Zenvia (ZENV) Risk Factors

The market for cloud communications is rapidly evolving, significantly fragmented and highly competitive, with relatively low barriers to entry in some segments. The principal competitive factors in our market includes our ability to offer solutions embedded in the main channels of communications, the ease of integration and programmability of our solutions, product features, cost-benefit, platform scalability, reliability, deliverability, security and performance, brand awareness, reputation, the strength of sales and marketing efforts, customer support and customer service experience, as well as the cost of deploying and using our products. Our competitors fall into four primary categories: - communication channels providers such as Infobip, Sinch and Twilio; - regional network service providers that offer limited customer functionality together with their own physical infrastructure; - smaller software companies that compete with certain of our products; and - software-as-a-service, or SaaS, companies and cloud platform vendors that offer applications and platforms, mainly offerings of integrated communication channels. Some of our competitors and potential competitors are larger than us and have greater name recognition, longer operating histories, more established customer relationships, larger budgets and significantly greater resources than we do. In addition, they have the operating flexibility to bundle competing products and services at little or no perceived incremental cost, including offering them at a lower price as part of a larger sales transaction. As a result, our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards or customer requirements. In addition, some competitors may offer products or services that address one or a limited number of functions at lower prices, with greater depth than our products or in different geographies. Our current and potential competitors may develop and market new products and services with comparable functionality to our products, and this could lead to us having to decrease prices in order to remain competitive. Customers utilize our products in many ways and use varying levels of functionality that our products offer or are capable of supporting or enabling within their applications. Customers that use many of the features of our products or use our products to support or enable core functionality for their applications may have difficulty or find it impractical to replace our products with a competitor's products or services, while customers that use only limited functionality may be able to more easily replace our products with competitive offerings. Our current or prospective customers (as well as some of our sales channel partners) may also choose to replicate some of the functionality our products provide, which may limit or eliminate their demand for our products. With the introduction of new products and services and new market entrants, we expect competition to intensify in the future. In addition, some of our customers may choose to use our products and our competitors' products simultaneously. Furthermore, our customers and their end-consumers may choose to adopt other forms of electronic communications or alternative communication platforms, which could harm our business, results of operations and financial condition. With the completion of the acquisitions of Rodati Motors Corporation, or Sirena, D1, SenseData and Movidesk, we expanded the scope of our offerings and now also offer to our customers multichannel communications, generation of variable documents, authenticated message delivery and contextualized conversational experiences, including customer service solutions to define workflows, by integrating communication channels and monitoring tickets (through dashboards and reports), as well as communication actions and specific 360º customer journeys, from our acquired companies. As we expand the scope of our products, we may face additional competition. If one or more of our competitors were to merge or partner with other competitors, the change in the competitive landscape could also adversely affect our ability to compete effectively. In addition, some of our competitors have lower listed prices than us, which may be attractive to certain customers even if those products have different or lesser functionality. If we are unable to maintain our current pricing due to competitive pressures, our margins will be reduced and our business, results of operations and financial condition would be adversely affected. In addition, pricing pressures and increased competition generally could result in reduced revenue, reduced margins, increased losses or the failure of our products to achieve or maintain widespread market acceptance, any of which could harm our business, results of operations and financial condition.

We believe that maintaining and enhancing the "Zenvia" brand identity and increasing market awareness of our company and products, is critical to achieving widespread acceptance of our platform, to strengthen our relationships with our existing customers and to our ability to attract new customers. The successful promotion of our brand will depend largely on our continued marketing efforts, our ability to continue to offer high quality products, and our ability to successfully differentiate our products and platform from competing products and services. Our brand promotion activities may not be successful or yield increased revenue. Negative publicity about us, our products or our platform could materially and adversely impact our ability to attract and retain customers, our business, results of operations and financial condition. The promotion of our brand also requires us to make substantial expenditures, and we anticipate that these expenditures will increase as our market becomes more competitive and as we expand into new markets. To the extent that these activities increase revenue, this revenue may not be enough to offset the increased expenses we incurred. If we do not successfully maintain and enhance our brand, our business may not grow, our pricing power may be reduced relative to our competitors and we may lose customers, all of which would adversely affect our business, results of operations and financial condition.

