Item 1. Business
BUSINESS
Investors should read this section in conjunction with the other information about MariaDB contained in this Annual Report on Form 10-K, including the consolidated financial statements and accompanying notes included in Part II, Item 8 of this Form 10-K and the other information appearing in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Unless otherwise indicated or the context otherwise requires, references in this section to “MariaDB,” “we,” “us,” “our,” and other similar terms refer to MariaDB plc and its consolidated subsidiaries after giving effect to the Business Combination. In addition to historical information, this section contains
forward-looking statements about our business, results of operations, cash flows, financial condition and prospects based on current expectations that involve risks, uncertainties and assumptions. Our actual business results of operations, cash flows, financial condition and prospects could differ materially from such forward-looking statements. Factors that could cause or contribute to those differences include, but are not limited to, those discussed in the sections titled “Risk Factors” and “Cautionary Note Regarding Forward-Looking Statements” included elsewhere in this Annual Report on Form 10-K. See the beginning of this “Business” section for a Glossary of key business terms used in this section and throughout this Annual Report on Form 10-K.
Glossary
Unless we otherwise indicate, or unless the context requires otherwise, any references in this Annual Report on Form 10-K to the following key business terms have the respective meanings set forth below:
ARM chips: ARM is a modern processor that uses a simple instruction set, has many more processor cores, costs less and consumes less power. It is seen as a next-generation processor.
Atomicity, Consistency, Isolation and Durability, or ACID: Database transaction requirements intended to guarantee validity even in the event of system crashes or power failures.
Basically Available, Soft State, Eventual Consistency, or BASE: Database processing germane to a NoSQL database that values availability but does not offer guaranteed consistency of replicated data.
Business Source License or BSL: a type of license that allows licensees to copy, modify, and redistribute the source code for non-commercial purposes. After a specified period, usually four years, the BSL automatically transitions to a GPL open-source license.
DBA: Database Administrator, a person who manages databases and performs capacity planning, installation, configuration, database design, migration, performance monitoring and tuning, security design and testing, troubleshooting, backup and data recovery.
DBMS: Database Management Systems, systems that manage databases and perform capacity planning, installation, configuration, database design, migration, performance monitoring and tuning, security design and testing, troubleshooting, backup and data recovery.
Geo-distributed workloads: Applications that support real-time interactions across the globe simultaneously, like a global trading floor.
GPL: General Public License is a free, open source license for software that guarantees end users the ability to run, study, share and modify the software.
Multi-model: Multi-model databases can store, index and query data in more than one system.
Node: A physical or virtual machine that hosts a single instance of a MariaDB database.
NoSQL: Generally refers to a non-relational database, in which data is stored in a non-tabular format. NoSQL optimizes for flexible schemas and scale compromising data consistency and ACID properties.
OEM: Original Equipment Manufacturer sells software sold wholesale to third-party hardware and software vendors for integration into the vendor’s end product.
Private data center: Also referred to as “on premises,” provides dedicated infrastructure in a specific geography to a customer.
Public cloud: A geo-distributed cloud-native database that users can easily deploy and manage across any public system, such as Amazon Web Services, Microsoft Azure and Google Cloud.
Relational database: A relationship database that organizes data into tables that can be linked or related based on data common to each other. Allows users to retrieve an entirely new table from data in one or more tables with a single query.
Remote DBA: Employees of MariaDB, who securely access customer environments to perform database administration tasks on behalf of customers.
SQL: Structured Query Language, a standard language used to communicate with relational database management systems. Data is stored in tables.
Overview
MariaDB is a database company whose products are used by companies big and small, reaching over a billion users through Linux distributions, downloaded over a billion times, and used across all types of use cases and industries. Built for all clouds (public, private and hybrid), our open source relational database delivers the flexibility and elasticity businesses need in today’s world with the reliability and dependability necessary to power the most mission critical applications. MariaDB has broadened its reach to a wide array of verticals, including financial services, travel and hospitality, telecommunications, technology, public sector, retail and distribution, and education. By increasing the company’s appeal to a broader group of customers and developers, MariaDB is well-positioned to capture a greater share of the database market - most specifically, the relational database market, estimated to be approximately $45 billion in 2021 and growing to $72 billion in 2026 (IDC, “Worldwide Database Management Systems Software Forecast Update, 2022-2026: Breakout by Submarket”, US49582822, August 2022).
Our position as a disruptor both in terms of price and technology is a result of our open source heritage. Unlike proprietary legacy alternatives, we have cultivated a vibrant community that has racked up over 190,000 contributions to the product line - a level of contribution second to no other open source database based on Github counts. At a business level, this vibrancy keeps costs down. At a thought leadership level, external contributions stimulate new ideas, facilitating our engineers to build revolutionary features that are forging a new future for developers and their use of databases.
Furthermore, MariaDB database solutions are available to businesses ranging from the smallest to the Fortune 500. Whether there are 10 or millions of users, terabytes or petabytes of data, in a private data center or in a public cloud - MariaDB is there.
Restructuring Plan
On October 12, 2023, the Company announced its restructuring plan to focus its attention on its core MariaDB Enterprise Server database product and better align its workforce with the needs of its business. Products not related to the core MariaDB Enterprise Server business, including SkySQL and Xpand, will no longer be sold and the Company has implemented a plan to help existing customers migrate off these products. We expect the plan will result in a significant reduction of operating expenses. Further, we anticipate the growth of revenue related to our core MariaDB Enterprise Server database product and services to offset the transitory decline in revenue due to the termination of SkySQL and Xpand product lines.
Business Model
We believe our business model to be highly efficient and supportive of rapid growth at low customer acquisition cost. The fundamental drivers of MariaDB’s growth are open source heritage and nexus of open source and the cloud.
Open source heritage: We began our company as a fork of MySQL, one of the most popular open-source databases in the industry, offering the market an alternative to legacy databases such as Oracle. Our brand name became more widely known over time due to the distribution of our free open-source technology, commonly known as the MariaDB Community Server. In 2017, the MariaDB Community Server displaced MySQL in popular Linux distributions and has reached over 60 million users and companies through this distribution channel alone. In 2018, we disrupted legacy databases by adding open source Oracle compatibility to the MariaDB Community Server, making it easier to migrate from Oracle, not only in terms of code but people and skill too. All told, the MariaDB Community Server has been downloaded more than a billion times.
Solidified as a stalwart open-source company, we began to introduce new premium products to monetize our existing base and expand into new ones. The most important components of this monetization strategy are MariaDB Enterprise Server, MariaDB MaxScale, and MariaDB Enterprise ColumnStore. We provide these components under a licensing framework (either proprietary or BSL) that aims to protect our intellectual property.
Nexus of open source and the cloud: One of the reasons why MariaDB technologies are popular in the industry is because they can be used on public clouds and on customer-owned hardware (also referred to as private clouds). This flexibility translates to a number of important qualities, including accessibility (a user can use the MariaDB technologies anywhere), familiarity (we use standard open-source protocols which are popular and familiar to developers), and business friendliness (we offer support and premium technologies for companies big and small).
If a customer were to use a database service from AWS, as an example, that customer wouldn’t be able to use it on Google Cloud, and vice versa. This is known as cloud stack lock-in. The freedom to operate in any cloud is an unambiguous distinction that MariaDB affords to our prospects and customers.
These fundamental drivers - open source and cloud - work together to establish a strong business model and accelerate revenue growth.
Business Growth
We have experienced strong growth and revenue expansion within existing customer accounts in recent years. Excluding customers of our SkySQL and Xpand products, which will no longer be sold as part of the restructuring plan discussed above, we had 665 customers in over 70 countries as of September 30, 2023. For the fiscal years ended September 30, 2023, 2022 and 2021, our revenue was $53.1 million, $43.7 million and $36.0 million, respectively, representing year-over-year growth of 21.5% from 2022 to 2023 and 21.3% from 2021 to 2022. We believe the drivers of these recent results are successful expansion in existing accounts, product maturity, and product-market fit of our database solutions. See the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations-Key Business Metrics” for a description of ARR. Our net loss was $51.9 million and $47.5 million for fiscal years ended September 30, 2023 and 2022, respectively. Net cash used in operating activities was $35.9 million and $50.3 million for the fiscal years ended September 30, 2023 and 2022, respectively.
Why Is the Database Market So Large?
Databases are one of the most essential elements of IT infrastructure, enabling the collection, storage, retrieval, management and analysis of data. Databases are at the core of applications that consumers, businesses and other organizations use every day, whether renewing a prescription, ordering and paying for goods online or in stores, communicating with each other, playing games, processing transactions, or working on business challenges or scientific problems. Moreover, in order to function properly, applications need to store and access data reliably, at any time and without delay. The reliability, access, and speed, as well as the number of users applications can support at any given time, are limited by the effectiveness of the applications’ underlying databases. A database is used by an application to help manage effective allocation of hardware resources to minimize costs while helping to maximize an application’s reliability, access and speed. As applications have become more intelligent, ubiquitous and heavily trafficked, and as developers have become more visionary, the demands on databases have grown infinitely more complex and diverse.
It is for these reasons the addressable market for databases is so large and rapidly expanding, especially so in the cloud.
According to IDC, growth in the relational public cloud deployment database market is projected to increase from $10 billion in 2020 to $33 billion in 2025, at a 27% CAGR (compound annual growth rate), making it the fastest growing segment in the database management systems, or DBMS, market. Cloud databases move data closer to consumers, making data available anywhere in the world in near-real time to give consumers a better end-user experience. They are also easier to manage and use due to their automation, and make it simpler to scale the underlying infrastructure necessary to power databases. It is these characteristics that have been driving widespread adoption of cloud databases and present a growing market opportunity.
A Brief Overview of Database History
Since the 1980s, the primary vendors of databases have been Oracle, IBM, and Microsoft. Their respective proprietary database products, along with operating systems, data storage arrays, and networking, were originally conceived when there was no internet. There was no iPhone, no Android device. There was no public cloud. High bandwidth networks were not only limited but very expensive, and could not support real-time interactions across the globe simultaneously (geo-distributed workloads). There were no ARM chips. Concern over the use of electricity was minimal, a consideration more for its cost than for its impact to the environment. There were no large SaaS (software-as-a-service) vendors, and trading floors were managed by people, not algorithms. The lens through which these proprietary database products were developed always had the mainframe as their backdrop and benchmark. For these reasons, these vendors are now considered “legacy” because of the costs and complexities they bring forth from their formative design principles.
After 2000, a variety of vendors sought to replace these legacy databases. Instead of adopting the relational model of computing, and its accompanying language called Structured Query Language (SQL), these vendors pursued non-relational models of computing (such as JSON) and NoSQL languages/interfaces. While some of these vendors have enjoyed success, many have not due to, in large part, the failure to displace SQL, which by this time had already become the lingua franca of the database industry. Not only is SQL a standard query language, it has always been tied to the relational model, which is considered to have a strong mathematical basis. The attempts of non-relational database models to provide data
consistency (i.e., data quality), strong durability in case of outages, and the joining and mashing up of diverse pieces of data, created technological headwinds and were unsuccessful in penetrating the relational database market. With relational databases embracing more JSON and NoSQL capabilities, relational databases have effectively turned into the superset of NoSQL and created a market opportunity for MariaDB-to embrace both the NoSQL and SQL markets.
MariaDB’s Database Solutions
MariaDB provides an open source relational database built for all clouds (public, private and hybrid). It delivers the flexibility and elasticity businesses need in today’s world with the reliability and dependability necessary to power the most mission-critical applications. Rooted in open source, MariaDB is open and transparent, working hand in hand with customers to solve their data storage and access challenges at a fraction of the cost of legacy databases.
MariaDB delivers the backbone of services used by people every day-when accessing data on their smartphone device, filling prescriptions, using 5G or making financial transactions. The MariaDB database is used by businesses ranging from the smallest to the Fortune 500. This ubiquity is possible because of the broad adoption of MariaDB Community Server-a free, open source database version that reaches billions of users through Linux distributions and has over one billion downloads. Users can get started quickly and easily with the free version, and then upgrade to MariaDB’s premium solutions.
These premium solutions support multiple workloads, including transactions and analytics. MariaDB database solutions are capable of supporting an organization’s growth at any phase. MariaDB's software can be installed by the customer or by MariaDB experts on a customer's specific hardware in a private data center or in a public cloud.
Industry Background
Several key trends and industry dynamics are reshaping the DBMS market now.
Data is at the core of everything
Whether it is digital transformation, e-commerce, financial transactions, logistics and supply chain management, or customer experience management, data is at the core of decision making and execution across all industries. For example, in financial services, databases deliver massive capacity to address rapid changes in demand and power applications, such as high-volume trading, cryptocurrency and decentralized finance, electronic tax returns, payment processing, financial ledgers, asset reporting, and identity management for authentication and authorization. These applications are the systems of record, sometimes called OLTP (Online Transaction Processing), which power company operations and, as such, make databases essential infrastructure software. These databases must maintain the integrity of the data even in the case of hardware outages and keep it secure from outside intrusions, all while making it readily available for efficient use. This is what relational databases do best.
Relational databases run the world
Relational databases represent the vast majority of the overall DBMS market. According to IDC, the relational database management systems, or RDBMS, market represented more than 70% of the total DBMS market of over $40 billion in 2020, which is projected to grow at a 10% CAGR to an estimated $64 billion in 2025. Customers choose relational databases due to the need for data integrity and consistency but also for their use of standards-based access via SQL, the lingua franca for data. Database users have generally demanded full SQL capabilities for skillset reuse and developer productivity.
Deficiencies of proprietary legacy databases
Proprietary legacy relational databases, which were architected three to four decades ago, are not designed to handle today’s challenges, like the scale and elasticity needed to be cost-efficient and deliver the performance required for internet-scale applications. Their complexity requires expensive specialists for maintenance and tuning, and their rigid and antiquated paradigms have resulted in waning appeal in the developer community. Legacy database vendors have added proprietary extensions (e.g., PL/SQL in Oracle and T-SQL in Microsoft SQL Server) to make it more difficult for customers to migrate to alternative database products once they have adopted those features. Enormous sunk costs and complexities around migrations have provided the leverage for legacy providers to implement pricing practices like core count and hardware-specific charges with complex pricing calculations that automatically drive up cost as hardware evolves. The growth in cloud computing, which has resulted in increased virtual machine use and a higher number of global end users, has often resulted in further increases in legacy database costs. Frequent enforcement by legacy database providers with aggressive audit practices has also resulted in higher payments and additional penalties, which has
motivated customers to seek less costly alternatives and less restrictive pricing, such as node-based pricing or pay-as-you-go cloud pricing.
Limitations of NoSQL
While NoSQL databases have attracted developers with a flexible and intuitive data model, these benefits are now available in many modern relational databases like those provided by MariaDB. Further, NoSQL databases are often perceived to fall short in delivering robust analytics and the dependable data consistency customers demand.
The academic or “technical” distinction between NoSQL and relational databases can be summed up by comparing the terms ACID and BASE. ACID stands for Atomicity, Consistency, Isolation, Durability and is the database model associated with relational databases. BASE stands for Basically Available, Soft State, Eventual Consistency and is the database model associated with NoSQL databases. Generally, the overall quality and dependability of an application that uses a relational database is higher than that of one using a NoSQL database. Customers typically require strong ACID compliance associated with relational databases to ensure data consistency and integrity, especially important for use cases such as financial transactions, e-commerce, order status and supply chain updates. Even more mundane applications like those used for sales forecasting can also suffer when, for example, sales pipelines, territory or product information are old and inconsistent. If an application does not need high data quality, and consistency is not as important, BASE or NoSQL technology may be sufficient. Thus, we have taken a “bipartisan” approach to this topic, and support both models-something which NoSQL databases cannot readily accomplish. Therefore, we believe that today’s NoSQL products have fewer potential uses and more limited upside in the overall addressable database market.
Companies big and small are moving from proprietary software to open source
Proprietary software vendor tactics have given birth and momentum to open source software, including within the database market. The open source model generally allows users to use and explore an open source version of the software for free, with payment following the adoption in order to get support and access to a commercial version that typically has enterprise features and additional functionality.
Proprietary software vendors usually use a perpetual license model that depends on generating returns through high support fees from customers on top of the sunk costs paid for the perpetual license. In contrast, the subscription fee model used by open source software vendors, such as MariaDB, provides substantial value to customers through enterprise features, priority fixes, and support while incentivizing vendors to keep delivering better product and value. This dynamic has driven a fundamental shift in IT purchases and practices, with many enterprises moving toward an “open source first” mindset. Open source software is generally more secure due to transparency through code availability and large contributor ecosystems that deliver contributions in the form of reviews, comments, and fixes. Product quality of mature open source projects typically exceeds proprietary products because of the wide array of use and experimentation through a user base that is frequently many times larger than that of competitive proprietary software.
Companies big and small are moving to the cloud
The cost dynamics of infrastructure and SaaS powered by the public clouds have led many enterprises to utilize the cloud for many applications or even move entirely to a cloud model. Customers of cloud services typically only pay for what they use, not for any excess, unused capacity, as additional capacity is usually available at a moment’s notice without having to plan for it or make long-term capital commitments.
Our Opportunity
The RDBMS market is one of the largest in the software industry and, according to IDC, accounted for over 74% of the $54.6 billion DBMS market in 2020. Further, IDC noted that the worldwide RDBMS market was $40 billion in 2020 and is expected to grow to $64 billion in 2025, representing a 10% CAGR. While this market has been traditionally dominated by proprietary legacy database vendors, recent history has demonstrated that existing database solutions, particularly those provided by legacy relational database providers, are ripe for disruption.
The two key industry trends that have begun to most dramatically reshape the RDBMS market are the move to open source and the move to the cloud. MariaDB is at the nexus of open source and cloud with MariaDB Community Server, one of the most popular open source databases.
Our Complete Database Solutions
Designed for internet-scale performance, secure by default, with best-in-class replication, clustering and availability, MariaDB’s product line provides a perfect balance of simplicity and raw power. MariaDB’s database solutions are
engineered to support any scale-from a single department to global scale, any workload-from systems of record (OLTP) to analytics (OLAP), in any cloud-private, public, hybrid or multicloud.
We have taken a complete “multi-model” (e.g., SQL and NoSQL functionality) and best-of-breed approach in regard to our product line and overall database solutions. Individual components of our solutions include:
•MariaDB Enterprise Server: a premium version of MariaDB Community Server
•MariaDB ColumnStore: for data warehousing
•MariaDB MaxScale: for high availability and load balancing
•MariaDB Managed Database: a fully managed offering
MariaDB Enterprise Server
MariaDB Enterprise Server is a premium version of the MariaDB Community Server and includes additional enterprise features like advanced audit capabilities, enhancements for commercial production deployments, and long-term maintenance and support. The MariaDB Enterprise Server is maintained for a minimum of five years, providing customers with a stable database solution that can be relied on without a costly and time-consuming maintenance burden. Popular new features are often backported to older MariaDB Enterprise Server versions to bring new features to customers running on older release versions without having to qualify an entirely new version to gain access to next-generation features.
MariaDB ColumnStore
MariaDB ColumnStore can store large amounts of data, up to petabytes, in a columnar format for real-time analytics. It is highly efficient in importing data at high speeds directly into inexpensive cloud storage. The data can be distributed across multiple systems and is not constrained by system size, allowing for increased processing power and data capacity with the addition of more hardware. ColumnStore is a flexible data warehouse, supporting denormalized or star/snowflake schemas. It is easy to use due to standard SQL support, requiring minimal administrative overhead as indexes are not used.
