UiPath (PATH) Risk Analysis

Our agreements with our customers and other third parties may include indemnification provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of infringement, misappropriation, or other violation of intellectual property rights, data protection, damages caused by us to property or persons, or other liabilities relating to or arising from our software, services, or platform, our acts or omissions under such agreements, or other contractual obligations. Some of these indemnity agreements provide for uncapped liability and some indemnity provisions survive termination or expiration of the applicable agreement. Large indemnity payments could harm our business, financial condition, and results of operations. Although we attempt to contractually limit our liability with respect to such indemnity obligations, we are not always successful and may still incur substantial liability related to them, and we may be required to cease use of certain functions of our platform or products as a result of any such claims. Any dispute with a customer or other third-party with respect to such obligations could have adverse effects on our relationship with such customer or other third-party and other existing or prospective customers, reduce demand for our products and services, and adversely affect our business, financial condition, and results of operations. In addition, although we carry general liability and cybersecurity insurance, our insurance may not be adequate to indemnify us for all liability that may be imposed or otherwise protect us from liabilities or damages with respect to claims alleging compromises of customer data, and any such coverage may not continue to be available to us on acceptable terms or at all.

Our platform and products are complex and use novel technology. Undetected errors, failures, or bugs have occurred in our platform and products in the past and may occur in the future. Our platform and products are used throughout our customers’ business environments and with different operating systems, system management software, applications, devices, databases, servers, storage, middleware, custom and third-party applications and equipment, and networking configurations, which may cause errors or failures in the business environment into which our platform and products are deployed. This diversity of applications increases the likelihood of errors or failures in those business environments. Despite testing by us, real or perceived errors, failures, or bugs may not be found until our customers use our platform and products. Such failures or bugs can cause reputational damage, and in some cases can affect our revenue due to the impact of service level commitments that we offer to our customers, as described below. Our platform and products also empower our customers to develop their own use cases for our automation platform and products. We cannot guarantee that these user-developed automations will be effective or that they do not include errors, failures, or bugs that then may be attributed, correctly or not, to our underlying technologies. For instance, our customers may use our products in a manner in which they were not intended and that could cause our platform or products to be implicated in any resulting errors or failures. Real or perceived errors, failures, or bugs in our platform and products could result in negative publicity, loss of or delay in market acceptance of our platform and products, regulatory investigations and enforcement actions, harm to our brand, weakening of our competitive position, claims by customers for losses sustained by them, or failure to meet the stated service level commitments in our customer agreements. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend significant additional resources in order to help correct the problem. Any errors, failures, or bugs in our platform or products could also impair our ability to attract new customers, retain existing customers, or expand their use of our software, which would adversely affect our business, financial condition, and results of operations.

In the ordinary course of business, we collect, receive, access, generate, transfer, store, disclose, share, make accessible, protect, secure, dispose of, and use (collectively, process) personal data and other sensitive information, including proprietary and confidential business data, trade secrets, intellectual property, financial information, geolocation information, social security numbers, government-issued identification information, and sensitive third-party data about employees, contractors, customers, suppliers, and others (collectively, sensitive information). Our data processing activities subject us to numerous data privacy and security obligations, such as various laws, codes, regulations, industry standards, external and internal privacy and security policies, contracts, and other obligations. In the U.S., federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, and consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., wiretapping laws). For example, HIPAA, as amended by the HITECH, imposes specific requirements relating to the privacy, security, and transmission of individually identifiable protected health information. In the past few years, numerous U.S. states—including California, Virginia, Colorado, Connecticut, and Utah—have enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data. As applicable, such rights may include the right to access, correct, or delete certain personal data, and to opt-out of certain data processing activities, such as targeted advertising, profiling, and automated decision-making. The exercise of these