System1 (SST) Risk Analysis

There is significant patent and other intellectual property development activity in our industry. Third-party intellectual property rights may cover various aspects of technologies, trademarks, trade names or business methods that we deploy across our platform or businesses, which could prevent us from expanding our offerings or growing our business. Our current or future trademarks or trade names may be challenged, opposed, infringed, circumvented or declared generic or descriptive, determined not to be entitled to registration, or determined to infringe trademark rights owned by third-parties. In connection with a previous dispute regarding the use of the "SYSTEM1" trade name, we entered into a Settlement and Co-Existence Agreement regarding our continued use of the "SYSTEM1" trade name in the businesses in which we operate utilizing such trade name. Our success also depends on the continual development of RAMP. From time to time, we may receive claims from third parties that RAMP and its underlying technology infringe or violate such third parties' intellectual property rights. To the extent we gain greater public recognition, we may face a higher risk of being the subject of intellectual property claims. The cost of defending against such claims, whether or not the claims have merit, is significant, regardless of whether we are successful in our defense, and could divert the attention of management, technical personnel and other employees from our business operations. Litigation regarding intellectual property rights is inherently uncertain due to the complex issues involved, and we may not be successful in defending ourselves in such matters. Additionally, we have obligations to indemnify our clients or inventory and data suppliers in connection with certain intellectual property claims. If we are found to infringe these rights, we could potentially be required to cease utilizing portions of RAMP. We may also be required to develop alternative non-infringing technology, which could require significant time and expense. Additionally, we could be required to pay royalty payments, either as a one-time fee or ongoing, as well as damages for past use that was deemed to be infringing. If we cannot license or develop technology for any allegedly infringing aspect of our business, we would be forced to limit our service and may be unable to compete effectively. Any of these results could harm our business.

When we utilize or deploy cookies and similar tracking or recording means, they are usually first-party cookies, which are cookies deployed by us on our own and operated websites or other domains which we operate through RAMP. We rely on the first party data provided to us by consumers and advertisers to improve our product and service offerings and to feed the RAMP data loop in particular, and if we are unable to maintain or grow such data we may be unable to provide consumers with an experience that is relevant, efficient and effective, which could adversely affect our business. Additionally, the regulation of the use of cookies and other current online tracking and advertising practices or a loss in our ability to make effective use of services that employ such technologies could increase our costs of operations and limit our ability to acquire new customers on cost-effective terms and, consequently, materially and adversely affect our business, financial condition and results of operations. Our business relies on the first party data provided to us by consumers and advertisers through using websites and RAMP. The large amount of information we use in operating our websites and RAMP is critical to the web platform experience we provide for consumers. If we are unable to maintain or grow the data provided to us, the value that we provide to consumers and advertisers using our websites and RAMP may be limited. In addition, the quality, accuracy and timeliness of this information may suffer, which may lead to a negative experience for consumers using our websites and our advertisers using our platform and could materially adversely affect our business and financial results. We also rely on our Network Partners to access, collect and use first-party data about our users and subscribers. To the extent that our Network Partners, the applications we make available through the leading app marketplaces and the social media platforms upon which we rely for users and certain related first party data limit or increasingly limit, eliminate or otherwise impair our ability to access, collect, process and/or use data about or derived from our users or subscribers, including certain user-profile elements such as IP address, device or browser type, operating system or search query information, our business, financial condition and results of operations could be adversely affected. Advertising shown on mobile applications can also be affected by blocking or restricting use of mobile device identifiers. Data regarding interactions between users and devices are tracked mostly through stable, pseudonymous advertising identifiers that are built into the device operating system with privacy controls that allow users to express a preference with respect to data collection for advertising, including to disable the identifier. Any failure to ensure these identifiers are properly pseudonymized could require us and our clients to comply with certain obligations with regard to such data. These identifiers and privacy controls are defined by the developers of the platforms