MariaDB MaxScale
MariaDB MaxScale is an advanced database proxy that acts independently and in conjunction with MariaDB databases (i.e., Enterprise Server and ColumnStore). MaxScale acts like a “traffic cop” that can intelligently route database requests to the database that is best suited to respond. Or, if a database is not available, can route to one that is available. As a traffic cop, MaxScale checks the health of database nodes and, without interaction from a DBA, takes corrective action when a database node fails. For example, if a region is having an outage, MaxScale can reroute users to a region that is available. It can also replay requests or transactions as part of its ability to offer seamless automatic failover without human interaction. MaxScale’s features are unique and a material distinction in MariaDB’s portfolio of database-related technologies.
MariaDB Managed Database
MariaDB Managed Database is for enterprise customers who want a managed database offering while needing more control over their database deployment. Benefits of our managed database service include: enables the customer to avoid reliance on any one cloud; avoids proprietary cloud technology lock-in; allows fine-tuned optimizations and options for performance, high availability, scalability and security; and lets the customer take control of its cloud costs. With our managed database, we deploy MariaDB enterprise database solutions on any cloud infrastructure of the customer's choosing, managed by MariaDB (the experts) using automation and world-class database strategies.
MariaDB Services and Support
MariaDB’s expert services and support comes from the same team that engineers MariaDB products. Our services and support includes fixes via patches, help with performance and tuning, and collaboration on new features. We go beyond traditional break-fix support - we are consultative and provide answers to “how to” questions that many software companies defer to their consulting organizations. Our goal is for the first MariaDB person a subscription customer interacts with for a service or support request to always be a MariaDB team member who is technically skilled and knowledgeable about our database solutions.
In addition to helping customers solve unexpected problems, MariaDB offers optional services, like Enterprise Architects, who can design large-scale, mission-critical database implementations, Technical Account Managers, who can own the alignment between the customer and MariaDB, and remote DBAs, who can manage customer databases.
Key Customer Benefits
MariaDB database solutions are structured to provide the following key business benefits to our customers:
•Single solution for diverse workloads
One of the strengths of MariaDB’s database solutions is the ability to support many classes of application workloads. Scalable key-value lookup, operational analytics, large-scale data warehousing, and highly available, scalable transactions are all offered through a common protocol - the well-known MySQL/MariaDB SQL interface-or a NoSQL interface.
•Increased developer productivity
MariaDB database solutions enable agile application development by making it easy to migrate from other databases and by providing a versatile yet feature-rich design that does not require developers to acquire new skills to efficiently use. Additionally, our knowledgeable remote DBAs allow developers to focus on application development and leave the task of optimizing the database for high performance and reliability to experts at MariaDB.
•Reduce total cost of ownership
By enabling high developer productivity through the use of our ubiquitous MySQL/ MariaDB SQL and NoSQL APIs and our on-demand expert remote DBAs, MariaDB database solutions significantly lower the cost and ease of application development.
Our Growth Strategy
We are pursuing our market opportunities in the DBMS market with growth strategies that include:
•Acquiring new customers
We believe there is a substantial opportunity to continue to grow our customer base. As mentioned earlier, we see two primary growth vectors:
•Growth through monetizing the widespread adoption of the MariaDB Community Server
•Growth through organizations migrating to the cloud and adopting MariaDB database solutions because,
among other things, they do not lock customers into a particular public cloud
As a result of these growth vectors, our direct sales prospects are often already familiar with MariaDB database solutions and may already be using our technology. While we sell to organizations of all sizes across a broad range of industries, our key focus is on enterprises that invest more heavily in their data infrastructure or application development or plan to move to the cloud. These organizations have a greater need for databases in a private data center, in the cloud, or in a hybrid data center/cloud model. We plan to continue to invest in our direct sales force to grow our larger enterprise subscription base, both domestically and internationally.
•Expanding sales within our customer base
We seek to grow sales with our current customers in several ways. As customers come to trust our database solutions and grow their use of our products and services to cover more of their applications, our customers generally increase their aggregate subscriptions with us. In addition, customers may expand their subscriptions as they migrate existing applications away from legacy databases, either doing so within the same organizational department or in other lines of their business or geographies. Further, as customers modernize their IT infrastructure, we expect them to increasingly migrate their applications to the cloud. Migration of applications to the cloud usually requires a cloud-native database running in the same cloud environment. Within our large customers, we believe that there is significant spend available for database products and services beyond what is currently spent with MariaDB, reflecting a significant growth opportunity within our existing customer base. One of our goals is to increase the number of customers that standardize on our database solutions within all or a larger portion of their organizations.
•Extending product leadership and introducing new products
We intend to continue to invest in our product offerings with the goal of becoming the most widely deployed database solution for all who wish to store and access data in private data centers or in the cloud. We direct our
product innovation toward initiatives intended to drive customer adoption and expansion, and to increase our addressable market by adding attractive, flexible features and products to our database solutions. For example, we have introduced a NoSQL interface in MaxScale that makes it easy for developers to switch from NoSQL databases to MariaDB.
•Growing the MariaDB developer community
We have attracted a growing community of highly engaged developers, who have downloaded the MariaDB Community Server offering or used it straight from their Linux operating system (with most Linux distributions now including MariaDB as their default over Oracle MySQL). We believe that effective engagement of developers markedly increases our brand awareness. Engaged developers often become advocates for MariaDB, which can result in new enterprise customers selecting our database solutions and existing customers expanding their use of our products and services. We have garnered a large social following and use events, streaming video and other forms of outreach, to help educate and attract a widening range of developers. We intend to continue to invest in the expansion of the MariaDB developer community.
•Adding to and cultivating our partner ecosystem
We have built a partner ecosystem that we are rapidly expanding, including resellers, value-added resellers, independent software vendors, technology partners, and OEMs. We have done this largely based on inbound requests and commercial opportunities. We have put a partner team in place that is actively managing our partner relationships, providing technical support, and recruiting new partners. Our partner ecosystem provides us with significant benefits, including lead generation, new customer acquisition, accelerated database deployment, and customer support. We intend to continue to expand and enhance our partner relationships to grow our market presence and drive greater sales efficiency, leveraging our partner and sales team.
•Entering new markets
We believe there is significant opportunity to expand the use of our database solutions outside of the United States. There are a number of untapped economies globally that we have not reached into or had much exposure to.
Customers
Excluding customers of our SkySQL and Xpand products, which will no longer be sold as part of the restructuring plan discussed above, we had 665 customers in more than 70 countries around the world as of September 30, 2023. Since databases are a critical data infrastructure in so many industries, we have customers across a wide range of industries, including financial services, government, technology, retail, telecommunications and transportation.
Competition
The market in which we operate is competitive and characterized by rapid changes in technology, customer requirements, and industry standards, with frequent introduction of new products and services. A number of other companies have developed products and services that compete with some or all of our products. At times, these competing offerings may also be complimentary with ours where customers deploy our database solutions alongside a competitor’s product or service. This may be done because the competing product only offers a partial solution or offers a single feature comparable to only a component of our complete database solutions.
We primarily compete with established relational database software providers, such as IBM, Microsoft and Oracle. We compete and partner with certain cloud providers, such as AWS, Google Cloud, Microsoft Azure, Alibaba Cloud, IBM Cloud and Oracle Cloud, that offer database functionalities or managed database services based on a variety of database technologies (including open source databases such as MySQL, MariaDB, or PostgreSQL). To a lesser extent, we compete with non-relational database providers, such as MongoDB and Couchbase, primarily when customer requirements are not being met by NoSQL database offerings. We expect competition to increase as other established and emerging companies enter the DBMS market, as customer requirements evolve, and new offerings and technologies are introduced.
While NoSQL databases have attracted developers with a flexible and intuitive data model, these benefits are now available in many modern relational databases like those provided by MariaDB. Further, NoSQL databases are often perceived to fall short in delivering robust analytics and the dependable data consistency customers demand.
We believe the primary factors of competition in the DBMS market include:
•Mindshare with software developers, architects, and IT executives
•Product capabilities, including reliability, scalability, performance, security and flexibility
•Price and total cost of ownership
•Flexible deployment model, including multicloud, cloud, private data center or hybrid
•Ease of use and deployment
•Breadth of workloads supported
•Ease of integration with existing IT infrastructure, development frameworks and programming languages
•Robustness of professional services and customer support
•Adherence to industry standards and certifications
•Size of user and customer base and level of user adoption
•Strength of sales and marketing efforts
•Brand awareness and reputation
We plan to continue to innovate and evolve our database solutions to make our offerings more attractive and able to deliver more benefits to current and potential customers. However, we could face significant risks to our business, financial condition, and results of operations, as a consequence of the strong, and in some cases better established and funded, competition.
Marketing, Sales and Partners
Our sales and marketing teams collaborate closely to drive awareness and adoption of our database solutions, accelerate customer acquisition and generate and increase revenue from customers. While we sell to organizations of all sizes across a broad range of industries, our key focus is on enterprises that invest more heavily in their data infrastructure or application development or plan to move to the cloud. These organizations generally have a greater need for databases in private data centers or in the cloud. We believe that we can grow our larger enterprise subscription base, both domestically and internationally, by continuing to invest in our direct sales force.
Our “go-to-market” model is focused on driving awareness and adoption of our database solutions with the goal of converting usage of MariaDB Community Server and participating in cloud migrations. To accelerate adoption of MariaDB database solutions, we are leveraging developer evangelism and education. Further, we are rapidly expanding our partner ecosystem of resellers, value-added resellers, independent software vendors, technology partners and OEMs by building out our partner and sales team.
We designed the free MariaDB Community Server offering to let developers use, experiment and evaluate our database solutions with little friction and at low cost. We believe this approach has contributed to our database solutions’ rising popularity within the developer community and with IT decision-makers and architects. As a result, our sales prospects are often already familiar with our database solutions and may have already built applications using our technology. To assess our most attractive commercial prospects, we employ a methodology and repeatable, data-driven approach to sales, with a performance management based on industry standard sales best practices. We also utilize advanced marketing technologies and processes to drive awareness and engagement that educate and convert prospects into customers, such as social media marketing, targeted paid digital advertising, personalized engagement and nurture tactics. As customers expand their usage of our database solutions, our relationships with them often expand to include technology and business leaders within their organizations. Our goal is to have organizations standardize their database needs by using MariaDB’s products and services as their single “go to” database solution.
MariaDB has developed strengthening global alliances and regional partnerships to facilitate further adoption into enterprise accounts. We believe resellers, value-added resellers, independent software vendors, technology partners and OEMs are keen to leverage MariaDB technology to grow their own businesses. Much like with our customers, our partnerships continue to broaden our access to the market and grow our business with our database solutions.
As of September 30, 2023, we had 63 employees in our sales and marketing organizations. In the fiscal years ended September 30, 2023 and 2022, we spent $26.9 million and $26.8 million, respectively, on sales and marketing.
Research and Development
Our research and development team is organized by product groups, each responsible for the design, development, testing and delivery of innovative technologies, features, integrations and improvements in a particular area of our database solutions. Research and Development employees are located primarily in Redwood City (U.S.), Sofia (Bulgaria) and Helsinki (Finland). Each product group is responsible for the full lifecycle of their products and services, including design, development, testing, integration and performance of new features and technologies. We continuously drive to innovate our products and services, and we put a significant emphasis on quality, performance and overall robustness of all our products and services.
As of September 30, 2023, we had 152 employees in our research and development organizations. We spent $35.4 million on research and development in each fiscal year ended September 30, 2023 and 2022.
Intellectual Property
Intellectual property rights are important to the success of our business. We rely on a combination of patent, copyright, trademark and trade secret laws in the United States and other jurisdictions, as well as license agreements, confidentiality procedures, non-disclosure agreements with third parties and other contractual protections, to protect our intellectual property rights, including our proprietary technology, software, know-how and brand.
As of September 30, 2023, we held five issued U.S. patents. Our issued patents are scheduled to expire between June 1, 2031 and October 15, 2034. As of September 30, 2023, we held five registered trademarks in the United States, and held six registered or protected trademarks in foreign jurisdictions. We continually review our development efforts to assess the existence and patentability of new intellectual property.
Although we rely on intellectual property rights, including patents, copyrights, trademarks and trade secrets, as well as contractual protections to establish and protect our proprietary rights, we believe that factors such as the technological and creative skills of our personnel, creation of new services, features and functionality and frequent enhancements to our database solutions are more essential to establishing and maintaining our technology leadership position.
Government Regulation and Compliance
We are subject to various federal, state, local and foreign laws and regulations and related enforcement, including those relating to data privacy, security and protection, intellectual property, employment and labor, anti-bribery, import and export controls, federal securities and tax. Additional laws and regulations relating to these areas likely will be passed in the future, and these or existing laws and regulations may be interpreted or enforced in new or expanded manners, each of which could result in significant limitations on ways we operate our business. New and evolving laws and regulations, and changes in their enforcement and interpretation, may require changes to our products and services, or to our business practices and relationships generally, and may significantly increase our compliance costs and otherwise adversely affect our business and results of operations. As our business expands to include additional products and services, and our operations continue to expand internationally, our compliance requirements and costs may increase, and we may be subject to increased regulatory scrutiny.
See the sections titled “Risk Factors-Risks Related to Our Technology and Intellectual Property” and “Risk Factors-Risks Related to Government Regulations” for additional information about the laws and regulations we are subject to and the risks to our business associated with such laws and regulations.
Our Employees
As of September 30, 2023, we had a total of 303 employees, including 163 employees located outside of the United States. None of our employees are represented by a labor union or covered by a collective bargaining agreement. We have not experienced any work stoppages, and we consider our relations with our employees to be good.
Facilities
Our principal executive office in Redwood City, California, consists of approximately 7,000 square feet of space under a lease that expires in July 2024. We lease offices around the world for our employees, including in Austin (Texas), Espoo (Finland), London (United Kingdom) and Sofia (Bulgaria).
We lease all our facilities and do not own any real property. We believe our facilities are adequate and suitable for our current needs and that, should it be needed, suitable additional or alternative space will be available to accommodate our operations.
Item 1A. Risk Factors
In addition to the factors discussed elsewhere in this Annual Report on Form 10-K, the following risks and uncertainties, some of which have occurred and any of which may occur in the future, could have a material adverse effect on our business, financial condition, results of operations, cash flows, and prospects. Additional risks and uncertainties not presently known to us or that we currently deem immaterial may also impair our business, financial condition, results of operations, cash flows, and prospects. Our actual results and performance may differ materially from any future results and performance expressed or implied by such forward-looking statements as a result of various factors, including, but not limited to, those discussed in the sections of this report titled “Cautionary Note Regarding Forward-Looking Statements” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”
Risk Factors Summary
Risks Related to Our Business and Industry
•There is substantial doubt about our ability to continue as a going concern due to our history of operating losses and need for additional capital, particularly in light of the January 10, 2024 maturity date of the senior secured promissory note with RP Ventures LLC (the “RP Note”); there is no assurance that RP Ventures LLC will agree to an extension of the maturity date of the RP Note.
•We are currently seeking additional capital to continue and support our operations and grow our business; we cannot be certain that additional capital will be available on reasonable terms when required, or at all.
•Our business, including our management, is required to take or is restricted from taking various actions under the terms of the RP Note, which could adversely affect our ability to execute our operating plans or address other strategic priorities such as raising additional capital.
•We have a limited operating history, which makes it difficult to predict our future results of operations.
•We have a history of losses, and we may not be able to generate sufficient revenue to achieve or sustain profitability.
•If we fail to continue to grow effectively, we may be unable to execute our business plan, increase our revenue, improve operations, maintain high levels of service or adequately address competitive challenges.
•We implemented several reduction in force plans, which we cannot guarantee will achieve their intended results.
•The database software market is highly competitive, and we face significant competition.
•If we are not able to provide successful enhancements, new products, services and features to keep pace with technological changes and developments by our competitors, our business could be adversely affected.
•If we are unable to attract new customers cost-effectively and bring customer success, we will not be able to grow.
•If we cannot maintain successful relationships with partners and establish new partnerships, our business could be harmed.
•Our sales cycle may be long and is unpredictable, and our sales efforts require considerable time and expense.
•The open source MariaDB Community Server is available as a free-to-download product, which could negatively affect our ability to monetize and protect our products and intellectual property rights.
•Our decision to license source code to certain products under the Business Source License version 1.1 may harm the adoption of our source code for these products.
•We rely upon third-party cloud providers to host our cloud-oriented products; any disruption of or interference with our use of third-party cloud providers would adversely affect our business.
•Without significant investments in our sales and marketing organizations and improvements in our sales and marketing programs, we may be unable to add new customers or increase subscriptions or keep existing customers.
•We rely on the performance of highly skilled personnel; if we are unable to integrate, retain or motivate key personnel or hire, integrate, retain and motivate qualified personnel, our business would be harmed.
•Interruptions or performance problems associated with our technology and infrastructure and service may adversely affect our business, results of operations and financial condition.
•Unfavorable conditions in our industry or the global economy or reductions in information technology spending could limit our ability to grow our business and negatively affect our business.
•Any legal proceedings, claims against us or other disputes could be costly and time-consuming to defend.
•Our current and expected future operations are international in scope, creating a variety of operational challenges.
•If our estimates or judgments as to critical accounting policies are incorrect, our results could be adversely affected.
•Our business is subject to risks of earthquakes, fire, floods and other natural catastrophic events, and interruption by man-made problems, like power disruptions, computer viruses, war, data security breaches, cyberattacks or terrorism.
Risks Related to Our Technology and Intellectual Property
•Real or perceived errors, failures or bugs in our software could adversely affect our business and growth prospects.
•If our security measures, or those of our service providers or customers, are breached or unauthorized parties otherwise obtain access to our or our customers’ data or software, our products and services may be perceived as not being secure, customers may reduce or terminate their use of our products and services, and we may face claims, litigation, regulatory investigations, significant liability and reputational damage.
•Because our software and services could be used to collect and store personal information, domestic and international privacy concerns could result in additional costs and liabilities to us or inhibit subscriptions to our products and services.
•We could incur substantial costs in protecting or defending our intellectual property rights, and any failure to protect our intellectual property rights could reduce the value of our software and brand.
•Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.
•Our software incorporates third-party open source software, which could negatively affect our ability to sell our products and subject us to possible litigation.
•We depend and rely upon software-as-a-service, or SaaS, technologies from third parties to operate our business, and interruptions or performance problems with these technologies may adversely affect our business, results of operations and financial condition.
Risks Related to Government Regulations
•Changes in laws and regulations related to the internet or changes in the internet infrastructure itself may diminish the demand for our software and could have a negative impact on our business.
•Failure to comply with anti-bribery, anti-corruption and anti-money laundering laws could subject us to penalties and other adverse consequences.
•Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions (including Ireland), and we could be obligated to pay additional taxes, which would harm our business, including results.
•If we do not maintain effective disclosure controls and procedures and internal control over financial reporting, we may not produce timely and accurate financial statements and disclosures or comply with applicable regulations.
•We engage our team members in various ways, including direct hires, through professional employer organizations (“PEOs”), and as independent contractors, resulting in certain challenges and risks that can affect our business.
•The enactment of legislation implementing changes in U.S. taxation of international business activities or the adoption of other tax reform policies could materially impact our business.
•Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value added or similar taxes, and we could be subject to liability with respect to past or future sales.
•We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate the controls.
•Geopolitical instability outside of the U.S. may adversely impact the U.S. and global economies.
•Our ability to use our U.S. federal and state net operating loss carryforwards and other tax attributes may be limited.
•If we are treated as a passive foreign investment company, there may be adverse consequences to U.S. investors.
•The IRS may not agree that we are a foreign corporation for U.S. federal tax purposes.
Risks Related to Ownership of Our Ordinary Shares (including Corporate Governance)
•Our failure to meet the continued listing requirements of the NYSE (or another national securities exchange) could limit the value of our securities and liquidity and otherwise negatively impact or business.