In the ordinary course of business, we and our subsidiaries are and may continue to be in the future parties to tax, civil, labor and consumer protection proceedings, as well as arbitration and administrative investigations, inspections and proceedings whose outcomes may be unfavorable to us. As of December 31, 2023 and 2022, we have recorded an amount of R$42,207 thousand and R$39,750 thousand, respectively, in provisions for disputes that represent a probable loss for us and our subsidiaries. Also, we are not required to record provisions for proceedings in which our management judges the risk of loss to be possible or remote. However, the amounts involved in some of these proceedings may be substantial, and eventual losses on them could be significantly high. Even for the amounts recorded as provisions for probable losses, a judgment against us would have an impact on our cash flow if we were required to pay those amounts and the eventual losses could be higher than the provisions we have recorded. Unfavorable decisions in our legal proceedings (including court decisions unfavorable to us in amounts above those provisioned for or that prevent us from carrying out our projects, as initially planned) may, therefore, reduce our liquidity and have a material adverse impact on our business, results of operations, financial condition and prospects. For more information on material legal proceedings, see "Item 8. Financial Information-A. Consolidated Statements and Other Financial Information––Legal and Administrative Proceedings."

Changes in tax laws, regulations, related interpretations and tax accounting standards in Brazil may result in a higher tax rate on our earnings, which may significantly reduce our revenues, our profits and cash flows from operations. In case of an increase in taxes applicable to our business for which we cannot alter our cost structure to pass our tax increases on to customers, our financial condition, results of operations and cash flows could be materially adversely affected. Our activities are also currently subject to a municipal tax on services (Imposto Sobre Serviços), or ISS. Any increases in ISS rates would also adversely affect our profitability. In addition, Brazilian government authorities at the federal, state and local levels are considering changes in tax laws in order to cover budgetary shortfalls resulting from the recent economic downturn in Brazil. If these proposals are enacted they may adversely affect our profitability by increasing our tax burden, increasing our tax compliance costs, or otherwise affecting our financial condition, results of operations and cash flows. On December 20, 2023, Constitutional Amendment No. 132 was enacted into law in Brazil and introduced a new model of taxation on consumption in Brazil. In summary, this reform replaces the IPI, PIS, and COFINS federal taxes with a Contribution on Goods and Services, or CBS. The ICMS state tax and ISS municipal tax will be replaced by a Tax on Goods and Services, or IBS. Taxation will be done exclusively at the destination and will be fully non-cumulative, meaning that CBS and IBS taxes applicable in the previous stage will be credited and deducted from the amount owed by the taxpayer in their billing. IBS and CBS taxes will have unified legislation, and they will be calculated on an "outside" basis, which means that these taxes will not be included in their calculation basis-as opposed to ICMS and ISS taxes, which are calculated on an "inside" basis and are included in their calculation basis. There will be a transition period from 2026 to 2032 when current taxes will be gradually replaced by IBS and CBS. During the transition period, there will be more operational complexity due to the coexistence of two models of taxation on consumption, and we expect that taxation will be effectively simplified from 2033 onwards. As next steps, the approval of all infraconstitutional legislation is expected during 2024, followed by systemic adaptations for tax authorities and taxpayers in 2025, and the start of the new taxes in 2026.  Also, on December 29, 2023 Law No. 14,789 was enacted into law and set forth new rules for calculating interest on shareholders' equity.  The effects of the tax reform measures and any other changes that could result from the enactment of new and additional tax regulations have not been, and cannot be, quantified yet. We cannot guarantee that the IBS and CBS rates will not be higher than the levies currently applied to our business or that the new tax regulations to be passed by the Congress will not have a material adverse effect on our business, financial condition, results of operation and prospects. Additionally, tax rules in Brazil, particularly at the local level, may change without notice (although certain principles contained in the Brazilian federal constitution and certain procedures contained in applicable law must be observed). We may not always be aware of all such changes that affect our business and we may therefore fail to pay the applicable taxes or otherwise comply with tax regulations, which may result in additional tax assessments and penalties for our company. Furthermore, we are subject to tax laws and regulations that may be interpreted differently by tax authorities than by us, for a variety of reasons. The application of direct (such as income tax and social contribution) and indirect taxes, such as sales and use tax, value-added tax, or VAT, provincial taxes, goods and services tax, business tax and gross receipt tax, to businesses like ours is a complex and evolving issue. Significant judgment is required to evaluate applicable tax obligations. In many cases, the ultimate tax determination is uncertain because it is not clear how existing statutes apply to our business. One or more states, or municipalities, the federal government or other countries may seek to challenge the taxation or procedures applied to our transactions imposing the charge of taxes or additional reporting, record-keeping or indirect tax collection obligations on businesses like ours. New taxes could also