rights may impact our business and our ability to provide products and services. Certain states also impose stricter requirements for processing certain personal data, including sensitive information, such as conducting data privacy impact assessments. These state laws allow for statutory fines for non-compliance. For example, the CCPA, as amended by the California Privacy Rights Act of 2020 (CPRA) (collectively CCPA), applies to personal data of consumers, business representatives, and employees who are California residents, and requires businesses to provide specific disclosure in privacy notices and honor requests of such individuals to exercise certain privacy rights. The CCPA provides for fines of up to $7,500 per intentional violation and allows private litigants affected by certain data breaches to recover significant statutory damages. Similar laws are being considered in several other states, as well as at the federal and local levels, and we expect more states to pass similar laws in the future. These developments further complicate our compliance efforts, and increase legal risk and compliance costs for us, the third parties upon whom we rely, and our customers. Additionally, under various privacy laws and other obligations, we may be required to obtain certain consents to process personal data. For example, some of our data processing practices may be challenged under wiretapping laws, if we obtain consumer information from third parties through various methods, including chatbot and session replay providers, or via third-party marketing pixels. These practices may be subject to increased challenges by class action plaintiffs. Our inability or failure to obtain consent for these practices could result in adverse consequences, including class action litigation and mass arbitration demands. In the EEA, the Collective Redress Directive (effective June 2023) will allow collective actions to be brought by a representative body against businesses if they breach legislation intended to protect EU consumers, including for data protection matters. Outside the U.S., an increasing number of laws, regulations, and industry standards apply to data privacy and security. The EU GDPR, the U.K. GDPR (collectively, "GDPR"), Brazil’s LGPD, India's Digital Personal Data Protection Act, and China’s PIPL impose strict requirements for processing personal data. For example, under the GDPR, companies may face temporary or definitive bans on data processing; fines of up to 20 million euros under the EU GDPR, 17.5 million pounds sterling under the U.K. GDPR or, in each case 4% of annual global revenue, whichever is greater; or private litigation related to processing of personal data brought by classes of data subjects or consumer protection organizations authorized by law to represent their interest. We may have to change our business practices to comply with such obligations. In Canada, the Personal Information Protection and Electronic Documents Act and various related provincial laws, as well as Canada's Anti-Spam Legislation, apply to our operations. As another example, the LGPD applies to our operations. The LGPD broadly regulates processing personal data of individuals in Brazil and imposes compliance obligations and penalties comparable to those of the EU GDPR. We also target customers in Asia, have operations Asia including in Japan, Singapore, India, and Hong Kong, and are subject to new and emerging data privacy regimes including China’s PIPL, Japan’s Act on the Protection of Personal Information, and Singapore’s Personal Data Protection Act. We are also subject to the EU DSA, which requires us to further change our products, policies, and procedures. These new regulations create additional reporting obligations and oblige us to enhance our content moderation practices, update our internal procedures to allow users to notify of illegal content, and create internal mechanisms to handle complaints. Failures to comply with the DSA obligations may result in fines up to 6% of global turnover. In addition, privacy advocates and industry groups have proposed, and may propose, standards with which we are legally or contractually bound to comply. Our employees and personnel may use generative AI technologies to perform their work, and the disclosure and use of personal data in generative AI technologies is subject to various privacy laws and other privacy obligations. Governments have passed and are likely to pass additional laws regulating generative AI. Our use of this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. We also use AI/ML to assist us in making certain decisions, which is regulated by certain privacy laws. For example, certain privacy laws extend rights to consumers (such as the right to delete certain personal data) and regulate automated decision-making, which may be incompatible with our use of AI/ML. These obligations may make it harder for us to conduct our business using AI/ML, lead to regulatory fines or penalties, require us to change our business practices, retrain our AI/ML, or prevent, or limit our use of AI/ML. Furthermore, the FTC has required other companies to turn over (or disgorge) valuable insights or trainings generated through the use of AI/ML, where the FTC alleges those companies have violated privacy and consumer protection laws. If we cannot use AI/ML, or that use is restricted, our business may be less efficient, or we may be at a competitive disadvantage. Furthermore, in Europe, the proposed European Artificial Intelligence Regulation (EU AI Act), which has extraterritorial scope, will impose onerous obligations for providers and deployers of AI-related systems. Certain jurisdictions have