Wix (WIX) Risk Factors

In July 2023, our board of directors authorized a new repurchase program under which up to a total of $500 million was available to purchase our ordinary shares and/or Convertible Notes (representing up to 50% of the Company's expected cumulative free cash flow through the end of 2025). The initial repurchases pursuant to the repurchase program, as authorized by our board of directors, and approved by the Israeli court in December 2023 for an amount of $300 million, provided the Company with the authority to make repurchases of $300 million of our ordinary shares and/or Convertible Notes through July 30, 2024. As of February 13, 2024, we completed the entirety of the $300 million court-approved repurchase amount. Our repurchase program was subsequently increased by the board of directors by an additional $25 million, leaving a total of $225 million remaining for repurchase under the Board approved program. The specific timing and amount of repurchases under the repurchase program for the remaining $225 million, will depend upon several factors, including market and business conditions, the trading price of our ordinary shares, and the nature of other investment opportunities. In addition, our ability to repurchase may be limited by law, regulatory authority or agreements with third parties. Repurchases of our ordinary shares and/or Convertible Notes pursuant to our repurchase program could affect the market price of our ordinary shares or increase its volatility, and could potentially reduce the market liquidity for our ordinary shares. Additionally, our repurchase program could diminish our cash reserves, which may impact our ability to finance future growth and to pursue possible future strategic opportunities and acquisitions. There is no assurance that our repurchase program will enhance long-term shareholder value, and short-term share price fluctuations could reduce the repurchase program's effectiveness.

The Israeli Law for the Encouragement of Capital Investments, 1959, referred to as the Investment Law, was amended as part of the Economic Efficiency Law that became effective on January 1, 2017, or Amendment 73, under which a new incentive regime would apply to "Preferred Technological Enterprises" and "Special Preferred Technological Enterprises" that meet certain conditions stipulated under Amendment 73. Until December 31, 2021, we were eligible for certain tax benefits provided to "Beneficiary Enterprises" under the Investment Law. In January 2022, we notified the Israeli Tax Authority that we waived our Beneficiary Enterprise status starting from the 2022 tax year and thereafter. In 2023, we did not utilize the tax benefits under the Investment Law, as we had carry forward losses for Israeli tax purposes. Once we generate taxable income in Israel, we are expected to be eligible for benefits as a "Preferred Technological Enterprise." In order to be eligible for the tax benefits for "Preferred Technological Enterprises," we must continue to meet certain conditions stipulated in the Investment Law and its regulations, as amended. Further, in the future these tax benefits may be reduced or discontinued. If these tax benefits are reduced, cancelled or discontinued, our Israeli taxable income would be subject to regular Israeli corporate tax rates. The standard corporate tax rate for Israeli companies is 23%. Additionally, if we increase our activities outside of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion in future Israeli tax benefit programs. See Item 10.E. "Additional Information-Taxation-Israeli Tax Considerations and Government Programs."