require us to incur substantial costs to capture data and collect and remit taxes. If such obligations were imposed, the additional costs associated with tax collection, remittance and audit requirements could have a material adverse effect on our business and financial results. The current Brazilian federal administration proposed to revoke the income tax exemption over the distribution of dividends, which, if promulgated, would increase tax expenses associated with any dividends or distributions of our Brazilian subsidiaries, which could impact the amount of dividends we are able to distribute to our shareholders and the amount of dividends to receive from our subsidiaries. Any future changes in tax policy or laws may adversely affect our business, financial condition and results of operations. In addition, we benefit from certain tax incentives related to research and development and technological innovation, established by Law No. 11,196, dated November 21, 2005, as amended, or Lei do Bem, and regulated by Decree No. 5,798, dated June 7, 2006. Our ability to benefit from these incentives depends on our compliance with certain obligations. Failure on our part to comply with certain obligations in accordance with the applicable rules or to provide the documentation required to substantiate such tax incentives could result in the loss of such incentives that have not yet been used and claims by the Brazilian tax authorities of the amount corresponding to taxes not paid as a result of the incentives already used, in addition to penalties and interest under Brazilian tax laws. If any of our tax benefits expires, terminates or is cancelled, we may not be successful in obtaining new tax benefits that are equally favorable, which may materially adversely affect us. See "Item 5. Operating and Financial Review and Prospects-E. Critical Accounting Policies and Estimates-Income tax and social contribution." Furthermore, as we expand our business into new jurisdictions, there can be no assurance that any such jurisdiction will have tax treaties with the other countries where we operate and that we will not be subject to "double taxation" issues or other tax-related concerns.

The privacy and security of personal, sensitive, regulated or confidential data is a major focus in our industry and we and our customers that use our products are subject to federal, state, local and foreign privacy and data protection-related laws and regulations that impose obligations in connection with the collection, storage, use, processing, disclosure, protection, transmission, retention and disposal of personal, sensitive, regulated or confidential data. Laws and regulations governing data privacy, data protection and information security are constantly evolving and there has been an increasing focus on privacy and data protection issues with the potential to affect our business. The nature of our business exposes us to risks related to possible shortcomings in data protection. Any perceived or actual unauthorized disclosure of personally identifiable information, whether through breach of our network by an unauthorized party, employee theft, misuse or error or otherwise, including the data protection of our customers, the end-consumers of our customers and employees or third parties, could harm our reputation, impair our ability to attract and retain our customers, or Subject us to claims or litigation arising from damages suffered by individuals. Law No. 13,709/2018 (Lei Geral de Proteção de Dados Pessoais, or LGPD), entered into force on September 18, 2020 to regulate the processing of personal data in Brazil. The LGPD applies to individuals or legal entities, either private or governmental entities, that process or collect personal data in Brazil and which processing activities aim at offering or supplying goods or services to data subjects located in Brazil. The LGPD establishes detailed rules for the collection, use, processing and storage of personal data and will affect all economic sectors, including the relationship between customers and suppliers of goods and services, employees and employers and other relationships in which personal data is collected, whether in a digital or physical environment. Since the entry into force of the LGPD, all processing agents/legal entities are required to adapt their data processing activities to comply with this new set of rules. We have implemented changes to our policies and procedures designed to ensure our compliance with the relevant requirements under the LGPD. Even so, as it is a recent law, the National Data Protection Authority (Autoridade Nacional de Proteção de Dados, or the ANPD) as regulatory agency may raise other relevant issues or provide new guidance that will require further action from the company to remain fully compliant. The penalties for violations of the LGPD include: (1) warnings imposing a deadline for the adoption of corrective measures; (2) a fine of up to 2% of the company's or group's revenue, subject to the limit of R$50 million per violation; (3) daily fines; (4) mandatory disclosure of the violation after it has been investigated and confirmed; (5) the restriction of access to the personal data to which the violation relates up to a six-month period, that can be extended for the same period, until the processing activities are compliant with the regulation, and in case of repeated violation, temporary block and/or deletion of the related personal data, and partial or complete prohibition of processing activities; and (6) temporary or permanent prohibition against conducting activities related to data processing. Any additional privacy laws or regulations enacted or approved in Brazil or in other jurisdictions in which we operate could seriously harm our business, financial condition or results of operations. Under the LGPD, security breaches that may result in significant risk or damage to personal data must be reported to the ANPD, the data protection regulatory body, within a reasonable time period. The notice to the ANPD must include: (a) a description of the nature of the