•Our lack of an independent audit committee at this time may hinder our board of directors’ effectiveness in monitoring the Company’s compliance with its disclosure and accounting obligations.
•Restrictions under the RP Note regarding our board of directors and our current lack of a majority independent board may be deemed to adversely affect the governance of the Company, as well as the rights of other shareholders.
•A transfer of Ordinary Shares or Warrants, other than one effected by means of the transfer of book-entry interests in the Depository Trust Company, may be subject to Irish stamp duty.
•If Ordinary Shares or Public Warrants cease to be eligible for deposit and clearing within the facilities of DTC, then transactions in Ordinary Shares or Public Warrants may be disrupted.
•We do not intend to pay dividends for the foreseeable future.
•Ordinary Shares or Warrants received by means of a gift transfer or inheritance could be subject to Irish tax.
•We may issue additional Ordinary Shares or other equity or convertible securities, which would dilute your ownership interests and may depress the market price of our Ordinary Shares and our Public Warrants.
•Securities or industry analysts do not publish research or reports about us and may never commence coverage of us.
•The market price and trading volume of our Ordinary Shares and Public Warrants have and may continue to be volatile and have declined and could continue to decline significantly.
•Provisions in our Memorandum and Articles of Association and under Irish law, could make an acquisition of MariaDB more difficult and may limit attempts by our shareholders to replace or remove our management.
•Our Memorandum and Articles of Association contains exclusive forum provisions for certain claims, which could limit our shareholders’ ability to obtain a favorable judicial forum for disputes with MariaDB or personnel.
•As an Irish public limited company, certain capital structure decisions require shareholder approval.
•Attempted takeovers of MariaDB will be subject to the Irish Takeover Rules and will be under the supervisory jurisdiction of the Irish Takeover Panel.
•We must have available “distributable profits” to pay dividends or generally make share repurchases or redemptions.
•Irish law differs from the laws in effect in the United States and may afford less protection to our shareholders.
Risks Related to Our Business and Industry
There is substantial doubt about our ability to continue as a going concern and we are currently seeking additional capital to continue and support our operations and grow our business; we cannot be certain that additional capital will be available on reasonable terms when required, or at all.
As of September 30, 2023, we had an accumulated deficit of $249.4 million and $4.5 million in cash and cash equivalents. As described in Note 1 to our audited consolidated financial statements as of and for the fiscal year ended September 30, 2023 (the "Consolidated Financial Statements") that are included elsewhere in this Annual Report on Form 10-K, we determined that our current cash and cash equivalents would not be sufficient to fund our operations (including capital expenditure requirements and the repayment of the $26.5 million principal, together with accrued interest, of the RP Note due in January 2024 (see below for additional discussion)) for at least 12 months from the date those Consolidated Financial Statements were issued (December 29, 2023), raising substantial doubt about our ability to continue as a going concern. We believe that our cash, cash equivalents, and cash provided by sales of database subscriptions and services will not be sufficient to meet our projected working capital and operating needs, particularly if the maturity date of the RP Note is not extended or we are unable to refinance the RP Note. We are currently seeking an extension of the maturity date of the RP Note and are also seeking additional capital to meet our projected working capital and operating needs, including repayment of the RP Note. Historically, Legacy MariaDB funded its operations primarily through equity and debt financings and payments by its customers for use of its products and services. Going forward, we cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business. In addition to general operations, we expect to require significant additional capital investments for research and development, including for the purpose of further developing our intellectual property and other proprietary technologies.
Further, we intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features or otherwise enhance our database software and services, improve our operating infrastructure or acquire businesses and technologies. Accordingly, we will need to secure additional capital through equity or debt financings. Such additional capital may not be available on terms acceptable to us, if at all. Our access to capital through debt or equity markets have proven and could continue to prove challenging due, among other things, to recent volatility in the capital markets, the rising interest rate environment, changes in customer traffic, higher costs due to inflation, and labor shortages. If we raise additional equity-related capital, existing shareholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of Ordinary Shares. The restrictive covenants under the senior secured promissory note with RP Ventures LLC (the “RP Note”) (as further discussed below) also impose significant restrictions on our capital raising activities, cash management, and other financial and operational matters, and any failure to comply with these covenants could harm our business, results of operations and financial condition, including putting us in default under the RP Note and causing such note to become due. Any equity or debt financing that we may secure in the future could involve similarly restrictive covenants, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. If we are unable to obtain adequate financing or financing on terms that are satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be harmed. In addition, because any decision to issue
securities in the future to raise capital will depend on numerous considerations, including factors beyond our control (including, potentially, the approval of RP Ventures), we cannot predict or estimate the amount, timing or nature of any future issuance of debt or equity securities. As a result, our shareholders would bear the risk of future issuances of debt or equity securities that may reduce the value of our Ordinary Shares and dilute existing interests.
Our auditors have made reference to the material uncertainty as to our ability to continue as a going concern, and there is no assurance that we will be able to continue as a going concern.
We have determined that there is material uncertainty as to our ability to continue as a going concern and our external auditors have included a reference as to this matter in their audit report on MariaDB’s audited consolidated financial statements as of and for the fiscal year ended September 30, 2023. The audited consolidated financial statements of MariaDB as of and for the fiscal year ended September 30, 2023 included in this Annual Report on Form 10-K were prepared assuming that we will continue as a going concern. Because we have determined that a material uncertainty exists as to whether we can continue as a going concern, it may be more difficult for us to attract investors. In addition, since we have determined that an uncertainty exists about our ability to continue as a going concern, this typically results in greater difficulty in obtaining investments and loans than businesses that do not have a qualified auditor’s opinion. Further, any investments and loans we might obtain may be on less advantageous terms. Our future is dependent upon our ability to obtain financing and upon future profitable operations from our business.
Our business, including our management, is required to take or is restricted from taking various actions under the terms of the RP Note, which is expected to mature at the latest on January 10, 2024 unless extended by the parties.
In October 2023, we issued the RP Note, which $26.5 million loan (with applicable interest) is expected to mature on January 10, 2024 unless extended by the parties. The terms of the RP Note include various provisions that require us to take certain actions or limit our business’s ability (including that of our management) to take certain actions. These provisions cover, among others, the following matters:
•Restricting our pursuit or acceptance of any offer with respect to any recapitalization, reorganization, merger, business combination, purchase, sale, loan, notes issuance, issuance of other indebtedness or other financing or similar transaction, or to any acquisition by any person or group, which would result in any person or group becoming the beneficial owner of 2% or more of any class of equity interests or voting power or consolidated net income, revenue or assets, of the Company (in each case other than with RP Ventures or Runa (as such terms are defined below)), without RP Ventures’ prior written consent.
•Requiring the board of directors to be set at four members, two of whom are to be selected by RP Ventures (currently, Michael Fanfant and Yakov Zubarev). (See also below the risk factor “Our lack of a majority independent board of directors may adversely affect the governance of the Company, as well as the rights of other shareholders” for additional information regarding risks and uncertainties in connection with the RP Note.)
•Restricting our ability to incur indebtedness, create certain liens, declare or distribute dividends or make certain other restricted payments, be party to a merger, consolidation, division or other fundamental change, transfer, sell or lease our assets, make certain modifications to our organizational documents or indebtedness, engage in certain transactions with affiliates, change our business, accounting or reporting practices, name or jurisdiction or organization, establish new bank accounts, and establish or acquire any subsidiary.
•Restricting our conduct of business, including regarding taking part in transactions outside of the ordinary course of our existing business, making significant payments to third parties, or issuing equity interests, without RP Ventures’ prior written consent.
•Providing RP Ventures with ongoing comprehensive financial information and access to our books and records.
With the limitations under the RP Note, including those described above (such as the necessity of getting prior approval from RP Ventures in many instances), we may not have the flexibility needed to take timely action necessary to manage our business effectively or make our business successful, including making changes to or taking actions outside of our current normal course of business as circumstances change. In addition, we may not be able to obtain the additional financing needed to pay off the RP Note in a timely manner or on acceptable terms (both to us and RP Ventures), if at all. If we are unable to obtain such financing, our business would be significantly harmed and would not be able to continue in its current state, and our shareholders would be adversely impacted.
We have a limited operating history, which makes it difficult to predict our future results of operations.
Legacy MariaDB, our predecessor, was incorporated in 2010 and our software and services have evolved significantly since its inception, with MariaDB Enterprise being introduced in 2019. As a result of our limited operating history and our introduction of new software and services and phasing out others, our ability to forecast our future results of operations is limited and subject to a number of uncertainties, including our ability to accurately predict future growth. Our historical revenue growth has fluctuated in prior periods and should not be considered indicative of our future performance. Further, in future periods, our revenue growth could slow or our revenue could decline for a number of reasons, including slowing demand for our products and related services, reduced adoption of paid subscriptions and services by users of the MariaDB Community Server, increasing competition, changes to technology or our intellectual property or our failure, for any reason, to continue to capitalize on growth opportunities. We have also encountered and will encounter risks and uncertainties frequently experienced by growing companies in rapidly changing industries, such as the risks and uncertainties described herein. If our assumptions regarding these risks and uncertainties and our future revenue growth are incorrect or change, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations and our business could suffer.
We have a history of losses, and we may not be able to generate sufficient revenue to achieve or sustain profitability.
We have incurred net losses in each period since Legacy MariaDB’s incorporation in 2010, including net comprehensive losses of $52.7 million and $49.3 million for the fiscal years ended September 30, 2023 and 2022, respectively. Currently, we expect our operating expenses to decrease for a time as we continue to execute on our various restructuring initiatives and focus on our core business, but we may not be profitable in the foreseeable future. While our revenue has grown in recent years, if our revenue declines or fails to grow at a rate faster than our operating expenses, our losses in future periods may be larger than we currently expect and we may not be able to achieve and maintain profitability. We cannot assure you that we will achieve profitability in the future or that, if we do become profitable, we will be able to sustain profitability.
Our estimates of market opportunity and forecasts of market growth may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.
Market opportunity estimates and growth forecasts are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate. The variables that go into the calculation of our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of addressable users or companies covered by our market opportunity estimates will actually subscribe to our products and services or generate any particular level of revenue for us. Failure to achieve estimated growth could have an adverse impact on our financial results and condition and could cause our actual results to be materially different from those projected. Even if the market in which we compete meets the forecasted size estimates and growth, our business could fail to grow for a variety of reasons, which would adversely affect our business, results of operations and financial condition.
Our success is highly dependent on our ability to penetrate the existing market and sustain market acceptance for database products, as well as the growth and expansion of the market for database products and services.
Our future success will depend in large part on our ability to service existing demand, as well as the continued growth and expansion of the market for database solutions, particularly relational and cloud-oriented database products. It is difficult to predict demand for our offerings, the conversion from one to the other and related services and the size, growth rate and expansion of these markets, the entry of competitive products or the success of existing competitive products. Our ability to penetrate the existing database market and any expansion of the market depends on a number of factors, including cost, performance and perceived value associated with our products. Furthermore, many of our potential customers have made significant investments in relational databases from traditional providers, such as offerings from IBM, Microsoft and Oracle, and may be unwilling to invest in new products. If the market for database solutions fails to grow at the rate that we anticipate or decreases in size or we are not successful in penetrating the existing market, our business would be harmed.
Further, technologies related to database offerings are still evolving and we cannot predict market acceptance of our products and services, or the development of other competing offerings based on entirely new technologies. For example, we currently derive and expect to continue to derive a majority of our revenue and cash flows from subscriptions to and services related to, our MariaDB Enterprise product. Demand for our products is affected by a number of factors, many of which are beyond our control, including continued market acceptance by existing customers and potential customers, the ability to expand the product for different use cases, the timing of development and releases of new offerings by our competitors, technological change and the growth or contraction in the market in which we compete. If the market for database solutions, and for relational database solutions in particular, does not continue to grow as expected, or if we are unable to continue to efficiently and effectively respond to the rapidly evolving trends and meet the demands of our
customers, achieve more widespread market awareness and adoption of our products and services or otherwise manage the risks associated with the introduction of new products and services, our competitive position would weaken and our business, results of operations, financial condition and growth prospects would be adversely affected.
If we fail to continue to grow and to manage our growth effectively, we may be unable to execute our business plan, increase our revenue, improve operations, maintain high levels of service or adequately address competitive challenges.
For the fiscal years ended September 30, 2023, 2022, 2021 and 2020, our revenue was $53.1 million, $43.7 million, $36.0 million and $30.0 million, respectively, representing year-over-year growth of 21.6% from 2022 to 2023, 21.3% from 2021 to 2022 and 19.9% from 2020 to 2021. Our success will depend in part on our ability to continue to grow revenue and to manage this growth, domestically and internationally, effectively.
Our future operational plans and growth will continue to place a significant strain on our management, administrative, operational and financial infrastructure. We will need to continue to improve our operational, financial and management processes and controls, and our reporting systems and procedures to manage the expected growth of our operations and personnel, and to meet the demands of being a public company, which will require significant expenditures and allocation of valuable management and employee resources. If we fail to implement these infrastructure improvements effectively, our ability to ensure uninterrupted operation of key business systems and comply with the rules and regulations that are applicable to public reporting companies will be impaired. For example, as of September 30, 2023, we determined our disclosure controls and procedures and internal control over financial reporting to be ineffective due to material weaknesses, as described in Part II, Item 9A of this Annual Report on Form 10-K, which we are currently working to remediate. Further, if we do not effectively manage the growth of our business and operations, the quality of our products and services could suffer, our culture, values and entrepreneurial environment may negatively change, and we may not be able to adequately address competitive challenges. This could impair our ability to attract new customers, retain existing customers and expand their use of our products and services, all of which would adversely affect our brand, overall business, results of operations and financial condition.
We recently implemented several reduction in force plans, which we cannot guarantee will achieve their intended results.
In the second quarter of fiscal 2023, we began implementing a reduction in force plan to achieve cost reduction goals and to focus the Company on key initiatives and priorities. This program included a reduction in the Company’s global workforce of approximately 8%. In the first quarter of fiscal 2024, we began implementing a restructuring plan to better align our workforce with the needs of our business and to reduce operating costs. The restructuring plan included a reduction of the Company’s global workforce by an additional approximately 28% and divestitures from our SkySQL and Xpand businesses, which are currently ongoing.
These reduction in force and restructuring activities have subjected us to litigation risks and expenses. These activities do not provide us any assurance that additional restructuring actions, which may include changes in force, will not be needed in the future. In addition, these activities may have other consequences, such as attrition beyond our planned reduction in force, and a negative effect on employee morale and productivity, and our ability to attract highly skilled employees, as well as our ability to effectively run our business as needed. Our competitors may also use our reduction in force plans and restructuring of our product portfolio to focus on the core Enterprise business to seek to gain a competitive advantage over us. As a result, our reduction in force and restructuring plans may adversely affect our revenue, expenses and other business operations in the future.
The database software market is highly competitive, and we face significant competition.
The database software market, for both relational and non-relational database products, is highly competitive, rapidly evolving and others may offer competing database solutions or sell services in connection with existing open source databases, including ours. The principal competitive factors in our market include: mindshare with software developers and IT executives; product capabilities, including flexibility, scalability, performance, security and reliability; flexible deployment model, including in the cloud, on-premise or in a hybrid environment; ease of deployment; breadth of use cases supported; ease of integration with existing IT infrastructure; robustness of professional services and customer support; price; overall cost of use; adherence to industry standards and certifications; size of customer base and level of user adoption; strength of subscription sales and marketing efforts; and brand awareness and reputation. If we fail to compete effectively with respect to any of these competitive factors, we may fail to attract new customers or lose or fail to renew existing customers, which would cause our business operations to suffer.
We primarily compete with legacy relational database software providers such as IBM, Microsoft and Oracle, as well as providers of NoSQL database solutions, such as MongoDB and Couchbase. We also compete with public cloud service providers such as Amazon Web Services (AWS), Google Cloud, Microsoft Azure, Alibaba Cloud, IBM Cloud and Oracle Cloud, that offer database functionalities or managed database services based on a variety of database technologies (including open source databases such as MySQL, MariaDB, or PostgreSQL). In the future, other large software and internet companies may seek to enter our market. Additionally, potential customers may also adopt other open-source relational database offerings, such as PostgreSQL and MySQL.
Some of our actual and potential competitors, in particular the legacy relational database providers, have advantages over us, such as longer operating histories, more established relationships with current or potential customers and commercial partners, significantly greater financial, technical, marketing or other resources, stronger brand recognition, larger intellectual property portfolios and broader global distribution and presence. Such competitors may make their products available at a low cost or no cost basis in order to enhance their overall relationships with current or potential customers. Our competitors may also be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, laws and regulations or customer requirements. With the introduction of new technologies and new market entrants, we expect competition to intensify in the future. In addition, some of our larger competitors have substantially broader offerings and can bundle competing products with hardware or other software offerings, including their cloud computing and customer relationship management platforms. As a result, customers may choose a bundled offering from our competitors, even if individual products have more limited functionality compared to our software. These larger competitors are also often in a better position to withstand any significant reduction in technology spending, and will therefore not be as susceptible to competition or economic downturns. In addition, some competitors may offer products or services that address one or a limited number of functions at lower prices, with greater depth than our products or in geographies where we do not operate.
Furthermore, our actual and potential competitors may establish cooperative relationships among themselves or with third parties that may further enhance their resources and offerings in the markets we address. In addition, third parties with greater available resources may acquire current or potential competitors. As a result of such relationships and acquisitions, our actual or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their offerings more quickly than we do. For all these reasons, competition may negatively impact our ability to maintain and grow consumption of our products and services or may put downward pressure on our prices and gross margins, any of which could materially hurt our reputation, business, results of operations or financial condition.
If we are not able to maintain and enhance our brand, including among developers, our business and results of operations may be adversely affected.
We believe that developing and maintaining widespread awareness of our brand, including with developers, is critical to achieving widespread acceptance of our products and services and attracting new customers. Our brand promotion activities may not be successful at attracting developers or customers. In addition, independent industry analysts often provide reports of our products and services, as well as the offerings of our competitors, and perception of our products and services in the marketplace may be significantly influenced by these reports. If these reports are negative, or less positive as compared to those of our competitors, our reputation and brand may be adversely affected. If we fail to successfully promote and maintain our brand, we may fail to attract or retain the developers and customers necessary to realize a sufficient return on our brand-building efforts, or to achieve the widespread brand awareness that is critical for broad adoption of our products.
If we are unable to establish name recognition and differentiate our products and services, then we may not be able to compete effectively and our business may be adversely affected. The maintenance and promotion of our brand requires us to make substantial expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive, we expand into new geographies, and markets and more sales are generated through our partners. Because our technology, including the MariaDB Community Server, is available on an open source basis, other companies may promote it as part of their other commercial products and services, which may lead to market confusion and dilution of the MariaDB brand. For instance, public clouds, including AWS and Azure, offer managed database services based on the MariaDB Community Server through their platforms using the MariaDB trademark without licenses or other agreements with us beyond the open source license to the MariaDB Community Server. Additionally, we may be unable to successfully differentiate our brand from the activities of the MariaDB Foundation, which was established to steward the MariaDB
Open Source Project. While we have been a long-term sponsor of the MariaDB Foundation, the foundation is a distinct entity that operates separately from us. Our brand promotion activities may not generate customer awareness or yield increased revenue. In addition, any increase in revenue from such brand promotion initiatives may not offset the increased expenses we incur. If we do not successfully maintain and enhance our reputation and brand, we may have reduced pricing power relative to our competitors, we could lose customers, and we could fail to attract new customers or expand sales to our existing customers, all of which may materially and adversely affect our business, financial condition and results of operations.
If we are not able to provide successful enhancements, new products, services and features to keep pace with technological changes and developments by our competitors, our business could be adversely affected.