We are subject to data privacy and security laws and regulations adopted in Israel, Europe, the U.S., Australia, Brazil, and other jurisdictions. In recent years, there has been an increase in attention to, and regulation of, data privacy across the globe, including in the U.S. EU and UK For countries that are part of the European Economic Area (EEA), we are subject to the General Data Protection Regulation, or GDPR, and in the United Kingdom to the UK General Data Protection Regulation, or UK GDPR, which include stringent obligations in relation to our collection, control, processing, sharing, disclosure and other use of data relating to an identifiable living individual. These regimes impose comprehensive data privacy compliance requirements, including detailed disclosures about how personal data is collected and processed, demonstration that appropriate legal bases are in place to justify data processing activities, compliance with rights for data subjects in regard to their personal data, ensuring appropriate safeguards are in place where personal data is transferred out of the EEA and the UK to certain jurisdictions, notification to data protection regulators (and in certain cases, affected individuals) of significant personal data breaches, requirements to include certain obligations in contracts, and compliance with the principal of accountability and the obligation to demonstrate compliance through policies, procedures, trainings and audit procedures. The GDPR and UK GDPR also include significant penalties for failure to comply; among others, a fine up to €20 million/£17.5 million or up to 4% of the annual worldwide turnover, whichever is greater, can be imposed under each regime. Such penalties are in addition to any civil litigation claims (including class actions) for compensation or damages, and any orders to cease/change our processing of personal data or other enforcement orders, and reputational damage. The GDPR and UK GDPR also regulate cross-border transfers of personal data out of the EEA and the UK, respectively. Recent legal developments in Europe, including decisions from the Court of Justice of the European Union and regulatory guidance from regulators in the EEA and UK, have created complexity and uncertainty regarding certain transfers. We transfer EEA and UK personal data to Israel, which benefits from an adequacy decision from the EEA and UK authorities; review and variation of existing adequacy decisions could require us to take additional steps to comply with GDPR and UK GDPR requirements for certain transfers. Moreover, the European Commission and the UK's Information Commissioner's Office have published certain requirements for use of standard contractual clauses, including transfer impact assessments and additional supplementary security measures to enable cross-border transfers from the EEA and the UK, respectively, which we may not adequately implement or comply with. Compliance with laws on data transfers could lead us to suffer additional costs, complaints and/or regulatory investigations or fines, and/or if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our products, and the geographical location or segregation of our relevant systems and operations, and could adversely affect our business, financial condition and results of operation. Additionally, other countries outside of the EEA have enacted or are considering enacting similar cross-border data transfer restrictions and laws requiring local data residency, which could increase the cost and complexity of delivering our solutions and operating our business in these countries. In addition, we are subject to evolving European Union and UK privacy laws on cookies, web beacons and similar tracking technologies, and e-marketing. In the EU and UK, regulators are increasingly focusing on compliance with requirements in the online behavioral advertising ecosystem. Under EU and UK law, consent, as defined in the applicable law, is required for the placement of a non-essential cookie or similar technologies on a user's device and for direct electronic marketing. The GDPR and UK GDPR also impose conditions on obtaining valid consent, such as a prohibition on pre-checked consents, a requirement to ensure separate consents are sought for each type of cookie or similar technology. As regulators, activists, consumer protection organizations and third parties increasingly enforce the strict approach in recent guidance, this could lead to substantial costs, require significant systems changes, limit the effectiveness of our marketing activities, divert the attention of our technology personnel, adversely affect our margins, and subject us to additional liabilities. Regulation of cookies and similar technologies, and any decline of or limitations to cookies or similar online tracking technologies as a means to identify and potentially target individuals, may lead to broader restrictions and impairments on our marketing and personalization activities and may negatively impact our efforts to better know our users. United States In the United States, there are a number of federal laws that impose limits on or requirements regarding the collection, distribution, use, security and storage of personal data of individuals. The Federal Trade Commission (FTC) Act, for example, grants the FTC authority to enforce against unfair or deceptive practices, which the FTC has interpreted to require that companies' practices with respect to personal data comply with the commitments posted in their privacy policies. In addition, in the United States at the state level, we are subject to a number of laws, including but not limited to the California Consumer Privacy Act, or CCPA, which provides data privacy rights for California residents and imposes operational, privacy and