personal data affected by the breach; (b) the affected data subjects; (c) the technical and security measures adopted; (d) the risks related to the breach; (e) the reasons for any delays in reporting the breach, if applicable; and (f) the measures adopted to revert or mitigate the effects of the damage caused by the breach. Moreover, the ANPD could establish other obligations related to data protection that are not described above. In addition to the administrative sanctions, due to the noncompliance with the obligations established by the LGPD, we can be held liable for individual or collective material damages, and non-material damages caused to holders of personal data, including when caused by third parties that serve as operators of personal data on our behalf. In addition to the civil liability and administrative sanctions by the ANPD, we are also subject to the imposition of administrative sanctions set forth by other laws that address issues related to data privacy and protection, such as Law No. 8,078/1990, or the Brazilian Code of Consumer Defense, and Law No. 12,965/2014, or the Brazilian Civil Rights Framework for the Internet. These administrative sanctions can be applied by other public authorities, such as the Attorney General's Office and consumer protection agencies. We can also be held liable civilly for violation of these laws. Similarly, many foreign countries and governmental bodies, including in the countries in which we currently operate, have laws and regulations concerning the collection and use of personal data obtained from individuals located in their jurisdiction or by businesses operating within their jurisdiction. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, disclosure and security of personal data that identifies or may be used to identify an individual, such as names, telephone numbers, email addresses and, in some jurisdictions, IP addresses and other online identifiers. In addition, we continue to see jurisdictions imposing data localization laws, which require personal information, or certain subcategories of personal information to be stored in the jurisdiction of origin. These regulations may inhibit our ability to expand into those markets or prohibit us from continuing to offer services in those markets without significant additional costs. As we expand into new industries and regions, we will likely need to comply with new requirements to compete effectively. The uncertainty and changes in the requirements of multiple jurisdictions may increase the cost of compliance, delay or reduce demand for our services, restrict our ability to offer services in certain locations, impact our customers' ability to deploy our solutions in certain jurisdictions, or subject us to sanctions, by national data protection regulators, all of which could harm our business, financial condition and results of operations. Additionally, although we endeavor to have our products and platform comply with applicable laws and regulations, these and other obligations may be modified, they may be interpreted and applied in an inconsistent manner from one jurisdiction to another, and they may conflict with one another, other regulatory requirements, contractual commitments or our internal practices. We also may be bound by contractual obligations relating to our collection, use and disclosure of personal, financial and other data or may find it necessary or desirable to join industry or other self-regulatory bodies or other privacy or data protection-related businesses that require compliance with their rules pertaining to privacy and data protection. We expect that there will continue to be new proposed laws, rules of self-regulatory bodies, regulations and industry standards concerning privacy, data protection and information security in Brazil and other jurisdictions, and we cannot yet determine the impact such future laws, rules, regulations and standards may have on our business. For instance, the State of São Paulo has a law in place determining that a consumer may restrict the receipt of telemarketing, SMS or WhatsApp messages in their mobiles by registering their phone numbers in a specific registry. There can be no assurance that the public in general will not adopt this tool to restrict the receipt of unsolicited telemarketing, SMSs and WhatsApp messages. A broad use of this tool by the public (particularly if its adoption is extended to other Brazilian states or foreign jurisdictions where we operate) may materially adversely affect our business as it may prevent our customers to effectively use our platform to promote their businesses. Moreover, existing Brazilian and foreign privacy and data protection-related laws and regulations are evolving and subject to potentially differing interpretations, and various legislative and regulatory bodies may expand current or enact new laws and regulations regarding privacy and data protection-related matters. Because global laws, regulations and industry standards concerning privacy and data security have continued to develop and evolve rapidly, it is possible that we or our products or platform may not be, or may not have been, compliant with each such applicable law, regulation and industry standard and compliance with such new laws or to changes to existing laws may impact our business and practices, require us to expend significant resources to adapt to these changes, or to stop offering our products in certain countries. These developments could adversely affect our business, results of operations and financial condition. Any failure or perceived failure by us, our products or our platform to comply with new or existing Brazilian or other foreign privacy or data security laws, regulations, policies, industry standards or legal obligations, or any security incident that results in the unauthorized access to, or acquisition, release or transfer of, personal data or other customer data may result in governmental investigations, inquiries, enforcement actions and prosecutions, private litigation, fines and penalties, adverse publicity or potential loss of business.