The market for database solutions is characterized by frequent product and service introductions and enhancements, changing user demands and rapid technological change. The success of our business will depend, in part, on our ability to adapt and respond effectively and timely to these changes. We invest substantial resources in researching and developing new products and services and enhancing our solutions by incorporating additional features, improving functionality, and adding other improvements to meet our customers’ evolving demands in our highly competitive industry. If we cannot provide enhancements and new features or services that achieve market acceptance or that keep pace with rapid technological developments and the competitive landscape, our business could be adversely affected. The success of any enhancements or improvements to, or new features of, our marketplace or any new products and services depends on several factors, including timely completion, competitive pricing, adequate quality testing, integration with new and existing technologies in our marketplace and third-party partners’ technologies, overall market acceptance and resulting user activity that is consistent with the intent of such products or services. In addition, if new technologies emerge that allow our competitors to deliver similar services at lower prices, more efficiently, more conveniently or more securely, such technologies could adversely impact our ability to compete.
Our business and results of operations depend substantially on our customers extending and expanding their relationships with us. Any decline in our customer renewals or failure to convince our customers to broaden their use of our products and related services would harm our business, results of operations and financial condition.
Our MariaDB Enterprise Server is available by subscription only, and. many of our subscription contracts for MariaDB Enterprise Server were one year in duration in the fiscal years ended September 30, 2022 and September 30, 2023. For us to maintain or improve our results of operations, it is important that our customers renew their subscriptions with us when the existing subscription term expires, and renew on the same or more favorable terms and expand the products and services they use. Our customers have no obligation to renew their subscriptions, and we may not be able to accurately predict customer renewal rates.
Historically, some of our customers have elected not to renew their subscriptions with us for a variety of reasons, including because of changes in their strategic IT priorities, budgets, costs, and, in some instances, due to competing solutions. Our revenue retention rate may also decline or fluctuate as a result of a number of other factors, including our customers’ satisfaction or dissatisfaction with our software, the increase in the contract value of subscription and support contracts from new customers, the effectiveness of our customer support services, our pricing, the prices of competing products or services, mergers and acquisitions affecting our customer base, global economic conditions, and the other risk factors described herein. As a result, we cannot assure you that customers will renew subscriptions or increase their usage of our software and related services. If our customers do not renew their subscriptions or renew on less favorable terms, or if we are unable to expand our customers’ use of database products and related services, our business, results of operations and financial condition may be adversely affected.
If we are unable to attract new customers in a manner that is cost-effective and brings customer success, we will not be able to grow our business, which would adversely affect our business, results of operations and financial condition.
In order to grow our business, we must continue to attract new customers in a cost-effective manner and enable these customers to realize the benefits associated with our products and services. We may not be able to attract new customers for a variety of reasons, including as a result of their use of traditional relational or other database products and services, and their internal timing, budget or other constraints that hinder their ability to migrate to or adopt our products or services.
Even if we do attract new customers, the cost of new customer acquisition, product implementation and ongoing customer support may prove so high as to prevent us from achieving or sustaining profitability. If the costs of our sales and marketing efforts increase dramatically, if we do not experience a substantial increase in leverage from our partner
ecosystem, or if our sales and marketing efforts do not result in substantial increases in revenue, our business, results of operations and financial condition may be adversely affected. In addition, while we expect to continue to invest in our support organization to accelerate our customers’ ability to adopt our products and ultimately create and expand their use of our products over time, we cannot assure you that any of these investments will lead to the cost-effective acquisition of additional customers.
If we are unable to maintain successful relationships with our partners and establish new partnerships, our business, results of operations and financial condition could be harmed.
We employ a go-to-market business model whereby a portion of our revenue is generated by subscriptions through or with our partners, including cloud partners, technology partners, consulting and service partners and distributer resellers, that further expand the reach of our direct sales force into additional geographies, sectors, industries, and channels. We have entered, and intend to continue to enter, into reseller relationships in certain international markets where we do not have a local presence. We provide certain partners with specific training and programs to assist them in offering our products and services, but these steps may prove ineffective. In addition, if our partners are unsuccessful in marketing subscriptions to our products and services, it would limit our planned expansion into certain geographies, sectors, industries, and channels. If we are unable to develop and maintain effective incentive programs for our partners, we may not be able to successfully incentivize these partners to sell our products and services to customers.
Some of our partners may also market, sell and support offerings that are competitive with ours, may devote more resources to the marketing, sales and support of such competitive offerings, may have incentives to promote our competitors’ offerings to the detriment of our own or may cease selling our products and services altogether. Our partners could also subject us to lawsuits, potential liability and reputational harm if, for example, any of our partners misrepresents the functionality of our products and services to customers, violate laws or violate our or their corporate policies. Our ability to achieve revenue growth in the future will depend, in part, on our success in maintaining successful relationships with our partners, identifying additional partners and training our partners to independently sell our products and services. If our partners are unsuccessful in selling our products and services, or if we are unable to enter into arrangements with or retain a sufficient number of high-quality partners in the regions in which we sell our products and services and keep them motivated to sell our products and services, our business, results of operations, financial condition and growth prospects could be adversely affected.
We have a limited history with our subscription-based and pay-as-you-go products and pricing models and if, in the future, we are forced to reduce prices for our products and services, our revenue and results of operations will be harmed.
We have limited experience with respect to determining the optimal prices for our subscription-based and pay-as-you-go products. As the market for database solutions evolves, or as competitors introduce new products or services that compete with ours, we may be unable to attract new customers or convert users of MariaDB Community Server, a free, open source database, to paying customers on terms or based on pricing models that we have used historically. In the past, we have been able to increase our prices for our subscriptions offerings, but we may choose not to introduce or be unsuccessful in implementing future price increases. As a result of these and other factors, in the future we may be required to reduce our prices or be unable to increase our prices, or it may be necessary for us to increase our services or product offerings without additional revenue to remain competitive, all of which could harm our business, results of operations and financial condition.
We recognize a majority of our revenue over the term of our customer contracts. Consequently, increases or decreases in new subscriptions may not be immediately reflected in our results of operations and may be difficult to discern.
We recognize portions of our subscription revenue from subscription customers ratably over the terms of their contracts. For example, a significant portion of our subscription contracts entered into during the fiscal years ended September 30, 2023 and September 30, 2022, were only one year in duration. As a result, a portion of the revenue we report in each quarter is derived from the recognition of deferred revenue relating to subscriptions entered during previous quarters, with new contracts continuing to be sought and entered into every quarter. Consequently, a decline in new or renewed subscriptions in any single quarter may have a small impact on the revenue that we recognize for that quarter. However, such a decline will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in subscriptions and potential changes in our pricing policies or rate of customer expansion or retention may not be fully reflected in our results of operations until future periods. In addition, a significant majority of our costs are expensed as incurred, while most of the revenue is recognized over the life of the subscription agreement. As a result, growth in the
number of customers could continue to result in our recognition of higher costs and lower revenue in the earlier periods of our subscription agreements. Finally, our subscription-based revenue model also makes it difficult for us to rapidly increase our revenue through additional subscriptions in any given period, as revenue from new customers and significant increases in the size of subscriptions with existing customers must be recognized over the applicable subscription term.
Our sales cycle may be long and is unpredictable, and our sales efforts require considerable time and expense.
The timing of our subscriptions and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our offerings. We are often required to spend significant time and resources to better educate and familiarize potential customers with the value proposition of paying for our products and services. The length of our sales cycle, from initial evaluation to payment for our offerings is on average about three months but can vary substantially from customer to customer and from application to application. As the subscription to and deployment of our products can be dependent upon customer initiatives, our sales cycle can extend well beyond the three-month average for some customers. Customers often view a subscription to our products and services as a strategic decision and significant investment and, as a result, frequently require considerable time to evaluate, test and qualify our product offering prior to entering into or expanding a subscription. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which may not result in a sale. Additional factors that may influence the length and variability of our sales cycle include:
•the effectiveness of our sales force, in particular, new salespeople as we increase the size of our salesforce;
•the discretionary nature of procurement and budget cycles and decisions;
•the obstacles placed by a customer’s procurement process;
•economic conditions and other factors impacting customer budgets;
•customer evaluation of competing products during the purchasing process; and
•evolving customer demands.
Given these factors, it is difficult to predict whether and when a sale will be completed, and when revenue from a sale will be recognized, which may result in lower than expected revenue in any given period.
Our adoption strategies include offering MariaDB Community Server, and we may not be able to realize the benefits of this and related strategies.
Our company promotes MariaDB Community Server, a cost-free open-source database, to drive developer usage and adoption of our products and services. This version, however, lacks some features found in our paid subscription products like MariaDB Enterprise, which includes advanced features like MariaDB ColumnStore and MariaDB MaxScale. There is a risk that users of the free Community Server might not upgrade to our paid subscriptions. They may find the Community Server's capabilities adequate, leading them not to switch to, or to downgrade from, our paid offerings. Additionally, our marketing strategy partially relies on Community Server users advocating for our paid products within their organizations. If these users do not convert to, or encourage others to convert to, our paid services, the effectiveness of this strategy and our business growth and profitability could be adversely affected.
The open source MariaDB Community Server is available as a free-to-download product, which could negatively affect our ability to monetize and protect our products and intellectual property rights.
We make the MariaDB Community Server available for download under the GNU Public License v2, or GPLv2. Core parts of MariaDB Community Server are based on code owned by Oracle, but licensed mainly under GNU Public License v2 (GPLv2) and partly under Lesser/Library GPL v2 (LGPLv2 and, together with GPLv2, “Publicly Available Software”), which permits our use of such code. MariaDB Community Server is a free-to-download relational database that includes the core functionality developers need to get started with MariaDB but not all the plug-ins or services of our subscription-based and pay-as-you-go products. Per the terms of the license, our rights to use such code are not exclusive. Additionally, there are aspects of the code inside MariaDB Connectors that are based on code licensed under Publicly Available Software.
These open source licenses grant licensees broad freedom to view, use, copy, modify and redistribute the source code of MariaDB Community Server. Some commercial enterprises consider Publicly Available Software to be unsuitable for commercial use because of its “copyleft” requirement that further distribution of such software and modifications or adaptations to that software must be made available pursuant to the license as well. Anyone can obtain a free copy of the MariaDB Community Server from the internet, and we do not know who all of the licensees are nor do we have specific
visibility into how the MariaDB Community Server is being used. Competitors could develop modifications based on the MariaDB Community Server that compete with our products in the marketplace.
In addition to the MariaDB Community Server, we contribute other source code to open source projects under open source licenses and release internal software projects under open source licenses, and we anticipate doing so in the future. Because the source code for MariaDB Community Server and any other software we contribute to open source projects or distribute under open source licenses is publicly available, our ability to monetize and protect our intellectual property rights with respect to such source code may be limited or, in some cases, lost entirely.
Our decision to license source code to certain products under a source-available license, the Business Source License version 1.1, may harm the adoption of our source code for these products.
We offer some products, such as MariaDB MaxScale, under an alternative Business Source License (BSL). The BSL allows licensees to copy, modify, and redistribute the source code for non-commercial purposes. After a specified period, usually four years, the BSL automatically transitions to a GPL open-source license.
While we believe the BSL helps us manage the commercialization of these products' source code effectively and transparently, it is important to note that BSL is not recognized as an open-source license. This distinction may hinder the adoption of our source code for these products. A potential decrease in adoption could lead to reduced awareness of our brand and products, ultimately impacting our competitive position in the market negatively.
If we are not able to introduce new features or services successfully and to make enhancements to our software or services, our business and results of operations could be adversely affected.
Our ability to attract new customers and increase revenue from existing customers depends in part on our ability to enhance and improve our software and to introduce new features and services. To grow our business and remain competitive, we must continue to provide enhancements and new features that achieve market acceptance and that keep pace with rapid technological developments and the evolving needs of customers. The success of our products, enhancements or developments depends on several factors: our anticipation of market changes and demands and product features, including timely product introduction and conclusion, sufficient customer demand, cost effectiveness in our product development efforts and the proliferation of new technologies that are able to deliver competitive products and services at lower prices, more efficiently, more conveniently or more securely. In addition, because our software is designed to operate with a variety of systems, applications, data and devices, we will need to continuously modify and enhance our software to keep pace with changes in such systems. We may not be successful in developing these modifications and enhancements. Furthermore, the addition of features and solutions to our software will increase our research and development expenses. Any new features that we develop may not be introduced in a timely or cost-effective manner or may not achieve the market acceptance necessary to generate sufficient revenue to justify the related expenses. It is difficult to predict customer adoption of new features. Such uncertainty limits our ability to forecast our future results of operations and subjects us to a number of challenges, including our ability to plan for and model future growth. If we cannot address such uncertainties and successfully develop new features, enhance our software or otherwise overcome technological challenges and competing technologies, our business, results of operations and financial condition could be adversely affected.
We also offer professional services including consulting and training and must continually adapt to assist our customers in deploying our software in accordance with their specific IT strategies. If we cannot introduce new services or enhance our existing services to keep pace with changes in our customers’ deployment strategies, we may not be able to attract new customers, retain existing customers and expand their use of our software or secure renewal contracts, which are important for the future of our business.
Incorrect or improper implementation or use of our software could result in customer dissatisfaction and harm our business, results of operations, financial condition and growth prospects.
Our database software and related services are designed to be deployed in a wide variety of technology environments, including in large-scale, complex technology environments, and we believe our future success will depend at least in part on our ability to support such deployments. Implementations of our software may be technically complicated, and it may not be easy to maximize the value of our software without proper implementation and training. If our customers are unable to implement our software successfully or in a timely manner, customer perceptions of our company and our software may be impaired, our reputation and brand may suffer, and customers may choose not to renew their subscriptions or increase their subscriptions to our related services.
Our customers need regular training in the proper use of and the variety of benefits that can be derived from our software to maximize its potential. We often work with our customers to achieve successful implementations, particularly for large, complex deployments. Our failure to train customers on how to efficiently and effectively deploy and use our software, or our failure to provide effective support or professional services to our customers, whether actual or perceived, may result in negative publicity or legal actions against us. Also, as we continue to expand our customer base, any actual or perceived failure by us to properly provide these services will likely result in lost opportunities for follow-on subscriptions to our related services.
We rely upon third-party cloud providers to host our cloud-oriented products; any disruption of or interference with our use of third-party cloud providers would adversely affect our business, results of operations and financial condition.
Customers need to be able to access our platform at any time without interruption or degradation of performance, and we provide them with service-level commitments with respect to uptime. Third-party cloud providers run their own platforms that we access, and we are therefore vulnerable to their service interruptions. We may experience interruptions, delays and outages in service and availability from time to time due to problems with our third-party cloud providers’ infrastructure. Lack of availability of this infrastructure could be due to a number of potential causes, including technical failures, natural disasters, fraud, or security attacks that we cannot predict or prevent. If such events were to occur and we are unable to meet our service-level commitments, we may be obligated to provide customers with additional capacity, which could significantly impact our business, results of operations and financial condition. In some instances, it is possible that our customers and potential customers would hold us accountable for any breach of security affecting a third-party cloud provider’s infrastructure, and we may incur significant liability from those customers and third parties with respect to any breach affecting these systems. We may not be able to recover a material portion of our liabilities to our customers and third parties from a third-party cloud provider. It may also become increasingly difficult to maintain and improve our performance, especially during peak usage times, as our software becomes more complex and the usage of our software increases. Currently, we outsource substantially all the infrastructure relating to MariaDB Managed Database to AWS and Google Cloud to host our cloud-oriented database offering, so any of the above circumstances or events related to those parties or other third parties may harm our business, results of operations and financial condition.
Without significant investments in our sales and marketing organizations and improvements in our sales and marketing programs, we may be unable to add new customers or increase subscriptions to or keep existing customers at levels necessary to achieve and sustain growth.
Increasing our customer base and achieving broader market acceptance of our database products and related services will depend, to a significant extent, on our ability to effectively expand our sales and marketing operations and activities. We are substantially dependent on our direct sales force and our marketing efforts to obtain new customers and anticipate that we may need to expand these efforts both domestically and internationally in the future. We believe that there is significant competition for experienced sales professionals with the sales skills and technical knowledge that we require, particularly as we continue to target larger enterprises. Our ability to achieve significant revenue growth in the future will depend, in part, on our success in recruiting, training and retaining a sufficient number of experienced sales professionals. New hires require significant training and time before they achieve full productivity, particularly in new or developing territories. Any new hires may not become as productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future in the markets where we do business. Because of our limited operating history, we cannot predict whether, or to what extent, our sales will increase as we expand our subscriptions and marketing organization or how long it will take for sales personnel to become productive. Our business, results of operations and financial condition will be harmed if our sales and marketing efforts generate increases in revenue that are smaller than anticipated.
We rely on the performance of highly skilled personnel, including senior management and our engineering, professional services, sales and technology professionals; if we are unable to integrate, retain or motivate key personnel or hire, integrate, retain and motivate qualified personnel, our business would be harmed.
We believe our success depends on the efforts and talents of a strong senior management team and our highly skilled team members, including our sales personnel, client services personnel and software engineers. During the fiscal year ended September 30, 2023, we hired a new Chief Executive Officer, Chief Financial Officer, Chief Revenue Officer, Chief Technology Officer, and General Counsel, among other leadership changes. In addition to our full and part time employees, we also rely on third-party consultants to manage and grow our business. We do not maintain key man insurance on any of our executive officers or key personnel. From time to time, there may be additional changes in our
senior management team resulting from the termination or departure of executive officers and key personnel. Our senior management and key employees are employed on an at-will basis, which means that they could terminate their employment with us at any time. The loss of any of our senior management or key employees could adversely affect our ability to build on past efforts and to execute our business plan, and if there are departures we may not be able to find adequate replacements. We cannot ensure that we will be able to retain the services of any members of our senior management or other key personnel.
If we are unable to attract and retain personnel in cities where we are located, we may need to hire in other locations, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached their legal obligations, resulting in a diversion of our time and resources. In addition, prospective and existing employees often consider the value of equity awards they receive in connection with their employment. If the perceived value of our equity awards declines, experiences significant volatility, or increases such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to recruit and retain key employees.
If we fail to offer high-quality support, our business and reputation could suffer.
Our customers rely on our personnel for support of our software. High-quality support is important for the renewal and expansion of our agreements with existing customers. The importance of high-quality support will increase as we expand our business and pursue new customers. To the extent that we are unsuccessful in hiring, training and retaining adequate customer support personnel, our ability to provide adequate and timely support to our customers and our customers’ satisfaction with our products would be adversely affected. If we do not help our customers quickly resolve issues and provide effective ongoing support, our ability to sell new software to existing and new customers could suffer and our reputation with existing or potential customers could be harmed.
If we fail to meet our service-level commitments, our business, results of operations and financial condition could be adversely affected.
Our agreements with customers typically provide for service-level commitments. Our MariaDB Enterprise customers typically get service-level commitments with certain guaranteed response times and comprehensive 24x7x365 coverage. The complexity and quality of our customers’ implementation and the performance and availability of cloud services and cloud infrastructure are outside our control and, therefore, we are not in full control of whether we can meet these service-level commitments. Our business, results of operations and financial condition could be adversely affected if we fail to meet our service-level commitments for any reason. Any extended service outages could adversely affect our business, reputation and brand.
Interruptions or performance problems associated with our technology and infrastructure may adversely affect our business, results of operations and financial condition.