enacted data localization laws and cross-border personal data transfer laws, which could make it more difficult to transfer information across jurisdictions (such as transferring or receiving personal data that originates in the EU or in other foreign jurisdictions). Existing mechanisms that facilitate cross-border personal data transfers may change or be invalidated. For example, absent appropriate safeguards or other circumstances, the EU GDPR generally restricts the transfer of personal data to countries outside of the EEA that the European Commission does not consider to provide an adequate level of data privacy and security, such as the U.S. The European Commission released a set of SCCs that are designed to be a valid mechanism to facilitate personal data transfers out of the EEA to these jurisdictions. Currently, these SCCs are a valid mechanism to transfer personal data outside of the EEA, but there exists some uncertainty regarding whether the SCCs will remain a valid mechanism. Additionally, the SCCs impose additional compliance burdens, such as conducting transfer impact assessments to determine whether additional security measures are necessary to protect the at-issue personal data. In addition, Switzerland and the U.K. similarly restrict personal data transfers outside of those jurisdictions to countries such as the U.S. that do not provide an adequate level of personal data protection, and certain countries outside Europe (e.g. Brazil, China, Russia) have also passed or are considering laws requiring local data residency, or otherwise impeding the transfer of personal data across borders, any of which could increase the cost and complexity of doing business. Although there are currently various mechanisms that may be used to transfer personal data from the EEA, U.K., and Switzerland to the U.S. in compliance with law, such as the U.K.'s International Data Transfer Agreement / Addendum, the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework and the U.K. extensions thereto (which allows for transfers to relevant U.S.-based organizations who self-certify compliance and participate in the Framework), these mechanisms are subject to legal challenges, and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the U.S. If we were unable to implement or maintain a valid compliance mechanism for cross-border data transfers, or if the requirements for a legally-compliant transfer are too onerous, we could face significant adverse consequences, including the interruption or degradation of our operations, the need to relocate part of or all of our business or data processing activities to other jurisdictions (such as the EEA) at significant expense, increased exposure to regulatory actions, substantial fines and penalties, and injunctions against processing or transferring personal data from the EEA or other foreign jurisdictions. The inability to import personal data to the U.S. could significantly and negatively impact our business operations, including by limiting our ability to collaborate with parties that are subject to such cross-border data transfer or localization laws, by or requiring us to increase our personal data processing capabilities and infrastructure in foreign jurisdictions at significant expense. Additionally, companies that transfer personal data out of the EEA and U.K. to other jurisdictions, particularly to the U.S., are subject to increased scrutiny from regulators, individual litigants, and activist groups. Some European regulators have ordered certain companies to suspend or permanently cease certain transfers out of the EEA for allegedly violating the GDPR's cross-border data transfer limitations. In addition to data privacy and security laws, we are contractually subject to industry standards adopted by industry groups, and we may become subject to additional such obligations in the future. Our obligations related to data privacy and security (and consumers' data privacy expectations) are quickly changing, becoming increasingly stringent, and creating uncertainty. Our business model materially depends on our ability to process personal data, so we are particularly exposed to the risks associated with the rapidly changing legal landscape. For example, we may be at heightened risk of regulatory scrutiny, and any changes in the regulatory framework could require us to fundamentally change our business model. We may at times fail (or be perceived to have failed) in our efforts to comply with our data privacy and security obligations. Moreover, despite our efforts, our personnel or the third parties upon whom we rely may fail to comply with such obligations, which could negatively impact our business operations and compliance posture. For example, any failure by a third-party processor to comply with applicable laws, regulations, or contractual obligations could result in adverse effects, including inability to or interruption in our ability to operate our business and proceedings against us by governmental entities or others. If we or the third parties upon whom we rely fail, or are perceived to have failed, to address or comply with data privacy and security obligations, we could face significant consequences, including, but not limited to: government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class action claims) and mass arbitration demands; additional reporting requirements and/or oversight; temporary or permanent bans on processing personal data; orders to destroy or not use personal data; and imprisonment of company officials. In particular, plaintiffs have become increasingly more active in bringing privacy-related claims against companies, including class action claims and mass