through which the applications are accessed and could be changed by the platforms in a way that may negatively impact our business. For example, Apple announced earlier this year that it will require user opt-in before permitting access to Apple's unique identifier, or IDFA. Apple initially targeted this fall for implementing these changes but has pushed that date out until at least early next year. This shift from enabling user opt-out to an opt-in requirement is likely to have a substantial impact on the mobile advertising ecosystem and could harm our growth in this channel. As the collection and use of data for digital advertising has received media attention over the past several years, some government regulators, such as the FTC, and privacy advocates have suggested creating a "Do Not Track" standard that would allow Internet users to express a preference, independent of cookie settings in their browser, not to have their online browsing activities tracked. "Do Not Track" has seen renewed emphasis from proponents of the CCPA, and the final proposed regulations (currently pending review and acceptance by the Office of Administrative Law) contemplate browser-based or similar "do not sell" signals. California's new ballot initiative, the CPRA, similarly contemplates the use of technical opt outs for the sale and sharing of personal information for advertising purposes as well as to opt out of the use of sensitive information for advertising purposes and allows for AG rulemaking to develop these technical signals. If a "Do Not Track," "Do Not Sell," or similar control is adopted by many Internet users or if a "Do Not Track" standard is imposed by state, federal, or foreign legislation (such as the proposed ePrivacy Regulation or CCPA regulations), or is agreed upon by standard setting groups, we may have to change our business practices, our clients may reduce their use of RAMP, and our business, financial condition, and results of operations could be adversely affected. New requirements relating to automated, browser-based, or one-stop opt-out mechanisms ("OOMs") such as the Global Privacy Control, the forthcoming opt-out mechanism for data brokers established under the California Delete Act, or other OOMs that will be established in the future may result in significantly larger numbers of consumers opting out of having their data used for marketing purposes. This could result in us having less access to consumer data, impacting performance of our services or resulting in loss of business. Increased transparency into the collection and use of data for digital advertising introduced both through features in browsers and devices and regulatory requirements, such as the GDPR, the CCPA, "Do Not Track", and ePrivacy, as well as compliance with such requirements, may create operational burdens to implement and may lead more users to choose to block the collection and use of data about them. Adapting to these and similar changes has in the past and may in the future require significant time, resources and expense, which may increase our cost of operation or limit our ability to operate or expand our business.

Our data-driven platform may also be subject to laws and evolving regulations regarding the use of artificial intelligence and machine learning ("AI Tools"). The regulatory framework around the development and use of these emerging technologies is rapidly evolving, and many federal, state and foreign government bodies and agencies have introduced and/or are currently considering additional laws and regulations. In October 2023, the President of the United States issued an executive order on the Safe, Secure and Trustworthy Development and Use of AI, emphasizing the need for transparency, accountability and fairness in the development and use of AI Tools. Both in the United States and internationally, AI Tools are the subject of evolving review by various governmental and regulatory agencies, including the SEC and the FTC, and changes in laws, rules, directives and regulations governing the use of AI Tools may adversely affect the ability of our business to use or rely on AI Tools. As a result, implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future, and we cannot yet determine the impact future laws, regulations, standards, or perception of their requirements may have on our business. Any actual or perceived failure to comply with evolving regulatory frameworks around the development and use of AI Tools, could adversely affect our brand, reputation, business, results of operations, and financial condition.

Advertising often results in litigation relating to misleading or deceptive claims, copyright or trademark infringement, public performance royalties or other claims based on the nature and content of advertising that is distributed through RAMP. Though we contractually require clients to generally represent to us that their advertisements comply with our ad standards and our inventory providers' ad standards and that they have the rights necessary to serve advertisements through RAMP, we do not independently verify whether we are permitted to deliver, or review the content of, such advertisements. If any of these representations are untrue, we may be exposed to potential liability and our reputation may be damaged. While our clients are typically obligated to indemnify us, such indemnification may not fully cover us, or we may not be able to collect. In addition to settlement costs, we may be responsible for our own litigation costs, which can be expensive.