Our continued growth depends in part on the ability of our existing customers and new customers to access our software at any time and within an acceptable amount of time. We may experience service disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes or failures, human or software errors, malicious acts, terrorism or capacity constraints. Capacity constraints could be due to a number of potential causes, including technical failures, natural disasters, fraud or security attacks. In some instances, we may not be able to identify or remedy the causes of these performance problems within an acceptable period. It may become increasingly difficult to maintain and improve our performance as our software offerings and customer implementations become more complex. If our software is unavailable or if our customers are unable to access features of our software within a reasonable amount of time or at all, or if other performance problems occur, our business, results of operations and financial conditions may be adversely affected.
Social, ethical and security issues relating to the use of new and evolving technologies, such as artificial intelligence (“AI”), in our features, offerings or partnerships may result in reputational harm and liability.
Social, ethical and security issues relating to the use of new and evolving technologies, such as AI, in our business, including our offerings or partnerships, may result in reputational harm and liability, and may cause us to incur additional costs, including research and development, to resolve such issues. We are currently developing AI features to supplement
our core MariaDB Enterprise offerings. As with many innovations, AI presents risks and challenges that could affect its adoption, and therefore our business.
If we enable or offer solutions that draw controversy due to their perceived or actual impact on society, we may experience brand or reputational harm, competitive harm or legal liability. Potential government regulation related to AI use and ethics may also increase the burden and cost in this area, and failure to properly remediate AI usage or ethics issues may cause public confidence in AI to be undermined. Further, AI and machine learning may change the way our industry identifies and responds to cyber threats, and businesses that are slow to adopt or fail to adopt such new technologies may face a competitive disadvantage. The rapid evolution of AI and machine learning will require the application of resources to develop, test and maintain any potential offerings or partnerships to help ensure that we implement AI ethically in order to minimize unintended, harmful impact.
Unfavorable conditions in our industry or the global economy or reductions in information technology spending could limit our ability to grow our business and negatively affect our results of operations.
Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers. The revenue growth and potential profitability of our business depend on demand for database software and services generally and for our subscription offering and related services in particular. Current or future economic uncertainties or downturns could adversely affect our business, results of operations and financial condition. Negative conditions in the general economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, political turmoil, natural catastrophes, warfare and terrorist attacks on the United States, Europe, the Asia Pacific region or elsewhere, could cause a decrease in business investments, including spending on information technology, and negatively affect the growth of our business. To the extent our database software is perceived by customers and potential customers as costly or too difficult to deploy or migrate to, our revenue may be disproportionately affected by delays or reductions in general information technology spending. Also, competitors, many of whom are larger and more established than we are, may respond to market conditions by lowering prices and attempting to lure away our customers. In addition, the increased pace of consolidation in certain industries may result in reduced overall spending on our subscription offerings and related services. We cannot predict the timing, strength or duration of any economic slowdown, instability or recovery, generally or within any particular industry. If the economic conditions of the general economy or markets in which we operate worsen from present levels, our business, results of operations and financial condition could be adversely affected.
Any legal proceedings, claims against us or other disputes could be costly and time-consuming to defend.
We are and may in the future become subject to legal proceedings claims and disputes that arise from time to time, such as employment claims and claims relating to the prior provision of investment banking services, claims related to the loss of employee equity grants upon termination, securities class actions, or other claims related to volatility in the trading price of our Ordinary Shares. See Note 11 to our Consolidated Financial Statements for additional information regarding current litigation and claims.
A proceeding, claim or dispute can result in substantial costs and divert management’s attention and resources, including if the facts giving rise thereto precede senior management’s tenure with us. Such costs and diversion can seriously harm our business, financial condition, and results of operations. Insurance might not cover such claims, provide sufficient payments to cover all the costs to resolve one or more of such matters, or continue to be available on terms acceptable to us (including premium increases or the imposition of large deductible or co-insurance requirements). A claim brought against us that is uninsured or underinsured could result in unanticipated costs and insufficient funds to cover such a claim and related costs, potentially harming our business, financial position, and results of operations. In addition, we cannot be sure that our existing insurance coverage and coverage for errors and omissions will continue to be available on acceptable terms or that our insurers will not deny coverage as to any claim.
Our current operations are international in scope, and we plan further geographic expansion, creating a variety of operational challenges.
A component of our growth strategy involves the further expansion of our operations and customer base internationally. As of September 30, 2023, we have employees or utilize contractors in 28 different countries. The company’s primary geographic markets are North and South America (Americas), Europe, Middle East and Africa (“EMEA”) and Asia Pacific (“APAC”). We are continuing to adapt to and develop strategies to address international markets, but there is no guarantee that such efforts will have the desired effect. For example, we anticipate that we will need to broaden existing relationships or establish relationships with new partners in order to expand into certain countries, and if we fail to identify, establish and
maintain such relationships, we may be unable to execute on our expansion plans. We expect that our international activities will continue to grow for the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant dedication of management attention and financial resources.
Our current and future international business and operations involve a variety of risks, including:
•the regulatory and operational challenges of efficiently managing, as well as the increased costs associated with, a dispersed workforce of employees and contractors over large geographic distances, including with recruiting and retaining talent and implementing appropriate systems, policies, benefits and compliance programs that are specific to each jurisdiction;
•changes in a specific country’s or region’s political, economic or legal and regulatory environment, pandemics, tariffs, trade wars or long-term environmental risks;
•risks associated with trade and investment restrictions and foreign legal requirements, including regarding importation, exportation, certification and localization of our products and services in foreign countries;
•greater difficulty collecting accounts receivable and longer payment cycles;
•costs of compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations, including, but not limited to, laws and regulations governing our corporate governance, employees and contractors, product licenses, data privacy, data protection and data security regulations, particularly in the EU and China;
•unexpected changes in trade relations, regulations or laws;
•new, evolving and more stringent regulations and enforcement relating to foreign investments (such as CFIUS), privacy and data security and the unauthorized use of, or access to, commercial, technical, and personal information, particularly in connection with Europe and Asia;
•differing and potentially more onerous labor regulations, especially in Europe, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage, overtime and time off regulations in these locations;
•difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems and regulatory systems;
•increased travel, real estate, infrastructure and legal compliance costs associated with international operations;
•currency exchange rate fluctuations and the resulting effect on our revenue and expenses, and the cost and risk of entering into hedging transactions if we chose to do so in the future;
•limitations on our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries;
•laws and business practices favoring local competitors or general market preferences for local vendors;
•limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting or enforcing our intellectual property rights, including our trademarks and patents;
•political instability, warfare or terrorist activities;
•exposure to regional or global public health issues, pandemics or epidemics, such as the outbreak of the COVID-19 pandemic, that could result in decreased economic activity in certain markets, decreased use of our products and services, or in our decreased ability to import, export or sell our products and services to existing or new customers in international markets;
•exposure to liabilities under anti-corruption and anti-money laundering laws, including the FCPA, U.S. bribery laws, the U.K. Bribery Act and similar laws and regulations in other jurisdictions;
•burdens of complying with laws and regulations related to taxation; and
•regulations, adverse tax burdens and foreign exchange controls that could make it difficult to repatriate earnings and cash.
If we invest substantial time and resources to further expand our international operations and are unable to do so successfully and in a timely manner, our business, results of operations and financial condition will suffer.
If currency exchange rates fluctuate substantially in the future, our financial results, which are reported in U.S. dollars, could be adversely affected.
As we continue to solidify our international operations, we become more exposed to the effects of fluctuations in currency exchange rates. Often, contracts executed by our foreign operations are denominated in the currency of that country or region and, therefore, revenue generated from international operations can be subject to foreign currency risks. A strengthening of the U.S. dollar could increase the real cost of our subscription offerings and related services to our customers outside of the United States, adversely affecting our business, results of operations and financial condition. We
incur expenses for employee compensation and other operating expenses at our non-U.S. locations in the local currency. Fluctuations in the exchange rates between the U.S. dollar and other currencies could result in the dollar equivalent of such expenses being higher. This could have a negative impact on our reported results of operations. To date, we have not engaged in any hedging strategies, and any such strategies, such as forward contracts, options and foreign exchange swaps related to transaction exposures that we may implement in the future to mitigate this risk may not eliminate our exposure to foreign exchange fluctuations. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.
The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances. The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition, internal use software development costs, deferred commissions, fair value of stock-based compensation awards, fair value of acquired intangible assets and goodwill, useful lives of acquired intangible assets and property and equipment, and accounting for income taxes, accounting for liability of financial instruments, and the carrying value of operating lease right-of-use assets. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the market price of our securities.
Our business is subject to the risks of earthquakes, fire, floods and other natural catastrophic events, and to interruption by man-made problems, such as power disruptions, computer viruses, war, data security breaches, cyberattacks or terrorism.
Our corporate headquarters is located in Redwood City, California, and we have offices in a number of other locations. A significant natural disaster or man-made problem, such as an earthquake, fire, flood or an act of terrorism or war, occurring in any of these locations or where a business partner is located, could adversely affect our business, results of operations and financial condition. Further, if a natural disaster or man-made problem were to affect datacenters used by our cloud infrastructure service providers, this could adversely affect the ability of our customers to use our products. In addition, natural disasters and acts of terrorism or war could cause disruptions in our or our customers’ businesses, national economies or the world economy as a whole. In the event of a major disruption caused by a natural disaster or man-made problem, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our development activities, lengthy interruptions in service, breaches of data security and loss of critical data, any of which could adversely affect our business, results of operations and financial condition.
In addition, as computer malware, viruses, and computer hacking, fraudulent use attempts, phishing and other cyberattacks have become more prevalent, including attacks by state-sponsored organizations or sophisticated groups of hackers, we face increased risk from these activities to maintain the performance, reliability, security and availability of our subscription offerings and related services and technical infrastructure to the satisfaction of our customers, which may harm our reputation and our ability to retain existing customers and attract new customers.
Risks Related to Our Technology and Intellectual Property
Real or perceived errors, failures or bugs in our software could adversely affect our business, results of operations, financial condition and growth prospects.
Our software is complex, and therefore, undetected errors, failures or bugs have occurred in the past and may occur in the future. Our software is used in IT environments with different operating systems, system management software, applications, devices, databases, servers, storage, middleware, custom and third-party applications and equipment and networking configurations, which may cause errors or failures in the IT environment into which our software is deployed. This diversity increases the likelihood of errors or failures in those IT environments. Despite testing by us, real or perceived errors, failures or bugs may not be found until our customers use our software. Real or perceived errors, failures or bugs in our products could result in negative publicity, loss of or delay in market acceptance of our software and harm our brand, weakening of our competitive position, claims by customers for losses sustained by them or failure to meet the
stated service-level commitments in our customer agreements. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend significant additional resources in order to help correct the problem. Any errors, failures or bugs in our software could impair our ability to attract new customers, retain existing customers or expand their use of our software, which would adversely affect our business, results of operations and financial condition.
If our security measures, or those of our service providers or customers, are breached or unauthorized parties otherwise obtain access to our or our customers’ data or software, our products and services may be perceived as not being secure, customers may reduce or terminate their use of our products and services and we may face claims, litigation, regulatory investigations, significant liability and reputational damage.
We collect, use, store, transmit and process data as part of our business operations, including personal data for our customers in and across multiple jurisdictions. We also use third-party service providers to collect, use, store, transmit, maintain and otherwise process such information. Increasingly, a variety of cyber threats have become more prevalent in our industry and our customers’ industries.
With our employees and many employees of third-party service providers working remotely, we may be exposed to increased risks of security breaches or incidents. Security incidents could result in unauthorized access to, damage to, misuse of, disclosure of, modification of, destruction of or loss of our data or customer data (including personal data), software or systems, or disrupt our ability to provide our products and services. Any actual or perceived security incident could interrupt our operations, harm our reputation and brand, result in significant remediation and cybersecurity protection costs, result in lost revenue, lead to regulatory investigations and orders, litigation, disputes, indemnity obligations, damages for breach of contract, penalties for violation of applicable laws and regulations and other legal risks, increase our insurance premiums, and result in any other financial exposure.
We have taken steps to protect the data on our systems and IT infrastructure, but no security measures can protect against all anticipated risks with certainty, and our security measures or those of our customers or third-party service providers could be breached as a result of third-party action, employee or user errors, technological limitations, defects or vulnerabilities in our systems or offerings or those of our third-party service providers, malfeasance, fraud, computer malware, viruses, cyber incidents, or from accidental technological failure or otherwise. We have experienced and may continue to experience security incidents and attacks of varying degrees from time to time.
We may need to enhance the security of our products and services, our data, our systems and our internal IT infrastructure, which may require additional resources and substantial costs and may not be successful. We have developed systems and processes to protect the integrity, confidentiality, availability and security of our data and software, but our security measures or those of our customers or third-party service providers may not mitigate against current or future security threats and could result in unauthorized access to, damage to, disablement or encryption of, use or misuse of, disclosure of, modification of, destruction of or loss of such data and software. Through contractual provisions and third-party risk management processes, we take steps to require that our third-party providers and their subcontractors protect our data, but because we do not control our third-party service providers and our ability to monitor their data security is limited, we cannot ensure the security measures they take will be sufficient to protect our data. A vulnerability in a third-party provider’s or a customer’s software or systems, a failure of our customers’ or third-party providers’ safeguards, policies or procedures or a breach of a customer’s or third-party provider’s software or systems could result in the compromise of the confidentiality, integrity or availability of our systems or the data housed in our third-party solutions. Further, because there are many different security breach techniques, which can originate from a wide variety of sources, including outside groups (such as external service providers, organized crime affiliates, terrorist organizations, or hostile foreign governments or agencies), and such techniques continue to evolve, including through the use of AI to launch more automated, targeted and coordinated attacks, and may not be not detected until after an incident has occurred, we may be unable to implement adequate preventative measures, anticipate or prevent attempted security breaches or other security incidents or react in a timely manner. Even when a security breach or incident is detected, the full extent of the breach or incident may not be determined immediately. The costs to us to mitigate technological failures, bugs, viruses, computer malware and security vulnerabilities could be significant and, while we have implemented security measures to protect our systems and IT infrastructure, our efforts to address these problems may not be successful.
Many governments have enacted laws requiring companies to notify individuals of data security incidents or unauthorized transfers involving certain types of personal data. Accordingly, security incidents that we, our competitors, our customers or our third-party service providers experience may lead to negative publicity and harm our reputation.
Any security breach or other security incident that we or our third-party service providers experience, or the perception that one has occurred, could result in a loss of customer confidence in the security of our products and services, harm our reputation and brand, reduce the demand for our products and services, disrupt normal business operations, require us to spend material resources to investigate or correct the breach and to prevent future security breaches and incidents or expose us to legal liabilities, including claims, litigation, regulatory enforcement and orders, investigations, indemnity obligations, significant costs for remediation, any of which could adversely affect our operations. Moreover, our insurance coverage, subject to applicable deductibles, may not be adequate for liabilities incurred or cover any indemnification claims against us relating to any security incident or breach or an insurer may deny or exclude from coverage certain types of claims. In addition, our remediation efforts may not be successful. We cannot ensure that any limitation of liability provisions in our customer, partner, vendor and other contracts would be enforceable or adequate with respect to any security lapse or breach or other security incident or would otherwise protect us from any liabilities or damages with respect to any particular claim. These risks may increase as we continue to grow and evolve our offerings to collect, host, process, store and transmit increasing volumes of data. In addition, these risks may increase if the type of data that we collect, host, process, store and transmit increasingly include sensitive and regulated data, such as protected health information or credit card information.
Because our software and services could be used to collect and store personal information, domestic and international privacy concerns could result in additional costs and liabilities to us or inhibit subscriptions to our products and services.
Our operations involve the collection, use, retention, processing and transfer of data, including the personal data of our customers. Consequently, we are subject to complex and evolving U.S., U.K., European, Asian and other jurisdictions’ laws, rules, regulations, orders and directives (referred to as “privacy laws”), where we offer our software and services. The regulatory framework for privacy issues worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future. Many federal, state and foreign government bodies and agencies have adopted or are considering adopting laws, rules and regulations regarding the collection, use, storage and disclosure of personal information and breach notification procedures. Our customers who are located all over the world can use our software and services to collect, process and store personal information. Interpretation of these laws, rules and regulations and their application to our software and professional services in the United States and foreign jurisdictions is ongoing and cannot be fully determined at this time.
Any failure, or perceived failure, by us to comply with any applicable privacy laws in one or more jurisdictions could result in proceedings or actions against us by governmental entities or others, including class action privacy litigation in certain jurisdictions, leading to significant fines, penalties, judgments and reputational damage to us, changes to our business practices and increased costs and complexity of compliance, any of which could materially and adversely affect our business, financial condition, results of operations and prospects.
In the United States, these include rules and regulations promulgated under the authority of the Federal Trade Commission, the Electronic Communications Privacy Act, Computer Fraud and Abuse Act, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, the Gramm Leach Bliley Act and state laws relating to privacy and data security. Internationally, virtually every jurisdiction in which we operate has established its own data security and privacy legal framework with which we or our customers must comply, including but not limited to the United Kingdom and the EU.
The EU’s data protection landscape could result in significant operational costs for internal compliance and risk to our business. The EU has adopted the General Data Protection Regulation, or GDPR, and together with national legislation, regulations and guidelines of EU member states, contains numerous requirements with increased jurisdictional reach of the European Commission, more robust obligations on data processors and additional requirements for data protection compliance programs by companies. EU member states are tasked under the GDPR to enact, and have enacted, certain legislation that adds to or further interprets the GDPR requirements and potentially extends our obligations and potential liability for failing to meet such obligations. Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to the United States as well as other third countries that have not been found to provide adequate protection to such personal data. The GDPR provides greater control for data subjects (for example, the “right to be forgotten”), increased data portability for EU consumers, data breach notification requirements and increased fines. In particular, under the GDPR, fines of up to 20 million euros or 4% of the annual global revenue of the noncompliant company, whichever is greater, could be imposed for violations of certain of the GDPR’s requirements. Such penalties are in addition to any civil litigation claims by customers and data subjects. The GDPR requirements apply not only to third-party transactions, but also to transfers of information between us and our subsidiaries, including employee information.
While we have taken steps to mitigate the impact on us with respect to transfers of data, the efficacy and longevity of these transfer mechanisms remains uncertain. The occurrence of unanticipated events and development of evolving technologies
often rapidly drives the adoption of legislation or regulation affecting the use, collection or other processing of data and the manner in which we conduct our business.
The GDPR imposes strict rules on the transfer of personal data out of the EU to a “third country,” including the United States. These obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other requirements or our practices. The Court of Justice of the European Union, or CJEU, on July 16, 2020 invalidated the EU-U.S. Privacy Shield framework, which provided companies with a mechanism to comply with data protection requirements when transferring personal data from the EU to the United States, on the grounds that the Privacy Shield had failed to offer adequate protections to EU personal data transferred to the United States.
In addition, the CJEU imposed additional obligations on companies when relying on standard contractual clauses approved by the European Commission (a standard form of contract used as an adequate personal data transfer mechanism, and potential alternative to the Privacy Shield), making it clear that reliance on them alone may not necessarily be sufficient in all circumstances.
Use of the standard contractual clauses must now be assessed on a case-by-case basis taking into account the legal regime applicable in the destination country, in particular applicable surveillance laws and rights of individuals. The use of standard contractual clauses for the transfer of personal data specifically to the United States remains under review by a number of European data protection supervisory authorities, along with those of some other EU member states. German and Irish supervisory authorities have indicated, and enforced in recent rulings, that the standard contractual clauses alone provide inadequate protections for EU – U.S. data transfers. On August 10, 2020, the U.S. Department of Commerce and the European Commission announced new discussions to evaluate the potential for an enhanced EU – U.S. Privacy Shield framework to comply with the July 16, 2020 judgment of the CJEU.