security requirements on covered companies. The CCPA imposes fines of up to $7,500 per violation, and creates a private right of action in relation to certain data security breaches. Following the enactment of the CCPA, comprehensive privacy statutes that share similarities with the CCPA have been enacted or proposed in several other states. Any failure or perceived failure by us to comply with these laws could result in proceedings or actions against us. All of these state laws and others that are being produced or enacted, may require us to modify our data practices and policies and to incur substantial costs, effort and expenses in order to comply. In addition, the enactment of these state laws could have potentially conflicting requirements that could make compliance challenging and costly. Israel In addition, we are also subject to the Israeli Privacy Protection Law 5741-1981 ("PPL"), and its regulations, including the Israeli Privacy Protection Regulations (Data Security) 2017 ("Data Security Regulations"), which came into effect in Israel in May 2018 and impose obligations with respect to the manner certain personal data is processed, maintained, transferred, disclosed, accessed, and secured, as well as the guidelines of the Israeli Privacy Protection Authority ("IPPA"). In this respect, material changes to the Data Security Regulations may require us to adjust our data protection and data security practices, information and other technical and organizational security measures, certain organizational procedures and supervisory roles. Failure to comply with the PPL, its regulations, and guidelines issued by the IPPA may expose us to administrative fines, civil claims (including class actions), and in certain cases criminal liability, and compel us to take certain remedial actions to rectify any irregularities, which may increase our costs. Current pending legislation may result in a change of the current enforcement measures and sanctions. The IPPA may initiate administrative inspection proceedings, from time to time, without any suspicion of any particular breach of the PPL, as it has done in the past with respect to dozens of Israeli companies in various business sectors. Complex laws relating to data privacy and security are often inconsistent and may be subject to amendment or re-interpretation and may be implemented in a non-uniform way in many jurisdictions around the world, and we may not be aware of every development that impacts our business. For instance, different data protection authorities in the EU have published guidelines regarding the correct usage of cookies and similar technologies; such guidelines are not always consistent in their interpretation and application of relevant laws. These different national guidelines relating to data privacy and security issues often contradict each other and are subject to change in the future. This may cause us to incur significant costs and expend significant effort to ensure compliance. Due to the accessibility of our services worldwide, certain foreign jurisdictions may claim that we are required to comply with their privacy or data protection laws even in jurisdictions where we have no local entity, employees or infrastructure. Where the local data privacy laws of a jurisdiction apply, we may be required to register our operations in that jurisdiction or make changes to our business so that registered users' data or the data of their users that we collect, process and/or store is only collected, processed and/or stored in accordance with applicable local law. Some of these laws include strict localization provisions that require certain data to be stored within a particular region or jurisdiction. We strive to comply with all applicable laws, regulations, policies and legal obligations, as well as with certain industry standards relating to data privacy and security. We have certain data privacy and security-related obligations to our registered users based on our privacy policy and terms of use, and we may be contractually liable to third parties in the event we are deemed to have wrongfully processed personal information. A failure by us or a third-party contractor providing services to us to comply with applicable data privacy and security laws, regulations, self-regulatory requirements or industry guidelines, or our terms of use with our users, may result in sanctions, statutory or contractual damages or litigation (including class actions) and may subject us to reputational harm. This failure may be amplified as we continue to utilize and implement different types of technology, such as AI, and as we have become an open platform. These proceedings or violations could force us to spend money in defense or settlement costs, result in the imposition of monetary liability, restrict or block access to our services from a certain territory, incur additional management resources, increase our costs of doing business, and adversely affect our reputation and the demand for our solutions. Government agencies and regulators have reviewed, are reviewing and will continue to review, the data privacy and data security practices of online media companies, including their data privacy and data security policies and processes. The possible outcome of such reviews may result in changes to our products and policies. If we are unable to comply with any such reviews or decrees that result in recommendations or binding changes, or if the recommended changes result in the degradation of our products, our business could be harmed. Governmental agencies may also request or take registered user data for national security or informational purposes, and can also make data requests in connection with criminal or civil investigations or other matters, which could harm our reputation and our business.