In the United States, federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal information privacy laws, consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., wiretapping laws). For example, the California Consumer Privacy Act of 2018, or CCPA, requires businesses to provide specific disclosures in privacy notices and honor requests of California residents to exercise certain privacy rights. The CCPA defines "personal information" broadly enough to include online identifiers provided by individuals' devices, applications, and protocols (such as IP addresses, mobile application identifiers and unique cookie identifiers) and individuals' location data, if there is potential that individuals can be identified by such data and provides for civil penalties of up to $7,500 per violation and allows private litigants affected by certain data breaches to recover significant statutory damages. In addition, the California Privacy Rights Act of 2020, or CRPA, which became operative January 1, 2023, expands the CCPA's requirements, including applying to personal information of business representatives and employees and establishing a new regulatory agency to implement and enforce the law which could result in increased privacy and information security enforcement. Similar laws are now in effect and enforceable in Virginia, Colorado, Connecticut, and Utah, and will soon be enforceable in several other states as well. Additionally, state regulators may exercise greater scrutiny regarding the collection and processing of personal information for purposes of online advertising, marketing, and analytics. These laws may be interpreted and applied in a manner that is inconsistent with our existing data practices. If so, in addition to the possibility of fines, lawsuits, and other claims and penalties, we could be required to fundamentally change our business activities and practices, which could have an adverse effect on our revenue, our results of operations and financial condition. In addition to laws regulating the processing of personal information, we are also subject to regulation with respect to political advertising activities, which are governed by various federal and state laws in the U.S., and national and provincial laws worldwide. For example, in November 2023, EU legislators reached a political agreement regarding a regulation to increase transparency in political advertising – under the proposed rules, political adverts will need to be clearly labelled as such and must indicate the election, referendum or regulatory process to which they relate, the identity of the person who paid for them and how much they paid, and whether such advertisements have been targeted. Online political advertising laws are rapidly evolving, and in certain jurisdictions have varying transparency and disclosure requirements. We have already seen publishers impose varying prohibitions and restrictions on the types of political advertising and breadth of targeted advertising allowed on their platforms with respect to advertisements for the 2020 U.S. presidential election in response to political advertising scandals like Cambridge Analytica. The lack of uniformity and increasing requirements on transparency and disclosure could adversely impact the inventory made available for political advertising and the demand for such inventory on RAMP, and otherwise increase our operating and compliance costs. Concerns about political advertising, whether or not valid and whether or not driven by applicable laws and regulations, industry standards, client or inventory provider expectations, or public perception, may harm our reputation, result in loss of goodwill, and inhibit use of RAMP by current and future clients. Changes in data residency and cross-border transfer restrictions also impact our operations. For the transfer of personal data from the EU to the United States, like many U.S. and European companies, we have relied upon, and were certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. The Privacy Shield Framework, however, was struck down in July 2020 by the EU Court of Justice (a decision referred to as "Schrems II") as an adequate mechanism by which EU companies may pass personal data to the United States, and other EU mechanisms for adequate data transfer, such as the standard contractual clauses, were questioned by the Court of Justice and whether and how standard contractual clauses can be used to transfer personal data to the United States is in question. In June 2021, the European Commission published revised standard contractual clauses, and shortly thereafter the European Data Protection Board promulgated guidance on implementation of the new clauses. In October 2022, the White House released an executive order implementing a new EU-U.S. data transfer mechanism, the Trans-Atlantic Data Privacy Framework ("DPF"). The DPF aims to address the concerns raised by the court in Schrems II relating to perceived risks of transferring personal data to the United States by putting in place a new set of "commercial principles" similar to the old Privacy Shield Framework together with new rules governing U.S. intelligence authorities and redress for EU individuals. The European Commission launched an assessment of the DPF's adequacy, which is expected to be completed in 2023. If granted, an adequacy determination would reduce the legal uncertainty of cross-border transfers of personal data. However, until an adequacy determination is granted, the validity of the standard contractual clauses as a transfer mechanism remains uncertain. If all or some jurisdictions within the EU or the United Kingdom determine that the new standard contractual clauses also cannot be used to transfer personal data to the United States and if the DPF is not ultimately adopted, we could be left with no reasonable option for the lawful cross-border transfer of personal data. If left with no reasonable option for the lawful cross-border transfer of personal data, and if we