The market for securities offered by companies with significant operations in Brazil (which is our case) is influenced by political, economic and market conditions in Brazil and, to varying degrees, market conditions in other Latin American and emerging markets, as well as the United States, Europe and other countries. For example, share prices of companies with significant operations in Brazil (whether they are listed on NASDAQ, NYSE or the São Paulo Stock Exchange (B3 S.A. - Brasil, Bolsa, Balcão)) have historically been sensitive to fluctuations in U.S. interest rates and the behavior of the major U.S. stock indexes. An increase in interest rates in other countries, especially the United States, may reduce global liquidity and investors' interest in securities issued by companies with significant operations in Brazil, adversely affecting the price of our Class A common shares. Interest rates have increased rapidly in the United States in the year ended December 31, 2022. For instance, in March 2022, the U.S. Federal Reserve raised its benchmark federal funds rate by 0.25% to a range between 0.25% and 0.50%, the first increase since December 2018 and over time the U.S. Federal Reserve increased interest rates in the United States to a target range of 5.25%-5.50%. If the U.S. Federal Reserve continues to raise the federal funds rate, it may redirect the flow of capital from emerging markets into the United States because investors may be able to obtain greater risk-adjusted returns in larger or more developed economies. Thus, companies in emerging market economies could find it more difficult and expensive to borrow capital and refinance existing debt. This may negatively affect our potential for economic growth and our ability to refinance our existing debt and could materially adversely affect our business, financial condition, results of operations, cash flows, prospects and the market price of our shares. Technology companies have been sensitive to the effects as investors may look to higher yield short-term investment options rather than wait for technology companies to generate long-term growth and expected future cash flows. To the extent the conditions of the global markets or economy deteriorate, the business of companies with significant operations in Brazil may be harmed. The weakness in the global economy has been marked by, among other adverse factors, lower levels of consumer and corporate confidence, decreased business investment and consumer spending, increased unemployment, increase in inflation, reduced income and asset values in many areas, reduction of China's growth rate, currency volatility and limited availability of credit and access to capital. Developments or economic conditions in other countries may significantly affect the availability of credit to companies with significant operations in Brazil and result in considerable outflows of funds from Brazil, decreasing the amount of foreign investments in Brazil. Crises and political instability in other emerging market countries, the United States, Europe or other countries could decrease investor demand for securities offered by companies with significant operations in Brazil, such as our Class A common shares. Investor sentiment in one country may cause capital markets in other countries to fluctuate, affecting the value of our Class A common shares, even if indirectly. The economic, political and social instability in the United States, the trade war between the United States and China, crises in Europe and other countries and global tensions, as well as economic or political crises and social unrest in Latin America or other emerging markets, can significantly affect the perception of the risks inherent in investment in Brazil. Economic and political uncertainty and potential interest rate increases in the United States may also create uncertainty in the Brazilian economy. The U.S. presidential and congressional elections are scheduled to take place in November 2024. The relationship between Brazil and the United States can be adversely affected depending on the outcome of the 2024 elections in the United States. Further, the elections may result in significant uncertainty with respect to, and could result in changes in, legislation, regulation and government policy at the federal, state and local levels. Any such changes could significantly impact our business as well as the markets in which we compete in the United