The markets in which we compete are characterized by constant change and innovation, and we expect them to continue to evolve rapidly. Our success has been based on our ability to identify and anticipate the needs of our users and develop products that provide them with the tools they need to operate their businesses. Our future success in attracting new users, including new demographics of users, such as partners and enterprise users, and increasing our premium subscriptions and the revenue we generate from each subscription, will depend on our ability to improve the look, quality, functionality, performance, security, design and reliability of our solutions and services, including our integrated third-party business solutions and suit them to the needs of our targeted users. We invest significant time and effort in the research and development of new and upgraded solutions and service offerings to serve our users, including the development of vertical solutions for specific business segments, mobile applications and solutions, commerce solutions, various design elements, such as customized colors, fonts, content and other features, including through Wix Studio, our responsive editor geared towards design professionals, and our full-stack no-code/low-code development platform, Velo by Wix, intended to attract developers to our platform. We have also made, and continue to make investments in a multitude of AI initiatives to enable users to build and get online faster and easier as well as improve the overall user experience. These initiatives include AI-driven text generation, image generation, design and layouting capabilities and analytic features. Our product research and development efforts also extend to products, features, applications, and integrations required by our partners and enterprise users, to be able to address their needs and the needs of their customers, including back-office and administrative capabilities. It can take our design team and developers months to update, code and test new and upgraded solutions and services and integrate them into our platform. Furthermore, the introduction of these new and upgraded design features, solutions and services also involves a significant amount of marketing spending. We may fail to accurately predict the changing needs of our users, such as the need for expanded online and offline commerce tools, or for emerging technological trends, such as AI. We also need to ensure the continued collaboration with certain third-party products and services that are included in our offering and are significant to our customers, such as Google Workspace, which allows our users to create a personalized Gmail email address using their domain name. If we are unable to successfully enhance our existing products to meet evolving user and partner requirements and increase adoption and usage of our products and third-party products, if we are unable to maintain existing products provided to us by third parties that are significant to our users, if our efforts to increase the usage of our products are more expensive than we expect, or if our solutions are not innovative or advanced enough or fail to achieve widespread acceptance, users and potential users may adopt the products and services of our competitors, and our revenue and competitive position could be materially adversely affected.

We have experienced, and may continue to experience, third-party assertions that our solutions, services and intellectual property, including those based on AI technologies, infringe, misappropriate or otherwise violate their intellectual property or other proprietary rights. Such claims, based on trademark, copyright and/or patent infringement, among other claims, may be made directly against us, or against our users or other business partners using our technology. Additionally, in recent years, non-practicing entities, or NPEs, have begun purchasing intellectual property assets for the purpose of making claims of infringement and attempting to extract settlements from companies like ours. We entered into settlement agreements in the past with NPEs and with operating companies with respect to patent infringement claims. We have also licensed patents from third parties in areas that are related to our technology to preempt our protection against future intellectual property infringement claims. Any such intellectual property claims, regardless of merit, whether resulting in litigation or not, could result in substantial expense and time spent, divert the attention of management, cause significant delays in introducing new solutions or services (including those that incorporate AI), materially disrupt the conduct of our business and have a material and adverse effect on our brand, reputation, business, financial condition and results of operations. As a consequence of such claims, we could be required to pay substantial damages, develop non-infringing technology, enter into royalty-bearing licensing agreements to obtain the right to use a third party's intellectual property, stop selling or marketing some or all of our solutions or services or re-brand our solutions or services. Any licensing agreements, if required, may not be available to us on acceptable terms or at all. If it appears necessary, we may seek to license intellectual property that we are alleged to infringe, even if we believe such claims to be without merit. If required licenses cannot be obtained, or if existing licenses are not renewed, litigation could result. Litigation is inherently uncertain and any adverse decision could result in a loss of our proprietary rights, the incurrence of significant expenses, subject us to significant liabilities, require us to seek licenses for alternative technologies from third parties and otherwise negatively affect our business. In addition, third parties may assert infringement claims against our users (as well as our partners) relating to our products and solutions. These claims may require us to initiate or defend protracted and costly litigation on behalf of our users, regardless of the merits of these claims. If any of these claims succeed, we may be forced to pay damages on behalf of our users or may be required to obtain licenses for the products they use. If we cannot obtain all necessary licenses on commercially reasonable terms, our users may be forced to stop using our products.