Further, on June 7, 2021, the European Commission published new versions of the standard contractual clauses, or the “SCCs,” for comment. This creates an additional compliance obligation on our business, as new contracts need to incorporate the new SCCs and existing contracts using the old SCCs need to be amended to incorporate the new SCCs within the 18-month time period designated by the European Commission. As of September 27, 2021, organizations must use the new SCCs when entering into new contracts. Furthermore, organizations were required to update existing contracts by December 27, 2022, to incorporate the new SCCs and take appropriate measures to comply with any requirements arising from such new SCCs.
On March 25, 2022, the European Commission and the United States announced that they have agreed in principle on a new Trans-Atlantic Data Privacy Framework, which must now be transcribed into legal text that will form the basis of a draft adequacy decision to be proposed by the European Commission.
The foregoing places additional onerous obligations on us, which has and will continue to result in increased costs and changes in business practices and policies to comply with these various obligations.
The Swiss Federal Data Protection and Information Commissioner also has stated that it no longer considers the Swiss-U.S. Privacy Shield adequate for the purposes of personal data transfers from Switzerland to the United States. The United Kingdom’s decision to exit from the EU created a need for the U.K. to adopt its own data privacy laws and regulations, which have sometimes led to an absence of clearly applicable U.K. law where the U.K.’s timeline for creating laws and regulations lagged behind the EU. For example, in the U.K., the Data Protection Act contains provisions, including its own derogations, for how the GDPR is applied in the U.K. We have to comply with the GDPR and also the U.K.’s Data Protection Act. We may be required to take additional steps to legitimize any personal data transfers impacted by these or other developments and be subject to increasing costs of compliance and limitations on our customers and us. More generally, we may find it necessary or desirable to modify our data handling practices, and the CJEU decision or other legal challenges relating to cross-border data transfer may serve as a basis for our personal data handling practices, or those of our customers and vendors, to be challenged and may otherwise adversely affect our business, results of operations and financial condition.
On June 28, 2021, the European Commission issued the U.K. with an “adequacy decision” to facilitate the continued free flow of personal data from EU member states to the U.K. However, this adequacy decision has a limited duration of four years in case there is a future divergence between EU and U.K. data protection laws. In the event that the U.K. maintains an equivalent standard at the end of the four-year period, it is open to the European Commission to renew its finding. In the event that the adequacy decision is not renewed after this time, the adjustments required to facilitate data transfers from EU
member states to the U.K. may lead to additional costs as we try to ensure compliance with new privacy legislation and will increase our overall risk exposure.
We are also subject to evolving EU privacy laws on cookies and e-marketing. In the EU, regulators are increasingly focusing on compliance with requirements in the online behavioral advertising ecosystem, and an EU regulation known as ePrivacy Regulation will significantly increase fines for non-compliance once in effect. In the EU, informed consent, including a prohibition on pre-checked consents and a requirement to ensure separate consents for each cookie, is required for the placement of a cookie or similar technologies on a user’s device and for direct electronic marketing. As regulators start to enforce the strict approach in recent guidance, this could lead to substantial costs, require significant system changes, limit the effectiveness of our marketing activities, divert the attention of our technology personnel, negatively impact our efforts to understand customers, adversely affect our margins, increase costs, and subject us to additional liabilities.
In August 2021, China passed its Personal Information Protection Law, or PIPL, which became effective in November 2021. PIPL provides a comprehensive set of rules for how business operators should collect, use, process, share and transfer personal data, and for companies that are certified as critical information infrastructure operators, require personal data to be stored on servers physically located in China. PIPL extends to data processing activities outside China if the purpose is to provide products or services to individuals located in China or to analyze or assess the behaviors of individuals located in China. PIPL includes monetary penalties for noncompliance, which include 5% of a company’s previous year’s revenues and the potential for a company’s business license to be revoked. It is unclear how PIPL will be interpreted and applied and its impact on our operations. We may find it necessary or desirable to modify our data handling practices, create policies or procedures, enter into certain contractual agreements, adopt additional data transfer mechanisms, implement increased security measures, modify our operations, or take any other legal or business steps to comply with PIPL to the extent it is deemed to apply to any parts of our business or data processing.
In addition, domestic data privacy laws at the state and local level continue to evolve and could require us to modify our data processing practices and policies and expose us to further regulatory or operational burdens. For example, the California Consumer Privacy Act (“CCPA”) took effect in January 2020 and was subsequently modified by the California Privacy Rights Act (“CPRA”), which took effect in January 2023. The CCPA imposes obligations on companies that process California residents’ personal information, including an obligation to provide certain new disclosures to such residents and creates new consumer rights. The CCPA provides for civil penalties for violations, as well as a private right of action for certain data breaches that result in the loss of personal information. This private right of action may increase the likelihood of, and risks associated with, data breach litigation. The CPRA also created a new state agency vested with authority to implement and enforce the CCPA and the CPRA. Additionally, other states, including Colorado, Connecticut, Indiana, Iowa, Tennessee, Utah, Montana, Florida, Oregon, Texas and Virginia, have enacted privacy laws that have gone into effect or will go into effect in the coming years. While these new privacy laws may share similarities with each other, they differ in many ways and we must comply with each if our operations fall within their scopes. Similar laws have been proposed in other states and at the federal level. We expect that existing and any new legislation will continue to add additional complexity and potential legal risk, require additional investment of resources in compliance programs, impact strategies and the availability of previously useful data and could result in increased compliance costs or changes in business practices and policies.
Complying with these laws, regulations, amendments to or re-interpretations of existing laws and regulations and contractual or other obligations relating to data privacy, security, protection, transfer, localization and information security may require us to make changes to our products and services to enable us or our customers to meet new legal requirements, incur substantial operational costs, modify our data practices and policies and restrict our business operations. In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards, and our customers may expect us to meet certain voluntary certification and other standards established by such third parties. Any actual or perceived failure by us to comply with these laws, regulations or other obligations or standards may lead to significant fines, penalties, regulatory investigations, lawsuits, significant costs for remediation, damage to our reputation or other liabilities. Additionally, because the interpretation and application of many data privacy, security and protection laws along with contractually imposed industry standards are uncertain, it is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our products and services. If so, in addition to the possibility of fines, lawsuits, regulatory enforcement or orders, investigations, imprisonment of company employees and public censure, other claims and penalties, significant costs for remediation and damage to our reputation, we could be required to fundamentally change our business activities and practices or modify our services and product capabilities, any of which could require significant additional expense and
have an adverse effect on our business, including impacting our ability to innovate, delaying our product development roadmap and adversely affecting our relationships with customers and our ability to effectively compete.
Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, rules, standards, contractual obligations, policies and other obligations related to privacy, data protection and security- that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our products and services. Privacy concerns, whether valid or not valid, may inhibit market adoption of our products and services, particularly in certain industries and foreign countries.
We could incur substantial costs in protecting or defending our intellectual property rights, and any failure to protect our intellectual property rights could reduce the value of our software and brand.
Our success and ability to compete depend in part upon our intellectual property rights. As of September 30, 2023, we have five issued patents. We cannot assure you that such patents will be adequate to protect our business. We primarily rely on copyright, trademark laws, trade secret protection and confidentiality or other contractual arrangements with our employees, customers, partners and others to protect our intellectual property rights. However, the steps we take to protect our intellectual property rights may not be adequate. For instance, in order to protect our intellectual property rights, we may be required to spend significant resources to establish, monitor and enforce such rights. Litigation brought to enforce our intellectual property rights could be costly, time-consuming and distracting to management and could be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights, which may result in the impairment or loss of portions of our intellectual property. The laws of some foreign countries generally do not protect our intellectual property rights to the same extent as the laws of the United States, and effective intellectual property protection and mechanisms may not be available in those jurisdictions. We may need to expend additional resources to defend our intellectual property in these countries, and our inability to do so could impair our business or adversely affect our international expansion. Even if we are able to secure our intellectual property rights, there can be no assurances that such rights will provide us with competitive advantages or distinguish our products and services from those of our competitors or that our competitors will not independently develop similar technology. In addition, we regularly contribute source code under open source licenses and have made some of our own software available under open source licenses, and we include third-party open source software in our products. Because the source code for any software we contribute to open source projects or distribute under open source licenses is publicly available, our ability to protect our intellectual property rights with respect to such source code may be limited or lost entirely. In addition, from time to time, we may face claims from third parties claiming ownership of, or demanding release of, the software or derivative works that we have developed using third-party open source software, which could include our proprietary source code, or otherwise seeking to enforce the terms of the applicable open source license.
In addition, while we generally enter into confidentiality agreements with our employees and third parties to protect our trade secrets and other proprietary information, such confidentiality agreements could be breached. Similarly, while we seek to enter into agreements with all of our employees and applicable third parties who develop intellectual property during their work for us to assign the rights in such intellectual property to us, we may fail to enter into such agreements with all relevant employees and applicable third parties, such agreements may be breached or may not be self-executing, and we may be subject to claims that such persons misappropriated relevant rights from their previous employers or contractors. Accordingly, we cannot guarantee that the steps we have taken to protect our intellectual property will be adequate to prevent infringement of our rights or misappropriation of our technology, trade secrets or know-how, that we have secured, or will be able to secure, appropriate permissions or protections for all of the intellectual property rights we use or claim rights to, or that third parties will not terminate our license rights.
Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.
Our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, damages caused by us to property or persons, or other liabilities relating to or arising from our software, services or other contractual obligations. Large indemnity payments could harm our business, results of operations and financial condition. Although we attempt to limit our indemnity obligations, we may still incur substantial liability related to them. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer, other existing customers and new customers and harm our business, results of operations and financial condition.
Our software incorporates third-party open source software, which could negatively affect our ability to sell our products and subject us to possible litigation.
Our software includes third-party open source software, and we intend to continue to incorporate third-party open source software in our products in the future. There is a risk that the use of third-party open source software in our software could impose conditions or restrictions on our ability to monetize our software. Some open source licenses require licensees who distribute software containing, linking to or derived from open source software to make publicly available the source code of such distributed software (which in some circumstances could be valuable proprietary code), license our software for free or permit others to make derivative works based on such software. Although we monitor the incorporation of open source software into our products to avoid such restrictions, we cannot be certain that we have not incorporated open source software in our products in a manner that is inconsistent with our licensing model. Certain open source projects also include other open source software and there is a risk that those dependent open source libraries may be subject to inconsistent licensing terms. This could create further uncertainties as to the governing terms for the open source software we incorporate.
In addition, the terms of certain open source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that open source software licenses could be construed in a manner that imposes unanticipated restrictions or conditions on our use of such software. Additionally, we may from time to time face claims from third parties claiming ownership of, or demanding release of, the software or derivative works that we developed using such open source software, which could include proprietary portions of our source code, or otherwise seeking to enforce the terms of the open source licenses. These claims could result in litigation and could require us to make those proprietary portions of our source code freely available, purchase a costly license or cease offering the implicated software or services unless and until we can re-engineer them to avoid infringement. This re-engineering process could require significant additional research and development resources, and we may not be able to complete it successfully.
In addition to risks related to license requirements, use of third-party open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties. In addition, licensors of open source software included in our offerings may, from time to time, modify the terms of their license agreements in such a manner that those license terms may become incompatible with our licensing model, and thus could, among other consequences, prevent us from incorporating the software subject to the modified license.
Any of these risks could be difficult to eliminate or manage, and if not addressed, could have a negative effect on our business, results of operations and financial condition.
We depend and rely upon software-as-a-service, or SaaS, technologies from third parties to operate our business, and interruptions or performance problems with these technologies may adversely affect our business, results of operations and financial condition.
We rely on hosted SaaS applications from third parties in order to operate critical functions of our business, including enterprise resource planning, order management, contract management billing, project management, and accounting and other operational activities. We enter into contractual arrangements for these SaaS applications on standard terms and conditions with such third-party providers. If these services become unavailable due to extended outages, interruptions or because they are no longer available on commercially reasonable terms, our expenses could increase, our ability to manage finances could be interrupted and our processes for managing subscriptions to our products and supporting our customers could be impaired until alternative services are identified, obtained and implemented, all of which could adversely affect our business, results of operations and financial condition.
We may be subject to intellectual property rights claims by third parties, which may be costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.
Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks and trade secrets and frequently enter into litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. We have in the past and may in the future be subject to claims that we have misappropriated, misused or infringed the intellectual property rights of our competitors, non-practicing entities or other third parties. This risk is exacerbated by the fact that our software incorporates third-party open source software.
Any intellectual property claims, with or without merit, could be very time-consuming and expensive and could divert our management’s attention and other resources. The litigation process is subject to inherent uncertainties, and we may not prevail in litigation matters regardless of the merits of our position. These claims could also subject us to significant liability for damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights. These claims could also result in our having to stop using technology found to be in violation of a third party’s rights, some of which we have invested considerable effort and time to bring to market. We might be required to seek a license for the intellectual property, which may not be available on reasonable terms or at all. Even if a license is available, we could be required to pay significant royalties, which would increase our operating expenses. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort and expense. If we cannot license or develop technology for any aspect of our business that may ultimately be determined to infringe on the intellectual property rights of another party, we could be forced to limit or stop subscriptions to our software and may be unable to compete effectively. Any of these results would adversely affect our business, results of operations and financial condition.
Risks Related to Government Regulations
Changes in laws and regulations related to the internet or changes in the internet infrastructure itself may diminish the demand for our software and could have a negative impact on our business.
The future success of our business, particularly for any cloud-oriented products, depends upon the continued use of the internet as a primary medium for commerce, communication and business applications. Federal, state or foreign government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting the use of the internet as a commercial medium. Changes in these laws or regulations could require us to modify our software in order to comply with these changes. In addition, government agencies or private organizations may begin to impose taxes, fees or other charges for accessing the internet or commerce conducted via the internet. These laws or charges could limit the growth of internet-related commerce or communications generally, resulting in reductions in the demand for internet-based solutions such as ours.
In addition, the use of the internet as a business tool could be adversely affected due to delays in the development or adoption of new standards and protocols to handle increased demands of internet activity, security, reliability, cost, ease of use, accessibility and quality of service. The performance of the internet and its acceptance as a business tool have been adversely affected by “ransomware,” “viruses,” “worms,” “malware,” “phishing attacks,” “data breaches” and similar malicious programs, behavior and events, and the internet has experienced a variety of outages and other delays as a result of damage to portions of its infrastructure. If the use of the internet is adversely affected by these issues, demand for our subscription offerings and related services could suffer.
Failure to comply with anti-bribery, anti-corruption and anti-money laundering laws could subject us to penalties and other adverse consequences.
We are subject to the U.S. Foreign Corrupt Practices Act of 1977, as amended, or FCPA, U.S. Travel Act, the U.K. Bribery Act, or Bribery Act, and other anti-corruption, anti-bribery and anti-money laundering laws in various jurisdictions around the world. The FCPA, Bribery Act and similar applicable laws generally prohibit companies, their officers, directors, employees and third-party intermediaries, business partners, and agents from making improper payments or providing other improper things of value to government officials or other persons. We and our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and other third parties where we may be held liable for the corrupt or other illegal activities of these third-party business partners and intermediaries, our employees, representatives, contractors, resellers, and agents, even if we do not explicitly authorize such activities. While we have policies and procedures and internal controls to address compliance with such laws, we cannot assure you that all of our employees and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. To the extent that we learn that any of our employees, third-party intermediaries, agents or business partners do not adhere to our policies, procedures, or internal controls, we are committed to taking appropriate remedial action. In the event that we believe or have reason to believe that our directors, officers, employees, third-party intermediaries, agents or business partners have or may have violated such laws, we may be required to investigate or have outside counsel investigate the relevant facts and circumstances. Detecting, investigating and resolving actual or alleged violations can be extensive and require a significant diversion of time, resources and attention from senior management. Any violation of the FCPA, Bribery Act, or other applicable anti-bribery, anti-corruption laws and anti-money laundering laws could result in whistleblower complaints, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, fines and penalties or suspension or debarment
from U.S. government contracts, all of which may have a material adverse effect on our reputation, business, results of operations, financial condition and growth prospects.
Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations.
We are expanding our international operations to better support our growth into international markets. Our corporate structure and associated transfer pricing policies contemplate future growth in international markets, and consider the functions, risks and assets of the various entities involved in intercompany transactions. The amount of taxes we pay in different jurisdictions depends on the application of the tax laws of various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions pursuant to our intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax changes, higher effective tax rates, reduced cash flows, and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency.
We track certain operational metrics with internal systems and tools and do not independently verify such metrics. Certain of our operational metrics are subject to inherent challenges in measurement, and any real or perceived inaccuracies in such metrics may adversely affect our business and reputation.
We track certain operational metrics, including annualized recurring revenue (“ARR”) and net revenue retention rate, and non-GAAP metrics, such as Adjusted EBITDA and Adjusted EBITDA Margin. These operational metrics are tracked with internal systems and tools that are not independently verified by any third party and which may differ from estimates or similar metrics published by third parties due to differences in sources, methodologies, or assumptions on which a party relies. Our internal systems and tools have a number of limitations, and our methodologies for tracking these metrics may change over time, which could result in unexpected changes to our metrics, including the metrics we publicly disclose. If the internal systems and tools we use to track these metrics undercount or overcount performance or contain algorithmic or other technical errors or incorrect assumptions, the data we report may not be accurate. While these numbers are based on what we believe to be reasonable estimates of our metrics for the applicable period of measurement, there are inherent challenges in measuring these metrics. In addition, limitations or errors with respect to how we measure data or with respect to the data that we measure may affect our understanding of certain details of our business, which could affect our long-term strategies. If our operational metrics are not accurate representations of our business, if investors do not perceive our operational metrics to be accurate, or if we discover material inaccuracies with respect to these figures, we expect that our business, reputation, financial condition, and results of operations would be adversely affected.
If we fail to maintain an effective system of disclosure controls and procedures and internal control over financial reporting, our ability to produce timely and accurate financial statements and company disclosures or comply with applicable regulations could be impaired.
We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act and the NYSE listing rules and regulations. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting and financial compliance costs, make some activities more difficult, time-consuming and costly, and place significant strain on our personnel, systems and resources.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. We are also continuing to improve our internal control over financial reporting. As of the end of the quarters ended March 31, 2023 and June 30, 2023, we determined that our disclosure controls and procedures were not effective due to a significant deficiency in our internal control over financial reporting and took remedial measures to correct such deficiency, as described in Part I, Item 4 of our quarterly reports on Form 10-Q for the periods ended March 31, 2023 and June 30, 2023. In addition, as of the quarter ended September 30, 2023, we determined that our disclosure controls and procedures and internal control over financial reporting were not effective due to material
weaknesses in our internal control over financial reporting and are taking remedial measures to correct such weaknesses, as described in Part II, Item 9A of this Annual Report on Form 10-K. In order to continue to improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight. We have taken and are taking actions to remediate the material weaknesses, including hiring a new Chief Financial Officer and additional experienced finance staff, and implementing redesigned and enhanced control procedures.
Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, weaknesses in our disclosure controls and procedures and internal control over financial reporting may be discovered in the future. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will be required to include in our periodic reports that will be filed with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our securities. In addition, if we are unable to meet these requirements, we may not be able to remain listed on the NYSE.
Our independent registered public accounting firm is not required to formally attest to the effectiveness of our internal control over financial reporting until after we are no longer an “emerging growth company” as defined in the JOBS Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed or operating. Any failure to maintain effective disclosure controls and internal control over financial reporting could have an adverse effect on our business and results of operations and could cause a decline in the price of our securities.
We are a multinational organization faced with increasingly complex tax issues in many jurisdictions, and we could be obligated to pay additional taxes in various jurisdictions.
As a multinational organization, we may be subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws or revised interpretations of existing tax laws and precedents, which could have a material adverse effect on our liquidity and results of operations. In addition, the authorities in these jurisdictions could review our tax returns and impose additional tax, interest and penalties, and the authorities could claim that various withholding requirements apply to us or our subsidiaries or assert that benefits of tax treaties are not available to us or our subsidiaries, any of which could have a material impact on us and the results of our operations.
