU and UK, informed consent is required for the placement of most cookies or similar technologies on a user's device and for direct electronic marketing. The EEA privacy laws on cookies and e-marketing are also subject to change as they are likely to be replaced by the European Commission's Regulation on Privacy and Electronic Communications, or the ePrivacy Regulation. The ePrivacy Regulation may introduce more stringent requirements for using cookies and similar technologies for direct marketing and significantly increase fines for non-compliance in-line with the GDPR. In addition, there is an increasing regulatory focus on cookies in Europe recently following a recent court decision, privacy activists' campaigns and various guidance issued by supervisory authorities, which has in some cases led to significant monetary penalties. If regulators start to enforce the strict approach in recent guidance, this could lead to substantial costs, require significant systems changes, limit the effectiveness of our marketing activities, divert the attention of our technology personnel, adversely affect our margins, increase costs, and subject us to additional liabilities. Outside of the above mentioned jurisdictions, many countries and territories have laws, regulations, or other requirements relating to privacy, data protection, information security, data localization and consumer protection, and new countries and territories are adopting such legislation or other obligations with increasing frequency. For example, the PRC government has also introduced a wide range of laws and regulations on cybersecurity and data security in recent years, is evolving and may be subject to different interpretations or significant changes. Additionally, various regulatory bodies, or self-regulatory organizations may continue to issue revised rules or guidance regarding data privacy and protection. Innovid expects that there will continue to be new proposed laws, regulations, and industry standards concerning data privacy, data protection, and information security in the United States and other jurisdictions at all levels of legislature, governance, and applicability. These federal, state and foreign laws and regulations, which in some cases can be enforced by private parties in addition to government entities, are increasingly restricting the collection, processing and use of personal data. Innovid continues to monitor changes in laws and regulations, and the costs of compliance with, and the other burdens imposed by, these and other new laws or regulatory actions increase our costs. Although Innovid takes reasonable efforts to comply with all applicable laws and regulations, laws are constantly evolving, can be subject to significant change or interpretive application, and may be inconsistent from one jurisdiction to another. Any perception of Innovid's practices, platform or solutions delivery as a violation of data privacy rights may subject it to public criticism, loss of customers or partners, loss of goodwill, class action lawsuits, reputational harm, or investigations or claims by regulators, industry groups or other third parties, any of which could significantly disrupt its business and expose it to liability in ways that negatively affect its business, results of operations and financial condition. Innovid or its third-party service providers could be adversely affected if legislation or regulations are expanded to require changes in Innovid's or its third-party service providers' business practices or if governing jurisdictions interpret or implement their legislation or regulations in ways that negatively affect Innovid's or Innovid's third-party service providers' business, results of operations or financial condition. In addition, failure or perceived failure to comply with these and other laws and regulations may result in, among other things, administrative enforcement actions and significant fines, individual or class action lawsuits, significant legal fees, and civil or criminal liability or we could be required to make changes to our business activities and practices. Any regulatory or civil action that is brought against Innovid, even if unsuccessful, may distract its management's attention, divert its resources, negatively affect its public image or reputation among its customers and partners and within its industry, and, consequently, harm its business, results of operations and financial condition.