We accept payments from our users, primarily through credit and debit card transactions and alternative payment methods, and are subject to a number of risks related to our ability to receive payments from our users, including (i) interchange and other fees paid by us, which may increase over time and may require us to either increase the prices we charge for our products or experience an increase in our operating expenses; and (ii) potential failures of our billing systems to automatically charge our premium subscribers' credit cards on a timely basis or at all. In addition, we facilitate payment collection by our users from their users through Payments by Wix, our proprietary payment service, which enables our users to accept payments for goods and services sold online and in-person to their customers, from a variety of payment providers, on major credit and debit cards. This includes Wix Payments, our own payment service, as well as third-party payment processors. We are subject to a number of risks related to our ability to receive payments from our users, and our facilitation of payment processing of our users from their users, including: - if our users are unable to collect payments from their users, we could lose revenues or cause our users to lose revenues which could harm our business and reputation;- if we are unable to maintain our chargeback rate at acceptable levels, in particular during turbulent economic times, our credit card fees for chargeback transactions or our fees for other credit and debit card transactions or issuers may increase, acquiring banks or payment card networks may terminate their relationship with us, or we may face fines from the issuers;- increased costs and resources to deal with user onboarding and fraudulent transactions or chargeback disputes, which may increase in an economic downturn if users become insolvent, bankrupt or otherwise unable to fulfill their commitments;- potential fraudulent or otherwise illegal activity by our users, their users, developers, employees or third parties, or activities prohibited by our payment providers which could lead to our increased liability, in particular with respect to our Wix Payments operations;- our reliance on third parties such as gateways, payment service providers and acquiring banks, which may experience vulnerabilities in their internal control systems, face down time, insolvency or other instabilities in the banking system, and thus affect our cash flow;- restrictions on funds or required reserves related to payments; and - additional disclosure and other requirements, including new onboarding authentication, reporting regulations and new credit card associated rules. Depending on how Payments by Wix evolves, we may currently, or in the future, be subject to laws and regulations, either in existing or new jurisdictions, relating to our payment facilitation services and provision of financial services, including with respect to foreign exchange, anti-money laundering, counter-terrorist financing, banking and import and export restrictions. In some jurisdictions, the application or interpretation of these laws and regulations is not clear. In certain cases, such as under Wix Payments, we may act as a payment facilitator. In addition, we are required to monitor our users' activity to ensure their compliance with certain standards applied by the payment network and/or our partner payment processors. We may fail to appropriately monitor our users' activity and be subject to liability. Our efforts to comply with these laws, regulations, and standards could be costly and result in diversion of management time and effort and may still not guarantee compliance. In the event that we are found to be in violation of any such legal or regulatory requirements, we may be subject to monetary fines or other penalties such as a cease and desist order, or we may be required to make changes to our platform, any of which could have an adverse effect on our business, financial condition and results of operations. The payment card networks, such as Visa and MasterCard, have also adopted rules and regulations that apply to all merchants who process and accept credit cards for payment of goods and services, and have discretion to both set and interpret the rules and may do so with little or no prior notice. We are obligated to comply with these rules and regulations as part of the contracts we enter into with payment processors and acquiring banks. The rules and regulations adopted by the payment card networks include the Payment Card Industry (PCI) Data Security Standards, or PCI DSS. Under the PCI DSS, we are required to adopt and implement internal controls over the use, storage and security of payment card data to help prevent fraud. If we fail to comply with the rules and regulations adopted by the payment card networks, including the PCI DSS, we would be in breach of our contractual obligations to payment processors and merchant banks, which may include indemnification clauses. Such failure to comply may subject us and/or our users to fines, penalties, damages, higher transaction fees, and civil liability, and could eventually prevent us or our users from processing or accepting debit and credit cards or could lead to a loss of payment processor partners. We also cannot guarantee that such compliance will prevent illegal or improper use of our payments systems or the theft, loss or misuse of the debit or credit card data of registered users or participants or regulatory or criminal investigations. Moreover, any such illegal or improper payments could harm our reputation and may result in a loss of service for our users, which would adversely affect our business, operating results and financial condition.