States. Specific legislative and regulatory changes that might materially impact us include, but are not limited to, renegotiation of existing trade agreements, changes in import and export regulations and the adoption of new and increased import taxes, tariffs (including a threat of a 10% tariff to be applied across-the-board) and other barriers to import, and customs duties, public company reporting requirements, environmental regulation and antitrust enforcement. Environmental cooperation, in turn, including funds to combat deforestation and other green investments, can also face more difficulties. We cannot give you any assurance as to whether any such changes will occur or as to their timing, nor can we estimate their impact. To the extent changes in the U.S. political environment have a negative impact on us or on our markets, our business, financial condition and results of operations could be adversely affected. Furthermore, global markets are currently operating in a period of economic uncertainty, volatility and disruption following Russia's full-scale invasion of Ukraine on February 24, 2022. The ongoing war between Russia and Ukraine has provoked strong reactions from the United States, the UK, the EU and various other countries around the world, including from the members of the North Atlantic Treaty Organization (NATO). Following Russia's invasion of Ukraine beginning on February 24, 2022, the United States, the UK, the EU and other countries announced broad economic sanctions against Russia, including financial measures such as freezing Russia's central bank assets and limiting its ability to access its U.S. dollar reserves. The United States, the EU and the UK have also banned people and businesses from dealings with the Russian central bank, its finance ministry and its wealth fund. Selected Russian banks will also be removed from the Swift messaging system, which enables the smooth transfer of money across borders. Other sanctions by the UK include major Russians bank being excluded from the UK financial system, stopping them from accessing sterling and clearing payments, major Russian companies and the state being stopped from raising finance or borrowing money on the UK markets, and the establishment of limits on deposits Russians can make at UK banks. The United States, the EU and the UK adopted personal measures, such as sanctions on individuals with close ties to Mr. Putin, and placed visa restrictions on several oligarchs, as well as their family members and close associates, and freezing of assets.

Outbreaks or potential disease outbreaks may adversely affect the global capital market (including the capital market where our Class A common shares are traded), the global economy (including the Latin America economy) and the trading price of our Class A common shares. Historically, certain epidemics, pandemics and regional or global outbreaks, such as the coronavirus (COVID-19), zika virus, ebola, H5N5 virus (popularly known as avian influenza), foot-and-mouth disease, H1N1 virus (influenza A, popularly known as swine flu), Middle East respiratory syndrome (MERS) and severe acute respiratory syndrome (SARS) have affected certain sectors of the economy in the countries where these diseases have spread. In 2020, the COVID-19 pandemic and the measures adopted to contain its spread significantly restricted the movement of people, goods and services worldwide, including all of the regions in which we operate, adversely affected the global financial and capital markets and led to an economic crisis in many countries, including Brazil. Like many other companies, including our customers and prospective customers, we adopted – and still have in place – a remote work arrangement (Zenvia Anywhere). However, in the event of natural disasters, power outage, connectivity issue, or other occurrences that impact our employees' ability to work remotely, it may be difficult or, in certain cases, impossible, for us to continue our business for a substantial period of time. A new outbreak of any highly communicable virus could have a far-reaching and a material adverse impact on the financial capacity of our customers, suppliers and third-party business partners and potentially lead to an ongoing global economic downturn, which could result in constrained supply or reduced customer demand and willingness to enter into or renew contracts with us. Any of the foregoing could have a material adverse effect on us.