arbitration demands. Some of these claims allow for the recovery of statutory damages on a per violation basis, and if viable, carry the potential for monumental statutory damages, depending on the volume of data and the number of violations. Any of these events could have a material adverse effect on our reputation, business, or financial condition, including but not limited to: loss of customers; interruptions or stoppages in our business operations (including interruptions or stoppages of data collection needed to train our algorithms); inability to process personal data or to operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; or substantial changes to our business model or operations. Additionally, we publish privacy policies, marketing materials and other statements, such statements regarding our compliance with certain certifications or self-regulatory principles, regarding data privacy and security. If these policies, material, or statements are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators, or other adverse consequences. Although we endeavor to comply with our privacy policies and other data protection obligations, we may at times fail to do so or may be perceived to have failed to do so. Moreover, despite our efforts, we may not be successful in achieving compliance if our employees, contractors, service providers, or vendors fail to comply with our published policies and documentation. Such failures could subject us to potential foreign, federal, state, and local action.. Claims that we have violated individuals’ privacy rights or failed to comply with privacy policies and other data protection obligations, even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business. We are also bound by contractual obligations related to data privacy and security (including related to industry standards), and our efforts to comply with such obligations may not be successful. For example, certain privacy laws, such as the GDPR and the CCPA, require our customers to impose specific contractual restrictions on their service providers. Additionally, some of our customer contracts require us to host personal data locally. We have in the past received and may in the future receive inquiries from or be subject to investigations by data protection authorities regarding, among other things, our privacy, data protection, and information security practices. We have been subject to investigations by regulators in Romania and Turkey in connection with a security incident affecting our information technology systems in 2020; however, we have remediated the incident and notified all affected individuals and relevant data protection authorities as required under applicable privacy laws. Both investigations were recently finalized. The Turkish authority imposed a fine of approximated $4 thousand. The Romanian investigation resulted in the imposition of a 70 thousand Euro penalty in addition to various reporting and oversight obligations. The result of these investigations could impact our brand reputation, subject us to monetary remedies and costs, interrupt or require us to change our business practices, divert resources and the attention of management from our business, or subject us to other remedies that adversely affect our business.

Our international operations and personnel have rapidly expanded to support our business in numerous international markets. We generally conduct our international operations through directly or indirectly wholly-owned subsidiaries, and we are or may be required to report our taxable income in various jurisdictions worldwide with increasingly complex tax laws based upon our business operations in those jurisdictions. Our intercompany relationships and agreements are subject to complex transfer pricing regulations administered by tax authorities in various jurisdictions with potentially divergent tax laws. Tax authorities may disagree with tax positions that we have taken. For example, the IRS or another tax authority could challenge our allocation of income by tax jurisdiction and the amounts paid between our affiliated companies pursuant to our intercompany arrangements and transfer pricing policies, including amounts paid with respect to our intellectual property in connection with our intercompany research and development cost sharing arrangement and legal structure. We are currently under audit in certain jurisdictions, and topics as described above have been raised in the tax audits in Romania and India. We believe our position is reasonable, however, the administrative procedures in finalizing the tax audits are in process and potential disputes and/or litigation may follow. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the U.S., to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The authorities in these jurisdictions could audit our tax returns or require us to file tax returns in jurisdictions in which we are not currently filing and could impose additional tax, interest, and penalties. In addition, the authorities could claim that various withholding requirements apply to us or our subsidiaries, assert that benefits of tax treaties are not available to us or our subsidiaries, or challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows, and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such contingencies. Furthermore, we are subject to periodic audits in the various jurisdictions in which we operate. We regularly assess the likelihood of an adverse outcome resulting from these audits to determine the adequacy of our accruals for taxes. Although we believe our estimates are reasonable, the final outcome of audits could materially differ from our expectations.