nonetheless continue to transfer personal data from the EU to the United States, that could lead to governmental enforcement actions, litigation, fines and penalties or adverse publicity, which could have an adverse effect on our reputation and business or cause us to need to establish systems to maintain certain data in the EU, which may involve substantial expense and cause us to divert resources from other aspects of our operations, all of which may adversely affect our business. Other jurisdictions have adopted or are considering cross-border or data residency restrictions, which could reduce the amount of data we can collect or process and, as a result, significantly impact our business. We depend on a number of third parties in relation to the operation of our business, a number of which process personal information on our behalf. There can be no assurances that the privacy and security-related measures and safeguards we have put in place in relation to these third parties will be effective to protect us and/ or the relevant personal information from the risks associated with the third-party processing, storage and transmission of such data. Any violation of data or security laws, or of our relevant measures and safeguards, by our third party processors could have a material adverse effect on our business, result in applicable fines and penalties, damage our reputation, and/ or result in civil claims. Our communications with consumers are also subject to certain laws and regulations, including the Controlling the Assault of Non-Solicited Pornography and Marketing ("CAN-SPAM") Act of 2003 and analogous state laws, that could expose us to significant damages awards, fines and other penalties that could materially impact our business. The CAN-SPAM Act and analogous state laws also impose various restrictions on marketing conducted using email. Additional laws, regulations, and standards covering marketing, advertising, and other activities may be or become applicable to our business. As laws and regulations, including FTC enforcement,rapidly evolve to govern the use of these communications and marketing platforms, the failure by us, our employees or third parties acting at our direction to abide by applicable laws and regulations could adversely impact our business, financial condition and results of operations or subject us to fines or other penalties. Regulatory investigations and enforcement actions could also impact us. In the U.S., the Federal Trade Commission, or FTC, uses its enforcement powers under Section 5 of the Federal Trade Commission Act (which prohibits "unfair" and "deceptive" trade practices) to investigate companies engaging in online tracking. Other companies in the advertising technology space have been subject to government investigation by regulatory bodies; advocacy organizations have also filed complaints with data protection authorities against advertising technology companies, arguing that certain of these companies' practices do not comply with the GDPR. We cannot avoid the possibility that one of these investigations or enforcement actions will require us to alter our practices. Further, our legal risk depends in part on our clients' or other third parties' adherence to privacy laws and regulations and their use of our services in ways consistent with end user expectations. We rely on representations made to us by clients that they will comply with all applicable laws, including all relevant privacy and data protection regulations. Although we make reasonable efforts to enforce such representations and contractual requirements, we do not fully audit our clients' compliance with our recommended disclosures or their adherence to privacy laws and regulations. If our clients fail to adhere to our expectations or contracts in this regard, we and our clients could be subject to adverse publicity, damages, and related possible investigation or other regulatory activity. Adapting our business to privacy laws enacted at the state level and their implementing regulations and to the enhanced and evolving privacy obligations in the EU and elsewhere could continue to involve substantial expense and may cause us to divert resources from other aspects of our operations, all of which may adversely affect our business. Additionally, as the advertising industry evolves, and new ways of collecting, combining and using data are created, governments may enact legislation in response to technological advancements and changes that could result in our having to re-design features or functions of our platform, therefore incurring unexpected compliance cost. Further, adaptation of the digital advertising marketplace requires increasingly significant collaboration between participants in the market, such as publishers and advertisers. Failure of the industry to adapt to changes required for operating under existing and future data privacy laws and user response to such changes could negatively impact inventory, data, and demand. We cannot control or predict the pace or effectiveness of such adaptation, and we cannot currently predict the impact such changes may have on our business. Additionally, as the advertising industry evolves, and new ways of collecting, combining and using data are created, governments may enact legislation in response to technological advancements and changes that could result in our having to re-design features or functions of RAMP, therefore incurring unexpected compliance costs. These laws and other obligations may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of RAMP. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our products, which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new products and features could be limited. All of this could impair our or our clients' ability to collect, use, or disclose information relating to consumers, which could decrease demand for RAMP, increase our costs, and impair our ability to maintain and grow our client base and increase our revenue.