We rely on a network of contractual rights, trademarks, patents and trade secrets to establish and protect our proprietary rights, including our technology. For further information regarding our intellectual property, see "Item 4. Information on the Company-B. Business Overview-Intellectual Property." Third parties may challenge, invalidate, circumvent, infringe or misappropriate our intellectual property, or such intellectual property may not be sufficient to permit us to take advantage of current market trends or otherwise to provide competitive advantages, which could result in costly redesign efforts, discontinuance of certain service offerings or other competitive harm. Others, including our competitors, may independently develop similar technology, duplicate our services or design around our intellectual property, and in such cases, we could not assert our intellectual property rights against such parties. Further, our contractual arrangements may not effectively prevent disclosure of our confidential information or provide an adequate remedy in the event of unauthorized disclosure of our confidential information. We may have to litigate to enforce or determine the scope and enforceability of our intellectual property rights, trade secrets and know-how, which is expensive, could cause a diversion of resources and may not prove successful. Also, because of the rapid pace of technological change in our industry, aspects of our business and our services rely on technologies developed or licensed by third parties, and we may not be able to obtain or continue to obtain licenses and technologies from these third parties on reasonable terms or at all. The loss of intellectual property protection, the inability to obtain third-party intellectual property or delay or refusal by relevant regulatory authorities to approve pending intellectual property registration applications could adversely affect our business and ability to compete. We may also be subject to costly litigation in the event our services and technology infringe upon or otherwise violate a third party's proprietary rights. Third parties may have, or may eventually be issued, patents that could be infringed by our proprietary rights. Any of these third parties could make a claim of infringement against us with respect to our proprietary rights. We may also be subject to claims by third parties for breach of copyright, trademark, license usage or other intellectual property rights. Any claim from third parties may result in a limitation on our ability to use the intellectual property subject to these claims or could prevent us from registering our brands as trademarks. Even if we believe that intellectual property related claims are without merit, defending against such claims is time-consuming and expensive and could result in the diversion of the time and attention of our management and employees. Claims of intellectual property infringement also might require us to redesign affected services, enter into costly settlement or license agreements, pay costly damage awards, change our brands, or face a temporary or permanent injunction prohibiting us from marketing or selling certain of our services or using certain of our brands. Even if we have an agreement for indemnification against such costs, the indemnifying party, if any in such circumstances, may be unable to uphold its contractual obligations. If we cannot or do not license the infringed technology on reasonable terms or substitute similar technology from another source, our revenue and earnings could be adversely impacted. In the future, we may also introduce or acquire new products, technologies or businesses, including in areas where we historically have not participated in, which could increase our exposure to intellectual property claims. Any claims or litigation could cause us to incur significant expenses and, if successfully asserted against us, could require that we pay substantial damages or ongoing royalty payments, prevent us from offering our products, or require that we comply with other unfavorable terms. We may also be obligated to indemnify our customers or sales channel partners in connection with any such litigation and to obtain licenses or modify our products or platform, which could further exhaust our resources. Litigation is inherently uncertain and even if we were to prevail in the event of claims or litigation against us, any claim or litigation regarding intellectual property could be costly and time-consuming and divert the attention of our management and other employees from our business. Patent infringement, trademark infringement, trade secret misappropriation and other intellectual property claims and proceedings brought against us, whether successful or not, could harm our brand, business, results of operations and financial condition. In addition, laws of the countries where we operate do not protect intellectual property and other proprietary rights to the same extent as the laws of the United States. To the extent we expand our international activities, our exposure to unauthorized copying, transfer and use of our proprietary technology or information may increase. We cannot be certain that our means of protecting our intellectual property and proprietary rights will be adequate or that our competitors will not independently develop similar technology. If we fail to meaningfully protect our intellectual property and proprietary rights, our business, results of operations and financial condition could be adversely affected.