Our platform and products provide automation solutions that our customers can integrate throughout their businesses. Accordingly, we compete with RPA software providers and adjacent automation and integration platform companies in markets such as low-code, BPM, iPaaS, process mining, IDP, and test automation vendors, and with enterprise platform vendors that are acquiring, building, or investing in automation and AI functionality or partnering with automation and AI providers. We also compete with companies that provide and support the traditional systems relying on manual tasks and processes that our platform and products are designed to replace, including companies that facilitate outsourcing of such tasks and processes to lower cost workers. Our customers may also internally develop their own automated solutions to address tasks particular to their business. The automation market is a fast-growing enterprise software market and is increasingly competitive. With the introduction of new technologies and market entrants, we expect that the competitive environment will remain intense going forward. For instance, as our market becomes increasingly driven by cloud-based solutions, native cloud providers may enter this market and provide competitive offerings at lower prices. Additionally, open source alternatives for automation that are offered at no cost may impact our ability to sell our products to certain customers who may prefer to rely on these tools. Our competitors may be able to respond more quickly to new or expanding technology, such as newly emerging generative AI technologies, and devote more resources to product development than we can. The speed of technological development may prove disruptive to some of our markets if we are unable to maintain the pace of innovation. Some of our actual and potential competitors have been acquired by other larger enterprises, have made or may make acquisitions, may enter into partnerships or other strategic relationships that may provide more comprehensive products than they individually had offered, or may achieve greater economies of scale than us. In addition, new entrants not currently considered to be competitors may enter the market through acquisitions, partnerships, or strategic relationships. As we look to market and sell our products and platform capabilities to potential customers with existing internal solutions, we must convince their internal stakeholders that our products and platform capabilities are superior to their current solutions. If we fail to do so, our business, financial condition, and results of operations may be harmed.

We derive a substantial portion of our revenue and ARR from sales to our top 10% of customers. As a result, our revenue and ARR could fluctuate materially and could be materially and disproportionately impacted by the purchasing decisions of these customers or any other future large customer. Any of our largest customers may decide to purchase less than they have in the past, may alter their purchasing patterns at any time with limited notice, or may decide not to continue to purchase our platform and products at all, any of which could cause our revenue and ARR to decline and adversely affect our financial condition and results of operations. If we do not further diversify our customer base, we will continue to be susceptible to risks associated with customer concentration.

To encourage awareness, use, and adoption of our platform and products, we offer a community edition and enterprise trial version of our software, each of which provides free, online access to certain of our products. This “try-before-you-buy” strategy may not be successful in driving developer education regarding or leading customers to purchase our products. Many users of our free tier may not lead to others within their organization purchasing and deploying our platform and products. To the extent that users do not become, or we are unable to successfully attract, paying customers, we will not realize the intended benefits of these marketing strategies and our ability to grow our revenue will be adversely affected.