Certain jurisdictions, including the United States and certain European countries, among others, have adopted laws relating to the liability of providers of online services for activities of their users and other third parties, including with respect to defamation, threats or incitement to violence, sale or purchase of illegal goods, exploitation of minors and others, terrorist activities, invasion of privacy and other torts, copyright and trademark infringement such as the Digital Service Act ("DSA"), which governs, amongst other things, our potential liability for illegal conduct or content on our services and which may increase our compliance costs, require us to change our processes, operations and business practices and potentially subject us to significant fines if applied in a manner inconsistent with our practices and we are not able to achieve compliance. In particular, we may need to respond to content take-down requests by users and others, in a manner compliant with the specific requirements of the DSA. Certain actions of registered users that are deemed to be hostile, offensive or inappropriate to other users or to the public, or that are deemed to be infringing a third party's intellectual property rights, or registered users acting under false or inauthentic identities or using our product to conduct illegal activities, could negatively affect our reputation and brand and impose liability on us. This particularly applies to our registered users who do not have premium subscriptions and who, therefore, maintain the "Wix" logo on their websites. Apart from monitoring selling activities of our users who elect to utilize our Wix Payments processing service and our attempts to scan and remove specific content such as content which may be deemed as child pornography or phishing patterns, we do not regularly monitor the appropriateness of the domain names our users register or the content of our registered users' websites, and we do not have control over the activities in which our registered users engage. While we have adopted policies regarding illegal, infringing, or offensive use of our services by our registered users and retain authority to terminate domain name registrations and to take down websites that violate these policies, users could nonetheless engage in these activities without our knowledge. The safeguards we have in place may not be sufficient to avoid liability on our part under applicable laws, including the EU Copyright Directive, the EU Directive on Electronic Commerce 2000/31 ("EU e-Commerce Directive") and the DSA (which replaced the provisions of the EU e-Commerce Directive that currently govern the liability of providers of online services for the activities and content of their users), or avoid harm to our reputation and brand, especially if such hostile, offensive or inappropriate use or use deemed to be an infringement of intellectual property rights was high profile, as this could adversely affect our ability to expand our registered user base, our business, and financial results. Furthermore, when users elect to utilize our proprietary payment processing service Wix Payments, we may act as a payment facilitator in certain cases. In addition, we are required to monitor our users' activity to ensure their compliance with certain standards applied by our payment networks and/or our partner payment processors. We may fail to appropriately monitor our users' activity and be subject to liability. At present, we do not require that our registered users post on their websites, or require their users to agree to, any terms of service, privacy policy, disclaimer or any other contractual documentation or policy. If our users do not post the appropriate documentation and policies on their websites and require their users' consent to be bound by the terms of such documentation and policies, or should our users fail to take steps necessary to enjoy the benefits of certain statutory safe harbors, such as those set forth in Section 512 of the United States Digital Millennium Copyright Act and Section 230 of the Communications Act of 1934, as amended by the Communications Decency Act ("CDA"), the EU Copyright Directive, the EU e-Commerce Directive or the DSA, then they may expose themselves to civil and criminal liability under applicable law, for example, where their users post information which is libelous, defamatory, in breach of regulation concerning unacceptable content or publications, or in breach of any third-party intellectual property rights or, for example, where they or their suppliers fail to process personal information in accordance with applicable law. It is possible that we could also be subject to liability in such cases based on certain actions by our users. Although these statutes and case law in the U.S. and elsewhere have generally shielded us from