We depend upon our IT systems to conduct virtually all of our business operations, ranging from our internal operations and research and development activities to our marketing and sales efforts and communications with our customers and sales channel partners. Individuals or entities may attempt to penetrate our network security, or that of our platform, and to cause harm to our business operations, including by misappropriating our proprietary information or that of our customers, employees and sales channel partners or to cause interruptions of our products and platform. In particular, cyberattacks and other malicious internet-based activity continue to increase in frequency and in magnitude generally, and cloud-based companies have been targeted in the past. In addition to threats from traditional computer hackers, malicious code (such as malware, viruses, worms, and ransomware), employee theft or misuse, password spraying, phishing, credential stuffing, and denial-of-service attacks, we can also face threats from sophisticated organized crime, nation-state, and nation-state supported actors who engage in attacks (including advanced persistent threat intrusions) that add to the risk to our systems (including those hosted on cloud infrastructure providers, internal networks, our customers' systems and the information that they store and process. While we devote significant financial and personnel resources to implement and maintain security measures, because the techniques used by such individuals or entities to access, disrupt or sabotage devices, systems and networks change frequently and may not be recognized until launched against a target, we may be required to make further investments over time to protect data and infrastructure as cybersecurity threats develop, evolve and grow more complex over time. We may also be unable to anticipate these techniques, and we may not become aware in a timely manner of such a security breach, which could exacerbate any damage we experience. For further information, see "Item 16K. Cybersecurity." Additionally, we depend upon our employees and contractors to appropriately handle confidential and sensitive data, including customer data, and to deploy our IT resources in a safe and secure manner that does not expose our network systems to security breaches or the loss of data. We have been and expect to be subject to cybersecurity threats and incidents, including employee errors or individual attempts to gain unauthorized access to information systems. Any data security incidents, including internal malfeasance or inadvertent disclosures by our employees or a third party's fraudulent inducement of our employees to disclose information, unauthorized access or usage, virus or similar breach or disruption of us or our service providers, could result in loss of confidential information, damage to our reputation, erosion of customer trust, loss of customers, litigation, regulatory investigations, fines, penalties and other liabilities. Such liabilities are also related to the penalties, lawsuits and other regulatory scrutiny arising from the LGPD and the Brazilian Code of Consumer Defense. According to the Brazilian Code of Consumer Defense, consumers may file complaints with consumer protection agencies, comprising the Federal Consumer Agency (Departamento de Proteção e Defesa do Consumidor), and the local consumer protection agencies, or PROCONs. In case consumer protection agencies identify a violation of the Brazilian Code of Consumer Defense, such agencies may impose the penalties set forth in section 56 of the Brazilian Code of Consumer Defense (commonly a fine that varies from R$800 (eight hundred reais) to up to R$9.5 million, depending on the size of the company, the advantage obtained as result of the practice and the seriousness of the case). Consumers may also file civil lawsuits seeking compensation for damages. In addition, the Public Prosecutor's Office may initiate a proceeding which consists of civil inquiries or investigations arising from consumer complaints in order to verify the company's compliance with consumer law. If the inquiries or investigations conclude that there was no infraction to the law, administrative proceedings filed by the Public Prosecutor Office may be postponed or closed. However, administrative proceedings may also lead to Terms of Conduct Adjustment, or TACs, entered into between us and the relevant authorities, which are intended to adjust our conduct to certain requirements and legal standards, or lead to a public civil action (ação civil pública) against us. Accordingly, if our cybersecurity measures or those of our service providers, fail to protect against unauthorized access, attacks (which may include sophisticated cyberattacks), compromise or the mishandling of data by our employees and contractors, our reputation, customer trust, business, results of operations and financial condition could be adversely affected. Vulnerability to cyberattacks may increase in light of our adoption of a permanent remote work policy (Zenvia Anywhere), a measure that we implemented in 2020. While we maintain errors, omissions, and cyber liability insurance policies covering certain security and privacy damages, we cannot be certain that our existing insurance coverage will continue to be available on acceptable terms or will be available, and in sufficient amounts, to cover the potentially significant losses that may result from a security incident or breach or that the insurer will not deny coverage as to any future claim. For further information regarding sanctions, see "Item 4. Information on the Company-B. Business Overview-Regulatory Matters-Impacts of the enforcement of Law No. 13,709/2018 (Lei Geral de Proteção de Dados Pessoais), or LGPD, to our products and platform and our business model."

Our customers expect a consistent level of quality in the provision of our products and services. Our customers use our products for important aspects of their businesses, and any errors, defects or disruptions to our products and any other performance problems with our products could damage our customers' businesses and, in turn, harm our brand and reputation and erode customer trust. Although we regularly update our products, they may contain undetected errors, failures, vulnerabilities and bugs when first introduced or released. Real or perceived errors, failures or bugs in our products could result in negative publicity, loss of, or delay in, market acceptance of our platform, loss of competitive position, lower customer retention or claims by customers for losses sustained by them. In such events, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct the problem, which may result in increased costs to us. Any failure to maintain the high quality of our products and services, or a market perception that we do not maintain a high quality service, could erode customer trust and adversely affect our reputation, business, results of operations and financial condition.