We engage our team members in various ways, including direct hires, through professional employer organizations (“PEOs”), and as independent contractors. As a result of these methods of engagement, we face certain challenges and risks that can affect our business, operations, and financial condition.
In the locations where we directly hire our team members into one of our entities, we must comply with the applicable local laws governing team members in those jurisdictions, including local employment and tax laws. In the locations where we utilize PEOs, we contract with the PEO for it to serve as “employer of record,” where the team members are employed by the PEO but provide services to us. In all locations where we utilize PEOs, we rely on those PEOs to comply with local employment laws and regulations. Additionally, in certain jurisdictions, we contract directly with team members who are independent contractors.
In jurisdictions where we engage team members through a PEO, we may not be using the appropriate hiring model needed to be compliant with tax and employment laws in that jurisdiction. Additionally, the agreements executed between PEOs and our team members may not be enforceable depending on local laws because of the indirect relationship created through this engagement model. There is a risk that we may be subject to significant monetary liabilities arising from fines or judgments as a result of actual or alleged non-compliance with federal, state or foreign tax laws or if a PEO through which we engage team members fails to comply with local law. Accordingly, if our engagement of team members through PEOs was successfully challenged as being non-compliant with tax or employment laws in a jurisdiction, or a federal, state or foreign jurisdiction enacts legislation or adopts regulations that change the manner in which employees and independent contractors are classified or makes an adverse determination with respect to some or all of our PEO arrangements, we could
incur significant costs, including for prior periods. Furthermore, adverse action on litigation related to our model of engaging some team members through PEOs, if instituted against us, could result in substantial costs and divert our management’s attention and resources from our business. Such challenges or changes to our hiring model could materially adversely affect our business, financial condition and results of operations.
In jurisdictions where we engage team members directly as independent contractors, there is a risk that the Internal Revenue Service (“IRS”) or another federal, state or foreign regulatory authority will take a different view. The tests governing the determination of whether an individual is considered to be an independent contractor or an employee are typically fact sensitive and vary from jurisdiction to jurisdiction. Laws and regulations that govern the status and misclassification of independent contractors are subject to change or interpretation by various authorities. If a federal, state or foreign authority or court enacts legislation or adopts regulations or rulings that change the manner in which employees and independent contractors are classified or makes any adverse determination with respect to some or all of our independent contractors, we could incur significant costs under such laws and regulations, including for prior periods, in respect of tax withholding, social security taxes or payments, workers’ compensation and unemployment contributions, and recordkeeping, or we may be required to modify our business model, any of which could materially adversely affect our business, financial condition and results of operations. There is also a risk that we may be subject to significant monetary liabilities arising from fines or judgments as a result of any such actual or alleged non-compliance with federal, state or foreign tax and employment laws. Further, if it were determined that any of our independent contractors should be treated as employees, we could incur additional liabilities under our applicable employee benefit plans.
The enactment of legislation implementing changes in U.S. taxation of international business activities or the adoption of other tax reform policies could materially impact our results of operations.
Changes to U.S. tax laws, including limitations on the ability of taxpayers to claim and utilize foreign tax credits and the deferral of certain tax deductions until earnings outside of the United States are repatriated to the United States, as well as changes to U.S. tax laws that may be enacted in the future, could impact the tax treatment of our foreign earnings. Due to expansion of our international business activities, any changes in the U.S. taxation of such activities may increase our worldwide effective tax rate and adversely affect our financial position and results of operations.
Potential tax reform in the United States may result in significant changes to United States federal income taxation law, including changes to the U.S. federal income taxation of corporations or changes to the U.S. federal income taxation of shareholders in U.S. corporations, including investors in our securities. We are unable to predict whether such changes will occur and, if so, the impact of such changes, including on the U.S. federal income tax considerations relating to the purchase, ownership and disposition of our Ordinary Shares.
Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value added or similar taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operations.
We collect sales and value-added tax in connection with our products and services in a number of jurisdictions, both in the United States and internationally. One or more states or countries may seek to impose incremental or new sales, use or other tax collection obligations on us, including for past sales by us or our resellers and other partners. A successful assertion by a state, country or other jurisdiction that we should have been or should be collecting additional sales, use, or other taxes on our cloud services could, among other things, result in substantial tax liabilities for past sales, create significant administrative burdens for us, discourage users from subscribing to our products or otherwise harm our business, results of operations and financial condition.
We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate the controls.
Our offerings are subject to United States export controls, and we incorporate encryption technology into certain of our offerings. These encryption offerings and the underlying technology may be exported outside of the United States only with the required export authorizations, including by license.
Furthermore, our activities are subject to the U.S. economic sanctions laws and regulations that prohibit the shipment of certain products and services without the required export authorizations or export to countries, governments and persons targeted by U.S. sanctions. While we take precautions to prevent our offerings from being exported in violation of these laws, including obtaining authorizations for our encryption offerings, implementing IP address blocking and screenings
against U.S. Government and international lists of restricted and prohibited persons, we cannot guarantee that the precautions we take will prevent violations of export control and sanctions laws.
Also, various countries, in addition to the United States, regulate the import and export of certain encryption and other technology, including import and export permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our offerings or could limit our customers’ ability to implement our offerings in those countries. Changes in our offerings or future changes in export and import regulations may create delays in the introduction of our offerings in international markets, prevent our customers with international operations from deploying our offerings globally or, in some cases, prevent the export or import of our offerings to certain countries, governments, or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our offerings by, or in our decreased ability to export or sell our offerings to, existing or potential customers with international operations. Any decreased use of our offerings or limitation on our ability to export or sell our offerings would likely adversely affect our business operations and financial results.
Geopolitical instability outside of the U.S. may adversely impact the U.S. and global economies.
The conflict between Russia and Ukraine has resulted in the imposition by the U.S. and other nations of sanctions and other restrictive actions against Russia and Belarus, as well as certain banks, companies and individuals. We have team members (either engaged through PEOs or directly as independent contractors) in Ukraine and Russia, including a group of highly skilled team members in Russia who provide significant database engineering support. Additionally, we have customers in Ukraine. To the extent there are interruptions that affect our team members or customers, including losses of life, disruptions to internet connectivity, or interruptions to banking payment systems, we and our team members could be adversely impacted. More generally, the conflict has led to and could lead to further disruptions in the global financial markets and economy, including, without limitation, currency volatility, inflation and instability in the global capital markets. A continuation of conflict in Ukraine could result in an adverse impact on our businesses, operations and assets.
Our ability to use our U.S. federal and state net operating loss carryforwards and certain other tax attributes may be limited in the future.
As of September 30, 2023 we had U.S. federal net operating losses (“NOL”) carryforwards of $201.5 million and U.S. state NOL carryforwards of $144.5 million. The portion of the federal and state loss carryforwards generated in taxable periods prior to January 1, 2018, will begin to expire in 2030, unless previously utilized. A lack of future U.S. taxable income would adversely affect our ability to utilize these NOLs before they expire. Under the Tax Cuts and Jobs Act of 2017, as modified by the Coronavirus Aid, Relief, and Economic Security Act, U.S. federal NOL carryforwards generated in taxable periods beginning after December 31, 2017 may be carried forward indefinitely, but the deductibility of such NOL carryforwards in taxable years beginning after December 31, 2020, is limited to 80% of taxable income with certain adjustments. Further, certain states in which we operate conform to the provisions of Tax Cuts and Jobs Act of 2017, and as such, certain state net operating losses may be carried forward indefinitely but the deductibility of such net operating losses is limited to 80% of taxable income.
In general, under Section 382 of the Internal Revenue Code of 1986, as amended (the “Code”), a corporation that undergoes an “ownership change” (generally defined as a greater than 50% change, by value, in its equity ownership by certain shareholders or groups of shareholders over a rolling three-year period) is subject to limitations on its ability to utilize its pre-ownership change NOL carryforwards to offset future taxable income. There are generally similar limitations under state tax laws in the U.S. While shifts in our equity ownership have occurred within the past three years, we have not performed any detailed analysis to determine whether such shifts have resulted, including whether the Business Combination (alone or in combination with such prior ownership shifts) resulted, in an ownership change under Section 382 of the Code. Any ownership change that has occurred or may in the future could affect our ability to utilize our NOL carryforwards to offset our income for U.S. federal and state income tax purposes in future periods. Furthermore, our ability to utilize NOL carryforwards of companies that we have acquired or may acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOL carryforwards or other unforeseen reasons, our existing NOL carryforwards could expire or otherwise be unavailable to reduce future income tax liabilities, including for state tax purposes. For these reasons, we may not be able to utilize a material portion of the NOL carryforwards reflected on our balance sheets, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our results of operations and financial condition.
If we are treated as a passive foreign investment company, or “PFIC,” this may result in adverse U.S. federal income tax consequences to U.S. investors.
If we are treated as a PFIC for any taxable year (or portion thereof) that is included in the holding period of a U.S. holder of Ordinary Shares, such U.S. holder may be subject to adverse U.S. federal income tax consequences and may be subject to additional reporting requirements. Although APHC likely was a PFIC in previous taxable years, it is currently unclear whether, following the Business Combination, we may still be treated as a PFIC. Our actual PFIC status for our current taxable year or any future taxable year is a factual determination that depends on, among other things, the composition of our income and assets, and the market value of our shares and assets, including the composition of income and assets and the market value of shares and assets of our subsidiaries, from time to time, and our actual PFIC status will not be determinable until after the end of any such taxable year. Accordingly, there can be no assurances with respect to our status as a PFIC for our current taxable year or any subsequent taxable year. U.S. holders are urged to consult their own tax advisors regarding the possible application of the PFIC rules to holders of Ordinary Shares.
The IRS may not agree that we are a foreign corporation for U.S. federal tax purposes.
For U.S. federal tax purposes, a corporation generally is considered to be a tax resident of the jurisdiction of its organization or incorporation. Because we are an Irish public limited company and treated as a tax resident in Ireland, we would be classified as a foreign corporation under these rules. Section 7874 of the Code provides an exception to this general rule under which a foreign incorporated entity may, in certain circumstances, be classified as a U.S. corporation for U.S. federal income tax purposes. As part of the Business Combination, we acquired stock of a U.S. subsidiary. It is currently not expected that Section 7874 will cause us or any of our foreign affiliates to be treated as a U.S. corporation for U.S. tax purposes. However, the law and Treasury Regulations promulgated under Section 7874 are relatively new, complex and somewhat unclear, and there is limited guidance regarding the application of Section 7874. Accordingly, there can be no assurance that the IRS will not challenge our status or that of any of our foreign affiliates as a foreign corporation under Section 7874 or that such challenge would not be sustained by a court. If the IRS were to successfully challenge such status under Section 7874, we and our affiliates could be subject to substantial additional U.S. federal income tax liability. In addition, we and certain of our foreign affiliates are expected, regardless of any application of Section 7874, to be treated as tax residents of countries other than the U.S. Consequently, if we or any such affiliate is treated as a U.S. corporation for U.S. federal income tax purposes under Section 7874, we or such affiliate could be liable for both U.S. and non-U.S. taxes.
Risks Related to Ownership of Our Ordinary Shares (including Corporate Governance)
Our failure to meet the continued listing requirements of the NYSE (or another national securities exchange) could limit the value of our securities and liquidity
On June 28, 2023, we were notified by NYSE that we were no longer in compliance with the NYSE’s continued listing standards set forth in Section 802.01C of the NYSE Listed Company Manual (the “Manual”) because the average closing price of our Ordinary Shares was less than $1.00 per share over a consecutive 30-day trading period (the “Minimum Share Price Requirement”). The notice has no immediate impact on the listing of our Ordinary Shares and Public Warrants which could continue to trade on the NYSE unless suspended from trading on delisting occurs by NYSE, including pursuant to the notifications and related circumstances discussed below. We are closely monitoring the closing share price of our Ordinary Shares and Public Warrants and are considering all available options. We intend to regain compliance with the Minimum Share Price Requirement by pursuing measures that are in our best interests and the best interests of our shareholders, which could include seeking to effect a reverse stock split. Any potential delisting of our Ordinary Shares and Public Warrants from the NYSE would likely result in decreased liquidity and increased volatility in our securities and may adversely affect our ability to raise additional capital or enter into strategic transactions. As of the date of this Annual Report on Form 10-K, we have not yet regained compliance with the Minimum Share Price Requirement, and there can be no assurance that we will regain such compliance.
On September 19, 2023, we were notified by NYSE that we were no longer in compliance with the continued listing standard set forth in Section 802.01B of the Manual because the average global market capitalization of the Company over a consecutive 30 trading-day period was less than $50 million and, at the same time, the Company’s last reported stockholders’ equity was less than $50 million (the “Market Capitalization Requirement”). In December 2023 we submitted a compliance plan describing our strategy to return to compliance with the Market Capitalization Requirement. In response to our submission, NYSE has informed us that they are monitoring our liquidity condition and other factors specifically with respect to the RP Note, and will require a January 2024 update on that matter before rendering a decision as to the
sufficiency of our compliance plan. We intend to regain compliance with the Market Capitalization Requirement but cannot be sure that such compliance will be achieved.
On October 17, 2023, we were notified by NYSE that we were no longer in compliance with certain corporate governance requirements related to the composition of our board of directors and audit committee. In connection with our issuance of the RP Note, four of our outside directors tendered their resignations from our board of directors and, to the extent applicable, all committees thereof. Following those resignations, our board of directors was composed of four directors, three of which were non-independent, and we no longer satisfied the board majority independence requirements under Section 303A.01 of the Manual or the audit committee composition requirements under Section 303A.07(a) of the Manual (together, the “Board/Committee Requirements”). Although as of the date of this Annual Report on Form 10-K we have not regained compliance, we intend to regain compliance with the Board/Committee Requirements but cannot be sure that such compliance will be achieved.
If we fail to satisfy the continued listing requirements of the NYSE, such as the corporate governance requirements (including the Board/Committee Requirements), the round lot holders requirement, the Market Capitalization Requirement, or the Minimum Share Price Requirement, the NYSE may suspend from trading or delist our securities. Such suspension or delisting would likely have a negative effect on the price of our securities and would impair the ability of investors to sell or purchase securities. In the event of a delisting, we can provide no assurance that any action taken by us to restore compliance with listing requirements would allow our securities to become listed again, stabilize the market price or improve the liquidity of our securities, or prevent future non-compliance with the NYSE’s or another exchange’s listing requirements. Additionally, if our securities become delisted from the NYSE (or another national securities exchange) for any reason, and are quoted on the OTC Bulletin Board, an inter-dealer automated quotation system for equity securities that is not a national securities exchange, the liquidity and price of our securities would likely be more limited than if they were quoted or listed on the NYSE or another national securities exchange. Investors may be unable to sell securities or do so when desired. Further, if our Ordinary Shares and Public Warrants are delisted from the NYSE and not relisted on an appropriately recognized stock exchange in the U.S. or Canada, such securities would likely come within the charge to Irish stamp duty (currently at the rate of 1% of the higher of the price paid or the market value of the securities acquired) and become ineligible for continued deposit and holding within the facilities of DTC.
Our lack of an independent audit committee at this time may hinder our board of directors’ effectiveness in monitoring the Company’s compliance with its disclosure and accounting obligations.
Currently, our audit committee is composed of one independent director, which is insufficient for purposes of Section 303A.07(a) of the Manual, which requires an audit committee of at least three independent directors. A fully compliant audit committee generally plays a crucial role in a company’s corporate governance process, including assessing processes relating to risks and control environment, overseeing financial reporting, and evaluating internal and independent audit processes. While we intend to add independent and financially literate members to our audit committee, we have had difficulty attracting members with the requisite qualifications and financial literacy. If we are unable to attract and retain sufficiently qualified independent directors for our audit committee, the management of our business, including the oversight of our financial reporting and controls, could be compromised and we would fail to meet NYSE requirements, which could lead to our delisting from the NYSE.
Restrictions under the RP Note regarding our board of directors and our current lack of a majority independent board of directors may be deemed to adversely affect the governance of the Company, as well as the rights of other shareholders.
The RP Note requires, among other things, that MariaDB’s board of directors be set at four members, two of whom are to be selected by RP Ventures, none of whom is required to be independent for NYSE-compliance purposes. Currently, only one of our four directors is independent, which is insufficient for purposes of Section 303A.01 of the Manual. One of our non-independent directors is our chief executive officer, Paul O’Brien, and our two other non-independent directors, Michael Fanfant and Yakov Zubarev, were appointed pursuant to the RP Note and are affiliated with our current senior lender, RP Ventures, and certain shareholders. Mr. Fanfant is a shareholder of Runa Capital II (GP), the general partner of Runa Capital Fund II, L.P., and Runa Capital Opportunity I (GP), the general partner of Runa Capital Opportunity Fund I, L.P. and the managing shareholder of Runa Ventures I Limited, which collectively beneficially own approximately 8% of our outstanding Ordinary Shares. Mr. Fanfant has also served as sole member and manager of RP Ventures, the lender under the RP Note, since June 9, 2023. Mr. Zubarev is the brother of Ilya Zubarev, who is a shareholder in Runa Capital II (GP) and Runa Capital Opportunity I (GP), and one of four members of the investment committee of each of these entities that makes all investment and voting decisions relating to our Ordinary Shares held by Runa Capital Fund II, L.P., Runa Capital Opportunity Fund I, L.P. and Runa Ventures I Limited.
In addition, the RP Note imposes significant operational, cash management, and capital raising restrictive covenants on the Company and our business. As a result, Messrs. Fanfant and Zubarev are in a position to influence or control to some degree the outcome of significant operational and strategic matters requiring lender approval, including regarding, among other things, adoption of amendments to our articles of association, changes in board size and composition, cash management and disposition, investments, capital raising, and the approval of mergers and other significant corporate transactions. For example, the RP Note requires the Board to be set at four directors. This influence and control may have, among other things, the effect of delaying or promoting a change of control and may adversely affect the voting and other rights of other shareholders, as well as our day-to-day governance.
It is further possible that the interests of our non-independent directors, particularly considering the Company’s non-independent majority, may in some circumstances potentially conflict with MariaDB’s interests and the interests of our other shareholders. For example, the RP Note contains exclusivity provisions that restrict our ability to seek additional financing from third parties without lender approval. In addition, Runa Capital funds are broadly in the business of making investments in technological companies and may hold and may, from time to time, in the future acquire, interests in or provide advice to businesses that directly or indirectly compete with us. If we are unable to attract and retain a majority of qualified independent directors, the management and operations of our business could be compromised.
A transfer of Ordinary Shares or Warrants, other than one effected by means of the transfer of book-entry interests in the Depository Trust Company (“DTC”), may be subject to Irish stamp duty.
The Irish Revenue Commissioners have confirmed that transfers of Ordinary Shares and Public Warrants effected by means of the transfer of book-entry interests in DTC generally will not be subject to Irish stamp duty. It is anticipated that the majority of Ordinary Shares and Public Warrants will be traded through DTC by brokers who hold such Ordinary Shares on behalf of customers.
However, if Ordinary Shares or Warrants are held directly rather than beneficially through DTC, any transfer of such Ordinary Shares or Warrants could be subject to Irish stamp duty (currently at the rate of 1% of the higher of the price paid or the market value of the securities acquired). Payment of Irish stamp duty is generally a legal obligation of the transferee. The potential for stamp duty could adversely affect the price of our securities.
If our Ordinary Shares or Public Warrants are delisted from the NYSE and are not relisted on an appropriately recognized stock exchange in the U.S. or Canada, such securities would likely come within the charge to Irish stamp duty and become ineligible for continued deposit and clearance within the facilities of DTC.