liability for user activities to date, court rulings in pending or future litigation or future regulatory or legislative amendments may narrow the scope of protection afforded to us under these laws. The CDA and the case law interpreting it generally provide that domain name registrars and website hosting providers cannot be liable for defamatory or obscene content posted by customers on registrars' servers unless they participate in creating or developing the content. The Stop Enabling Sex Traffickers Act (SESTA) and Allow States and Victims to Fight Online Sex Trafficking Act of 2017 (FOSTA), which became effective in April 2018, amend certain portions of the CDA, which may limit the immunity previously available to us under the CDA. In the U.S., there have also been, and continue to be, various congressional and executive efforts to remove or restrict the scope of the protections available under Section 230, and courts likewise could narrow the scope of existing liability protections. If such changes occur, our current protections from liability for third-party content in the United States could decrease or change, potentially resulting in increased liability for third-party content and higher litigation costs. Such amendments to or reinterpretations of Section 230 could require significant changes to our products, business practices or operations. Any court ruling or other governmental action that imposes liability on providers of online services for the activities of their users and other third parties could harm our business. In such circumstances, we may also be subject to liability under applicable law in a way which may not be fully mitigated by the user terms of service we require our users to agree to. In addition, comparable legislation in Europe or other jurisdictions may conflict with U.S. statutes and case law, and we may not be able to benefit from safe harbors afforded by applicable law and may, in certain cases, be deemed non-compliant. Any liability attributed to us could adversely affect our brand, reputation, our ability to expand our user base and our financial position. Further, our indemnity from our registered users may also not be deemed valid in all jurisdictions or may not be fully effective as a matter of practice if any user does not have sufficient assets, insurance or other means to back that indemnity. In addition, rising concern about the use of the Internet for illegal conduct, such as the unauthorized dissemination of national security information, money laundering or supporting terrorist activities may in the future produce legislation or other governmental action that could require changes to our products, solutions or services, restrict or impose additional costs upon the conduct of our business or cause our registered users to abandon material aspects of our service. Any such adverse legal or regulatory developments could substantially harm our operating results and business.

Our business has been focused in the past few years on serving users who are considering starting a business, as well as small or medium-sized businesses and ventures that are up and running but need help growing and expanding their digital capabilities. In more recent years, our business also focused on additional user demographics with whom we have less experience selling to, such as partners, as well as mid-size, large and enterprise-level companies for which we are developing new features and applications, such as back office functionality required to serve their customers' needs or their own needs, and manage a large volume of premium subscriptions and business solutions. You should consider our future prospects in light of the challenges we may experience when selling our solutions to these additional user demographics, including our relatively short history of marketing and selling to partners, longer sales cycles, delayed execution of our product integration model following successful sale transactions, and, in certain cases, our ability to migrate users of such customers to our platform. Some of our products are suited for more technically skilled users or web developers, such as Velo by Wix, which enables our users to build advanced and content-rich websites and applications using their advanced development capabilities, and Wix Studio, our website creation platform that offers advanced design and layouting capabilities specifically targeted at design professionals. If we are unable to increase sales of our products intended for partners (including through partners' revenue sharing agreements), mid-size, large and enterprise-level companies, tech-savvy users, or other customer segments we may target, and adapt our products to their needs, our estimated total addressable market may be overstated and our business, growth prospects and operating results may be adversely affected.