On July 7, 2023, Daniel Dines notified our board of directors that he would resign from his position as our Co-CEO, effective as of January 31, 2024. Robert Enslin, then UiPath's Co-CEO, continued to serve in the Co-CEO role through January 31, 2024. As of February 1, 2024, Mr. Enslin assumed the role of our sole CEO. Mr. Dines assumed the newly-created role of Chief Innovation Officer, and continues to serve as the Executive Chairman of the board of directors. In his new capacity at UiPath as Chief Innovation Officer, Mr. Dines plans to drive our AI and technology initiatives. Our success and future growth depend largely upon the continued services of our executive officers, particularly Daniel Dines, Chief Innovation Officer, co-founder, and Chairman, as well as our other key employees in the areas of research and development, and sales and marketing. Additionally, many members of our management team have been with us for a short period of time. From time to time, there have been and may continue to be changes in our executive management team or other key employees resulting from the hiring or the departure of these personnel. Our executive officers and other key employees are employed on an at-will basis, which means that these personnel could terminate their employment with us at any time. The loss of one or more of our executive officers, or the failure by our executive team to effectively work with our employees and lead UiPath, could harm our business. Further, in fiscal year 2023 we streamlined our senior management structure. Any of these changes may not achieve our desired results. As we experience personnel turnover, we have experienced and may continue to experience some loss of internal knowledge from time to time. The streamlining of our senior management team could introduce additional risks with fewer executives tasked with leading our organization. Because of the complexity of our products and platform capabilities, we also are dependent on the continued service of our existing software engineers and our ability to recruit qualified new engineers. Competition for these personnel is intense, especially for engineers experienced in designing and developing RPA, AI, and ML applications. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Potential candidates may not perceive our compensation package, including our equity awards, as favorably as employees hired in the past given the recent volatility in the price of our Class A common stock and in the public markets. In addition, our recruiting personnel, methodology, and approach has needed to be altered and may in the future need to be altered to address a changing candidate pool and profile. We may not be able to identify or implement such changes in a timely manner. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers have attempted and may in the future attempt to assert that these employees, or we, have breached their legal obligations, resulting in a diversion of our time and resources. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. As some of our employees' perception of our equity awards has declined, and may decline from time to time due to the lower price of our Class A common stock, if the Class A common stock continues to experience significant volatility, or volatility increases such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to recruit and retain key employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be harmed.

Our success significantly depends upon maintaining and growing our relationships with a variety of channel partners, and we anticipate that we will continue to depend on these partners in order to grow our business. Our channel partners enable us to extend our local and global reach, in particular with smaller customers and in geographies where we have less direct sales presence. For fiscal years 2024, 2023, and 2022, we derived a substantial amount of our revenue from sales through channel partners, and we expect to continue to derive a substantial amount of our revenue from channel partners in future periods. Our agreements with our channel partners are generally non-exclusive and do not prohibit them from working with our competitors or offering competing products, and many of our channel partners may have more established relationships with our competitors. If our channel partners choose to place greater emphasis on products of their own or those offered by our competitors, do not effectively market and sell our products, or fail to meet the needs of our customers, then our ability to grow our business and sell our products may be adversely affected. In addition, the loss of one or more of our larger channel partners, who may cease marketing our products with limited or no notice, and our possible inability to replace them, could adversely affect our sales. Moreover, our ability to expand our distribution channels depends in part on our ability to educate our channel partners about our platform and products, which can be complex. Our failure to recruit additional channel partners, or any reduction or delay in their sales of our products or conflicts between channel sales and our direct sales and marketing activities may harm our business, financial condition, and results of operations. Even if we are successful, these relationships may not result in greater customer usage of our products or increased revenue. We also bear the risk that our channel partners will fail to comply with U.S. or international anti-corruption or anti-competition laws, in which case we might be fined or otherwise penalized as a result of the agency relationship with such partners. In addition, the financial health of our channel partners and our continuing relationships with them are important to our success. Some of these channel partners may be unable to withstand adverse changes in economic conditions, which could result in insolvency and/or the inability of such distributors to obtain credit to finance purchases of our products and services, which could negatively impact our future financial performance. In addition, weakness in the end-user market could negatively affect the cash flows of our channel partners who could, in turn, delay paying their obligations to us, which would increase our credit risk exposure. Our business could be harmed if the financial condition of some of these channel partners substantially weakened and we were unable to timely secure replacement channel partners. Further, we from time to time enter into strategic alliance arrangements wherein we sell our products and services to a partner. These strategic alliances may include investments we make to enable the partner to create or enhance their automation practice. If the strategic alliance partner is unable to successfully create or expand their automation practice, we may not realize the benefits we expect. These strategic alliances may also include non-cancelable commitments we make to these third-party alliance partners whereby we plan to leverage the partner’s products or services in arrangements with third-party customers. Should we be unable to deploy the partner’s products or services in arrangements with third-party customers, it may materially and adversely impact our gross margins, profitability, and financial results in any given period. Further, these strategic alliances are a vector for potential growth and expansion for us and these alliances may not be successful and/or as profitable as we project.