If Ordinary Shares or Public Warrants cease to be eligible for deposit and clearing within the facilities of DTC, then transactions in Ordinary Shares or Public Warrants may be disrupted.
The facilities of DTC are a widely used mechanism that allow for rapid electronic transfers of securities between the participants in the DTC system, which include many large banks and brokerage firms.
The Ordinary Shares and Public Warrants are eligible for deposit and clearing within the DTC system. Even though DTC has accepted the Ordinary Shares and Public Warrants for deposit and clearing within the DTC system, it generally has discretion to cease to act as a depository and clearing agency for the Ordinary Shares and Public Warrants. If DTC determined at any time that the Ordinary Shares or Public Warrants were not eligible for continued deposit and clearance within its facilities, then the Ordinary Shares or Public Warrants would not be eligible for continued listing on a U.S. securities exchange and trading in the Ordinary Shares or Public Warrants would be disrupted. Any such disruption could have a material adverse effect on the trading price of the Ordinary Shares and Public Warrants.
If our Ordinary Shares or Public Warrants are delisted from the NYSE and are not relisted on an appropriately recognized stock exchange in the U.S. or Canada, such securities would likely come within the charge to Irish stamp duty and become ineligible for continued deposit and clearance within the facilities of DTC.
We do not intend to pay dividends for the foreseeable future.
Legacy MariaDB never declared or paid any cash dividends on its capital stock and we do not intend to pay any cash dividends in the foreseeable future. We expect to retain future earnings, if any, to fund the development and growth of our business. Any future determination to pay dividends on our capital stock will be at the discretion of our board of directors and pursuant to any relevant contractual limitations (including currently under the RP Note).
In certain limited circumstances, dividends paid by us may be subject to Irish dividend withholding tax.
Although we expect to retain future earnings, if any, to fund the development and growth of our business, if we were to declare and pay dividends, in certain limited circumstances, an Irish dividend withholding tax (currently at a rate of 25%) may arise in respect of dividends paid on the Ordinary Shares. A number of exemptions from the Irish dividend withholding tax exist such that shareholders resident in the U.S. and other exempt countries may be entitled to exemptions from the Irish dividend withholding tax.
Ordinary Shares or Warrants received by means of a gift transfer or inheritance could be subject to Irish capital acquisitions tax.
Irish capital acquisitions tax (“CAT”) could apply to a gift, transfer or inheritance of Ordinary Shares or Warrants irrespective of the place of residence, ordinary residence or domicile of the transferor or transferee. This is because Ordinary Shares and Warrants will be regarded as property situated in Ireland. The person who receives the gift or inheritance has primary liability for CAT. Gifts and inheritances passing between spouses are exempt from CAT. Children currently have a tax-free threshold of €335,000 in respect of taxable gifts or inheritances received from their parents.
It is recommended that each shareholder consult his or her own tax advisor as to the tax consequences of making or receiving a gift, transfer or inheritance of Ordinary Shares or Warrants.
The average trading market for our securities quoted on the NYSE since the completion of the Business Combination has been lower than many other companies on the NYSE and such trading volume may adversely affect the price of our Ordinary Shares and Public Warrants.
Our Ordinary Shares and Public Warrants currently trade on the NYSE. Since the completion of the Business Combination, the trading volume of our Ordinary Shares and Public Warrants has been lower than some of the other companies listed on the NYSE. Limited trading volume of the Ordinary Shares and Public Warrants will subject the Ordinary Shares and Public Warrants to greater price volatility and may make it difficult for you to sell your Ordinary Shares or Public Warrants at a price that is attractive to you. Limited trading volume in the Ordinary Shares and Public Warrants may also result in our failure to continue to meet the listing standards for the NYSE, which could further adversely affect the price of the securities.
Our staggered board will limit your ability to influence corporate matters and could discourage others from pursuing any change of control transactions that holders of Ordinary Shares may view as beneficial.
Our Memorandum and Articles of Association provide that our board of directors is comprised of three classes of directors with the directors of each class serving staggered three-year terms. Our staggered board may limit your ability to influence corporate matters and could also discourage others from pursuing any potential merger, takeover, or other change of control transactions, which could have the effect of depriving the holders of Ordinary Shares of the opportunity to sell their Ordinary Shares at a premium over the prevailing market price. Additionally, our staggered board may discourage proxy contests for the election of directors and purchases of substantial blocks of Ordinary Shares by making it more difficult for a potential acquirer to gain control of or influence with our board.
We may issue additional Ordinary Shares or other equity or convertible securities, which would dilute your ownership interests and may depress the market price of our Ordinary Shares and our Public Warrants.
In the future, we may issue additional Ordinary Shares or securities convertible or exercisable into Ordinary Shares pursuant to a variety of transactions, including acquisitions or equity or debt financings. The issuance by us of Ordinary Shares or securities convertible into Ordinary Shares would dilute your ownership of us and issuance of Ordinary Shares could adversely affect prevailing market prices of our Ordinary Shares and our Public Warrants.
In the future, we expect to obtain financing or to further increase our capital resources or undertake other transactions (including acquisitions) by issuing additional Ordinary Shares or preferred shares, debt or other equity securities, including senior or subordinated notes, debt or equity securities convertible or exercisable into Ordinary Shares or other equity securities. Issuing additional Ordinary Shares, other equity securities or securities convertible or exercisable into equity may dilute the economic and voting rights of our existing shareholders, reduce the market price of our securities, or both. Debt securities convertible into equity could be subject to adjustments in the conversion ratio pursuant to which certain
events may increase the number of equity securities issuable upon conversion. Preferred shares, if issued, could, for example, have a preference with respect to liquidating distributions or a preference with respect to dividend payments that could limit our ability to pay dividends to the holders of our Ordinary Shares. Our decision to issue securities in any future offering or other transaction will depend on, among other things, market conditions and other factors beyond our control (including generally lender approval under the RP Note), which may adversely affect the amount, timing or nature of our future offerings or other transactions. As a result, holders of our securities bear the risk that our future offerings and other transactions may reduce the market price of our securities and dilute our securities holders’ percentage ownership.
Securities or industry analysts do not publish research or reports about us and may never commence coverage of us. If they commence coverage but provide adverse initial or ongoing recommendations regarding our Ordinary Shares, then the price and trading volume of our Ordinary Shares could decline.
The trading market for our Ordinary Shares will be influenced by the research and reports that industry or securities analysts may publish about us, our business, our market, or our competitors. Securities analysts do not currently, and may never, publish research on us. If no securities analysts commence coverage of us, our stock price and trading volume would likely be negatively impacted. If any of the securities or industry analysts who may cover us provide adverse recommendations or adversely change their recommendations regarding our Ordinary Shares adversely, or provide more favorable relative recommendations about our competitors, the price of our Ordinary Shares would likely decline. If any analyst who may cover us were to cease coverage of us or fail to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our stock price or trading volume to decline.
The market price and trading volume of our Ordinary Shares and Public Warrants have and may continue to be volatile and have declined and could continue to decline significantly.
The stock markets, including the NYSE on which we have listed our Ordinary Shares and Public Warrants under the symbol “MRDB” and “MRDBW”, respectively, have from time to time experienced significant price and volume fluctuations. Even if an active, liquid and orderly trading market is sustained for our Ordinary Shares and Public Warrants, the market price of our Ordinary Shares and Public Warrants has and may continue to be volatile and has declined and could continue to decline significantly. In addition, the trading volume in our Ordinary Shares and Public Warrants may fluctuate and cause significant price variations to occur. We cannot assure you that the market price of our Ordinary Shares and Public Warrants will not fluctuate widely or decline significantly in the future in response to a number of factors, including, among others, the following:
•the realization of any of the risk factors presented herein, including our going concern status;
•failure to comply with the requirements of the NYSE, including the Minimum Share Price Requirement, the Market Capitalization Requirement and the Board/Committee Requirement, and potential NYSE delisting, and failure to trade on another national stock exchange;
•actual or anticipated differences in our estimates, or in the estimates of analysts, for our revenues, results of operations, level of indebtedness, liquidity or financial condition;
•additions and departures of key personnel; actions taken or not taken by our board of directors, including members selected by RP Ventures, or separately by our shareholder or debt holders;
•failure to comply with the Sarbanes-Oxley Act or other laws or regulations;
•future registrations, issuances, sales, resales or repurchases or anticipated registrations, issuances, sales, resales or repurchases, of our equity or securities, or other significant transactions;
•publication of research reports about us;
•the performance and market valuations of other similar companies;
•commencement of, or involvement in, litigation involving us, including those described in this report;
•broad disruptions in the financial markets, including sudden disruptions in the credit markets;
•speculation in the press or investment community;
•actual, potential or perceived control, accounting or reporting problems;
•changes in accounting principles, policies and guidelines; and
•other events or factors, including those resulting from infectious diseases, health epidemics and pandemics (including the ongoing COVID-19 pandemic), natural disasters, war, acts of terrorism or responses to these events.
In the past, securities class-action litigation has often been instituted against companies following periods of volatility in the market price of their securities. This type of litigation could result in substantial costs and divert our management’s attention and resources, which could have a material adverse effect on us.
Provisions in our Memorandum and Articles of Association and under Irish law could make an acquisition of MariaDB more difficult and may limit attempts by our shareholders to replace or remove our management.
Provisions in our Memorandum and Articles of Association may have the effect of delaying or preventing a change of control or changes in our management. The Memorandum and Articles of Association include provisions that:
•require that our board of directors be classified into three classes of directors with staggered three-year terms;
•permit our board of directors to establish the number of directors and fill any vacancies and newly created directorships; and
•prohibit shareholder action by written consent without unanimous approval of all holders of the Ordinary Shares.
Our Memorandum and Articles of Association contains exclusive forum provisions for certain claims, which could limit our shareholders’ ability to obtain a favorable judicial forum for disputes with MariaDB or our directors, officers or employees.
Our Memorandum and Articles of Association provides that unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States of America shall, to the fullest extent permitted by law, be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Exchange Act or the Securities Act (the “Federal Forum Provision”). Further, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all claims brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder. Our decision to adopt the Federal Forum Provision followed a decision by the Supreme Court of the State of Delaware holding that such provisions are facially valid under Delaware law. While there can be no assurance that federal or state courts will follow the holding of the Delaware Supreme Court or determine that the Federal Forum Provision should be enforced in a particular case, application of the Federal Forum Provision means that suits brought by our shareholders to enforce any duty or liability created by the Securities Act must be brought in federal court and cannot be brought in state court.
Section 27 of the Exchange Act creates exclusive federal jurisdiction over all claims brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder and Memorandum and Articles of Association confirms that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Exchange Act. Accordingly, actions by our shareholders to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder must be brought in federal court.
Any person or entity purchasing or otherwise acquiring or holding any interest in any of our securities shall be deemed to have notice of and consented to our exclusive forum provisions, including the Federal Forum Provision. Additionally, our shareholders cannot waive compliance with the federal securities laws and the rules and regulations thereunder. These provisions may lead to our shareholders incurring increased costs if they were to bring a claim against us, and may limit our shareholders’ ability to bring a claim in a judicial forum they find favorable for disputes with us or our directors, officers, or other employees or agents, which may discourage lawsuits against us and our directors, officers and other employees and agents. Alternatively, if a court were to find the choice of forum provision contained in our Memorandum and Articles of Association to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which may have an adverse effect on our business, financial condition and results of operations.
As a matter of Irish law, our shareholders are bound by the provisions of our Memorandum and Articles of Association. An Irish court would be expected to recognize the exclusive jurisdiction of the federal district courts of the United States of America in respect of causes of action arising under the Exchange Act or the Securities Act.
As an Irish public limited company, certain capital structure decisions regarding MariaDB will require the approval of our shareholders, which may limit our flexibility to manage our capital structure.
MariaDB is an Irish incorporated public limited company, and certain decisions regarding our capital structure will require the approval of our shareholders, which may limit our flexibility to manage our capital structure. Under Irish law, the directors of a company may only allot and issue “relevant securities” (comprising, subject to certain exceptions, new shares and rights to subscribe for, or convert any security into, new shares) once generally or specifically authorized to do so by its constitution or by a resolution approved by a simple majority of the votes cast at a general meeting of its shareholders at which a quorum is present, referred to under Irish law as an “ordinary resolution.” A general authorization may be granted in respect of up to the entirety of a company’s authorized but unissued share capital and for a maximum period of five
years, at which point it must be renewed by another ordinary resolution. Our Memorandum and Articles of Association authorizes our board of directors to allot and issue new shares and rights to subscribe for, or convert any security into, new shares in the capital of MariaDB up to the maximum of our authorized but unissued share capital for a period of five years from the date of adoption. This authorization will need to be renewed by ordinary resolution upon its expiration and at periodic intervals thereafter. While an allotment authority may be given for up to five years at each renewal, governance considerations may result in renewals for shorter periods or in respect of less than the maximum permitted number of relevant securities being sought or approved. Any increase in our authorized share capital also requires to be approved by an ordinary resolution.
Subject to certain exceptions, Irish law also provides shareholders with statutory preemption rights when “equity securities” (comprising, subject to certain exceptions, new shares, and rights to subscribe for, or convert any securities into, new shares) are issued for cash. However, it is possible for such statutory preemption rights to be generally or specifically disapplied in a company’s constitution or by a resolution approved by not less than 75% of the votes cast at a general meeting of its shareholders at which a quorum is present, referred to under Irish law as a “special resolution.” A general disapplication of pre-emption rights may be given in respect of up to the entirety of a company’s authorized but unissued share capital and for a maximum period of five years, at which point it must be renewed by another special resolution. Our Memorandum and Articles of Association disapplies statutory preemption rights up to the maximum of the authorized but unissued share capital for a period of five years from the date of adoption. This disapplication will need to be renewed by special resolution upon its expiration and at periodic intervals thereafter. While a disapplication of statutory preemption rights may be given for up to five years at each renewal, governance considerations may result in renewals for shorter periods or in respect of less than the maximum permitted number of equity securities being sought or approved.
Attempted takeovers of MariaDB will be subject to the Irish Takeover Rules and will be under the supervisory jurisdiction of the Irish Takeover Panel.
As an Irish incorporated public limited company, we are subject to the Irish Takeover Rules, which regulate the conduct of takeovers of, and certain other relevant transactions affecting, Irish public limited companies listed on certain stock exchanges, including the NYSE. The Irish Takeover Rules are administered by the Irish Takeover Panel, which has supervisory jurisdiction over such transactions. Among other matters, the Irish Takeover Rules operate to ensure that no offer is frustrated or unfairly prejudiced and, in situations involving multiple bidders, that there is a level playing field. For example, pursuant to the Irish Takeover Rules, our board of directors is not permitted, without shareholder approval, to take certain actions which might frustrate an offer for the Ordinary Shares once our board of directors has received an approach that might lead to an offer or has reason to believe that an offer is, or may be, imminent.
Under the Irish Takeover Rules, a person, or persons acting in concert, who acquire(s), or consolidate(s), control of MariaDB may be required to make a mandatory cash offer for our remaining shares.
Under the Irish Takeover Rules, in certain circumstances, a person, or persons acting in concert, who acquire(s), or consolidate(s), control of MariaDB may be required to make a mandatory cash offer in accordance with Rule 9 thereof for our remaining shares at a price not less than the highest price paid for the shares by that person or its concert parties during the previous 12 months. Except with the consent of the Irish Takeover Panel, this Rule 9 mandatory offer requirement is triggered: (i) if an acquisition of shares, or any interest therein, would result in a person or persons acting in concert holding, directly or indirectly, shares representing 30% or more of the voting rights of MariaDB and (ii) where a person, or persons acting in concert, already hold(s) shares representing 30% or more of the voting rights of MariaDB, if an acquisition of shares, or any interest therein, would result in the percentage of the voting rights of MariaDB held, directly or indirectly, by such person, or persons acting in concert, increasing by more than 0.05% within a 12-month period. In the case of an issuance of new shares, the Irish Takeover Panel will typically waive the Rule 9 mandatory offer requirement in circumstances where the issuance has been approved in advance by simple majority vote given at a general meeting of the independent (i.e., not interested) shareholders of MariaDB convened in accordance with the requirements (including as to disclosure) of the Irish Takeover Rules. The Rule 9 mandatory offer requirements do not apply to a single holder holding shares representing more than 50% of the voting rights of MariaDB.
Anti-takeover provisions in our Memorandum and Articles of Association could make an acquisition of MariaDB more difficult.
Our Memorandum and Articles of Association contains provisions that may delay or prevent a change of control, discourage bids at a premium over the market price of our Ordinary Shares, adversely affect the market price of the Ordinary Shares, and adversely affect the voting and other rights of our shareholders. These provisions include: (i)
permitting our board of directors to issue preference shares without the approval of our shareholders, with such rights, preferences and privileges as they may designate; and (ii) allowing our board of directors to adopt a shareholder rights plan upon such terms and conditions as it deems expedient in the interests of MariaDB.
Irish law requires us to have available “distributable profits” to pay dividends to shareholders and generally to make share repurchases and redemptions.
Under Irish law, we may only pay dividends and make other distributions (and, generally, make share repurchases and redemptions) only out of “distributable profits” shown on our unconsolidated financial statements prepared in accordance with the Irish Companies Act and filed with the Irish Companies Registration Office. Distributable profits are the accumulated realized profits of MariaDB that have not previously been utilized in a distribution or capitalization less accumulated realized losses that have not previously been written off in a reduction or reorganization of capital, and include reserves created by way of a reduction of capital. In addition, no dividend may be paid or other distribution, share repurchase or redemption made by MariaDB unless our net assets are equal to, or exceed, the aggregate of our called up share capital plus our undistributable reserves and the dividend or other distribution, share repurchase or redemption does not reduce our net assets below such aggregate. Undistributable reserves include the un-denominated capital, the capital redemption reserve fund, and the amount by which our accumulated unrealized profits that have not previously been utilized by any capitalization exceed our accumulated unrealized losses that have not previously been written off in a reduction or reorganization of capital.
As a relatively new parent company with a short period of operational history, we have no distributable profits of our own. Accordingly, in order to pay dividends or make other distributions, share repurchases or redemptions, we will need to generate distributable profits from our business activities or otherwise create distributable profits by alternative means, including a reduction of capital.
Irish law differs from the laws in effect in the United States and may afford less protection to our shareholders.
Because we are an Irish incorporated public limited company, there is some uncertainty as to whether the courts of Ireland would recognize or enforce judgments of U.S. courts obtained against us or our directors or officers based on the civil liabilities provisions of the U.S. federal or state securities laws or hear actions against us or those persons based on those laws. The U.S. and Ireland do not currently have a treaty providing for the reciprocal recognition and enforcement of judgments (other than arbitration awards) in civil and commercial matters, and, accordingly, common law rules apply in determining whether a judgment obtained in a U.S. court is enforceable in Ireland. Although there are processes under Irish law for enforcing a judgment of a U.S. court, including by seeking summary judgment in a new action in Ireland, those processes are subject to certain established principles and conditions, and there can be no assurance that an Irish court would enforce a judgment of a U.S. court in this way and thereby impose civil liberty on us or our directors or officers.
As an Irish company, we are governed by the Irish Companies Act, which differs in some material respects from laws generally applicable to U.S. corporations and shareholders, including, among others, differences relating to interested director and officer transactions and shareholder lawsuits. Likewise, the duties of directors and officers of an Irish company generally are owed to the company only. Shareholders of Irish companies generally do not have a personal right of action against directors or officers of the company and may exercise such rights of action on behalf of the company only in limited circumstances. Accordingly, holders of our securities may have more difficulty protecting their interests than would holders of securities of a corporation incorporated in a jurisdiction of the U.S.