We have had operations in Ukraine since 2013. As of the year ended December 31, 2023, we engaged 605 contractors in Ukraine, as well as 11 employees, primarily focused on research and development activities and Customer Care. As a result of the military invasion of Ukraine by Russian forces that began in February 2022, many of our Ukrainian team members have relocated to other countries, primarily Poland, and others have relocated within Ukraine. To date, a small number of our Ukrainian team members were drafted to active military duty, however, there are no assurances that a more substantial number will not be drafted as the war continues and military conscription laws expand, which could significantly influence the operations of our Ukrainian sites. In addition to a significant number of personnel and operations in Ukraine, we also lease office space in a number of cities in Ukraine, all or some of which may be damaged or destroyed as a result of the attack against Ukraine. We are actively monitoring the security of our people and their families and the stability of our infrastructure, including communication methods, physical assets, electricity, and internet availability and handling potential impacts to our development infrastructure, however, we cannot assure that our efforts to maintain stability will not affect our business. We continue to execute our business continuity plan in response to the Russian invasion, however, there is no assurance that our continuity plans will fully address these issues, and there is no certainty that levels of productivity will not be negatively affected in the future, which may adversely affect our business, operating results and financial condition. Additionally, the conflict between Ukraine and Russia has led to sanctions being levied by the United States, the European Union, the United Kingdom, and other countries against Russia, Belarus, and certain Russian occupied regions in Ukraine, has led to and could lead to significant market and other disruptions, including significant volatility in commodity prices, instability in financial markets, supply chain interruptions, political and social instability, and increases in cyberattacks, all of which have impacted and could continue to impact our business, and our Ukraine operations for an unknown period of time. In response to these sanctions, in March 2022, we discontinued our commercial operations in Russia. Although the severity, duration and geographic scope of the ongoing war are highly unpredictable, the war in Ukraine could materially disrupt our operations in and connected to Ukraine and other parts of the world affected by the war, including due to lower morale of our teams in the area, diversion of management attention and increase of costs, all of which may lead to disruption of our operations and productivity of our personnel.

Our results of operations and cash flows are affected by fluctuations due to changes in foreign currency exchange rates. In 2023, approximately 67% of our revenues were denominated in U.S. dollars and approximately 33% in other currencies, primarily in Euros, British Pounds, Japanese Yen, Mexican Pesos, Canadian Dollar, Australian Dollar and the Brazilian Real. In 2023, approximately 66% of our cost of revenues and operating expenses were denominated in U.S. dollars and approximately 27% in New Israeli Shekels, or NIS. Our NIS-denominated expenses consist primarily of personnel and overhead costs. Since a significant portion of our expenses are denominated in NIS, the appreciation of the NIS relative to the U.S. dollar might adversely impact our net loss or net income (if any). We estimate that a 10% appreciation in the value of the NIS against the U.S. dollar would have increased our net loss by approximately $43.1 million in 2023. We estimate that a 10% concurrent devaluation of foreign currencies including Euros, British Pounds, Japanese Yen, Mexican Pesos, Canadian Dollar, Australian Dollar and the Brazilian Real against the U.S. dollar would have increased our net loss by approximately $48 million in 2023. These estimates of the impact of fluctuations in currency exchange rates on our historic results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising our revenues and expenses may change. We evaluate periodically the various currencies to which we are exposed and take selective hedging measures to reduce the potential adverse impact from the appreciation or the devaluation of our non-U.S. dollar-denominated expenses and revenues, as appropriate and as reasonably available to us. We cannot provide any assurances that our hedging activities will be successful in protecting us from adverse impacts from currency exchange rate fluctuations, in particular during the current turbulent macroeconomic environment. See Item 11. "Quantitative and Qualitative Disclosures about Market Risk."

As of December 31, 2023, we had 3,059 employees based in Israel. Our employees in Israel, including executive officers, may generally be called upon to perform up to 56 days per each three-year period, (in some cases more, e.g. military officers may be called to serve up to 84 days per each three-year period) of military reserve duty until they reach the age of 40 (and in some cases, depending on their certain military profession up to the age of 45 or even 49) and, in emergency circumstances, could be called to immediate and unlimited active duty (however, this would need to be approved by the Israeli government). Since the war with Hamas began on October 7, 2023, the Israel Defense Force (IDF) has called up several hundred thousand of its reserve forces to serve. Certain of our employees (including key employees) and/or their family members were called to active military reserve duty. The ongoing war and possibility of escalation may require a more significant number of our Israeli employees to serve in active reserve duty, as a result our operations could be disrupted for extended periods of time. Such disruptions in the future could materially adversely affect our business and results of operations, especially if we are unable to replace these key employees with other personnel qualified in information technology and data optimization.