We compete for advertising spend with traditional offline media such as television, billboards, radio, magazines and newspapers, as well as online sources such as websites, social media and websites dedicated to providing information comparable to that provided in our websites. Additionally, we compete with other online marketing companies that offer acquisition marketing services similar to that provided by our platform. Our ability to attract and retain advertisers, and to generate advertising revenue from them, depends on a number of factors, including: -     the ability of our advertisers to earn an attractive return on investment from their spending with us;-     our ability to increase the number of consumers using our websites;-     our ability to increase return on investment for advertisers that place advertisements on our platform;-     our ability to provide a seamless, user-friendly advertising platform for our advertisers;-     our ability to compete effectively with other media for advertising spending; and -     our ability to keep pace with changes in technology and the practices and offerings of our competitors. We may not succeed in retaining or capturing a greater share of our advertisers' advertising spending compared to alternative channels. If our current advertisers reduce or end their advertising spending with us and we are unable to increase the spending of our other advertisers or attract new advertisers, our revenue and business and financial results would be materially adversely affected. In addition, advertising spend remains concentrated in traditional offline media channels. Some of our current or potential advertisers have little or no experience using the Internet for advertising and marketing purposes and have allocated only limited portions of their advertising and marketing budgets to the Internet. The adoption of online marketing may require a cultural shift among advertisers, as well as their acceptance of a new way of conducting business, exchanging information and evaluating new advertising and marketing technologies and services. This shift may not happen at all or at the rate we expect, in which case our business could suffer. Furthermore, we cannot be certain that the market for online marketing services will continue to grow. If the market for online marketing services fails to continue to develop or develops more slowly than we anticipate, the success of our business may be limited, and our revenue may decrease.

We have multiple services agreements with Google pursuant to which we display and syndicate paid listings provided by Google in response to search queries generated through some of our businesses. In exchange for making our search traffic available to Google, we receive a share of the revenue generated by the paid listings supplied to us, as well as other search related services. For the year ended December 31, 2024, 78% of our total revenue was attributable to our agreements with Google. The amount of revenue we receive from Google depends on a number of factors outside of our control, including the amount Google charges third parties for the display or delivery of advertisements, the efficiency of Google's system in attracting advertisers and serving up paid listings in response to search queries and parameters established by Google regarding the time period for and scope of chargebacks or credits sought by advertisers on the basis of fraudulent and/or low quality clicks, clawbacks for bad traffic brought by our Network Partners, and placement of paid listings displayed in response to search queries that are not contextually relevant to the applicable search query. Changes to the amount Google charges advertisers, the efficiency of Google's paid listings network, Google's judgment about the relative attractiveness to advertisers of clicks on paid listings from our websites or to the parameters applicable to the display of paid listings generally could result in a decrease in the amount of revenue we receive from Google, which would adversely affect our business, financial condition and results of operations. Such changes could be driven by a number of factors, including general market conditions, competition or policy and operating decisions made by Google. Our agreements with Google also require that we comply with certain guidelines for the use of Google brands and services, which govern whether our platform may access Google services or be distributed through its Chrome Web Store, and the manner in which Google's paid listings are displayed within search results across various third party platforms and products (including our websites). Google may generally unilaterally update its policies and guidelines without advance notice, which could in turn require modifications to, or prohibit or render obsolete, certain of our services or business practices. Such changes could be costly to address or otherwise adversely affect our business, financial condition and results of operations. Noncompliance with Google's guidelines by us or the third parties to whom we are permitted to syndicate paid listings or through which we secure distribution arrangements for the businesses could result in the suspension of some or all Google services to us (or the websites of our third party partners) or the termination of our agreements by Google. The termination of our agreements by Google, the curtailment of our rights under the agreements (including the failure to allow our platform to access Google services, whether pursuant to the terms thereof or otherwise), the failure of Google to perform its obligations under the agreements or policy changes implemented by Google under the agreements or otherwise would have an adverse effect on our business, financial condition and results of operations. If any of these events were to occur, we may not be able to find another suitable alternate provider of paid listings (or if an alternate provider were found, the economic and other terms of the agreement and the quality of paid listings may be inferior relative to our current arrangements).

A portion of our revenue is attributable to visitors originating from advertising placements that we purchase on third party websites. In some instances, website publishers may change the advertising inventory they make available to us at any time and, therefore, impact our revenue. In addition, website publishers may place restrictions on our offerings, which may prohibit advertisements from specific clients or specific industries, or restrict the use of certain creative content. If a website publisher decides not to make advertising inventory available to us, or decides to demand a higher revenue share or places significant restrictions on the use of such inventory, we may not be able to find advertising inventory from other websites that satisfy our requirements in a timely and cost-effective manner. In addition, the number of competing online marketing service providers and advertisers that acquire inventory from websites continues to increase. Consolidation of website publishers could eventually lead to a concentration of desirable inventory on a small number of websites or networks, which could limit the supply of inventory available to us or increase the price of inventory to us. If any of the foregoing occurs, our revenue could decline or our operating costs may increase.